2015, Encryption, Libraries and Security - Information Management Today

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

JANUARY 22, 2020

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches in Daytona Beach, Florida, following a cyberattack.

Libraries

Libraries Ransomware Encryption Access

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The flaw could be exploited by malicious programs trigger a denial of service condition by interrupting the encryption service for other programs. Pierluigi Paganini.

Libraries

Libraries Encryption Security IT

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

NOVEMBER 10, 2019

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. The Apple expert Bob Gendler discovered that the Apple Mail app available on macOS stores leaves a portion of users encrypted emails in plaintext in a database called snippets. ” continues the post.

Encryption

Encryption Libraries Data collection Privacy

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

Message Decryption Key for Signal Desktop application stored in plain text

Security Affairs

OCTOBER 23, 2018

The flaw affects the process implemented by the Signal Desktop application to encrypt locally stored messages. Signal Desktop application leverages an encrypted SQLite database called db.sqlite to store the user’s messages. The encryption key is used each time Signal Desktop application accessed the database.

Encryption

Encryption Passwords Libraries Cybersecurity

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. “Both Mac and Linux variants use the WolfSSL library for SSL communications.

Libraries

Libraries Communications Encryption Authentication

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. ” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. newversion file extension instead of.

Ransomware

Ransomware Government Encryption Passwords

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty , group is using a loader leveraging steganography to deliver a version of Denes backdoor and an updated version of Remy backdoor. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Encryption Communications Manufacturing

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

FEBRUARY 10, 2020

The good news is that according to the Agency, data was encrypted, it also added that Google and Adobe were not able to see the CP R numbers. “Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. ” states the Government Agency. “Google has accessed 1.2

Encryption

Encryption Libraries Access Government

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. exe will drop malware components — several C++ and Python libraries and the Python 2.7 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Libraries Encryption Archiving

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

JANUARY 11, 2019

Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. The good news is that security researcher Mike Bautista at Cisco Talos group released a decryption tool that allows them to decrypt their files for free. Pierluigi Paganini.

Ransomware

Ransomware Encryption Passwords Libraries

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

The best news of the week with Security Affairs. A backdoor mechanism found in tens of Ruby libraries. million to allow towns to access encrypted data. Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Mining Data breaches Libraries

Security Affairs newsletter Round 188 – News of the week

Security Affairs

NOVEMBER 11, 2018

The best news of the week with Security Affairs. Apple T2 security chip in new MacBooks disconnects Microphone when lid is closed. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain. Apache Struts users have to update FileUpload library to fix years-old flaws. 20% discount. Kindle Edition.

Security

Security IoT Insurance Libraries

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. ” reads the security advisory. Experts pointed out that Microsoft failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. Pierluigi Paganini.

Security

Security Authentication Libraries Encryption

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. In these attacks, the encryption key used is the string “HELLO_USA_PRISIDENT.”

File names

File names Encryption Libraries IT

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Libraries Encryption Security

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

NOVEMBER 27, 2018

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers. The malicious code was introduced in the version 3.3.6, through 5.1.0

Libraries

Libraries Encryption IT Security

Evilnum APT used Python-based RAT PyVil in recent attacks

Security Affairs

SEPTEMBER 3, 2020

The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The malware communicates with the C2 communications via POST HTTP requests and uses RC4 encryption with a hardcoded key encoded with Base64. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Encryption File names Metadata

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The hackers appear to be interested in getting access to the library, they sent phishing messages to people with access to the library of the targeted university.

Phishing

Phishing Libraries File names Metadata

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

Over the weekend, users have been complaining on Nook’s Facebook page and Twitter that they were not able to access their library of purchased eBooks and magazine subscriptions. 2/2) Please be assured that there is no compromise of customer payment details which are encrypted and tokenized. Thank you for your patience.

Ransomware

Ransomware Encryption Retail Access

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

.” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the analysis.

Ransomware

Ransomware Phishing File names Encryption

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Mining

Mining Libraries Access Encryption

New JNEC.a Ransomware delivered through WinRAR exploit

Security Affairs

MARCH 19, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The ransomware encrypts data on the victim’s machine and appends the.Jnec extension to the encrypted data asking a ransom 0.05 bitcoins (about $200). Pierluigi Paganini.

Ransomware

Ransomware Archiving Encryption Libraries

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

JSWorm encrypts all the user files appending a new extension to their name. During the encryption phase, the ransomware creates an HTML Application “JSWRM-DECRYPT.hta” in each folder it encounters. The malware encrypts all the files whose extension is not present in the list. Figure 3: Extensions excluded from encryption.

Ransomware

Ransomware Encryption File names Libraries

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even after users attempt to uninstall it. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. and Russia. Pierluigi Paganini.

Manufacturing

Manufacturing Libraries Access Encryption

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Security researcher Eyal Itkin from Check Point analyzed the Picture Transfer Protocol (PTP) implementation in Canon EOS 80D DSLR cameras and discovered six vulnerabilities that could be exploited for several attacks. The expert was able to access the keys for verifying the authenticity of the firmware and for encrypting it.

Ransomware

Ransomware Encryption Libraries Authentication

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Security Affairs

JANUARY 15, 2020

Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. dll module that contains various ‘Certificate and Cryptographic Messaging functions’ used by the Windows Crypto API for data encryption. . The flaw affects the way Crypt32.dll

Libraries

Libraries Encryption Security Risk

Nodersok malware delivery campaign relies on advanced techniques

Security Affairs

SEPTEMBER 28, 2019

One of the second-stage instances of PowerShell downloads the legitimate node.exe tool, while another drops WinDivert packet capture library components. based payload, and a bunch of encrypted files. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

e-Delivery

e-Delivery Retail Libraries Education

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Military

Military Communications Libraries Encryption

Buran ransomware-as-a-service continues to improve

Security Affairs

NOVEMBER 12, 2019

Buran is advertised as a stable malware that uses an offline cryptoclocker , 24/7 support, global and session keys, and has no third-party dependencies such as libraries. The malware will encrypt the files only if the machines are not in Russia, Belarus or Ukraine. . ” reads the analysis published by McAfee. Pierluigi Paganini.

Ransomware

Ransomware Encryption Libraries Security

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Shade encrypts all the user files using an AES encryption scheme. Main of the JS script.

Ransomware

Ransomware Mining File names Encryption

Proton Technologies makes the code of ProtonMail iOS App open source

Security Affairs

NOVEMBER 2, 2019

“Although issues with certificate validation have been identified within the encrypted communication between the mobile application and the backend system, the inner layer of end-to-end encryption could not be broken.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Encryption

Encryption Privacy Libraries Risk

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. One of the addresses disguised the Bot sample as a Google font library “ roboto. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Honeypots

Honeypots Systems administration Passwords IoT

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications

Communications Encryption Metadata Libraries

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks.

IoT

IoT Libraries IT Security

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Security Affairs

JANUARY 29, 2019

The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further analysis. Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel. AutoIt script’s main function.

Communications

Communications Libraries Encryption Security

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Security Affairs

NOVEMBER 1, 2019

This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers. The post CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks appeared first on Security Affairs.

Libraries

Libraries Encryption Security IT

Operation Red Signature – South Korean Firms victims of a supply chain attack

Security Affairs

AUGUST 22, 2018

Security researchers from Trend Micro have uncovered a supply chain attack, tracked as Operation Red Signature, against organizations in South Korea. This dynamic-link library (DLL) is responsible for decrypting the encrypted rcview.log file and executing it in memory. Supply Chain Attack Hits South Korean Firms.

Passwords

Passwords Libraries Encryption Access

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

Security firms such as Proofpoint and Eset analyzed other samples of the same threat targeting the Australian landscape back in May 2018 and, more recently, in Italy. These registry keys are responsible of the loading of dynamically linked libraries in the “read only ” and “ hidden ” “ C:ProgramDataD93C2DAC ”. Pierluigi Paganini.

Libraries

Libraries Phishing Encryption Authentication

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

The two dll are legit windows library and are used in support of the malicious behaviour. This executable has got a sophisticated encryption method of communication with the C2: Figure 13: Evidence of the decrypting routine of the certificate. The downloaded code has been encrypted through the Rijndael algorithm with a hard-coded key.

Military

Military Communications Encryption IT

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Security Affairs

SEPTEMBER 20, 2019

Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. At this point, the control finally passes to the “ swety.dll ” library, the module in charge to detect the analysis environment. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Introduction.

Libraries

Libraries Passwords IT Phishing

Feature Differences in Office 365 Plans

JKevinParker

MARCH 2, 2015

So I checked out the latest Office 365 service comparison page on TechNet (updated 1/28/2015 at the time of this post). Feature Differences in Office 365 Plans (January 2015). Features (Updated 1/28/2015) Office 365 Business Premium Office 365 Enterprise E1 Office 365 Enterprise E3. BCS: Secure Store Service No No Yes.

Archiving

Archiving Libraries Encryption Compliance

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

“Importantly, our own investigation has determined that, beyond this much-publicized security breach, the group has leveraged the same backdoor to open a covert access channel to the foreign offices of another two European countries, as well as to the network of a major defense contractor.” Pierluigi Paganini.

Metadata

Metadata Military Libraries Access

Taking down Gooligan: part 1 — overview

Elie

MARCH 10, 2018

Overcoming these challenges fuels our understanding of the security and abuse landscape. mail delivery security. This APK embedded a secondary hidden/encrypted payload. Play Store app module : This is an injected library that allows the malware to issue commands to the Play store through the Play store app.

Libraries

Libraries Access Encryption Passwords

Malware attack took down 600 computers at Volusia County Public Library

Google expert disclosed details of an unpatched flaw in SymCrypt library

Trending Sources

Apple Mail stores parts of encrypted emails in plaintext DB

EventBot, a new Android mobile targets financial institutions across Europe

Message Decryption Key for Signal Desktop application stored in plain text

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

CERT France – Pysa ransomware is targeting local governments

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

1.2 million CPR numbers for Danish citizen leaked through tax service

New PyLocky Ransomware stands out for anti-machine learning capability

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs newsletter Round 228

Security Affairs newsletter Round 188 – News of the week

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

New KilllSomeOne APT group leverages DLL side-loading

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Evilnum APT used Python-based RAT PyVil in recent attacks

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Blue Mockingbird Monero-Mining campaign targets web apps

New JNEC.a Ransomware delivered through WinRAR exploit

JSWorm: The 4th Version of the Infamous Ransomware

xHelper, the Unkillable Android malware that re-Installs after factory reset

Infecting Canon EOS DSLR camera with ransomware over the air

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Nodersok malware delivery campaign relies on advanced techniques

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Buran ransomware-as-a-service continues to improve

The Long Run of Shade Ransomware

Proton Technologies makes the code of ProtonMail iOS App open source

Roboto, a new P2P botnet targets Linux Webmin servers

Attor malware was developed by one of the most sophisticated espionage groups

Kaiji, a new Linux malware targets IoT devices in the wild

Sofacy’s Zepakab Downloader Spotted In-The-Wild

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Operation Red Signature – South Korean Firms victims of a supply chain attack

Analyzing a Danabot Paylaod that is targeting Italy

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Feature Differences in Office 365 Plans

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Taking down Gooligan: part 1 — overview

Stay Connected