InfoSec Week 26, 2017

Posted on 04 July 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

The ExPetr/Petya ransomware which hits the Ukraine last week is actually a disk wiper. Victims are not able to decrypt their data, as the encryption key is not stored anywhere.
https://securelist.com/schroedingers-petya/78870/

Blog with details about the remotely triggerable stack-based buffer overflow found in Avast Antivirus software last year.
https://landave.io/2017/06/avast-antivirus-remote-stack-buffer-overflow-with-magic-numbers/

Linux Systemd gives root privileges to usernames started with number.
https://ma.ttias.be/giving-perspective-systemds-usernames-start-digit-get-root-privileges-bug/

WikiLeaks published a manual describing "OutlawCountry" Linux malware which redirects outgoing Internet traffic using netfilter, iptables. The second published is ELSA, a geo-location malware for WiFi-enabled devices running the Microsoft Windows operating system.
https://wikileaks.org/vault7/releases/#OutlawCountry
https://wikileaks.org/vault7/#Elsa

Security researcher Benjamin Kunz-Mejri discovered a Skype (7.2, 7.35, and 7.36) zero-day remote buffer overflow vulnerability CVE-2017-9948.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9948

Great blog post about the problems of a certificate revocation, alternative solutions and how to do it better.
https://scotthelme.co.uk/revocation-is-broken/

Blog about the novel reflective DLL injection technique called ThreadContinue which uses SetThreadContext() and NtContinue() API calls.
https://zerosum0x0.blogspot.sk/2017/07/threadcontinue-reflective-injection.html


Comments !