Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Enlarge (credit: Bleeping Computer)

A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.

When it came to light two weeks ago, Petya was notable because it targeted a victim's entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting the master boot file and displaying a ransom note. As a result, without the decryption password, the infected computer wouldn't boot up, and all files on the startup disk were inaccessible. A master boot record is a special type of boot sector at the very beginning of partitioned hard drive, while a master boot file is a file on NTFS volumes that contains the name, size and location of all other files.

Read 4 remaining paragraphs | Comments

 
ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability
 

Recently a research who goes by @leo_and_stone has released a tool that will decrypt files on a Petya infected disk. A long form of the details are available over at BleepingComputer but the short version is that by removing the disk and getting a 512-byte sequence from sector 53 of the disk and an 8-byte none from sector 54. Then converting this to Base64 you can upload it to https://petya-pay-no-ransom.herokuapp.com/ to retrieve the key (in most cases in seconds). Ransomware historically has had problem getting the encryption correct to avoid mistakes that allow people to reverse engineer the decryption key and it has happened for several prominent families. Unfortunately, such successes are usually short-lived as attackers figure out their mistakes (in weeks to a few months, maybe) and adapt.

Many researchers are putting in efforts to disrupt ransomware and expect more of this in these the future. If you have used this tool, let us know your experiences in the comments.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[SECURITY] [DSA 3547-1] imagemagick security update
 

Some of the Netherlands' most popular websites have fallen victim to a malvertising campaign that managed to compromise a widely used ad platform, security researchers reported on Monday.

The malicious ads were served over at least 11 sites including marktplaats.nl, the Netherlands equivalent to eBay and the country's seventh most visited website, according to a blog post published by security firm Fox IT. Other affected sites included news site nu.nl (which is ranked No. 14), weather site buienradar.nl (54), and startpagina.nl (67). Other widely visited sites were operated by commercial TV stations and magazines.

According to the blog post:

Read 2 remaining paragraphs | Comments

 

Christian Science Monitor

Hackers set to infiltrate New York film festival
Christian Science Monitor
The show (an event sponsor) earned kudos within the information security community by mixing tech accuracy and nuanced characterization of hackers. Tribeca will also feature ... Get Monitor cybersecurity news and analysis delivered straight to your inbox.

and more »
 

MarTech Advisor

Adobe Releases Emergency Flash Update to Combat Ransomware Attacks
MarTech Advisor
The bug in Flash Player was discovered by the researchers at Infosec and Trend Micro Inc. The vulnerability affected Flash Player versions for all the platforms – Windows, Mac, Chrome and even Linux – leaving more than a billion customers of Adobe ...

and more »
 

Albuquerque Business First (blog)

Infosec program at UNM sees doubled enrollment, high job placement
Albuquerque Business First (blog)
The outlook for a related market in the private space, big data, is expected to double in the next five years according to Statista. Joe Cardillo is ABF's business intelligence reporter, covering the news you need to know to run your business ...

 

Back in 2005, the fate of Harry Potter was important enough that GCHQ reportedly stepped in to stop a potential leak of the sixth book in the series, Harry Potter and the Half-Blood Prince.

In a radio interview last week, Nigel Newton of Bloomsbury Publishing spoke about how the publisher had employed strong security measures to prevent possible leaks, including guard dogs and a constant security presence at the printing press. Seemingly, the company also had the support of GCHQ, the UK's primary signals intelligence and surveillance agency.

"We fortunately had many allies," Newton said. "GCHQ rang me up and said, 'We've detected an early copy of this book on the Internet.'"

Read 5 remaining paragraphs | Comments

 

Ceylon Daily News

SL to increase internet penetration upto 50%
Ceylon Daily News
A 10% increase in internet penetration has the potential to drive a 1.2 increase in GDP, Telecommunications and Digital Infrastructure Minister Harin Fernando said. He made these views speaking at Asia's foremost information security conference 'Ground ...

and more »
 
Blind SQL injections in CivicRM
 
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability
 
[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0
 

iT News

Revealed: Australia's new cyber security strategy
iT News
The federal government will lean heavily on the private sector to help it deliver its long-awaited national cyber security policy and initiatives like voluntary infosec health checks for businesses and joint threat sharing centres in capital cities ...

 
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking
 
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability
 
Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability
 
OpenCart json_decode function Remote PHP Code Execution
 
Internet Storm Center Infocon Status