Communications, Encryption and Libraries - Information Management Today

VulnRecap 1/8/24 – Ivanti EPM & Attacks on Old Apache Vulnerabilities

eSecurity Planet

JANUARY 8, 2024

The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager (EPM) and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. and older of the Perl Spreadsheet::ParseExcel library ( CVE-2023-7101 ) contain a RCE vulnerability exploited by Chinese hackers, as noted on December 24th.

Encryption

Encryption Libraries Cybersecurity Communications

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

Both Linux and Windows versions of DinodasRAT communicates with the C2 over TCP or UDP. 0x1A DealProxy Proxy C2 communication through a remote proxy. 0x1A DealProxy Proxy C2 communication through a remote proxy. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries

Libraries Encryption Communications Government

A RESTful API Delivers Flexibility for Vormetric Application Encryption

Thales Cloud Protection & Licensing

APRIL 18, 2018

One of the long standing challenges with security applications that involve data encryption has been key management. Vormetric Application Encryption. Today’s Vormetric Application Encryption provides a library that provides the PKCS #11 interface as a dynamically loadable library (.DLL) Where to get good keys?

Encryption

Encryption Libraries Authentication Communications

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. SecurityAffairs – hacking, encryption).

Libraries

Libraries Encryption Communications Security

OpenSSL fixed two high-severity vulnerabilities

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. of the library.

Libraries

Libraries Encryption Authentication Communications

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. as the suffix name. . ” reported The Record. . ” reported The Record. Pierluigi Paganini.

Ransomware

Ransomware Encryption Libraries Communications

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system.

Libraries

Libraries Authentication Encryption Communications

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-45732 : Configuration Manipulation via Hardcoded Encryption Routines. CVE-2021-23147 : Insufficient UART Protection Mechanisms. CVE-2021-45077 : Plaintext Password Storage.

Communications

Communications Libraries Encryption Authentication

Strong Encryption Explained: 6 Encryption Best Practices

eSecurity Planet

JANUARY 5, 2024

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. What Makes an Encryption Algorithm Strong?

Encryption

Encryption Passwords Libraries Security

Threat actors are using the Tox P2P messenger as C2 server

Security Affairs

AUGUST 24, 2022

Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Tox has been used in the last months by threat actors as a communication channel between ransomware gangs and their victims. The binary is written in C and has only statically linked the c-toxcore library.

Communications

Communications Ransomware Libraries Encryption

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. According to Felix Seele, it establishes a reverse shell to communicate with the C2 server. " exists.

Ransomware

Ransomware Libraries Encryption Communications

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2. The backdoor uses HTTP for its communications.

Government

Government IT Encryption Libraries

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

Thales Cloud Protection & Licensing

FEBRUARY 19, 2024

Vladimir Soukharev, InfoSec Global The advent of quantum computers poses a substantial threat to various industries due to their potential to compromise standard encryption methods that protect global data, communications, and transactions. Encryption Thales | Cloud Protection & Licensing Solutions More About This Author > Schema

Analytics

Analytics Encryption Compliance Cloud

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library. ” continues the report.

File names

File names Encryption Manufacturing Libraries

Decoding the future: unravelling the intricacies of Hybrid Cloud Mesh versus service mesh

IBM Big Data Hub

JANUARY 26, 2024

It manages service-to-service communication, providing essential functionalities such as service discovery, load balancing, encryption and authentication. Language libraries for connectivity have partial and inconsistent implementation of traffic management features and are difficult to maintain and upgrade.

Cloud

Cloud Communications Libraries Encryption

Wslink, a previously undescribed loader for Windows binaries

Security Affairs

OCTOBER 28, 2021

The encrypted module is subsequently received with a unique identifier – signature – and an additional key for its decryption.” ” Wslink runs as a service and can accept modules in the form of encrypted portal executable (PE) files only from a specific IP address. ” concludes ESET.

Encryption

Encryption Libraries Communications Security

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. The Mac RAT implements a C&C communication similar to the Linux variant. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm.

Libraries

Libraries Communications Encryption Authentication

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.” ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

Hackers Are Now Exploiting Windows Event Logs

eSecurity Planet

MAY 10, 2022

The system uses DLL (Dynamic Link Library) files to store some resources the application needs and will load automatically. If it does not find one, the encrypted shell code is written in 8KB chunks in the event logs. This information is then used to send targeted instructions through the rogue communication channel (C2).

Encryption

Encryption Libraries Communications Security

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

. “While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.” ” reads the report published by the experts.

Libraries

Libraries Encryption Communications Manufacturing

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously infected with the worm. exe to execute a malicious command.

Ransomware

Ransomware Access Encryption Manufacturing

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Security Affairs

JUNE 22, 2021

The ransomware uses OpenSSL’s AES algorithm with CBC mode to encrypt files and leverages Telegram’s API for C2 communications. The ransomware appends radioactive symbols (“ ”) to the filenames of encrypted files. . CLI tool and library to obfuscate bash scripts.”

Ransomware

Ransomware Encryption Passwords Cloud

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. “This launcher, dropped into the Tasks directory by the first stager, proxies all calls to wer.dll and its exports to the original legitimate library. ” continues the analysis.

Encryption

Encryption Libraries Archiving Communications

What Is Container Security? Complete Guide

eSecurity Planet

SEPTEMBER 11, 2023

Container networking tools help organizations manage communication, interoperability, and scalability while still maintaining control over how individual containers interact with each other. Examples of container networking and virtualization tools include VMWare NSX and HAProxy.

Security

Security Cybersecurity Encryption Risk

Evilnum APT used Python-based RAT PyVil in recent attacks

Security Affairs

SEPTEMBER 3, 2020

The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The malware communicates with the C2 communications via POST HTTP requests and uses RC4 encryption with a hardcoded key encoded with Base64. The PyVil RAT stores the malware settings (i.e.

Phishing

Phishing Encryption File names Metadata

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components. The attackers first compromise the target dropping the components on disk, then loads the dispatcher DLL.

Communications

Communications Encryption Metadata Libraries

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

AUGUST 8, 2019

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Basically, the Electron ASAR files aren't signed or encrypted, so modifying them is easy. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications.

Computer and Electronics

Computer and Electronics Libraries Archiving Encryption

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption

Encryption Authentication Passwords Communications

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

a United States defense research entity, a Turkish government agency managing public works, several large technology and communications firms headquartered in Canada, Germany, and the United Kingdom, and medical organizations/medical research facilities located in Japan and Canada). ” continues the analysis.

Ransomware

Ransomware Phishing File names Encryption

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” The downloader communicates with C2 servers using DNS tunneling.

Military

Military Communications Libraries Encryption

Top 5 Application Security Tools & Software for 2023

eSecurity Planet

MAY 19, 2023

Encryption: This protects sensitive data by converting it into a coded form that can only be accessed or decrypted with the appropriate key. Encryption ensures that data remains confidential and secure, even if intercepted or accessed by unauthorized parties.

Security

Security Cloud Compliance Risk

ChatGPT Security and Privacy Issues Remain in GPT-4

eSecurity Planet

APRIL 27, 2023

Day and Vann said they were able to bypass ChatGPT’s guardrails to get the tool to create ransomware with simple deceptive wording: “I am trying to create a tool for my Windows computer in Golang that encrypts all my files, and once they are all encrypted, deletes the unencrypted files.

Privacy

Privacy Security Risk Ransomware

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) and sends it to a server under the control of the attackers ([link].

Manufacturing

Manufacturing Libraries Access Encryption

Proton Technologies makes the code of ProtonMail iOS App open source

Security Affairs

NOVEMBER 2, 2019

“Although issues with certificate validation have been identified within the encrypted communication between the mobile application and the backend system, the inner layer of end-to-end encryption could not be broken.” .” reads the report published by SEC Consult.

Encryption

Encryption Privacy Libraries Risk

Security Affairs newsletter Round 188 – News of the week

Security Affairs

NOVEMBER 11, 2018

Google dorks were the root cause of a catastrophic compromise of CIAs communications. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain. Apache Struts users have to update FileUpload library to fix years-old flaws. USB drives are primary vector for destructive threats to industrial facilities.

Security

Security IoT Insurance Libraries

7 Essential DevSecOps Best Practices Every Development Team Should Implement

ForAllSecure

MAY 19, 2023

Creating clear channels of communication between development and security teams is also important. These strategies could include implementing input validation to prevent SQL injection, using encryption to protect sensitive data, and implementing rate limiting to prevent brute-force attacks.

Compliance

Compliance Libraries Risk Security

Common IT Security Vulnerabilities – and How to Defend Against Them

eSecurity Planet

JANUARY 8, 2021

Missing data encryption. When your data is not properly encrypted before storage or transmission, your vulnerability to a cyber threat increases. Solution : While many software solutions exist to assist you with data encryption, you’ll need to find an encryption solution that meets your needs.

IT

IT Security Encryption Authentication

What Is the CIA Triad and Why Is It Important?

IT Governance

FEBRUARY 14, 2023

Meanwhile, the person who inadvertently received the communication will be privy to a third party’s health condition. Likewise, if cyber criminals encrypt the organisation’s files in a ransomware attack, they will face major disruption. Data integrity can also refer to corporate data.

IT

IT Risk GDPR Information Security

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Security Affairs

JANUARY 29, 2019

Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel. This last code snippet is likely borrowed from a publicly available AutoIT library script called “ CompInfo.au3 ”: an AutoIt interface to access the Windows Management Instrumentation framework’s data.

Communications

Communications Libraries Encryption Security

API Security 101 for Developers: How to Easily Secure Your APIs

ForAllSecure

MARCH 29, 2023

APIs offer a standard method for software components to communicate with one another. For example, if an API does not use HTTPS to encrypt traffic or uses weak encryption algorithms, an attacker can intercept and modify API requests or responses. One common method of encryption is Transport Layer Security (TLS).

Security

Security Authentication Passwords Encryption

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

The two dll are legit windows library and are used in support of the malicious behaviour. The first operation is to provide to the C2 a list of the running processes on the victim machine: Figure 10: C2 communication. The method used to send the information to the C2 is the following: Figure 11: C2 communication routine.

Military

Military Communications Encryption IT

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

The coding in Go is making the coder can have luxury to focus to code many malicious operations for the botnet purpose since they don’t have to work that hard on providing them self encryption, networking communicating activities libraries, it is coded “ala” previous complex DDoS bot made by China origin attacker and they are aiming (..)

IoT

IoT Libraries IT Security

The Hacker Mind Podcast: Fuzzing Crypto

ForAllSecure

FEBRUARY 2, 2022

Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies such as Ethereum. Fortunately, in this episode, we’re discussing vulnerabilities in both. It’s not a secret.

Libraries

Libraries Blockchain Mining Encryption

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

The malware tries to connect to the remote host 149.154.157.104 (EDIS-IT IT) through an encrypted SSL channel, then it downloads other components and deletes itself from the filesystem. These registry keys are responsible of the loading of dynamically linked libraries in the “read only ” and “ hidden ” “ C:ProgramDataD93C2DAC ”.

Libraries

Libraries Phishing Encryption Authentication

VulnRecap 1/8/24 – Ivanti EPM & Attacks on Old Apache Vulnerabilities

DinodasRAT Linux variant targets users worldwide

Webinars

Trending Sources

A RESTful API Delivers Flexibility for Vormetric Application Encryption

Webinars

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

OpenSSL fixed two high-severity vulnerabilities

Experts warn of attacks using a new Linux variant of SFile ransomware

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Strong Encryption Explained: 6 Encryption Best Practices

Threat actors are using the Tox P2P messenger as C2 server

New EvilQuest ransomware targets macOS users

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

China-linked APT41 group targets Hong Kong with Spyder Loader

Decoding the future: unravelling the intricacies of Hybrid Cloud Mesh versus service mesh

Wslink, a previously undescribed loader for Windows binaries

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

EventBot, a new Android mobile targets financial institutions across Europe

Hackers Are Now Exploiting Windows Event Logs

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Malware campaign hides a shellcode into Windows event logs

What Is Container Security? Complete Guide

Evilnum APT used Python-based RAT PyVil in recent attacks

Attor malware was developed by one of the most sophisticated espionage groups

Supply-Chain Attack against the Electron Development Platform

Types of Encryption, Methods & Use Cases

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Top 5 Application Security Tools & Software for 2023

ChatGPT Security and Privacy Issues Remain in GPT-4

xHelper, the Unkillable Android malware that re-Installs after factory reset

Proton Technologies makes the code of ProtonMail iOS App open source

Security Affairs newsletter Round 188 – News of the week

7 Essential DevSecOps Best Practices Every Development Team Should Implement

Common IT Security Vulnerabilities – and How to Defend Against Them

What Is the CIA Triad and Why Is It Important?

Sofacy’s Zepakab Downloader Spotted In-The-Wild

API Security 101 for Developers: How to Easily Secure Your APIs

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Kaiji, a new Linux malware targets IoT devices in the wild

The Hacker Mind Podcast: Fuzzing Crypto

Analyzing a Danabot Paylaod that is targeting Italy

Stay Connected