Simple and easy ways to keep your computer safe and secure on the Internet
This tutorial was created to provide tips and techniques for smart and
safe computing. When using these techniques you will not only protect
yourself and your data from hackers and viruses, but also keep your
computer running more smoothly and reliably. The advice in this tutorial
applies to all computer users and all operating systems, but we have
tried to point out specific steps for various operating systems as it
becomes necessary. By Lawrence Abrams
Monday, April 27, 2015
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau
After the takedown of Cryptolocker, we have seen the rise of
Cryptowall. Cryptowall 2 introduced “features” such as advanced
anti-debugging techniques, only to have many of those features removed
in Cryptowall 3. Ransomware is becoming an extremely lucrative business,
leading to many variants and campaigns targeting even localized regions
in their own specific languages. Although it is possible that these
multiple variants are sponsored by the same threat actor, the most
likely conclusion is that multiple threat actors are jumping in to claim
a portion of an ever increasing ransomware market. One of the latest
variants is called TeslaCrypt and appears to be a derivative of the
original Cryptolocker ransomware. Although it claims to be using
asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES
instead. Talos was able to develop a tool which decrypts the files
encrypted by the TeslaCrypt ransomware...
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau
After the takedown of Cryptolocker, we have seen the rise of
Cryptowall. Cryptowall 2 introduced “features” such as advanced
anti-debugging techniques, only to have many of those features removed
in Cryptowall 3. Ransomware is becoming an extremely lucrative business,
leading to many variants and campaigns targeting even localized regions
in their own specific languages. Although it is possible that these
multiple variants are sponsored by the same threat actor, the most
likely conclusion is that multiple threat actors are jumping in to claim
a portion of an ever increasing ransomware market. One of the latest
variants is called TeslaCrypt and appears to be a derivative of the
original Cryptolocker ransomware. Although it claims to be using
asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES
instead. Talos was able to develop a tool which decrypts the files
encrypted by the TeslaCrypt ransomware...
How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog
How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog
Lately a lot of attention has been payed to software like Superfish and Privdog
that intercepts TLS connections to be able to manipulate HTTPS traffic.
These programs had severe (technically different) vulnerabilities that
allowed attacks on HTTPS connections.
What these tools do is a widespread method. They install a root
certificate into the user's browser and then they perform a so-called
Man in the Middle attack. They present the user a certificate generated
on the fly and manage the connection to HTTPS servers themselves.
Superfish and Privdog did this in an obviously wrong way, Superfish by
using the same root certificate on all installations and Privdog by just
accepting every invalid certificate from web pages. What about other
software that also does MitM interception of HTTPS traffic?
Antivirus software intercepts your HTTPS traffic
Many Antivirus applications and other security products use similar
techniques to intercept HTTPS traffic. I had a closer look at three of
them: Avast, Kaspersky and ESET. Avast enables TLS interception by
default. By default Kaspersky intercepts connections to certain web
pages (e. g. banking), there is an option to enable interception by default. In ESET TLS interception is generally disabled by default and can be enabled with an option.
Lately a lot of attention has been payed to software like Superfish and Privdog
that intercepts TLS connections to be able to manipulate HTTPS traffic.
These programs had severe (technically different) vulnerabilities that
allowed attacks on HTTPS connections.
What these tools do is a widespread method. They install a root
certificate into the user's browser and then they perform a so-called
Man in the Middle attack. They present the user a certificate generated
on the fly and manage the connection to HTTPS servers themselves.
Superfish and Privdog did this in an obviously wrong way, Superfish by
using the same root certificate on all installations and Privdog by just
accepting every invalid certificate from web pages. What about other
software that also does MitM interception of HTTPS traffic?
Antivirus software intercepts your HTTPS traffic
Many Antivirus applications and other security products use similar
techniques to intercept HTTPS traffic. I had a closer look at three of
them: Avast, Kaspersky and ESET. Avast enables TLS interception by
default. By default Kaspersky intercepts connections to certain web
pages (e. g. banking), there is an option to enable interception by default. In ESET TLS interception is generally disabled by default and can be enabled with an option.
SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute
SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute
I have been giving some thought to how we can stop crypto-ransomware
doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.
I have been giving some thought to how we can stop crypto-ransomware
doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.
Saturday, April 25, 2015
Security Flaw in Samsung Galaxy S5 Allows Hackers to Steal Your Fingerprint
Security Flaw in Samsung Galaxy S5 Allows Hackers to Steal Your Fingerprint
Security flaw in Android
version 5.0 and below makes it possible for hackers to take fingerprint
copies and unlock Samsung Galaxy S5. This could lead to obtaining and
exploitation of victim’s personal data.
FireEye experts Yulong Zhang and Tao Wei have exposed a critical Android flaw, which makes Samsung Galaxy S5 smartphone highly vulnerable to attacks.
Experts revealed that hackers can easily obtain fingerprint data and steal personal info, thanks to the flaw and use personal data for malicious purposes.
Security flaw in Android
version 5.0 and below makes it possible for hackers to take fingerprint
copies and unlock Samsung Galaxy S5. This could lead to obtaining and
exploitation of victim’s personal data.
FireEye experts Yulong Zhang and Tao Wei have exposed a critical Android flaw, which makes Samsung Galaxy S5 smartphone highly vulnerable to attacks.
Experts revealed that hackers can easily obtain fingerprint data and steal personal info, thanks to the flaw and use personal data for malicious purposes.
Subscribe to:
Posts (Atom)