Hello, welcome to the Tuesday, May 21st, 2019 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

First, a quick update again on the RDP vulnerability.

Microsoft patch last week.

This vulnerability now also has been labeled Blue Keep,

and yes, there are more reports about people creating exploits for it. At this point, I think

I counted three or four different groups that claim that they have a denial of service version

of an exploit. There's also a GitHub repository that has a partial

exploit that doesn't actually cause any damage at this point. So it's not the denial of service

and definitely not a remote code execution exploit at this point. But there's certainly quite a bit

of interest in this vulnerability, probably the best way quite a bit of interest in this vulnerability.

Probably the best way if you sort of want to keep up to date on this is to monitor the blue

keep hashtag on Twitter. But of course, there's also plenty of sort of vendors that sort of advertise

their bears now using this hashtag.

And talking about attacks against Microsoft vulnerability CVE 2019 0604, that's a vulnerability

in Microsoft SharePoint.

It is now being actively exploited and we do have a brief blog from Brad about how to recognize

exploit attempts and links to how this particular attack works.

This particular vulnerability appears to be exploited by a variant of the China Chopper backdoor.

This is a very typical and kind of old by now, ASPX backdoor.

So the name China Chopper does certainly not imply any attribution here.

And in teaching about web application security, one chapter we always cover is JSON WebTokens

...