Hello, welcome to a Thursday, August 25th, 2016 edition of the Sandsenet Storms and Stormcast.

My name is Johannes Ulrich and today I'm recording from Jackson, Florida.

We got a couple updates regarding the NSA exploits leaked by Shadowbroker.

Juniper now has a statement about its share of the exploits.

Apparently the Exploids League do allow an attacker to install malicious firmware images

or add malicious firmware images.

Juniper does refer to a document they published in 2008 about some validation issues with

firmware that may be exploited in these released exploits.

Juniper also states that they have reviewed several thousands as they say of

firmware images and haven't found any yet that they think were compromised.

Now, regarding the SNMP vulnerabilities that were exploited by the Cisco exploits in this release,

turns out they may actually work against newer versions of ASA firewalls as well.

Thus require some adaptation, but silent signal stated that they were able to make these exploits

work against current version of Cisco firewalls.

Cisco has released updates a couple days ago, so certainly something that

probably should expedite. And in the cat mouse game between researchers and bad guys that come

up with ransomware, another round went to researchers and this time against the wildfire ransom bear. Now

wildfire isn't so far special that it targets Dutch and Belgian users. It does so

by using emails that are written flawless Dutch and of course with most of

these emails being written in English.

Dutch emails to a local Dutch speaker are very enticing and less likely to raise suspicion.

Well, research has now published 5,800 encryption keys for infected systems.

...