Hello, welcome to the Wednesday, April 27, 22 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

On April 1st, WSO2, a company that deals with platforms and APIs, including an open banking and

open medical records API, release details regarding a vulnerability that was originally discovered

by Orange Tsai.

Orange Tsai, of course, famous for discovering a number of high-profile vulnerabilities in

the past.

The vulnerability CVE 222-29-464 that affects multiple products does allow arbitrary file uploads

and with that also remote code execution.

These products are quite popular even if you may not necessarily have heard of them.

And earlier this week, Sisa announced that they added this vulnerability to their list of

already exploited vulnerabilities.

Well, and one of our handlers, Renato, did actually run into an exploit for this vulnerability

in an incident that he was dealing with, and it was, of course, a crypto mining case.

So, Ronado did write up what he found and how the exploit was delivered in this

particular case, a web shell was installed, and then the web shell was used to download

XMRick, the good old crypto coin miner, and then executed. Proof for concept exploits have actually been made available

on April 1st when the patch was originally released, so no big surprise here that we see this

exploited. And we have some news about the VMware workspace One Access vulnerability. This

vulnerability was first identified and patched on

April 6th. Now on April 11th, there was then an initial Proof Concept release. Then two days later,

actually exploitation was spotted in the wild. Now, typically when it comes to new vulnerabilities, you

...