Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. ” As a result of the incident, the computers at the library were not able to surf the web.

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. file that is located in “/Users/(username)/Library/Suggestions/” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The post Google expert disclosed details of an unpatched flaw in SymCrypt library appeared first on Security Affairs.

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard.

A RESTful API Delivers Flexibility for Vormetric Application Encryption

Thales eSecurity

One of the long standing challenges with security applications that involve data encryption has been key management. Vormetric Application Encryption. Today’s Vormetric Application Encryption provides a library that provides the PKCS #11 interface as a dynamically loadable library (.DLL)

Unhackable Cryptography?

Schneier on Security

A recent article overhyped the release of EverCrypt , a cryptography library created using formal methods to prove security against specific attacks. cryptography encryption hacking snakeoil

Granular Security at the App Level

Thales eSecurity

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys. This blog returns to the “SDK” flavor of Vormetric Application Encryption. Encryption

ProtonMail launches Address Verification and full PGP support

Security Affairs

Address Verification allows you to be sure you are securely communicating with the right person, while PGP support adds encrypted email interoperability. When ProtonMail first launched in 2014, our goal was to make email encryption ubiquitous by making it easy enough for anybody to use.

Message Decryption Key for Signal Desktop application stored in plain text

Security Affairs

The flaw affects the process implemented by the Signal Desktop application to encrypt locally stored messages. Signal Desktop application leverages an encrypted SQLite database called db.sqlite to store the user’s messages.

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

JSWorm encrypts all the user files appending a new extension to their name. During the encryption phase, the ransomware creates an HTML Application “JSWRM-DECRYPT.hta” in each folder it encounters. The malware encrypts all the files whose extension is not present in the list.

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

exe will drop malware components — several C++ and Python libraries and the Python 2.7 Core dynamic-link library (DLL) — along with the main ransomware executable (lockyfud.exe, which was created via PyInstaller ) in C:Users{user}AppDataLocalTempis-{random}.tmp.”

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

“While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.”

Protecting Big Data, while Preserving Analytical Agility

Thales eSecurity

Moreover, encryption keys must be protected and managed in a trusted manner for security and compliance with regulations. So, while strong encryption secures data, it must be done in a manner that does not impact performance or interfere with the database query process.

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

In this phase, the ransomware sends to the command and control server information on the encryption process, including a string that contains the Initialization Vector (IV) and a random password used by the ransomware to encrypt the files.

Patch Tuesday, December 2019 Edition

Krebs on Security

Handy in that respect is CVE-2019-1468 , a similarly widespread critical issue in the Windows font library that could be exploited just by getting the user to visit a hacked or malicious Web site.

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom.

The Doghouse: Crown Sterling

Schneier on Security

I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography. The discovery challenges today's current encryption framework by enabling the accurate prediction of prime numbers."

Buran ransomware-as-a-service continues to improve

Security Affairs

Buran is advertised as a stable malware that uses an offline cryptoclocker , 24/7 support, global and session keys, and has no third-party dependencies such as libraries. The malware will encrypt the files only if the machines are not in Russia, Belarus or Ukraine. .

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Basically, the Electron ASAR files aren't signed or encrypted, so modifying them is easy. Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp.

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

The good news is that according to the Agency, data was encrypted, it also added that Google and Adobe were not able to see the CP R numbers. “Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on.

Another Branch Prediction Attack

Schneier on Security

They also described ways the attack could be used against address space layout randomization and to infer data in encryption and image libraries.

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The landing page appears to be identical or quite similar to the spoofed library resource.

New JNEC.a Ransomware delivered through WinRAR exploit

Security Affairs

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The ransomware encrypts data on the victim’s machine and appends the.Jnec extension to the encrypted data asking a ransom 0.05

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Security Affairs

The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. “After analyzing the app, we saw an advertising library in it that contains a malicious dropper component.

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers. The library was created by Dominic Tarr, who maintained it for a long time, but when he left the project allowed an unknown programmer, called “right9ctrl” to continue its work.

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

One of the addresses disguised the Bot sample as a Google font library “ roboto. Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs.

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro).

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components.

Proton Technologies makes the code of ProtonMail iOS App open source

Security Affairs

“Although issues with certificate validation have been identified within the encrypted communication between the mobile application and the backend system, the inner layer of end-to-end encryption could not be broken.”

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Security Affairs

The flaw, dubbed ‘NSACrypt’ and tracked as CVE-2020-0601, resides in the Crypt32.dll module that contains various ‘Certificate and Cryptographic Messaging functions’ used by the Windows Crypto API for data encryption. .

Nodersok malware delivery campaign relies on advanced techniques

Security Affairs

One of the second-stage instances of PowerShell downloads the legitimate node.exe tool, while another drops WinDivert packet capture library components. based payload, and a bunch of encrypted files.

Retail 102

China-linked APT41 group targets US-Based Research University

Security Affairs

“HIGHNOON is a backdoor that consists of multiple components, including a loader, dynamic-link library (DLL), and a rootkit. Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based based research university.

The Long Run of Shade Ransomware

Security Affairs

This file acts as downloader in the infection chain, using a series of hard-coded server addresses, It heavily rely on obfuscation and encryption to avoid the antimalware detection. Shade encrypts all the user files using an AES encryption scheme.

Taking down Gooligan: part 2 — inner workings

Elie

This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Encrypting malicious payload is a very old malware trick that has been used by.

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Security Affairs

Experts pointed out that Microsoft failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. The flaw could be exploited by malicious programs trigger a denial of service condition by interrupting the encryption service for other programs.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

Libraries in Onondaga Co., Federated Library System working on its online system following a ransomware attack (unknown). Maitland, FL, dentist says five months of patient records encrypted by ransomware (unknown).

Security Affairs newsletter Round 228

Security Affairs

A backdoor mechanism found in tens of Ruby libraries. million to allow towns to access encrypted data. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs.

Security Should Never Be on Holiday

Thales eSecurity

Stay away from shared computers in business centers, libraries or coffee shops. I saved the best for last as encryption is what we do at Thales, we protect the most sensitive data for organizations around the globe. For many organizations, July and August are synonymous with holidays.

Taking down Gooligan: part 2 — inner workings

Elie

This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Encrypting malicious payload is a very old malware trick that has been used by.

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

The two dll are legit windows library and are used in support of the malicious behaviour. This executable has got a sophisticated encryption method of communication with the C2: Figure 13: Evidence of the decrypting routine of the certificate. Exclusive: Pakistan and India to armaments.