Patrick Domingues

Crash Skype for Business by sending a large number of emojis 800+ kittens in one message and the client freezes the program for a few seconds. This can be exploited to perform Denial of Service attacks against Skype for Business users and compromises the availability of the program.

How would an attacker go about performing this attack? Well its quite simple, the attacker can continuously send many messages to the chat window and it will freeze the program for all participants in the meeting room and prevent them from using the chat or seeing the video.

 Are you affected?

You could send yourself a few hundred emojis and see if your client freezes but we wouldn’t recommend it. Plus, there is an easier way. Just check if your client is one of these:

• Skype for Business 2016 MSO (16.0.93).64-Bit or before
• Lync 2013 (15.0) 64-Bit part of Microsoft Office Professional

New reports on not just ransomware but all malware saw massive growth year after year. From SonicWall the cyber-security company detected 45 percent growth of malware infections towards desktops. SoncWall spotted 300,000 new attack variants so far this year. SonicWall’s recently announced Capture Cloud Platform is designed to counter these rising threats.

SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:

• 8.5 billion malware attacks (54 percent increase from 2017)
• 2.9 trillion intrusion attempts (49 percent increase)
• 262.4 million ransomware attacks (108 percent increase)
• 1.9 million encrypted threats (56 percent increase)

In September 2018 alone, the average SonicWall customer faced:

• 1,662 malware attacks (24 percent decrease from July 2017)
• 791,015 intrusion attempts (19 percent increase)
• 56 ransomware attacks (99 percent increase)
• 70.9 encrypted threats (61 percent decrease)
• 10 phishing attacks each day (92 percent decrease)

There is another large-scale spam campaign going to spread the Emotet banking trojan. The Emotet banking trojan is mostly used as the dropper for other payloads like ICedID, Trickbot, Zeus Panda Banker and a few others. These infections can scan and harvest different types of sensitive information, scan email 180 days back,  have the ability to open firewall ports and it can spread around in the network like a worm.

So how is this infection infiltrate a network? Well this infection comes in as an email with an attachment being a word doc or pdf doc. When you open up the document and click on a link and allow it to run that’s when you have compromised the system and potentially the entire network.

Do you have the best AV around? Sometimes that doesn’t help there are new variants of this Emotet payload being created every day and it can … Read the rest

A brand new botnet which is a variant of the BCMUPnP_Hunter is taking advantage of this 5 year router flaw and 360 Netlab research shows that hundreds and thousands of of bots have already seeded themselves into routers.  This same bot takes advantage of the same vulnerability that was discovered in 2013 (  BroadCom UPnp Vulnerability ).

Once the targeted router has been taken over the hacker can make Proxy changes to the next work profit from scripting simulation clicks and using mail servers like Outlook, Hotmail, and Yahoo mail just to take a few to send massive amounts of spam from your network.

Affected Router Brands Are:

• D-Link,
• Linksys,
• Technicolor router,
• Netgear
• Asus
• Trendnet
• Belkin
• TP-Link,
• ZTE,
• Zyxel,
• NetComm,
• ISP CenturyLink Routers

You may want to look up your router model and see if you are affected. Contact me on Linkedin, Twitter or through email if you need assistance … Read the rest

A New Intel CPU Exploit : As if the Intel CPU couldn’t catch a break. A team of researches discovered a serious side-channel vulnerability in the CPU which could allow the attacker to find protected data like OPENSSL keys, Cypto Keys, Passwords and other processes that are running but only if the CPU has multi-threading feature enabled. They have dubbed the Vulnerability PortSmash (CVE-2018-5407), This Vulnerability is just as dangerous as the Meltdown and Spectre, TLbleed and Foreshadow.

So how do you protect yourself for the PortSmash vulnerability? The only method right now is to disable SMT/Hyper-Threading in the CPU chip’s BIOS until Intel releases security patches.

OpenSSL software is offering users a patch that can prevent the exploit from its own software.

• Fixing WebView2 Issues on ARM64: Why Outlook and Teams Keep Breaking (and How to Fix Them)
• How to Enable Auto Recording & Transcription in Microsoft Teams and Assign

The author of Kraken Ransomware has adopted the ransomware-as-a-service (RaaS) Model.  In the Dark Web you can find more details about joining the affiliate program which requires a small fee to be considered a trusted partner. The interesting part about this affiliate program is that you get about 70% to 80% of the earnings and requires little to no knowledge of the criminal of deployment or software coding. The developer gets enough kick back to continue updates to the software code. This means they can afford a bigger Dev Team and instead of updates and revisions of Kraken taking a week or two they can do it within a day or a matter of hours. This put Antivirus providers on their toes day to day. I believe the integration of some sort of AI intelligence must play a roll here to combat these Zero Day ransomware infections. Regardless no matter … Read the rest