Emsisoft Internet Security

Emsisoft Internet Security
Antivirus & Anti-Malware & Firewall, all-in-one. For some time now, our clients have been expressing the desire to have Emsisoft Anti-Malware and Emsisoft Online Armor combined into one single interface. Emsisoft Internet Security combines the best of both worlds and completes Emsisoft Anti-Malware with a new efficient firewall core that is as powerful as the one found in Emsisoft Online Armor's but doesn't cut back on usability.

Πέμπτη, 28 Μαΐου 2015

Locker Ransomware Support Topic - General Security

This is the support topic for the Locker Ransomware.
The Locker ransomware has a very large install base that has affected
many people globally. As this topic is already quite large, and will
likely grow larger, this first post will be used to post any new
information as it becomes available.



Summary

The
Locker ransomware is a computer infection that silently runs on a
victim's computer until May 25 Midnight local time at which point it
became active. Once active, it will begin to encrypt the data files on
the computer with what appears to be RSA encryption. When encrypting the
data files it will not change the extension of the
file. Therefore, the only way to determine if the file is encrypted is
by trying to open it and being told that the file is corrupt or not
usable.

After the Locker ransomware encrypts your data it will
delete your shadow volume copies and then display the Locker interface.
This interface will be titled Locker and then a random version number.
This version number does not appear to have any significance. Some
example titles are Locker v1.7, Locker v3.5.3, Locker V2.16, and Locker
V5.52. This Locker screen will give you information on how to pay the
ransom, your unique bitcoin address to send the ransom to, a list of
encrypted files, and a page to check the status of your payment. More.....


Locker Ransomware Support Topic - General Security

Τρίτη, 26 Μαΐου 2015

Locker ransomware hides until midnight on May 25th and then encrypts your data - News



A new ransomware called Locker has been discovered that
once installed lay dormant until midnight local time on May 25th when
it would activate and encrypt your data files. Once your files were
encrypted it would demand .1 bitcoins in order to decrypt your files. If
payment was not made within 72 hours, the ransom price would then
increase to 1 bitcoin. This ransomware is currently widespread with
global targeting. More.....

Locker ransomware hides until midnight on May 25th and then encrypts your data - News

Κυριακή, 24 Μαΐου 2015

(UAC) User Assisted Compromise - Room362.com

A number of times during tests I’ve actually run into those mythical creatures called “patched windows machines”. At DerbyCon Chris Gates and I released the “Ask” post module (which I had failed to publish). This module very simply uses the ShellExecute windows function via Railgun with the undocumented (but very well known) operator of ‘runas’. These two lines accomplished that:



(UAC) User Assisted Compromise - Room362.com

Trick me once, ShameOnUAC



ShameOnUAC

When the Cylance SPEAR Team was formed late last year we started
looking into an area that we had long wanted to study: the potential for
subverting programs during privilege elevation through UAC. We created
proof of concept malware that attacks Windows Explorer, which we dubbed
ShameOnUAC.


ShameOnUAC injects itself into the unprivileged Explorer process,
where it hooks SHELL32!AicLaunchAdminProcess and waits for the user to
ask to run a program as administrator. It then then tampers with the
elevation requests before they're sent to the AppInfo service. (This is a
downside of having an unprivileged process submit elevation requests
for you.)


Here's how UAC works normally:





Trick me once, ShameOnUAC

Installer stuck at 18% when upgrading from Windows 10 (10074 to 10122) - Enterprise Mobility Tips - Site Home - TechNet Blogs

Are you trying to upgrade to Windows 10 preview build 10122 and the
installation hangs at 18%? The following approach unblocked me,
hopefully it works for you too – please let us know in the comments:


  • Download psexec.exe from sysinternals to e.g. c:\temp
  • Open an elevated command prompt
  • Execute psexec with the following parameters (try not to copy/paste):
    • C:\Temp\psexec.exe –s –i cmd.exe
  • A command prompt in the system context should launch: 
  • More....
Installer stuck at 18% when upgrading from Windows 10 (10074 to 10122) - Enterprise Mobility Tips - Site Home - TechNet Blogs

Debugging Tutorial Index - Sysnative Forums

 !tz and !tzinfo WinDbg Extensions - Thermal Zone ACPI Trip Levels

Debugging Tutorial Index - Sysnative Forums

Meet 'Tox': Ransomware for the Rest of Us - McAfee

The packaging of malware and malware-construction kits for cybercrime
“consumers” has been a long-running trend. Various turnkey kits that
cover remote access plus botnet plus stealth functions are available
just about anywhere. Ransomware, though very prevalent, has not yet
appeared in force in easy-to-deploy kits.


But now we have Tox–and it’s free.



Meet 'Tox': Ransomware for the Rest of Us - McAfee



Τετάρτη, 13 Μαΐου 2015

Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering ...

Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering ...: Author: Dr. Xiang Fu Roadmap: You need to first follow Tutorials 1 to 4 to set up the lab configuration. Then each tutorial addresses an ...

The El-Polocker ransomware is no chicken as it encrypts your drives and shares - News

A new "Breaking Bad" themed ransomware called El-Polocker,
or Los Pollos Hermanos, has been targeting and encrypting Australian
victim’s data and requesting $450 AUD in order to get their files back.
This ransomware is distributed by fake DHL penalty notices that request
payment of unpaid fees. This notice contains a DropBox link to a zipped
VBS file that when launched will execute a PowerShell script that
encrypts your files with AES encryption. Unfortunately, the decryption
keys are stored on the Command & Control server and there is
currently no way to decrypt your files for free. More....





The El-Polocker ransomware is no chicken as it encrypts your drives and shares - News

Δευτέρα, 11 Μαΐου 2015

Dynamoo's Blog: Malware spam: "Payment details and copy of purchas...

Dynamoo's Blog: Malware spam: "Payment details and copy of purchas...: I haven't really had time to analyse this, so I am using the analysis of an anonymous source (thank you).. From :    Kristina Prest...

PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

 Flaw could
allow attackers to compromise user accounts, WhiteHat Security's Robert
Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash'
vulnerability.


A
weakness in the manner in which PHP handles hashed strings in certain
situations gives attackers an opportunity to try and compromise
authentication systems, passwords, and other functions involving hash
comparisons in PHP, a researcher from WhiteHat Security says.
Robert Hansen, vice president of WhiteHat, describes the issue as one
that affects any website that uses two specific types of operators for
comparing hashes in PHP.


The issue mostly affects authentication, but it could also effect
"forgot password" flows, nonces, binary checking, cookies, and
passwords, among other things, Hansen, aka RSnake, told Dark Reading.
"It totally depends on the website, and how it's constructed." More...



PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

Παρασκευή, 8 Μαΐου 2015

[TITULO DEL DOCUMENTO] - CPL-Malware-in-Brasil-zx02m.pdf

 

[TITULO DEL DOCUMENTO] - CPL-Malware-in-Brasil-zx02m.pdf

Windows 10 Microsoft Passport (aka Microsoft Next Generation Credential) In Detail » Active Directory Security



At the Microsoft Ignite conference this week, there are several
sessions covering Windows 10 features. One of biggest changes in Windows
10 is the new credential management method and the related “Next
Generation Credential”, now named Microsoft Passport.


There hasn’t been much information on how the new credential system
works, so I challenged myself to gather as much information and
understand it as best as possible before the Microsoft Ignite conference
ends this week. This post covers my understanding of this (still beta)
technology.


Note that the information in this post is subject to change
(& my misunderstanding). As I gain clarification, I will update this
post.



Traditional Windows Credential Management


Up until Windows 10, when a user logs on, the user’s credentials are verified, hashed, and loaded into LSASS (Local Security Authority Subsystem Service),
a process in protected memory. The user credential data is stored in
LSASS for authenticating the user to network resources without having to
prompt the user for their password. The issue is that up until Windows
8.1, the user’s clear-text password (reversible encryption) is no longer
placed in LSASS, though the user’s NTLM password hash, among others,
are still stored in LSASS. When using Kerberos, the user’s Kerberos
tickets are stored in LSASS. More....



Windows 10 Microsoft Passport (aka Microsoft Next Generation Credential) In Detail » Active Directory Security

All about Microsoft

Latest news and stories from BleepingComputer.com

Share