VDA Lock Down: June 6, 2019


The First Lock Down

We wanted to thank you for signing up for the VDA Lock Down – our newsletter where we talk about relevant security news, recent vulnerabilities, and VDA related news. Our goal is to provide our community with high-grade content that cuts through the noise. We also want to hear if you have any feedback for us positive or negative – visit our site below to let us know or email info@vdalabs.com

Provide Feedback


  • Security News
  • Latest Vulnerabilities
  • Cyber Fraud in West Michigan Event
  • Upcoming Training

Top Security News

Gandcrab Ransomware Group Retiring

The malware authors that call their malware “Gandcrab”, have announced their retirement following collecting over $2 Billion in ransom payments. The group, which operates as a “Ransomware-As-A-Service” model since January 2018, claims they themselves have made over $150 Million dollars from the ransomware.

BlueKeep Vulnerability is Getting Serious

Microsoft and other parties have warned that the BlueKeep vulnerability, also known as CVE-2019-0708 has not been getting patched fast enough. The main concern is that a worm-like virus could be released imminently that could rapidly spread across the internet to hosts with Remote Desktop services exposed. A researcher also recently demonstrated a working exploit for the Metasploit Framework that showed remote code execution is possible using this bug.

2 Year Patching Cycle is Not Fast Enough

In response to blame targeted at the NSA over the recent ransomware infection of the City of Baltimore, the NSA has stated that a 2 year patching cycle is not fast enough. This discussion stems from the ShadowBrokers leak of private NSA tools which were then weaponized by many malware authors.

This Week in Data Breaches

Medical providers have been having a hard time this week. Testing lab Quest Diagnostics and medical provide LabCorp lost up to 11.9 million records and 7.7 million records respectively The breach was discovered when an intrusion was detected on a payment page of billing provider American Medical Collection Agency, which processed payments for these providers. This is a good time to consider thinking more deeply about your third party risk.

Recent Vulnerabilities

Fortinet SSL VPN Remote Code Execution

Late last week Fortinet discolsed a vulnerability in it’s Forticlient SSL VPN installer system tagged CVE-2019-5589. This vulnerability is rated with a CVSS score of 9.3 and is remotely exploitable. The vulnerability was caused by an unsafe search path that could allow an attacker to execute a malicious .dll. If you are running Fortinet VPN appliances, update them soon!

A Bad Week for Text Editors

This week major vulnerabilities were discovered in both Microsoft Notepad.exe and VIM/NeoVim – and while these applications are not widely used among the non-techincal crowd, it is a good reminder that even the simplest applications can have threats associated with them. These vulnerabilities are so fresh there are not currently PoCs or CVE numbers assigned to them. If you need a hand digging for undiscovered attack surface in your software – get in touch!

Seats Remaining – invite a friend!

Many of our subscribers have registered for our upcoming Cyber Fraud in West Michigan event on June 13th. If you are planning to join us, please consider inviting a co-worker, someone from your compliance or accounting department, or a friend from another organization. We look forward to seeing you there!

Registration Link (share me!)

Upcoming Training Sessions

VDA Labs will be offering our training course “Application Security for Hackers and Developers” at both Blackhat and Hackfest.ca later this year. Reserve your seat at the links below:


Posted on

June 6, 2019