Newsletter Archives

• CIA Malware Cyberweapon – Another SMB “Tool”

  Posted on June 2, 2017 at 03:37 CDT by Kirsty • Comment in the Forums

  Catalin Cimpanu, on bleepingcomputer.com, has posted an article about one of the recent Wikileaks Vault 7 series of dumps.

  “CIA Malware Can Switch Clean Files With Malware When You Download Them via SMB” looks at another CIA cyberweapon.

  Codenamed Pandemic, this is a tool that targets computers with shared folders, from where users download files via SMB.

  The way Pandemic works is quite ingenious and original, and something not seen before in any other malware strain.

   
  Dan Goodin, on arstechnica.com, says:

  Like previous Vault 7 releases, today’s leak is a critical blow to US intelligence interests. But it’s nowhere near as grave as the Shadow Brokers leaks.

   
  Wikileaks Vault 7: Pandemic

  Other smb, WikiLeaks

• February missing security patch toll: Two zero-days and counting

  Posted on February 28, 2017 at 11:28 CST by woody • Comment in the Forums

  Good report from Dan Goodin at Ars Technica.

  Google’s Project Zero sticks to its 90-day notification policy, and a second 0day has been revealed, this time apparently involving CSS tokens.

  The details are important. For example, there’s no exploit code available for this second 0day. But the first 0day, involving a gdi32.dll heap boundary, is still at large.

  So is the SMBv3 bug that causes crashes, and may lead to deeper exploits.

  Security patches are scheduled to resume on March 14.

  Windows Patches/Security 0day, css tokens, gdi32.dll, smb