CISCO scores a perfect 10 on vulnerability. Fixes available. DO IT NOW!
This vulnerability is critical. CVE-2018-0101 is ranked 10 out of 10 for severity. That means it can be easily exploited, remotely exploited and no authentication required. There are no workarounds “so customers must either disable the ASA VPN functionality or install updated OS versions”. Get yer patches up now!
Cisco says that an attacker can send malformed XML packets to such devices and execute malicious code on the device. Depending on the code’s nature, an attacker can gain control over the device.
It affects any devices running ASA Adaptive Security Appliance software only if they have the “webvpn” feature is enabled in the OS settings. You can find more information about ASA Software version numbers for fixed releases in Cisco’s CWE-415 security advisory.
New Ransomware GandCrab being delivered by RIG exploit kit.
This one requests DASH cryptocurrency which is apparently harder to trace by law enforcement. Ransom is 1.54 DASH or $1170 USD. It apends .GDCB to files it encrypts. Here’s how victims will know it’s too late:
At some point, the ransomware will relaunch itself using the command “C:\Windows\system32\wbem\wmic.exe” process call create “cmd /c start %Temp%\[launched_file_name].exe”. If a user does not respond Yes to the below prompt, it will continuously display the UAC prompt.
Be advised: there is NO decryptor currently available for GandCrab. Follow the standard security protocols to keep your data and systems safe.
- Use antimalware security software that incorporates behavioral detections to combat ransomware like Malwarebytes or Emsisoft Antimalware
- Scan attachments with tools like VirusTotal.
- Have all current updates, especially for Java, Adobe, Windows