Sudo is a Linux command that allows a user to execute another command with higher privileges, most commonly used to do something as the superuser root (SuperUser DO = sudo). Last week, the Qualys Research Team discovered a heap overflow vulnerability in sudo. Source: xkcd (there’s one for everything, right?) Even though no one has found anything hidden in this tool, I always recommend paranoia as a legitimate strategy when it comes to ransomware.Īs Joseph Heller said in Catch-22, “Just because you’re paranoid doesn’t mean they aren’t after you.” Sudo privilege escalation vulnerability We recommend waiting for this tool to be updated rather than using the one the Fonix group released. The important thing is that the master key works, and other decrypter tools can be written using this key.Ĭurrently, Emsisoft is adding this capability to their free ransomware decryption tools. As such, the tool works fine for decrypting one file at a time but isn’t very useful for decrypting an entire infected system. The decrypter tool is allegedly the same tool used by the Fonix group to decrypt individual files as proof decryption works during the negotiation process. There do not appear to be any backdoors or hidden functionality in the tool as some paranoid researchers (this author, for example) originally believed. Perch Labs and other research groups have reviewed the decrypter tool, and everything seems legit. In a statement released on Twitter, the FonixCrypter group claims to have “come to the conclusion we should use our abilities in positive ways and help others.” They then followed up the announcement by releasing the master decryption key and a decryption tool that could be used to decrypt all those affected by FonixCrypter. At the end of last week (January 30), the threat actors behind FonixCrypter Ransomware gave in to their conscience and voluntarily halted operations. Last week, we talked about the death of Emotet after a team of law enforcement agencies from around the world took over Emotet C2 servers and arrested multiple individuals. A recent Google Chrome update that has caused quite the stir.A sudo vulnerability you may need to update.A ransomware group that has seemingly grown a conscience.It’s another week and there’s another now-more-often Weekly Threat Report.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |