Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Wednesday, May 13, 2015

Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering ...

Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering ...: Author: Dr. Xiang Fu Roadmap: You need to first follow Tutorials 1 to 4 to set up the lab configuration. Then each tutorial addresses an ...

The El-Polocker ransomware is no chicken as it encrypts your drives and shares - News

A new "Breaking Bad" themed ransomware called El-Polocker,
or Los Pollos Hermanos, has been targeting and encrypting Australian
victim’s data and requesting $450 AUD in order to get their files back.
This ransomware is distributed by fake DHL penalty notices that request
payment of unpaid fees. This notice contains a DropBox link to a zipped
VBS file that when launched will execute a PowerShell script that
encrypts your files with AES encryption. Unfortunately, the decryption
keys are stored on the Command & Control server and there is
currently no way to decrypt your files for free. More....





The El-Polocker ransomware is no chicken as it encrypts your drives and shares - News

Monday, May 11, 2015

Dynamoo's Blog: Malware spam: "Payment details and copy of purchas...

Dynamoo's Blog: Malware spam: "Payment details and copy of purchas...: I haven't really had time to analyse this, so I am using the analysis of an anonymous source (thank you).. From :    Kristina Prest...

PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

 Flaw could
allow attackers to compromise user accounts, WhiteHat Security's Robert
Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash'
vulnerability.


A
weakness in the manner in which PHP handles hashed strings in certain
situations gives attackers an opportunity to try and compromise
authentication systems, passwords, and other functions involving hash
comparisons in PHP, a researcher from WhiteHat Security says.
Robert Hansen, vice president of WhiteHat, describes the issue as one
that affects any website that uses two specific types of operators for
comparing hashes in PHP.


The issue mostly affects authentication, but it could also effect
"forgot password" flows, nonces, binary checking, cookies, and
passwords, among other things, Hansen, aka RSnake, told Dark Reading.
"It totally depends on the website, and how it's constructed." More...



PHP Hash Comparison Weakness A Threat To Websites, Researcher Says