Security Bulletin #101
Malwaresearch – A command line tool to find malware on Openmalware.org
The tool was developed to facilitate and speed up the process of finding and downloading malware samples via the command line interface. The API provided by the two major malware dump sites (openmalware.org and malwr.com) were used in a script that’s simple and pretty straightforward, which allows users to query information pertaining to malware, such as: Name, MD5, SHA-1, SHA-256, download the desired malware sample file, and even compare its digital signature (hash) with the ones present in the dumps in question. The next mission is to do the same using malwr.com, MalShare, MalwareBlacklist, Malware.lu’s AVCaesar from command line malware samples submission, to hash comparison and research.
Another critical Windows RCE vulnerability discovered
Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windows RCE in recent memory. No further details of the Windows RCE vulnerability were provided because of the 90-day security disclosure deadline to any company to solve the problem in their solutions and publicly disclose it. The experts only revealed the following information on the Windows RCE vulnerability: The PoC exploit the Project Zero team has developed works against default Windows installations. The Windows RCE vulnerability could be exploited by a remote attacker. The attack is “wormable,” capability to spread itself.
How to protect against spear phishing attacks
A recent report (PDF) on cybercrime incidents in India done by EY highlighted how cyber thieves are scouring employees’ social media postings for information to use in phishing attacks. Cyber-incidents are growing at an “alarming rate,” according to the report. But they must be growing like mushrooms in the dark, given that only 22% of respondents said they were confident about their organizations’ ability to detect incidents within 48 hours. When it comes to stopping those incidents from happening in the first place, it would be great if companies could erase themselves from social media, which is a fertile place for those spores to land: nearly 90% of 160 top execs interviewed for the report pegged social media as a major source of cyber-attacks. Employees post extensive details regarding their work profile on social networking websites. These social media platforms act as a gold mine for cybercriminals to identify and target key individuals for a successful breach.
CERTFR-2017-ALE-008 : Vulnérabilité dans RDP pour Microsoft Windows XP et Windows Server 2003 (14 avril 2017)
CERTFR-2017-ALE-006 : Multiples vulnérabilités dans Siemens RUGGEDCOM ROX I (29 mars 2017)
CERTFR-2017-ALE-005 : Vulnérabilité dans les commutateurs Cisco (20 mars 2017)