The document summarizes some of the most well-known closed vulnerabilities from 2017, including Cloudbleed, Shadow Broker Exploit Dumps containing the EternalBlue exploit, Apache Struts vulnerabilities like CVE-2017-5638 which enabled the Equifax breach, the Toast Overlay Android vulnerability, and BlueBorne issues in Bluetooth. It notes that vulnerabilities like these, whether known or unknown, pose risks if attackers are aware of them. Prioritizing fixes for the most widely known issues first can help improve security.

1. The most well-known closed vulnerabilities
(‫شهرة‬ ‫األكثر‬ ‫المغلقة‬ ‫الضعف‬ ‫نقاط‬)
‫المتدرب‬:‫خان‬ ‫محمد‬ ‫رياض‬.
‫المقرر‬ ‫مدرب‬:‫م‬.‫هللا‬ ‫عبد‬ ‫بن‬ ‫ابراهيم‬‫العديني‬.

2. Introduction:
A hacker or cybercriminal’s toolbox would not be complete without
vulnerabilities and exploits. They are what social engineering is to fraudsters
and scammers. In the first half of 2017, Trend Micro’s Zero Day Initiative
discovered and disclosed 382 new vulnerabilities. Zero-days in 2017 increased
to 49 from a mere eight the previous year. Any one of these can allow an
attacker into a vulnerable system or network, which is why it's important to
keep the systems and applications updated (or deploy virtual patching). As this
year’s biggest cybersecurity incidents showed, it only takes one weak link to
affect millions.

3. Cloudbleed:
Divulged by Google’s Project Zero team in February, Cloudbleed is a security issue in
Cloudflare’s proxy services. The bug allowed unauthorized access to sensitive data in the
memory of programs run on the internet infrastructure provider’s web servers. These
include credentials, website cookies/browsing sessions, Application Program Interface (API)
keys, and private messages that search engines like Google’s cached.
Cloudbleed was initially pegged to be the next Heartbleed given the list of potential victims,
which includes the likes of Uber, FitBit, and OKCupid. Cloudbleed was reportedly triggered
1.2 million times by more than 6,000 websites. Fortunately, Cloudflare was quick to remedy
the issue with a patch and its impact has been minimal so far.

4. Shadow Broker Exploit Dumps:
in 2016, a hacker group named Shadow Brokers put several stolen hacking tools and
exploits up for sale, but failed to make a profit. The group incrementally dumped the tools
the following year, including the infamous EternalBlue exploit. The trove of leaked tools
included more than 20 exploits and 30 information-stealing Trojans.
Among them is DoublePulsar, a backdoor implant that enabled attackers to execute
shellcode. It was the initial payload many of the exploits dropped. Among the most notable
are EternalRomance, which Petya and Bad Rabbit ransomware also used; and
EternalSynergy, a customized version of which was found in Bad Rabbit’s code. Many of the
exploits leverage flaws in Windows’ Server Message Block (SMB).

5. EternalBlue:
Another exploit included in the Shadow Brokers leak back in April, EternalBlue exploits a
vulnerability (CVE-2017-0144) in the Server Message Block (SMB) protocol in Windows. It
was shortly weaponized to deliver WannaCry, resulting in one of the most damaging
ransomware outbreaks yet. Others followed suit—UIWIX and Petya/NotPetya
ransomware, cryptocurrency miners, and the Retefe banking Trojan, among others.
Seven months later, EternalBlue is still alive and kicking. In fact, it remains to be one of
the most prevalent exploits detected by Trend Micro sensors, along with
EternalChampion (CVE-2017-0147). Despite the notoriety gained during the WannaCry
outbreak, EternalBlue still triggered over 515,000 MS17-010-related security events from
November 20 to 26.

6. Apache Struts:
The open-source framework used for building Java web applications grabbed
headlines this year when the attack vector for the Equifax data breach was
confirmed to be a vulnerability in Apache Struts. The security flaw (CVE-2017-
5638), which was patched last March, allowed attackers to gain unauthorized
access to data via remote code execution. The impact was unprecedented,
affecting 145 million U.S. and 400,000 U.K. customers, as well as 100,000 Canadian
consumers.
The Equifax data breach wasn’t just a case of stolen passwords or credit card
information. The data involved information that isn't easily replaced when stolen.
Several notable vulnerabilities in Apache Struts were also divulged this year:
OptionsBleed (CVE-2017-9798), which can leak sensitive information when
exploited; as well as CVE-2017-9805 and CVE-2017-9791 that can enable attackers
to execute remote code.

7. Toast Overlay:
At the last Black Hat conference, security researchers presented their findings
on a vulnerability (CVE-2017-0752) in the Android mobile operating system.
Dubbed Toast Overlay, it can deceive unwitting users into installing malware
by superimposing benign images atop malicious apps. Toast Overlay abuses
the alerts and notifications features in Android’s Accessibility Service. All
versions of Android were susceptible except the latest, Oreo.
Last November, Trend Micro came across several apps in Google Play carrying
malware that fully weaponized the Toast Overlay proof of concept:
TOASTAMIGO. It downloads and installs another malware, AMIGOCLICKER,
which has ad-clicking and persistence capabilities.

8. BlueBorne:
BlueBorne is a set of security flaws affecting the implementation of Bluetooth
in Android, Linux, iOS, and Windows operating systems.
BlueBorne are authentication, authorization, and information disclosure
issues. BlueBorne can lead to man-in-the-middle attacks when successfully
exploited, letting hackers hijack the Bluetooth-enabled device.
The flaws enable an attacker to sniff, spy on, intercept or divert traffic
between vulnerable Bluetooth-enabled devices in order to access their data.
BlueBorne reportedly affects as many as 5.3 billion Bluetooth-enabled devices.
Vendors accordingly rolled out patches for their platforms.

9. Summary:
A vulnerability is a vulnerability, whether known or not. The key difference
between the two is the likelihood of an attacker to be aware of this
vulnerability, and thus try to exploit it. Therefore, the better known the
vulnerability is, the more urgent it is to deal with it.
It’s recommended to prioritize the first three types of vulnerabilities, perhaps,
in order. Once you have those under control, work towards fixing those
further down the list.

10. Thanks for watching
https://www.trendmicro.com
https://www.csoonline.com