Hello, welcome to the Wednesday, May 1st, 2019 edition of the Sansa and the Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Augusta, Georgia.

Still got another update regarding CVE 2019, 2725.

This is the WebLogic deserilization vulnerability that was discovered late last week.

Cisco's Talis research team is now confirming that exploits against this vulnerability are active.

In particular, Cisco did spot the Sotomay

Ransomare being installed via this vulnerability. This particular

ransomware is specific to Windows. It will encrypt the user's

files and also delete shadow and backup copies of any files.

Now, this ransomware, just like the Unix, Cryptocoin miners that we have seen over the weekend,

are pretty well recognized by antivirus.

This is commodity malware, so nothing here is really targeted anymore at this point.

Every Weblogic instance that is exposed and is vulnerable is actively being abused by these exploits. Now, Facebook's marketplace apparently had a very

classic flaw in that it leaked the exact location of sellers. This is actually a vulnerability

that has happened to various similar sites. Now in the case of Facebook, when you place an item

for sale, you can specify how closely you would like to let buyers know your location.

So you can, for example, specify, hey, just say that I'm within that city or that part of the city.

But apparently what's actually being sent back by Facebook's API as part of a JSON encoded response

is the exact location of the seller when the ad was placed.

This is not the first time something like this happened.

Probably the largest sort of leak like this that I'm aware of was with Craigslist back in the day.

Now with Craigslist you upload your own pictures and Craigslist

...