The Shadow Brokers release exploits for global banking systems and Windows

midian182

Posts: 6,005   +50
Staff member

Less than a week after the Shadow Brokers came out of retirement to release a password it had previously tried to auction off, the hacking group has posted a new NSA data dump along with some (now mostly patched) Windows exploits.

“Is being too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away. TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes,” the group wrote in a post alongside the published documents.

The new leaks suggest that the NSA hacked into EastNets, a Dubai-based firm that oversees payments for SWIFT, an international financial messaging service used for transferring money between banks, particularly those in the Middle East.

Despite apparent evidence to the contrary, EastNets has denied it was hacked. "While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way. EastNets continues to guarantee the complete safety and security of its customers' data with the highest levels of protection from its SWIFT certified Service bureau," wrote EastNets CEO and founder, Hazem Mulhim, in a statement.

The Shadow Brokers' post also contained a number of Windows exploits, but Microsoft said in a blog post that it has already issued patches for the majority of the attacks, and the remaining three unpatched exploits are only designed for unsupported systems – anyone using Windows 7 or above is not at risk.

"Customers still running prior versions of these products are encouraged to upgrade to a supported offering," the post added.

What’s interesting is that four of the exploits were patched just last month, which could indicate Microsoft was informed about the vulnerabilities before they were leaked.

Permalink to story.

 

Uncle Al

Posts: 7,393   +5,831
Well, since we are running out of Nazi War Criminals, now might be a good time to re-purpose the Mossad Kidon hit teams to start tracking down these hackers and take care of them. Of course, it would be very quietly with no public announcement of each achievement, but over time it would cut their numbers significantly and once the word got out among the hackers it would drop off significantly. Not unlike the "boarder wall", it will not totally stop the practice, but if they reduced it by half or more it's going to be a good thing for everyone!
 

dogofwars

Posts: 209   +80
There is a problem with that without hacker you let the window wide open and instead you are dealing with government mal practice and an adversarial government attacking your infrastructure. Companies are just too lazy or do not want to spend the money to put proper security into their products like encryption between process and good sandboxing and heuristic monitoring software to see for the good behavior of the program you run in your infrastructure etc..

It is a sad reality that we need them in order to expose the flaw so those companies software are forced to correct the situation. The sad thing most of the hack could be prevented but most system user are clueless and the companies does not care until it hit their bottom line so until that change we need them.