Ramnit delivers XMRig Monero Miner (August 17, 2018)

The SonicWall Capture Labs Threat Research Team have come across a variant of the Ramnit trojan dropping a Monero Cryptocurrency miner onto the infected system. As cryptocurrency prices continue to drop (at the current time of writing), malware authors are still betting on its future success as they steal CPU resources in order to generate long term profits.

Infection Cycle:

The Trojan drops the following files on the infected system:

Read More…

Microsoft Security Update August 2018 (August 15, 2018)

Zero day CVE’s in the wild:

Find below the two zero day CVE’s for which SonicWall has provided protection with the specified signatures

CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability

This is publicly known and being exploited in the wild.  Windows safe file formats have been abused by attackers for running malicious shell commands. Remote code execution can be achieved with minimal to no user interaction.

GAV: 15756 DeepLink.B_3

CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability

A memory corruption vulnerability exists in the Microsoft Windows VBScript engine due to incorrect handling of a dynamic Array variable. A remote attacker can exploit this vulnerability by enticing a user to open a crafted web page using Internet Explorer or a crafted Microsoft Office document.

IPS: 13465 Scripting Engine Memory Corruption Vulnerability (AUG 18) 3

Critical & Important vulnerabilities:

Read More…

Jenkins CI server at Risk: High risk vulnerability (August 10, 2018)

Jenkins is an open source build automation tool written in Java. It is the most widely used tool for Continuous Integration (CI) & Continuous Delivery (CD). It offers hundreds of plugins to support software build development, deployment & test automation process. Jenkins CI server runs on servlet containers such as Apache Tomcat. It supports various version control software such as subversion, Git, CVS, Perforce etc.

A serious policy bypass vulnerability has been reported in Jenkins CI server (CVE-2018-1999001). This is due to insufficient validation of login requests by Jenkins instance. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to a vulnerable Jenkins CI server. Successful exploitation causes Jenkins to revert to default settings granting administrator access to anonymous users

Read More…

Fortnite’s release on Android is not security-friendly (August 10, 2018)

It’s finally here! One of this year’s most successful game Fortnite is finally available for Android devices since August 9th. This has been wished for by many Android gamers but this dream comes with the following caveats:

  • Device exclusivity – For the first 3 days this game can be installed only on Samsung devices.
  • No Play store – This device is not available on the official Google Play store, it has to be downloaded from Samsung Galaxy Apps Store

Issue I: Device Exclusivity
The issue with device exclusivity is that people have come up with ways to install this app on other devices. There are already modified versions of the app that overcome this – [PORT] Fortnite for Android with device check disabled (v5.2.0)

Then there are YouTube videos spreading on this topic:

Read More…