Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
McAfee’s Advanced Threat Research (ATR) team took a deep dive into the code for the Sodinokibi (aka REvil) ransomware-as-a-service and published their results in an article. The ATR team ran across Sodinokibi at the end of April, which was about the same time that it was announced that GandCrab would be shut down. Sodinokibi initially used a vulnerability in Oracle’s WebLogic server to infect a victim. This malware is offered as a service with a group of people developing the code. Their affiliates, those that pay for the service, can then spread Sodinokibi as they desire, whether through phishing campaigns, exploit kits, brute force RDP attacks, or uploading tools and scripts that elevate privileges and then execute the malware. The ATR team compared the unpacked Sodinokibi code with version 5.03 of GandCrab to determine similarities and found that it was in the functions that the two were most alike. The ATR team alluded that one or more developers for Sodinokibi may have had access to the GandCrab source code.
Vulnerability Exploited
CVE-2018-8453
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of objects in memory by the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code in kernel mode.
Files encryption
MD5
SHA1