World Leaders Gather in Beijing While the US Sinks into Irrelevancy

The world has been shifting towards cooperative multi-polar regions of power for a decade now, while the US has been fixated on being the sole superpower and policeman to the world. Trump is trying to transition US foreign policy to be more inclusive, working with Russia, China, Iran, N. Korea, and (hopefully) position/ align toward 21st century reality. Otherwise the world will simply move on without the US.

Tales from the Conspiratum

“The United States is a power, a second-rate one that happens to possess a first-rate nuclear arsenal.”

“The one clear message the Beijing meeting sent out to the world is that America’s «unipolar» vision of the world was dead and buried. Even among Washington’s longtime friends and allies, one will not hear Donald Trump referred to as the «leader of the Free World.”

Source: World Leaders Gather in Beijing While the US Sinks into Irrelevancy

http://www.strategic-culture.org

Wayne MADSEN

20.05.2017

While vaudevillian comedy-like shouting matches broke out in the West Wing of the White House between President Donald Trump and his senior advisers and between the White House press secretary and various presidential aides, world leaders gathered in Beijing to discuss the creation of modern-day land and maritime «silk roads» to improve the economic conditions of nations around the world. Nothing more could have illustrated the massive divide between the concerns…

View original post 1,222 more words

Hacker News: Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2

EternalRocks-windows-smb-nsa-hacking-tools

A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools, it exploits all the seven.

Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two tools: EternalBlue and DoublePulsar.

Now, Miroslav Stampar, a security researcher who created famous ‘sqlmap’ tool and now a member of the Croatian Government CERT, has discovered a new network worm, dubbed EternalRocks, which is more dangerous than WannaCry and has no kill-switch in it.

Unlike WannaCry, EternalRocks seems to be designed to function secretly in order to ensure that it remains undetectable on the affected system.

However, Stampar learned of EternalRocks after it infected his SMB honeypot.

The NSA exploits used by EternalRocks, which Stampar called “DoomsDayWorm” on Twitter, includes:

  1. EternalBlue — SMBv1 exploit tool
  2. EternalRomance — SMBv1 exploit tool
  3. EternalChampion — SMBv2 exploit tool
  4. EternalSynergy — SMBv3 exploit tool
  5. SMBTouch — SMB reconnaissance tool
  6. ArchTouch — SMB reconnaissance tool
  7. DoublePulsar — Backdoor Trojan

As we have mentioned in our previous articles, SMBTouch and ArchTouch are SMB reconnaissance tools, designed to scan for open SMB ports on the public internet.

Also Read: WannaCry Ransomware Decryption Tool Released

Whereas EternalBlue, EternalChampion, EternalSynergy and EternalRomance are SMB exploits, designed to compromise vulnerable Windows computers.

And, DoublePulsar is then used to spread the worm from one affected computers to the other vulnerable machines across the same network.

Stampar found that EternalRocks disguises itself as WannaCry to fool security researchers, but instead of dropping ransomware, it gains unauthorized control on the affected computer to launch future cyber attacks.

Here’s How EternalRocks Attack Works:

EternalRocks installation takes place in a two-stage process.

During the first stage, EternalRocks downloads the Tor web browser on the affected computers, which is then used to connect to its command-and-control (C&C) server located on the Tor network on the Dark Web.

“First stage malware UpdateInstaller.exe (got through remote exploitation with second stage malware) downloads necessary .NET components (for later stages) TaskScheduler and SharpZLib from the Internet, while dropping svchost.exe (e.g. sample) and taskhost.exe (e.g. sample),” Stampar says.

According to Stampar, the second stage comes with a delay of 24 hours in an attempt to avoid sandboxing techniques, making the worm infection undetectable.

After 24 hours, EternalRocks responds to the C&C server with an archive containing the seven Windows SMB exploits mentioned above.

“Component svchost.exe is used for downloading, unpacking and running Tor from archive.torproject.org along with C&C (ubgdgno5eswkhmpy.onion) communication requesting further instructions (e.g. installation of new components),” Stampar adds.

All the seven SMB exploits are then downloaded to the infected computer. EternalRocks then scans the internet for open SMB ports to spread itself to other vulnerable systems as well.

अभी तो बहुत ‘भसड़’ होने वाली है!

If you are following The Hacker News coverage on WannaCry Ransomware and the Shadow Brokers leaks, you must be aware of the hacking collective’s new announcement of releasing new zero-days and exploits for web browsers, smartphones, routers, and Windows operating system, including Windows 10, from next month.

The exclusive access to the upcoming leaks of zero-days and exploits would be given to those buying subscription for its ‘Wine of Month Club.’ However, the Shadow Brokers has not yet announced the price for the subscription.

Since the hackers and state-sponsored attackers are currently waiting for new zero-days to exploit, there is very little you can do to protect yourself from the upcoming cyber attacks.

If you want to know every minute update about the latest cyber threats before they hit your system, make sure you are following The Hacker News on Twitter and Facebook, or subscribe to our newsletter.

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.