Hello, welcome to the Monday, September 18th, 2017 edition of the Sandinand, Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Las Vegas, Nevada.

Checkpoint last week tried to make some waves by announcing a new vulnerability that checkpoint called Bashfare. This vulnerability attempts to take advantage of

the Windows subsystem for Linux or short WSL, which recently left the beta stage and should be included

in the fall creator update for Windows 10.

The basic issue that Checkpoint is pointing out here is that binaries running within this Linux sub-system

aren't necessarily properly inspected by anti-malware.

However, in order to actually execute these binaries,

it does take a number of dependencies. The Windows subsystem for Linux is not enabled and

installed by default, so an attacker would have to install it in older versions of a Windows 10 or if it's

already installed the attacker would have to enable it requiring the attacker to modify

registry entries which typically requires that the attacker already has

administrative access to the system.

So what this really comes down to is if an attacker is already an administrator on the system,

then yes, they can bypass some security features,

which at this point probably isn't really all that relevant anymore.

Of course, still like any feature, if you don't need it,

you may be better of disabling it in order to reduce the attack surface on your system.

So if you don't need WSL, then just don't install it.

And ESET is reporting that they found JavaScript cryptocurrency miners being distributed via malicious advertisements.

JavaScript is of course able to use a number of different hashing and crypto functions,

recent versions of JavaScript even include specific

APIs to do so. The advertisements that ESET is pointing out here did not actually mine

...