Security Bulletin

Security Bulletin #117 – 31 May 2017

  • Text Hover
2017 / 05 / 31

  • Text Hover
  • Text Hover

Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month.


A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. Shadow Brokers plans to offer a data dump based on a monthly subscription model. The group claimed to have exploit codes for almost any technology available on the market, including “compromised network data from more SWIFT providers and Central banks.” TheShadowBrokers Monthly Data Dump could be being: 1) web browser, router, handset exploits and tools 2) select items from newer Ops Disks, including newer exploits for Windows 10 3) compromised network data from more SWIFT providers and Central banks 4) compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs. Now as announced, the group will release new zero-days exploits and hacking tools for various platforms starting from June 2017. Experts believe that the group will release authentic and legitimate exploits and hacking tools due to their past data leak. The data dump could have a dramatic impact on organizations and business worldwide.

  • Text Hover

Chrome Flaw Allows Sites to Secretly Record Audio/Video without Indication


What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? A UX design flaw in the Google's Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on. The vulnerability was reported to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way. In order to prevent 'authorized' websites from secretly recording your audio or video stream, web browsers indicate their users when any audio or video is being recorded. In the case of Google Chrome, a red dot icon appears on the tab, alerting users that the audio or video streaming is live. The researcher discovered that if any authorized website pop-ups a headless window using a JavaScript code, it can start recording audio and video secretly, without the red dot icon, giving no indications in the browser that the streaming is happening. This happens because Chrome has not been designed to display a red-dot indication on headless windows, allowing site developers to ``exploit small UX manipulation to activate the MediaRecorder API without alerting the users.`` In order to stay on the safer side, simply disable WebRTC which can be done easily if you don't need it. But if you require the feature, allow only trusted websites to use WebRTC and look for any other windows that it may spawn afterward on top of that.

China, U.S. Most Affected by WannaCry Ransomware


The WannaCry ransomware made a name for itself on May 12, when it started spreading like wildfire by leveraging an NSA-linked exploit called EternalBlue. Within days it had already hit hundreds of thousands of computers, medical devices, and other types of machines worldwide, mainly those running Windows 7. While initial estimates suggested that WannaCry might have hit around 200,000 devices, Kryptos Logic now says that approximately 727,000 unique IP addresses are confirmed victims of the ransomware. The exact number of infected machines, however, still remains unknown. Data aggregated from the sinkhole allowed the security company to create a graph of the top most affected countries by unique IP address count, and China is placed first, with 6.26 million hits (infection and reinfection attempts) registered in 2 weeks. Second is the United States, with over 1.17 million hits, while Russia was the third most affected country, with just over 1 million hits.

CERT-FR Weekly News Alert

Current Alerts

CERTFR-2017-ALE-008           : Multiples vulnérabilités dans Microsoft Windows XP et Windows Server 2003 (15 mai 2017)

Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-008.pdf

CERTFR-2017-ALE-011           : Campagne de messages électroniques non sollicités de type Jaff (14 mai 2017)

Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-011.pdf

CERTFR-2017-ALE-010           : Propagation d’un rançongiciel exploitant les vulnérabilités MS17-010 (12 mai 2017)

Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-010.pdf