WannaCry is malware with a worm+ransomware characteristics as such it is a blended threat. Initial news of attacks were provided by Telefonica in Spain, the malware was able to spread to networks in the National Health Service (NHS) and has infected at least 16 Hospitals, followed by many other incidents across the world. The ransomware … Continue reading “WannaCry Startup Sequence”
A Quick Way to Immune to WannaCrypt Without Patch
A “ransomware” called “WannaCrypt” has locked thousands of computers in more than 150 countries. We have released a blog about this ransom ware last week. Here is a quick blog about a way to make your system immune to this ransom ware if you can’t install the patch for some reason. Mutex And Indicator … Continue reading “A Quick Way to Immune to WannaCrypt Without Patch”
WannaDecrypt0r Ransomware
The WannaDecrypt0r ransomware has infected at least 16 Hospitals in the UK and has been spreading quite a bit within the masses. The ransomware is being identified with many names such as WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY and WannaDecrypt0r. At present, it is believed that over 36000 machines have been compromised by this ransomware. All … Continue reading “WannaDecrypt0r Ransomware”
Intel Active Management Technology (AMT) Privilege Escalation Vulnerability
Recently Intel published a security advisory regarding a critical vulnerability in certain systems that utilize Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT). This allows a network attacker to remotely gain access to systems or devices that use these technologies, tracked as CVE-2017-5689. What is Intel AMT/Management Engine: … Continue reading “Intel Active Management Technology (AMT) Privilege Escalation Vulnerability”
CVE-2017-5689: Intel Elevation Of Privilege Vulnerability
An Elevation of privilege vulnerability in Intel’s Management solutions, was confirmed by Intel who released INTEL-SA-00075 for the same. The vulnerability can allow an unprivileged attacker to take over the management features. This vulnerability is assigned ID CVE-2017-5689, it rated as critical for affected targets. It is important to note that this bug does not affect … Continue reading “CVE-2017-5689: Intel Elevation Of Privilege Vulnerability”
PASSFREELY: Bypassing Oracle Database Authentication (ShadowBrokers)
The ShadowBrokers group recently released an archive of exploits, tools and utilities used by NSA to compromise various Windows servers and Oracle databases. We started investigating further into database archives to find out some interesting tools and exploits. This archive contains a tool called PASSFREELY that can be used to bypass Oracle Database authentication. This tool patches the Oracle … Continue reading “PASSFREELY: Bypassing Oracle Database Authentication (ShadowBrokers)”
Doublepulsar backdoor spreading rapidly in the wild
On April 14, 2017 – The mysterious hacking group ShadowBrokers released cyber spying tools allegedly employed by the U.S. National Security Agency. This week, it’s reported that more than 300,000 Windows machines are affected by a backdoor called “Doublepulsar” from the tools. This blog is about what “Doublepulsar” is and how we detect it. … Continue reading “Doublepulsar backdoor spreading rapidly in the wild”
EternalBlue SMB Exploit
UPDATED: May 12, 2017 In what may be the first public weaponizing of April’s Shadow Brokers dump of NSA exploits, a ransomware attack has crippled IT systems globally and disrupted operations at major organizations, including patient services at UK hospitals. WannaCry exploits the ETERNALBLUE vulnerability and please refer to the Qualys blog on WannaCry for … Continue reading “EternalBlue SMB Exploit”
D-Link DCS Series Network Cameras Cross-Site-Request-Forgery (CSRF) Vulnerability
On a recent long weekend, my friend told me about the D-Link camera he’s been using for quite a while. It’s a D-Link DCS-933L network camera which seems to be most popular. At the time of writing this blog there were more than 30000 cameras online. I downloaded the latest firmware for this device. While … Continue reading “D-Link DCS Series Network Cameras Cross-Site-Request-Forgery (CSRF) Vulnerability”
ShadowBrokers NSA Tool Dump
On Friday, April 14, 2017 – The mysterious hacking group ShadowBrokers released over 300MB of NSA hacking tools and exploits. The dump is hosted as a Yandex disk with password “Reeeeeeeeeeeeeee”. The current dump contains 3 folders oddjob, windows, swift as described below, and a detailed list of the contents can be found here. oddjob An implant builder … Continue reading “ShadowBrokers NSA Tool Dump”
