A new "Breaking Bad" themed ransomware called El-Polocker,
or Los Pollos Hermanos, has been targeting and encrypting Australian
victim’s data and requesting $450 AUD in order to get their files back.
This ransomware is distributed by fake DHL penalty notices that request
payment of unpaid fees. This notice contains a DropBox link to a zipped
VBS file that when launched will execute a PowerShell script that
encrypts your files with AES encryption. Unfortunately, the decryption
keys are stored on the Command & Control server and there is
currently no way to decrypt your files for free. More....
The El-Polocker ransomware is no chicken as it encrypts your drives and shares - News
Wednesday, May 13, 2015
Monday, May 11, 2015
Dynamoo's Blog: Malware spam: "Payment details and copy of purchas...
Dynamoo's Blog: Malware spam: "Payment details and copy of purchas...: I haven't really had time to analyse this, so I am using the analysis of an anonymous source (thank you).. From : Kristina Prest...
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
Flaw could
allow attackers to compromise user accounts, WhiteHat Security's Robert
Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash'
vulnerability.
that affects any website that uses two specific types of operators for
comparing hashes in PHP.
The issue mostly affects authentication, but it could also effect
"forgot password" flows, nonces, binary checking, cookies, and
passwords, among other things, Hansen, aka RSnake, told Dark Reading.
"It totally depends on the website, and how it's constructed." More...
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
allow attackers to compromise user accounts, WhiteHat Security's Robert
Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash'
vulnerability.
A
weakness in the manner in which PHP handles hashed strings in certain
situations gives attackers an opportunity to try and compromise
authentication systems, passwords, and other functions involving hash
comparisons in PHP, a researcher from WhiteHat Security says.
Robert Hansen, vice president of WhiteHat, describes the issue as oneweakness in the manner in which PHP handles hashed strings in certain
situations gives attackers an opportunity to try and compromise
authentication systems, passwords, and other functions involving hash
comparisons in PHP, a researcher from WhiteHat Security says.
that affects any website that uses two specific types of operators for
comparing hashes in PHP.
The issue mostly affects authentication, but it could also effect
"forgot password" flows, nonces, binary checking, cookies, and
passwords, among other things, Hansen, aka RSnake, told Dark Reading.
"It totally depends on the website, and how it's constructed." More...
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
Friday, May 8, 2015
Windows 10 Microsoft Passport (aka Microsoft Next Generation Credential) In Detail » Active Directory Security
At the Microsoft Ignite conference this week, there are several
sessions covering Windows 10 features. One of biggest changes in Windows
10 is the new credential management method and the related “Next
Generation Credential”, now named Microsoft Passport.
There hasn’t been much information on how the new credential system
works, so I challenged myself to gather as much information and
understand it as best as possible before the Microsoft Ignite conference
ends this week. This post covers my understanding of this (still beta)
technology.
Note that the information in this post is subject to change
(& my misunderstanding). As I gain clarification, I will update this
post.
Traditional Windows Credential Management
Up until Windows 10, when a user logs on, the user’s credentials are verified, hashed, and loaded into LSASS (Local Security Authority Subsystem Service),
a process in protected memory. The user credential data is stored in
LSASS for authenticating the user to network resources without having to
prompt the user for their password. The issue is that up until Windows
8.1, the user’s clear-text password (reversible encryption) is no longer
placed in LSASS, though the user’s NTLM password hash, among others,
are still stored in LSASS. When using Kerberos, the user’s Kerberos
tickets are stored in LSASS. More....
Windows 10 Microsoft Passport (aka Microsoft Next Generation Credential) In Detail » Active Directory Security
Know your Windows Processes or Die Trying | System Forensics
I have been talking with quite a few people lately tasked with
“security” inside their organizations and couldn’t help but notice their
lack of understanding when it came to Windows process information.
I figured if the people I have talked with don’t understand then
there are probably a lot more people that don’t understand. I’m guessing
quite a few people that consider themselves “experts” as well.
I decided to write this post in an effort to help the individuals
that may not have the knowledge, free time, training budgets, etc. to
explore Windows processes. For about $50 – $75 (few books) and some free
time you can learn pretty much everything needed to know about Windows
processes.
My goal isn’t to dive very deep into each of the processes. I figured
a bulleted “cheat sheet” vs. wordy descriptions will be best for my
intended audience.
The people that want to dive deeper can buy themselves a copy of
Windows Internals, 6th Edition Part I and II, fire up Process
Explorer/Process Hacker, start reading the great documentation by the
Volatility team (references below).
Know your Windows Processes or Die Trying | System Forensics
“security” inside their organizations and couldn’t help but notice their
lack of understanding when it came to Windows process information.
I figured if the people I have talked with don’t understand then
there are probably a lot more people that don’t understand. I’m guessing
quite a few people that consider themselves “experts” as well.
I decided to write this post in an effort to help the individuals
that may not have the knowledge, free time, training budgets, etc. to
explore Windows processes. For about $50 – $75 (few books) and some free
time you can learn pretty much everything needed to know about Windows
processes.
My goal isn’t to dive very deep into each of the processes. I figured
a bulleted “cheat sheet” vs. wordy descriptions will be best for my
intended audience.
The people that want to dive deeper can buy themselves a copy of
Windows Internals, 6th Edition Part I and II, fire up Process
Explorer/Process Hacker, start reading the great documentation by the
Volatility team (references below).
Know your Windows Processes or Die Trying | System Forensics
Subscribe to:
Comments (Atom)