Security Bulletin #117 – 31 May 2017
Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month.
A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. Shadow Brokers plans to offer a data dump based on a monthly subscription model. The group claimed to have exploit codes for almost any technology available on the market, including “compromised network data from more SWIFT providers and Central banks.” TheShadowBrokers Monthly Data Dump could be being: 1) web browser, router, handset exploits and tools 2) select items from newer Ops Disks, including newer exploits for Windows 10 3) compromised network data from more SWIFT providers and Central banks 4) compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs. Now as announced, the group will release new zero-days exploits and hacking tools for various platforms starting from June 2017. Experts believe that the group will release authentic and legitimate exploits and hacking tools due to their past data leak. The data dump could have a dramatic impact on organizations and business worldwide.
Chrome Flaw Allows Sites to Secretly Record Audio/Video without Indication
China, U.S. Most Affected by WannaCry Ransomware
The WannaCry ransomware made a name for itself on May 12, when it started spreading like wildfire by leveraging an NSA-linked exploit called EternalBlue. Within days it had already hit hundreds of thousands of computers, medical devices, and other types of machines worldwide, mainly those running Windows 7. While initial estimates suggested that WannaCry might have hit around 200,000 devices, Kryptos Logic now says that approximately 727,000 unique IP addresses are confirmed victims of the ransomware. The exact number of infected machines, however, still remains unknown. Data aggregated from the sinkhole allowed the security company to create a graph of the top most affected countries by unique IP address count, and China is placed first, with 6.26 million hits (infection and reinfection attempts) registered in 2 weeks. Second is the United States, with over 1.17 million hits, while Russia was the third most affected country, with just over 1 million hits.
CERTFR-2017-ALE-008 : Multiples vulnérabilités dans Microsoft Windows XP et Windows Server 2003 (15 mai 2017)
CERTFR-2017-ALE-011 : Campagne de messages électroniques non sollicités de type Jaff (14 mai 2017)
CERTFR-2017-ALE-010 : Propagation d’un rançongiciel exploitant les vulnérabilités MS17-010 (12 mai 2017)