Archive for June, 2017

Check Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer networks.  It appears to be using the ‘EternalBlue’ exploit which May’s WannaCry attack also exploited.  It was first signaled by attacks on financial institutions in the Ukraine, but soon started spreading more widely, particularly across Europe, the Americas and Asia. Continue reading


I recently discovered an out-of-bounds write in systemd-resolved in
Ubuntu, which is possible to trigger with a specially crafted TCP payload. Continue reading

While Microsoft and others continue to shore up links between yesterday’s global ransomware outbreak and the update mechanism for Ukrainian financial software provider MEDoc, others are finding even more distribution vectors used by the malware. Continue reading

Ransomware-as-a-service soon to be renamed Lure-as-a-Service

Continue reading

Shifr RaaS

Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button. Continue reading

The current crisis of encryption is in part due to a lack of intelligence. The governments of the UK and Australia are talking about bans, regulations, requirements and other legal structures to address the perceived problem of “going dark”.

Continue reading

The ransom note that gets displayed on screens of Microsoft Windows computers infected with Petya.

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain. Continue reading

The vulnerability laboratory core research team discovered a stack buffer overflow vulnerability in the official Microsoft Skype v7.2, v7.3.5.103 & v7.3.6 software. Continue reading


Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. Continue reading

Another global cyber attack is fitting end for first month of theshadowbrokers dump service. There is much theshadowbrokers can be saying about this but what is point and having not already being said? So to business! Time is still being left to make subscribe and getting June dump. Don’t be let company fall victim to next cyber attack, maybe losing big bonus or maybe price on stock options be going down after attack. June dump service is being great success for theshadowbrokers, many many subscribers, so in July theshadowbrokers is raising price. Continue reading