Silensec Newsletter

Top News

Bad Rabbit Ransomware leverages the NSA Exploit for lateral movements

New precious details emerge from the analysis of malware researchers at Cisco Talos and F-Secure who respectively discovered and confirmed the presence an NSA exploit in the Bad Rabbit ransomware.

On October 24, hundreds of organizations worldwide were hit by the Bad Rabbit ransomware, mostly in Russia and Ukraine.

The first reports on the ransomware revealed that the malicious code also relies on the Server Message Block (SMB) protocol to spread within the targeted network.

Almost every analysis produced since the discovery of the Bad Rabbit ransomware revealed many similarities between Bad Rabbit and NotPetya, including the targeting of Ukraine and Russia, the usage of Mimikatz tool, and the same type of file encryption.

However, while NotPetya is a wiper disguised by a ransomware, Bad Rabbit appears to be a real ransomware.According to malware researchers, NotPetya has been linked to BlackEnergy APT, for this reason, some experts suggest the same threat actor could be behind the Bad Rabbit ransomware.

Read more...

FBI Director Wray is Wrong About Section 702 Surveillance

Newly-minted FBI Director threw out several justifications for the continued, warrantless government search of American communications. He’s wrong on all accounts. His is concerned with the potential expiration of the one of the government’s most powerful surveillance tools, Section 702 of the FISA Amendments Act, which allows the NSA, among other angencies like FBI, to collect emails, browser history and chat logs of Americans. Section 702 also allows other agencies, like the FBI, to search through that data without a warrant. Those searches are called “backdoor searches.”

Read more...

Read more...

Top News

ROCA vulnerability (CVE-2017-15361) allows attackers to recover users Private RSA Keys

While security experts are discussing the dreaded KRACK attack against WiFi networks IT giants, such as Fujitsu, Google, HP, Lenovo, and Microsoft; the companies are warning their customers of a severe flaw in widely used RSA cryptographic library.

The vulnerability, dubbed ROCA (Return of Coppersmith’s Attack), could potentially allow a remote attacker to reverse-calculate a private encryption key just by having a target’s public key.

The vulnerability in Infineon’s Trusted Platform Module (TPM), dubbed ROCA (Return of Coppersmith’s Attack), was discovered by security researchers at Masaryk University in the Czech Republic.

The researchers published the details of the ROCA vulnerability in a blog post and also published a tool online that could be used to test if RSA keys are vulnerable to this dangerous flaw.

Read more...

WPA2 security in trouble as KRACK Belgian boffins tease key re-installation bug

A promo for the upcoming ACM security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections.

The authors have everything ready except the details of their disclosure: acceptance at the ACM Conference on Computer and Communications Security (CCS) for their paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, a timeslot, a so-far-empty GitHub repository, and a placeholder Website at krackattacks(dot)com.

The disclosure is due some time on the October 16.

Read more...

Read more...

Top News

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

It is now claimed Israeli spies hacked into Kaspersky's backend systems only to find Russian snoops secretly and silently using the software as a global search engine.

Kremlin agents were observed in real-time sweeping computers worldwide for American cyber-weapons, and then extracting any matching files.

The Russians, using codenames for American software exploits, hacked Kaspersky's servers to harvest suspicious data flagged up by the antivirus.

In short, Kaspersky's code was being used as a global searchable spying tool by the Russian government, it is alleged.

Read more...

Equifax credit assistance site served spyware

Equifax recently reported that it has removed 3rd-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software.

On Wednesday, security expert and blogger Randy Abrams documented how browsing a page at Equifax’s consumer information services portal caused his browser to be served with a message urging him to download Adobe Flash Player.

“As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL,” Abrahms wrote. “The URL brought up one of the ubiquitous fake Flash Player Update screens.”

Since the incident was reported, Equifax took the web page offline to conduct further analysis and despite early reports, the company confirmed its systems were not compromised and did not affect their consumer online dispute portal.

Read more...

Read more...

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed