On June 15th, 2017, WikiLeaks provided more “Vault 7” dumps detailing a CIA WiFi router hacking program dubbed “CherryBlossom“. The WikiLeaks dumps can be found here. CherryBlossom is a WiFi router exploitation program designed by the CIA as part of a larger program, “CherryBomb“. A tool called “Claymore” is used to identify WiFi devices. It […]
Internet Security
Inside CIA’s OutlawCountry Linux Hack
Last week, in June 2017, Wikileaks released more “Vault 7” documents detailing an exploit of Redhat Enterprise 6 and derivatives (CentOS 6). The exploits loads the Netfilter module into the kernel and then creates hidden iptables rules that perform network traffic redirection. The redirection is based upon DNAT (Destination Network Address Translation) rules. Wikileaks posted […]
Fortinet: Mapping the Ransomware Landscape
Fortinet has released a good Executive Summary entitled “MAPPING THE RANSOMWARE LANDSCAPE“. This provides a pretty good overview of today’s ransomware problems. Grim Statistics: Ransomware infected 30K to 50K devices monthly $850M was paid out to Ransomware attacks in 2016 Ransomware is underreported. Fewer than 1 in 4 report the attack 63% of organizations experienced […]
Fortinet: Guide To The Threat Landscape
There have been a lot of data dumps lately by Bitdefender, Palo Alto Networks, and Fortinet. Fortinet provided this document, entitled “A SECURITY LEADER’S DEFINITIVE GUIDE TO THE THREAT LANDSCAPE“. It is a good read. A brief summary is provided below: 1. THE INTERNET OF THINGS Experts predict that by 2020 there will be […]
WordFence Advisory: Continued TR-069 Exploits
WordFence issued an advisory about continued Brute-Force login attempts from infected Home Routers. Their original post is here. This exploit was originally discovered by Checkpoint Software and is called “Misfortune Cookie”. An attacker can send specially crafted HTTP cookies that can alter the router’s system state, tricking the router into treating the session as […]
Of the NSA & Russian Election Hacks
Well, here is the NSA document that Reality Winner sent off to The Intercept. A locally cached copied is here. sacrificed her job and freedom for. The document details a successful Russian hack back in in August of 2016. Russia’s military intelligence agency, GRU, attacked a voter roll software company called VR Systems. The information […]
Top Attacking Countries: May 2017
No change in the Top 4 countries on the list from WordFence’s April summary:
Google Chrome 59 Released
On Monday, 6/2/2017, Google released a new version of their Chrome browser, version 59. It addresses It fixes 30 bugs in all, 5 of them of High priority. Google shelled out $23,500 to external researchers as part of their Bug Bounty program. Here are the particulars: https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html Upgrading is pretty easy. Click on the three vertical […]
SAMBA Bugs: Is Your NAS Updated?
Samba is the Server Message Block protocol implementation on Unix boxes. There have been a couple of exploits that the Samba group has fixed, including the Unix equivalent of the EternalBlue exploit used in the recent WannaCry(pt) ransomware attacks. As per CVE-2017-7494, April 4, 2017: “Samba since version 3.5.0 is vulnerable to remote code execution […]
BOLO: FireBall Browser Malware
Checkpoint Software Technologies reported an outbreak of browser-based Malware called “FireBall“. This malware delivers unwanted ads and popups and completely takes over your web browsers. It was created by the Chinese advertising company, “Rafotech“. FireBall gets installed as a bundle from other legitimate programs downloaded from the Internet. However, it has a great deal […]