Infosec News – March 16

New ransomware variant, called DearCry, in apparent homage to 2017’s Wannacry, that uses the Microsoft Exchange vulnerabilities (Proxylogon):

A full attack chain exploiting the Microsoft Exchange vulnerabilities, notable for the level of detail and description of every step of the process:

Google has released a Javascript exploit for the 2018 Spectre attack, demonstrating that existing mitigations only work to limit the presence of sensitive data in browser memory but don’t prevent exploitation of Spectre:
Demo available here:, proof-of-concept video here:

Grayhat Warfare, which created and manages a great tool used to search for open s3 buckets, has released a new tool to search the URLs of links shortened with link-shortening tools:

An interesting article detailing one person’s experience with SIEMs and how little they actually served the needs of information security within their company:

Taking over a victim’s phone text messaging, invisible to the user:
There are several angles to this story, from resellers’ ability to change the routing of phone numbers with inadequate authorization, the use of SMS for two-factor authentication (2FA) that is increasingly implemented across the web, even a bit of monopolization by resellers. More details from the hacker who identified and disclosed the issue:

Funny picture: Can you tell what it means?

Mark Kerzner
Written by:

Mark Kerzner

Mark Kerzner is the co-founder of Elephantscale. He is a Trainer, Author(AI, Machine Learning, Spark, Hadoop, NoSQL, Blockchain)

Leave a Reply

Your email address will not be published. Required fields are marked *