Close

Results 1 to 5 of 5
  1. #1
    DF Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,111
    Thanks
    931
    Thanked:        721
    Karma Level
    328

    Attention 0 DAY NSA TOOL LEAKED - NEARLY ALL WINDOWS BOXES BACK DOORED IN 190 SECONDS

    The Latest Dump of Alleged NSA Tools Is ‘The Worst Thing Since Snowden’
    MS
    LORENZO FRANCESCHI-BICCHIERAI
    Apr 14 2017, 8:12pm


    Image: wk1003mike/Shutterstock


    Thanks to the Shadow Brokers, any hacker can now easily attack and pwn millions of Windows computers on the internet.


    On Friday, the group known as The Shadow Brokers dropped the hack1ng equivalent of a bomb, or perhaps several bombs, giving hackers all over the world the tools to easily break into millions of Windows computers.


    "This is internet god mode for Microsoft computers," a security researcher that goes by the handle Hacker Fantastic, told Motherboard in an online chat.


    After weeks of silence, The Shadow Brokers came back last Saturday to drop a long-awaited set of files that turned out to be just underwhelming, old Linux hack1ng tools. But today, the group released what's probably its most explosive—and damaging—dump yet: a collection of several alleged NSA hack1ng tools for Microsoft Windows systems, likely including multiple unknown exploits, or zero-days.


    "This is internet god mode for Microsoft computers."


    This is bad news not just for the NSA, but for the internet as a whole, according to security researchers who are poring through the dump. As someone called it, this is "cyber chaos."


    Perhaps the worst tool released by the hackers is called "FUZZBUNCH." This is a hack1ng suite or toolkit that contains several plug-and-play exploits to attack several versions of Windows operating system. Some researchers described it as something akin to Metasploit, a popular open source hack1ng framework.


    "This FUZZBUNCH framework contains the closest thing to a cyber weapon since Stuxnet," Hacker Fantastic said. "It is packed full of exploits. It's Metasploit but with zero-days."


    Read more: A Brief Interview with The Shadow Brokers, The Hackers Selling NSA Exploits


    In fact, the latest Shadow Brokers dump contains several working Windows zero-days in executable (.exe) binaries with "step-by-step logs laying out how they're used and the commands to run," according to Ashkan Soltani, an independent security researcher.


    That means that pretty much anyone, from low-level cybercriminals to so-called "script kiddies"—hackers who are only good at reusing other hackers' tools—could repurpose them to attack Windows computers.


    "I think if you were motivated, you yourself could run some of these," joked Soltani, who previously worked at the FTC as their chief technology officer.



    In other words, right now, millions of computers could be in danger. And they will be hackable until Microsoft releases patches, which could perhaps take weeks or months.


    "It's not safe to run an internet facing Windows box right now," said a hacker who used to work in the US Department of Defense.


    The leaked tools are dated around 2013, so they don't affect modern Windows operating systems such as Windows 10. But according to Hacker Fantastic, the FUZZBUNCH framework supports all kinds of Windows systems: server versions from NT, 2000, 2003, 2008 and up to 2012, as well as the consumer versions XP, Vista, 7 and Windows 8.


    A Microsoft spokesperson said that the company is "reviewing the report and will take the necessary actions to protect our customers."


    "It's not safe to run an internet facing Windows box right now."


    More worryingly, according to Hacker Fantastic and other researchers, some of these exploits could be repurposed to even launch a worm, or a virus that spreads itself. Some researchers, who are still analyzing the tools and the ramifications of the leak, even mentioned it could be possible to make a "Conficker 2.0," referring to one of the worst Windows viruses of all time.


    Security researchers explained that all these tools can be used as is, so it's plausible to expect that next week we will see several hacks on email servers, website defacements, or even an uptick in ransomware, the pervasive malware that locks computers and demands a payment in Bitcoin to unlock it.


    For the hacker who used to work at the Department of Defense "this is the worst thing since Snowden."

    [Only registered and activated users can see links. ]

    2 Thanks given to JonEp

    Ashley (15th April 2017), Over Carl (15th April 2017) 


  2. #2
    DF Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,111
    Thanks
    931
    Thanked:        721
    Karma Level
    328

    Default Re: 0 DAY NSA TOOL LEAKED - NEARLY ALL WINDOWS BOXES BACK DOORED IN 190 SECONDS

    Looks like someone tipped off Microsoft as they claim to have patched the worst exploit EternalBlue last month and most of the others too.

    May be some red faces in the tech security world today if true, as there were many respected professionals claiming that the exploits worked in their lab last night and if it turns out their systems were not up to date.


    Protecting customers and evaluating risk
    ★★★★★★★★★★★★★★★
    avatar of msrc-teamMSRC TeamApril 14, 20170
    Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation.


    When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation. We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed. Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation.


    Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.


    Code Name Solution
    “EternalBlue” Addressed by MS17-010
    “EmeraldThread” Addressed by MS10-061
    “EternalChampion” Addressed by CVE-2017-0146 & CVE-2017-0147
    “ErraticGopher” Addressed prior to the release of Windows Vista
    “EsikmoRoll” Addressed by MS14-068
    “EternalRomance” Addressed by MS17-010
    “EducatedScholar” Addressed by MS09-050
    “EternalSynergy” Addressed by MS17-010
    “EclipsedWing” Addressed by MS08-067



    Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.


    We have long supported coordinated vulnerability disclosure as the most effective means to ensure customers and the computing ecosystem remains protected. This collaborative approach enables us to fully understand an issue and to deliver protection before customers are at risk due to public disclosure of attack methods. We work closely with security researchers worldwide who privately report concerns to us at [Only registered and activated users can see links. ]. We also offer bug bounties for many reported vulnerabilities to help encourage researchers to disclose responsibly.


    Phillip Misner,
    Principal Security Group Manager
    Microsoft Security Response Center

    [Only registered and activated users can see links. ]

    Thanks to JonEp

    Over Carl (15th April 2017) 


  3. #3
    DF Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,111
    Thanks
    931
    Thanked:        721
    Karma Level
    328

    Default Re: 0 DAY NSA TOOL LEAKED - NEARLY ALL WINDOWS BOXES BACK DOORED IN 190 SECONDS

    Most AV still not picking this up.

    [Only registered and activated users can see links. ]

    2 Thanks given to JonEp

    Mystical_2K (18th April 2017), Over Carl (15th April 2017) 


  4. #4
    DF Founder Raptor's Avatar
    Join Date
    Oct 2000
    Location
    USA
    Posts
    94,799
    Thanks
    444
    Thanked:        1,805
    Karma Level
    5564

    Default Re: 0 DAY NSA TOOL LEAKED - NEARLY ALL WINDOWS BOXES BACK DOORED IN 190 SECONDS

    [Only registered and activated users can see links. ]

  5. #5
    DF Founder Raptor's Avatar
    Join Date
    Oct 2000
    Location
    USA
    Posts
    94,799
    Thanks
    444
    Thanked:        1,805
    Karma Level
    5564

    Default Re: 0 DAY NSA TOOL LEAKED - NEARLY ALL WINDOWS BOXES BACK DOORED IN 190 SECONDS

    Quote Originally Posted by JonEp View Post
    Most AV still not picking this up.

    [Only registered and activated users can see links. ]
    aaaaand scene

    Thanks to Raptor

    JonEp (24th April 2017) 


Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •