Sign up to save your podcasts
Or
Share REvil killer, Tricky phish, Top Aces locked, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
REvil killer, Tricky phish, Top Aces locked, and more.
A daily look at the relevant information security news from overnight.
Episode 238 - 13 May 2022
REvil killer - https://portswigger.net/daily-swig/researcher-stops-revil-ransomware-in-its-tracks-with-dll-hijacking-exploit
Tricky phish -
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
Zyxel flaw - https://www.securityweek.com/critical-vulnerability-allows-remote-hacking-zyxel-firewalls
InHand out of hand - https://www.securityweek.com/critical-vulnerabilities-provide-root-access-inhand-industrial-routers
Top Aces locked- https://therecord.media/top-aces-ransomware-attack-lockbit/
Hi, I’m Paul Torgersen. It’s Friday the 13th of May, 2022, and this is a look at the information security news from overnight.
From PortSwigger.net:
John Page at Malvuln.com has discovered a vulnerability in the REvil ransomware that can be exploited to deactivate the malware before it encrypts any files. REvil searches for and executes DLLs in the directory where it is located. By hijacking a vulnerable DLL and executing specially crafted code, he was able to stop and terminate REvil before it started encrypting. Details, including a proof of concept, in the article.
From BleepingComputer.com:
Threat analysts have spotted a novel attack attributed to the Iranian hacking group APT34 or Oilrig, targeting Jordanian diplomats with custom-crafted tools. The spear-phishing email has an Excel attachment that contains VBA macro code to load a malicious executable, a configuration file, and a signed and clean DLL. It also checks for the existence of a mouse, which if you are playing in a sandbox, may not be there.
From SecurityWeek.com:
Thousands of Zyxel firewalls could be vulnerable to remote attacks which affect ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The company has already released a fix. Details in the article.
Also from SecurityWeek.com:
A total of 17 vulnerabilities have been found in the InHand Networks wireless industrial routers which could be exploited to gain root access. The weaknesses affect IR302 version 3.5.37 and prior. If that is you, make sure to update to version 3.5.45. Get your patch on kids.
And last today, from TheRecord.media:
Top Aces, a Canadian company that supplies fighter jets for airborne training exercises has been hit with a ransomware attack. The company works extensively with the armed forces of Canada, Germany, United States, Israel and others. The LockBit ransomware group gave Top Aces a deadline of May 15 before it leaks the 44GB of data it allegedly stole.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.
Episode 238 - 13 May 2022
REvil killer - https://portswigger.net/daily-swig/researcher-stops-revil-ransomware-in-its-tracks-with-dll-hijacking-exploit
Tricky phish -
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
Zyxel flaw - https://www.securityweek.com/critical-vulnerability-allows-remote-hacking-zyxel-firewalls
InHand out of hand - https://www.securityweek.com/critical-vulnerabilities-provide-root-access-inhand-industrial-routers
Top Aces locked- https://therecord.media/top-aces-ransomware-attack-lockbit/
Hi, I’m Paul Torgersen. It’s Friday the 13th of May, 2022, and this is a look at the information security news from overnight.
From PortSwigger.net:
John Page at Malvuln.com has discovered a vulnerability in the REvil ransomware that can be exploited to deactivate the malware before it encrypts any files. REvil searches for and executes DLLs in the directory where it is located. By hijacking a vulnerable DLL and executing specially crafted code, he was able to stop and terminate REvil before it started encrypting. Details, including a proof of concept, in the article.
From BleepingComputer.com:
Threat analysts have spotted a novel attack attributed to the Iranian hacking group APT34 or Oilrig, targeting Jordanian diplomats with custom-crafted tools. The spear-phishing email has an Excel attachment that contains VBA macro code to load a malicious executable, a configuration file, and a signed and clean DLL. It also checks for the existence of a mouse, which if you are playing in a sandbox, may not be there.
From SecurityWeek.com:
Thousands of Zyxel firewalls could be vulnerable to remote attacks which affect ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The company has already released a fix. Details in the article.
Also from SecurityWeek.com:
A total of 17 vulnerabilities have been found in the InHand Networks wireless industrial routers which could be exploited to gain root access. The weaknesses affect IR302 version 3.5.37 and prior. If that is you, make sure to update to version 3.5.45. Get your patch on kids.
And last today, from TheRecord.media:
Top Aces, a Canadian company that supplies fighter jets for airborne training exercises has been hit with a ransomware attack. The company works extensively with the armed forces of Canada, Germany, United States, Israel and others. The LockBit ransomware group gave Top Aces a deadline of May 15 before it leaks the 44GB of data it allegedly stole.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight.
Episode 238 - 13 May 2022
REvil killer - https://portswigger.net/daily-swig/researcher-stops-revil-ransomware-in-its-tracks-with-dll-hijacking-exploit
Tricky phish -
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
Zyxel flaw - https://www.securityweek.com/critical-vulnerability-allows-remote-hacking-zyxel-firewalls
InHand out of hand - https://www.securityweek.com/critical-vulnerabilities-provide-root-access-inhand-industrial-routers
Top Aces locked- https://therecord.media/top-aces-ransomware-attack-lockbit/
Hi, I’m Paul Torgersen. It’s Friday the 13th of May, 2022, and this is a look at the information security news from overnight.
From PortSwigger.net:
John Page at Malvuln.com has discovered a vulnerability in the REvil ransomware that can be exploited to deactivate the malware before it encrypts any files. REvil searches for and executes DLLs in the directory where it is located. By hijacking a vulnerable DLL and executing specially crafted code, he was able to stop and terminate REvil before it started encrypting. Details, including a proof of concept, in the article.
From BleepingComputer.com:
Threat analysts have spotted a novel attack attributed to the Iranian hacking group APT34 or Oilrig, targeting Jordanian diplomats with custom-crafted tools. The spear-phishing email has an Excel attachment that contains VBA macro code to load a malicious executable, a configuration file, and a signed and clean DLL. It also checks for the existence of a mouse, which if you are playing in a sandbox, may not be there.
From SecurityWeek.com:
Thousands of Zyxel firewalls could be vulnerable to remote attacks which affect ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The company has already released a fix. Details in the article.
Also from SecurityWeek.com:
A total of 17 vulnerabilities have been found in the InHand Networks wireless industrial routers which could be exploited to gain root access. The weaknesses affect IR302 version 3.5.37 and prior. If that is you, make sure to update to version 3.5.45. Get your patch on kids.
And last today, from TheRecord.media:
Top Aces, a Canadian company that supplies fighter jets for airborne training exercises has been hit with a ransomware attack. The company works extensively with the armed forces of Canada, Germany, United States, Israel and others. The LockBit ransomware group gave Top Aces a deadline of May 15 before it leaks the 44GB of data it allegedly stole.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.
Episode 238 - 13 May 2022
REvil killer - https://portswigger.net/daily-swig/researcher-stops-revil-ransomware-in-its-tracks-with-dll-hijacking-exploit
Tricky phish -
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
Zyxel flaw - https://www.securityweek.com/critical-vulnerability-allows-remote-hacking-zyxel-firewalls
InHand out of hand - https://www.securityweek.com/critical-vulnerabilities-provide-root-access-inhand-industrial-routers
Top Aces locked- https://therecord.media/top-aces-ransomware-attack-lockbit/
Hi, I’m Paul Torgersen. It’s Friday the 13th of May, 2022, and this is a look at the information security news from overnight.
From PortSwigger.net:
John Page at Malvuln.com has discovered a vulnerability in the REvil ransomware that can be exploited to deactivate the malware before it encrypts any files. REvil searches for and executes DLLs in the directory where it is located. By hijacking a vulnerable DLL and executing specially crafted code, he was able to stop and terminate REvil before it started encrypting. Details, including a proof of concept, in the article.
From BleepingComputer.com:
Threat analysts have spotted a novel attack attributed to the Iranian hacking group APT34 or Oilrig, targeting Jordanian diplomats with custom-crafted tools. The spear-phishing email has an Excel attachment that contains VBA macro code to load a malicious executable, a configuration file, and a signed and clean DLL. It also checks for the existence of a mouse, which if you are playing in a sandbox, may not be there.
From SecurityWeek.com:
Thousands of Zyxel firewalls could be vulnerable to remote attacks which affect ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The company has already released a fix. Details in the article.
Also from SecurityWeek.com:
A total of 17 vulnerabilities have been found in the InHand Networks wireless industrial routers which could be exploited to gain root access. The weaknesses affect IR302 version 3.5.37 and prior. If that is you, make sure to update to version 3.5.45. Get your patch on kids.
And last today, from TheRecord.media:
Top Aces, a Canadian company that supplies fighter jets for airborne training exercises has been hit with a ransomware attack. The company works extensively with the armed forces of Canada, Germany, United States, Israel and others. The LockBit ransomware group gave Top Aces a deadline of May 15 before it leaks the 44GB of data it allegedly stole.
That’s all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.