Vulnerability Reports

Shurl0cker Ransomware

A new ransomware is making its way across the internet. Ransom.Shurl0cker is an executable wrapped as a word or PDF document that encrypts certain filetypes on an affected device and demands a ransom. If you’ve been hit with ransomware or some other cyber attack, contact your GDT Account Manager to see what GDT’s SOC and…

Reverse Engineering Cryptocurrency Miner using Heaven’s Gate Injection

Cryptocurrency Miners are the new trend for malware in 2018. While they aren’t as harmful as ransomware or RATs, they cause major performance headaches for administrators. Often times, miners are usually built using the same open-source technologies but occasionally there is one that uses a new or interesting technique. This specific malware uses a 64-bit…

Meltdown and Spectre: Processor Level Vulnerabilities

Major vulnerabilities in computer processors melt the gap between privileged kernel memory and userland applications. Intel, AMD, and ARM are working with OS and software vendors to create patches.

Microsoft Malware Protection Engine Remote Code Execution Vulnerability – CVE-2017-11937

A remote code execution vulnerability exists in the Microsoft Malware Protection Engine(MMPE) and Windows Defender which fails to properly scan a crafted file. This leads to a memory corruption allowing the crafted file to run code as the system user. This enables the attacker to install or remove programs; view, change, or delete data; or…

Reaper IoT Botnet

A new botnet is on the rise using IoT vulnerabilities. It has alrady surpassed the size and capability of the Mirai Botnet that took down half of major internet infrastructure in late 2016.

Unauthorized Cryptocurrency Miner Delivery using Steganography

Any Linux based HTTP server with a shell accessible from the internet is vulnerable to a command injection attack. The attack uses CURL to download an image which contains hidden shell code to mine for cryptocurrencies.

Microsoft Office Memory Corruption Vulnerability CVE-2017-11882

A remote code execution vulnerability exists in Microsoft Office where the software will handle memory improperly, allowing for arbitrary code execution. An attacker can craft a modified rich text file (RTF) and run code in the context of the current user. If the user is logged in with administrator credentials, an attacker could take control…

North Korean Malware: Remote Access Tool FallChill

The US Computer Emergency Readiness Team and the FBI released a joint statement detailing the use of malware named “FallChill”, and detailing its use in attacking targets in the aerospace, telecommunications, and finance industries since 2016. FallChill is a remote access tool used to maintain a presence in compromised networks and monitor endpoints for opportunities…

Arbitrary Code Execution Using Microsoft Word Macros

A vulnerability exists in Microsoft Word that allows arbitrary code execution for specially crafted macros within files. An attacker could potentially install or remove programs, change or delete data, or modify user accounts.