Software Integrity Blog


SynAck ransomware, Spectre flaw updates, and patching

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode.

SynAck ransomware implements Doppelgänging evasion technique

via Robert Abel, content coordinator/contributor – SC Magazine –  It’s getting tougher than ever to avoid becoming a ransomware “client.” Ransomware is obviously not new – it is at epidemic levels. But what makes one of the newest, called SynAck, particularly ominous is that, as Hacker News explained, it is the first ever to exploit Process Doppelgänging – a new fileless code injection technique that helps the malware avoid detection.

8 new Spectre-class vulnerabilities (Spectre-NG) found in Intel CPUs 

via Mohit Kumar, Entrepreneur, Hacker, Speaker, Founder and CEO – The Hacker News – When the so-called Spectre flaws in CPUs made by some of the world’s biggest chip manufacturers were first revealed at the beginning of the year, experts predicted they would be haunting computers at least for months, if not years.

Critical bug in 7-Zip – make sure you’re up to date!

via Paul Ducklin, Author – Naked Security by Sophos – Indeed, Paul Ducklin, the savant of the Naked Security blog, offered an example this past week in a post on a vulnerability in the popular, free utility 7-Zip, which he called “a sort-of Swiss Army Officer’s Knife of file decompression tools that many users install as one of their main add-on Windows apps.”


Just in case those Mashup horror stories were still not enough to get you into patch mode, check the latest post from Check Point, whose “Global Threat Index” contains a feature on the month’s “most-wanted malware.”

The winner, so to speak, for the fourth month in a row in April was crypto-mining malware. But the real story isn’t so much the malware – it is how easy victims make it for attackers.
The new trend researchers reported is that, “cyber-criminals are targeting unpatched server vulnerabilities in Microsoft Windows Server 2003 (CVE-2017-7269) and Oracle Web Logic (CVE-2017-10271) … A staggering 46% of the world’s organizations were targeted for the Microsoft Windows Server 2003 vulnerability, while the Oracle Web Logic vulnerability was close behind, targeting 40% of organizations across the world.”

Yes, you read the CVE dates correctly – 2017. They were identified last year. There were also fixes for them last year. Check Point noted that patches for both vulnerabilities have been publicly available for at least six months.

Yet close to half of the organizations using those servers are ignoring a free update. Which is a bit like declining a free repair on your broken door lock in a neighborhood swarming with burglars.
These attackers aren’t out to get you specifically. But if they can tell that your door (server) is unlocked – and they can – then they are out to get you. And by ignoring a free patch, you’re inviting them in.


More by this author