Hello, welcome to the Wednesday, July 20th, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Our honeypods recently started recording a significant number of requests for beak.hp dash get.

No idea really what this URL is about.

These scans are a bit odd in that they overwhelmingly came from machines hosted with low-cost

hosting provider OVH, and the machines scanning from the URL do not appear to be involved in any

other activity. Now, a little bit Googling shows that the URL may be associated with

Cobalt Strike, but it isn't clear if a scan for this URL at all is meaningful to detect

a Cobalt Strike control servers. If you have any idea what's going on, let us know this is a bit of a puzzle right now.

And Oracle today released its quarterly critical patch update or short CPU.

It addresses 349 different vulnerabilities. Large number, but not unusual for this update from Oracle

as it covers the vast Oracle application portfolio, not just a well-known database. For example,

MySQL, Java, various middleware applications, they're all

included in this update. The update fixes quite a number of log-4J issues, for example, in Oracle's

communication instant messaging server and in Oracle's e-business suite. Oracle communication

software sticks out with four vulnerabilities

due to the Spring Cloud Gateway vulnerability, reaching a CVSS score of a perfect 10.

These vulnerabilities in open source components are well known at this point and have been around for a few months, so exploits

are available with these Oracle components now being marked as possible targets.

Attackers may just have to make some modifications to existing exploit code to attack

these Oracle products.

You should expedite patching or at least ensure that the vulnerable products are not exposed if patching.

...