Petya is not a new player in the ransomware world. It has multiple versions and was delivered to target machines as part of exploit kit campaigns and as malicious email attachments. The latest versions of petya seems to be spreading via the SMBv1 vulnerabilities (CVE-2017-0144 and CVE-2017-0145) in the Windows operating system. This behavior is … Continue reading “Petya Ransomware”
Brickcom Devices Multiple Security Vulnerabilities
While doing research on the IP surveillance solutions, we came across a company called Brickcom Corporation. Brickcom is a network video manufacturer in the IP surveillance industry. We started testing the latest firmware 3.7.0.2aR. It’s based on Linux and the file system is ‘Squashfs’ compressed with LZMA. We extracted the ‘Squashfs’ file system using open … Continue reading “Brickcom Devices Multiple Security Vulnerabilities”
Stack-Clash Vulnerability
The security research team at Qualys has discovered multiple vulnerabilities in guard-page implementations in various Linux versions. This bug can be exploited by local users to gain root privileges by compromising memory regions pertaining to other application and shared libraries. Qualys has disclosed these vulnerabilities to vendors and has been working with them for a … Continue reading “Stack-Clash Vulnerability”
Samba Writable Share Remote Code Execution (CVE-2017-7494)
A critical remote code execution vulnerability impacting Samba was issued on Wednesday. The vulnerability exists in “SMB” protocol which is similar to “WannaCry”. All versions of Samba from 3.5.0 onwards are affected. The vulnerability allows a malicious client to upload a shared library to a writable share, and then cause the server to load and … Continue reading “Samba Writable Share Remote Code Execution (CVE-2017-7494)”
WannaCry Ransomware Analysis
In our previous post we have seen how the the initial WannaCry executable configures the target system and creates the tasksche.exe file under C:\WINDOWS directory and executes it with command line argument /i. In this post we will continue our analysis to see what this process is upto. MD5 84C82835A5D21BBCF75A61706D8AB549 SHA-1 5FF465AFAABCBF0150D1A3AB2C2E74F3A4426467 FileDescription DiskPart OriginalFilename … Continue reading “WannaCry Ransomware Analysis”
Joomla! ‘com_fields’ Component SQL Injection Vulnerability
Recently, Joomla released a patch for a critical SQL injection vulnerability, tracked as CVE-2017-8917, that can be easily exploited by a remote attacker to obtain sensitive data and hijack websites. The vulnerability is easy to exploit, which may allow an attacker to use this exploit against millions of websites and steal sensitive information from the … Continue reading “Joomla! ‘com_fields’ Component SQL Injection Vulnerability”
WannaCry Startup Sequence
WannaCry is malware with a worm+ransomware characteristics as such it is a blended threat. Initial news of attacks were provided by Telefonica in Spain, the malware was able to spread to networks in the National Health Service (NHS) and has infected at least 16 Hospitals, followed by many other incidents across the world. The ransomware … Continue reading “WannaCry Startup Sequence”
A Quick Way to Immune to WannaCrypt Without Patch
A “ransomware” called “WannaCrypt” has locked thousands of computers in more than 150 countries. We have released a blog about this ransom ware last week. Here is a quick blog about a way to make your system immune to this ransom ware if you can’t install the patch for some reason. Mutex And Indicator … Continue reading “A Quick Way to Immune to WannaCrypt Without Patch”
WannaDecrypt0r Ransomware
The WannaDecrypt0r ransomware has infected at least 16 Hospitals in the UK and has been spreading quite a bit within the masses. The ransomware is being identified with many names such as WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY and WannaDecrypt0r. At present, it is believed that over 36000 machines have been compromised by this ransomware. All … Continue reading “WannaDecrypt0r Ransomware”
Intel Active Management Technology (AMT) Privilege Escalation Vulnerability
Recently Intel published a security advisory regarding a critical vulnerability in certain systems that utilize Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT). This allows a network attacker to remotely gain access to systems or devices that use these technologies, tracked as CVE-2017-5689. What is Intel AMT/Management Engine: … Continue reading “Intel Active Management Technology (AMT) Privilege Escalation Vulnerability”
