Analysis, Encryption and Libraries - Information Management Today

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The most important change in the latest Hive variant is the encryption mechanism it adopts. ” reads the post published by Microsoft. ” continues Microsoft. .

Encryption

Encryption Ransomware Blockchain Libraries

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

eSecurity Planet

JUNE 24, 2021

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. Since then, interest in fully homomorphic encryption (FHE) has increased, largely paralleling the rise of cloud computing.

Encryption

Encryption Cloud Libraries Privacy

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

The encryption and decryption are not robust and the ransomware lack features like Windows Shadow Copy removal, File unlocking for a more thorough impact, Anti-analysis, and Defensive evasion (AMSI bypass, disabling event logging, etc.). At this point in this ransomware, the encryption process has already finished.

Ransomware

Ransomware Encryption Libraries IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Microsoft details techniques of Mac ransomware

Security Affairs

JANUARY 6, 2023

One of the most important capabilities of ransomware is the capability of targeting specific files to encrypt. FileCoder and MacRansom use the Linux find utility to search for selected files to encrypt. . “The ransomware families we analyzed often share similar anti-analysis and persistence techniques. _README_”. .

Ransomware

Ransomware Encryption Libraries Security

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Security Affairs

JUNE 15, 2022

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. “Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis. ” continues the post.

Encryption

Encryption Libraries Security Cybersecurity

OpenSSL fixed two high-severity vulnerabilities

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. of the library.

Libraries

Libraries Encryption Authentication Communications

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. ” reads the analysis published by Rising.AFR-6fyvilv #Sfile #Ransomware New Sample: 6E029B9B0A600CDC1E75A4F7228B332B pic.twitter.com/tB27dM8tjd — dnwls0719 (@fbgwls245) January 9, 2022. as the suffix name.

Ransomware

Ransomware Encryption Libraries Communications

Top Open Source Security Tools

eSecurity Planet

OCTOBER 18, 2021

It matches reported vulnerabilities to the open source libraries in code, reducing the number of alerts. Backed by a huge open source database of known exploits, it also provides IT with an analysis of pen testing results so remediation steps can be done efficiently. Read more: Metasploit: Pen Testing Product Overview and Analysis.

Security

Security Encryption Compliance Libraries

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. ” reads the analysis wrote by Wardle. The ransomware also checks for some common anti-virus solutions (e.g.

Ransomware

Ransomware Libraries Encryption Communications

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2.

Government

Government IT Encryption Libraries

Strong Encryption Explained: 6 Encryption Best Practices

eSecurity Planet

JANUARY 5, 2024

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. What Makes an Encryption Algorithm Strong?

Encryption

Encryption Passwords Libraries Security

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

The authors used different languages to hinder analysis, researchers explained. ” reads the analysis published by ESET. “Notably, the only component on system’s disk as a file is the initial component, which is in the form of a Dynamic Link Library (DLL).

Libraries

Libraries Encryption Security IT

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

OCTOBER 22, 2019

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. Still, I like seeing this kind of analysis about security infrastructure. There's a lot to argue with about the methodology and the assumptions.

Encryption

Encryption Agriculture Retail Manufacturing

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

.” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names

File names Encryption Manufacturing Libraries

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

” reads the analysis published by Cybereason. The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.”

Financial Services

Financial Services Libraries Encryption Authentication

Telegram flaw could have allowed access to users secret chats

Security Affairs

FEBRUARY 16, 2021

The “ rlottie ” folder caught their attention, it was the folder used for the Samsung native library for playing Lottie animations, originally created by Airbnb. ” reads the analysis published by Shielder experts. This library was used by Telegram developers instead of the Airbnb’s one.

Access

Access Libraries Encryption Security

Sugar Ransomware, a new RaaS in the threat landscape

Security Affairs

FEBRUARY 2, 2022

” reads the analysis published by Walmart. Other similarities were found by the experts in the GPLib library used for encryption/decryption operations. The researchers also published Indicators of Compromise (IoCs) for this threat.

Ransomware

Ransomware Retail Libraries Encryption

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

” reads the analysis published by Kaspersky researcher Denis Legezo. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. ” continues the analysis. The attack chain aims at distributing.RAR archive from the legitimate site file.io

Encryption

Encryption Libraries Archiving Communications

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

” reads hte analysis published by Trend Micro. ” Experts warn of its ability to bypass static analysis methods due to the combined use of Inno Setup Installer and PyInstaller. exe will drop malware components — several C++ and Python libraries and the Python 2.7 When successfully run, the Facture_23100.31.07.2018.exe

Ransomware

Ransomware Libraries Encryption Archiving

Wslink, a previously undescribed loader for Windows binaries

Security Affairs

OCTOBER 28, 2021

” reads the analysis published by ESET. The encrypted module is subsequently received with a unique identifier – signature – and an additional key for its decryption.” ” Wslink runs as a service and can accept modules in the form of encrypted portal executable (PE) files only from a specific IP address.

Encryption

Encryption Libraries Communications Security

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files. ” reads the analysis published by Sophos. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. ” continues the analysis. .

File names

File names Encryption Libraries IT

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

” reads the analysis published by Proofpoint. That system identifier is then encrypted with the NokNok function and base64 encoded before being used as the payload of an HTTP POST to library-store.camdvr[.]org.” ” continues the analysis.

Archiving

Archiving Cloud File names Metadata

Top 5 Application Security Tools & Software for 2023

eSecurity Planet

MAY 19, 2023

Encryption: This protects sensitive data by converting it into a coded form that can only be accessed or decrypted with the appropriate key. Encryption ensures that data remains confidential and secure, even if intercepted or accessed by unauthorized parties. This area is called static application security testing, or SAST.

Security

Security Cloud Compliance Risk

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The developers are embedding Joker as a payload that can be encrypted in different ways, either a.dex file xored or encrypted with a number, or through the same. If there is no answer, the malware remains silent since it can be running on a dynamic analysis emulator. dex file as before. explained. “If

Encryption

Encryption Libraries Cloud Security

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

. “While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.” ” reads the report published by the experts.

Libraries

Libraries Encryption Communications Manufacturing

Hackers Are Now Exploiting Windows Event Logs

eSecurity Planet

MAY 10, 2022

The system uses DLL (Dynamic Link Library) files to store some resources the application needs and will load automatically. If it does not find one, the encrypted shell code is written in 8KB chunks in the event logs. The malware analysis by Kaspersky is quite remarkable and detailed. Also read: How Hackers Evade Detection.

Encryption

Encryption Libraries Communications Security

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Security Affairs

JUNE 22, 2021

The ransomware uses OpenSSL’s AES algorithm with CBC mode to encrypt files and leverages Telegram’s API for C2 communications. The ransomware appends radioactive symbols (“ ”) to the filenames of encrypted files. . ” reads the analysis published by Trend Micro. CLI tool and library to obfuscate bash scripts.”

Ransomware

Ransomware Encryption Passwords Cloud

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

JANUARY 11, 2019

In this phase, the ransomware sends to the command and control server information on the encryption process, including a string that contains the Initialization Vector (IV) and a random password used by the ransomware to encrypt the files. “To combat this ransomware, Cisco Talos is releasing a free decryption tool.

Ransomware

Ransomware Encryption Passwords Libraries

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Security Affairs

AUGUST 27, 2019

The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. “After analyzing the app, we saw an advertising library in it that contains a malicious dropper component. ” reads the analysis published by Kaspersky. ” reads the analysis published by Kaspersky.

IT

IT Libraries Encryption Security

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

” reads the analysis published by ESET. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components. ” continues the analysis.

Communications

Communications Encryption Metadata Libraries

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

” reads the analysis published by the researchers. The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. ” continues the report.

Libraries

Libraries Communications Encryption Authentication

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

” reads the analysis published by PaloAlto Networks. ” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library. .” ” continues the analysis.

Ransomware

Ransomware Phishing File names Encryption

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

Technical Analysis. JSWorm encrypts all the user files appending a new extension to their name. During the encryption phase, the ransomware creates an HTML Application “JSWRM-DECRYPT.hta” in each folder it encounters. The malware encrypts all the files whose extension is not present in the list. The Encryption Scheme.

Ransomware

Ransomware Encryption File names Libraries

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

” reads the analysis published by Cybereason. Experts observed several variants over the recent months, it authors have improved encryption and implemented new functionality of the final Node.js The final payload of Chaes is a Node.Js information stealer that exfiltrates data using the node process.”

Phishing

Phishing Mining Libraries Encryption

Decoding the future: unravelling the intricacies of Hybrid Cloud Mesh versus service mesh

IBM Big Data Hub

JANUARY 26, 2024

It manages service-to-service communication, providing essential functionalities such as service discovery, load balancing, encryption and authentication. Language libraries for connectivity have partial and inconsistent implementation of traffic management features and are difficult to maintain and upgrade.

Cloud

Cloud Communications Libraries Encryption

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

To control the browser, the malware uses a library called Rod. The malware encrypts all the data with a key that is unique for each sample and sends it along with a sample identifier to the C2 server located at the domain name youbot[.]solutions. ” “The business listing has a logo of an eye in a red circle.

Authentication

Authentication Libraries Encryption Marketing

Buran ransomware-as-a-service continues to improve

Security Affairs

NOVEMBER 12, 2019

Buran is advertised as a stable malware that uses an offline cryptoclocker , 24/7 support, global and session keys, and has no third-party dependencies such as libraries. “In our analysis we detected two different versions of Buran, the second with improvements compared to the first one released.”

Ransomware

Ransomware Encryption Libraries Security

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

” reads an analysis published by Symantec Threat Hunter team, part of Broadcom Software. The attackers used Dynamic-link library (DLL) side-loading to deliver the malicious code. In some cases, the arbitrary shellcode is encrypted.” ” continues the report.

Government

Government Access Libraries Education

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

” reads the analysis published by 360 Netlab. One of the addresses disguised the Bot sample as a Google font library “ roboto. ” reads the analysis. Additional technical details such as IoCs are included in the analysis published by the experts. ttc “, so we named the Botnet Roboto.”

Honeypots

Honeypots Systems administration Passwords IoT

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” reads the analysis published by Secureworks. The landing page appears to be identical or quite similar to the spoofed library resource. and Switzerland.

Phishing

Phishing Libraries File names Metadata

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

This issue could be exploited only when the encryption keys are obtained via a separate attack, meaning that the attackers have to chain more exploits in their campaigns. Each payload comes compiled with a standard list of commonly used Monero-mining domains alongside a Monero wallet address,” continues the analysis. “So

Mining

Mining Libraries Access Encryption

Application Security: Complete Definition, Types & Solutions

eSecurity Planet

FEBRUARY 13, 2023

CNAP provides encryption, access control, threat detection and response features for enhanced security. Mobile behavioral analysis: Similar to user and entity behavioral analysis (UEBA) solutions, mobile behavioral analysis tools look for signs that apps are engaging in risky or malicious behaviors.

Security

Security Cloud Risk Computer and Electronics

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Technical analysis. This file acts as downloader in the infection chain, using a series of hard-coded server addresses, It heavily rely on obfuscation and encryption to avoid the antimalware detection. Shade encrypts all the user files using an AES encryption scheme. References to an Oil-Gas company.

Ransomware

Ransomware Mining File names Encryption

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Security Affairs

JANUARY 29, 2019

The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further analysis. Technical Analysis. Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel.

Communications

Communications Libraries Encryption Security

New Hive ransomware variant is written in Rust and use improved encryption method

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

Webinars

Trending Sources

Ransomware Toolkit Cryptonite turning into an accidental wiper

Webinars

Microsoft details techniques of Mac ransomware

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

OpenSSL fixed two high-severity vulnerabilities

Experts warn of attacks using a new Linux variant of SFile ransomware

Top Open Source Security Tools

New EvilQuest ransomware targets macOS users

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Strong Encryption Explained: 6 Encryption Best Practices

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Calculating the Benefits of the Advanced Encryption Standard

China-linked APT41 group targets Hong Kong with Spyder Loader

EventBot, a new Android mobile targets financial institutions across Europe

Telegram flaw could have allowed access to users secret chats

Sugar Ransomware, a new RaaS in the threat landscape

Malware campaign hides a shellcode into Windows event logs

New PyLocky Ransomware stands out for anti-machine learning capability

Wslink, a previously undescribed loader for Windows binaries

New KilllSomeOne APT group leverages DLL side-loading

Iran-linked APT TA453 targets Windows and macOS systems

Top 5 Application Security Tools & Software for 2023

New enhanced Joker Malware samples appear in the threat landscape

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Hackers Are Now Exploiting Windows Event Logs

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Victims of Pylocky ransomware can decrypt their files for free

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Attor malware was developed by one of the most sophisticated espionage groups

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

JSWorm: The 4th Version of the Infamous Ransomware

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Decoding the future: unravelling the intricacies of Hybrid Cloud Mesh versus service mesh

YTStealer info-stealing malware targets YouTube content creators

Buran ransomware-as-a-service continues to improve

Cyber espionage campaign targets Asian countries since 2021

Roboto, a new P2P botnet targets Linux Webmin servers

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Blue Mockingbird Monero-Mining campaign targets web apps

Application Security: Complete Definition, Types & Solutions

The Long Run of Shade Ransomware

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Stay Connected