Hello and welcome to the Wednesday, January 24th, 2024 edition of the Sands and the Storms and its Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

I post a quick update today with some of the exploit activity we are seeing against adlation. And well,

the quick summaries, we are sort of seeing the usual suspects. There is sort of your

Mirai style attacks. There are a couple of sort of crypto coin miner likely attacks in there.

Haven't analyzed all of the binaries being sent here. Also a lot of

scans that pretty much just try to figure out if a particular system is vulnerable. I noted a couple

of in the case of compromise, kind of that we are seeing. Now, one tool that is used quite

frequently here is OAST. that's short for out-of-band application security testing.

And there are a couple of domains that are being used here, OST.life.fun.com.

Site, typically to retrieve specific URLs in order to identify vulnerable hosts, but also to identify

them via DNS lookups and such. So if you are seeing these particular domain names in your

environment, double check could be part of authorized penetration test,

but definitely something that you probably should alert on.

And while we keep getting interesting new vulnerabilities,

Horizon 3 AI published a blog post with details regarding a vulnerability that was recently patched in

Florida's Go Anywhere, MFT, MFT standing for their file upload tool.

This application has been vulnerable to past now.

This recently patched vulnerability allows the attacker to add arbitrary admin users to

the system.

The patch fixes the vulnerability.

Like I said, the patch was actually released back in December, but we do have proof-of-concept

...