New precious details emerge from the analysis of malware researchers at Cisco Talos and F-Secure who respectively discovered and confirmed the presence an NSA exploit in the Bad Rabbit ransomware.
On October 24, hundreds of organizations worldwide were hit by the Bad Rabbit ransomware, mostly in Russia and Ukraine.
The first reports on the ransomware revealed that the malicious code also relies on the Server Message Block (SMB) protocol to spread within the targeted network.
Almost every analysis produced since the discovery of the Bad Rabbit ransomware revealed many similarities between Bad Rabbit and NotPetya, including the targeting of Ukraine and Russia, the usage of Mimikatz tool, and the same type of file encryption.
However, while NotPetya is a wiper disguised by a ransomware, Bad Rabbit appears to be a real ransomware.According to malware researchers, NotPetya has been linked to BlackEnergy APT, for this reason, some experts suggest the same threat actor could be behind the Bad Rabbit ransomware.
Newly-minted FBI Director threw out several justifications for the continued, warrantless government search of American communications. He’s wrong on all accounts. His is concerned with the potential expiration of the one of the government’s most powerful surveillance tools, Section 702 of the FISA Amendments Act, which allows the NSA, among other angencies like FBI, to collect emails, browser history and chat logs of Americans. Section 702 also allows other agencies, like the FBI, to search through that data without a warrant. Those searches are called “backdoor searches.”
While security experts are discussing the dreaded KRACK attack against WiFi networks IT giants, such as Fujitsu, Google, HP, Lenovo, and Microsoft; the companies are warning their customers of a severe flaw in widely used RSA cryptographic library.
The vulnerability, dubbed ROCA (Return of Coppersmith’s Attack), could potentially allow a remote attacker to reverse-calculate a private encryption key just by having a target’s public key.
The vulnerability in Infineon’s Trusted Platform Module (TPM), dubbed ROCA (Return of Coppersmith’s Attack), was discovered by security researchers at Masaryk University in the Czech Republic.
The researchers published the details of the ROCA vulnerability in a blog post and also published a tool online that could be used to test if RSA keys are vulnerable to this dangerous flaw.
A promo for the upcoming ACM security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections.
The authors have everything ready except the details of their disclosure: acceptance at the ACM Conference on Computer and Communications Security (CCS) for their paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, a timeslot, a so-far-empty GitHub repository, and a placeholder Website at krackattacks(dot)com.
The disclosure is due some time on the October 16.
Equifax recently reported that it has removed 3rd-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software.
On Wednesday, security expert and blogger Randy Abrams documented how browsing a page at Equifax’s consumer information services portal caused his browser to be served with a message urging him to download Adobe Flash Player.
“As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL,” Abrahms wrote. “The URL brought up one of the ubiquitous fake Flash Player Update screens.”
Since the incident was reported, Equifax took the web page offline to conduct further analysis and despite early reports, the company confirmed its systems were not compromised and did not affect their consumer online dispute portal.