VDA Lock Down: July 25, 2019



  • Security News
  • Latest Vulnerabilities
  • Thought Leadership – Upcoming Con Talks

Top Security News

Gandcrab Maybe Not Retired After All

Brian Krebs recently published a new piece on the malware author that is known as ‘gandcrab’ that claimed they retired a while back after pocketing over 150M worth of ransom payments. They appear to have gone and re-branded as “REvil” instead. This comes after several groups released decryption tools for most/all of the original Gandcrab malware.


Logic Bomb = Jail Time

A contractor working for Siemens has pled guilty to planting a logic bomb in a company Excel spreadsheet in order to guarantee job security. The logic bomb was set up to cause issues with the Excel file when it was opened past a certain date, resulting in the need to contract for more help. The contractor now faces up to 10 years in prison and a $250,000 fine.


Equifax Breach Fine is $700M

On Monday, the 22nd, The FTC has settled an agreement with Equifax to pay a minimum of $575 million and up to $700 million as a result of the historic data breach from 2017. It was revealed during the investigation that some consumers have been the victim of identity theft as a result of the breach. Many records that can be traced back to Equifax have been found on the dark web.

Although the settlement is a record breaking fine, many do not think that the punishment goes far enough – and the price of Equifax shares even rose in the wake of the settlement.


Recent Vulnerabilities

Palo Alto VPN Vulnerabilities and more!

In a blog post published ahead of an upcoming talk at Black Hat, security researchers disclosed a vulnerability that was discovered in Palo Alto’s GlobalProtect SSL VPN server last year. This has potentially become a serious issue because Palo Alto decided to patch the issue silently – they did not issue an advisory or CVE to bring attention to the need to upgrade when they issued a patch last year. Further researchers have estimated that upwards of 30% of PA devices remain unpatched, and using the exploit is said to be trivial.

The researchers also found similar issues in other VPN appliances from Fortinet and Pulse Secure – details will be coming soon.

Thought Leadership – Upcoming Talks

Recently the VDA Labs team has had a number of talks accepted to notable conferences continuing to share our expertise and thought leadership with the security community. Below are opportunities to see our team speak:

DerbyCon – September 6-8

Using Next Generation Fuzzing Tools
Presented by Jared DeMott and John Stigerwalt

Old Tools, New Tricks: Hacking Web Sockets
Presented by Michael Fowl and Nick Defoe

GRRCon – October 24-25

Reverse Engineering Malware for N00bs
Presented by Greg Hatcher and James King


Posted on

June 26, 2019