Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. file that is located in “/Users/(username)/Library/Suggestions/” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The post Google expert disclosed details of an unpatched flaw in SymCrypt library appeared first on Security Affairs.

A RESTful API Delivers Flexibility for Vormetric Application Encryption

Thales eSecurity

One of the long standing challenges with security applications that involve data encryption has been key management. Vormetric Application Encryption. Today’s Vormetric Application Encryption provides a library that provides the PKCS #11 interface as a dynamically loadable library (.DLL)

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard.

Unhackable Cryptography?

Schneier on Security

A recent article overhyped the release of EverCrypt , a cryptography library created using formal methods to prove security against specific attacks. cryptography encryption hacking snakeoil

Granular Security at the App Level

Thales eSecurity

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys. This blog returns to the “SDK” flavor of Vormetric Application Encryption. Encryption

ProtonMail launches Address Verification and full PGP support

Security Affairs

Address Verification allows you to be sure you are securely communicating with the right person, while PGP support adds encrypted email interoperability. When ProtonMail first launched in 2014, our goal was to make email encryption ubiquitous by making it easy enough for anybody to use.

New EvilQuest ransomware targets macOS users

Security Affairs

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine.

Message Decryption Key for Signal Desktop application stored in plain text

Security Affairs

The flaw affects the process implemented by the Signal Desktop application to encrypt locally stored messages. Signal Desktop application leverages an encrypted SQLite database called db.sqlite to store the user’s messages.

How to Keep Your WFH Employees Safe From new Cybersecurity Attacks

InfoGoTo

If yours doesn’t, Gizmo’s Freeware maintains an excellent library of free software curated by its community. Although few people are going to coffee shops and libraries these days, they still may have reason to seek Wi-Fi hotspots.

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

JSWorm encrypts all the user files appending a new extension to their name. During the encryption phase, the ransomware creates an HTML Application “JSWRM-DECRYPT.hta” in each folder it encounters. The malware encrypts all the files whose extension is not present in the list.

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.”

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

exe will drop malware components — several C++ and Python libraries and the Python 2.7 Core dynamic-link library (DLL) — along with the main ransomware executable (lockyfud.exe, which was created via PyInstaller ) in C:Users{user}AppDataLocalTempis-{random}.tmp.”

Protecting Big Data, while Preserving Analytical Agility

Thales eSecurity

Moreover, encryption keys must be protected and managed in a trusted manner for security and compliance with regulations. So, while strong encryption secures data, it must be done in a manner that does not impact performance or interfere with the database query process.

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

In this phase, the ransomware sends to the command and control server information on the encryption process, including a string that contains the Initialization Vector (IV) and a random password used by the ransomware to encrypt the files.

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

“While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.”

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom.

The Doghouse: Crown Sterling

Schneier on Security

I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography. The discovery challenges today's current encryption framework by enabling the accurate prediction of prime numbers."

CERT France – Pysa ransomware is targeting local governments

Security Affairs

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files.

Another Branch Prediction Attack

Schneier on Security

They also described ways the attack could be used against address space layout randomization and to infer data in encryption and image libraries.

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Basically, the Electron ASAR files aren't signed or encrypted, so modifying them is easy. Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp.

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

The good news is that according to the Agency, data was encrypted, it also added that Google and Adobe were not able to see the CP R numbers. “Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on.

Buran ransomware-as-a-service continues to improve

Security Affairs

Buran is advertised as a stable malware that uses an offline cryptoclocker , 24/7 support, global and session keys, and has no third-party dependencies such as libraries. The malware will encrypt the files only if the machines are not in Russia, Belarus or Ukraine. .

Patch Tuesday, December 2019 Edition

Krebs on Security

Handy in that respect is CVE-2019-1468 , a similarly widespread critical issue in the Windows font library that could be exploited just by getting the user to visit a hacked or malicious Web site.

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm.

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Security Affairs

The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. “After analyzing the app, we saw an advertising library in it that contains a malicious dropper component.

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The landing page appears to be identical or quite similar to the spoofed library resource.

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.

New JNEC.a Ransomware delivered through WinRAR exploit

Security Affairs

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The ransomware encrypts data on the victim’s machine and appends the.Jnec extension to the encrypted data asking a ransom 0.05

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers. The library was created by Dominic Tarr, who maintained it for a long time, but when he left the project allowed an unknown programmer, called “right9ctrl” to continue its work.

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

This issue could be exploited only when the encryption keys are obtained via a separate attack, meaning that the attackers have to chain more exploits in their campaigns.

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro).

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks.

IoT 112

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components.

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

One of the addresses disguised the Bot sample as a Google font library “ roboto. Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs.

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.)

China-linked APT41 group targets US-Based Research University

Security Affairs

“HIGHNOON is a backdoor that consists of multiple components, including a loader, dynamic-link library (DLL), and a rootkit. Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based based research university.

Proton Technologies makes the code of ProtonMail iOS App open source

Security Affairs

“Although issues with certificate validation have been identified within the encrypted communication between the mobile application and the backend system, the inner layer of end-to-end encryption could not be broken.”

Nodersok malware delivery campaign relies on advanced techniques

Security Affairs

One of the second-stage instances of PowerShell downloads the legitimate node.exe tool, while another drops WinDivert packet capture library components. based payload, and a bunch of encrypted files.