News & Updates

(credit: Aurich Lawson)

New York Attorney General Eric Schneiderman today filed a lawsuit against Charter and its Time Warner Cable (TWC) subsidiary, claiming that the Internet provider “allegedly conduct[ed] a deliberate scheme to defraud and mislead New Yorkers by promising Internet service that they knew they could not deliver.”

State officials said they conducted a 16-month investigation that reviewed internal corporate communications “and hundreds of thousands of subscriber speed tests,” concluding that Spectrum-TWC customers were “dramatically short-changed on both speed and reliability,” the attorney general’s announcement said. The 87-page summons and complaint filed in the New York State Supreme Court is available here.

“The suit alleges that subscribers’ wired Internet speeds for the premium plan (100, 200, and 300 Mbps) were up to 70 percent slower than promised; Wi-Fi speeds were even slower, with some subscribers getting speeds that were more than 80 percent slower than what they had paid for,” the announcement said. “As alleged in the complaint, Spectrum-TWC charged New Yorkers as much as $109.99 per month for premium plans [that] could not achieve speeds promised in their slower plans.”

Read 13 remaining paragraphs | Comments


Security researcher Kafeine discovered a new ransomware dubbed CryptoShield that is being distributed via EITest campaign through the RIG exploit kit.

The ProofPoint security researcher Kafeine discovered a new CryptoMix, CrypMix, variant called CryptoShield 1.0 Ransowmare. Crooks are distributing it via EITest campaign that leverages RIG exploit kit.

“As a note, in this article I will be calling this ransomware CryptoShield as that will most likely be how the victim’s refer to it. It is important to remember, though, that this ransomware is not a brand new infection, but rather a variant of the CryptoMix ransomware family.” reads the article published by

Cyber criminals use to hack websites to distribute the CryptoShield ransomware. EITest is a JavaScript malware that is injected into sites, the malicious code will be executed when victims visit the site.

It downloads the exploit kit from another web site to deliver the CryptoShield ransomware in victim’s computer.

Rig Exploit Kit Traffic – Kafeine credits

When the ransomware is downloaded and executed, it will generate a unique ID for each victim and along with an encryption key. The unique ID and encryption key will be uploaded in the C&C server, then the ransomware encrypts all files with target extensions.

“When CryptoShield encounters a targeted file it will encrypt it using AES-256 encryption, encrypt the filename using ROT-13, and then append the .CRYPTOSHIELD extension to the encrypted file. For example, a file called test.jpg would be encrypted and renamed as grfg.wct.CRYPTOSHIELD In each folder that CryptoShield encrypts a file, it will also create ransom notes named # RESTORING FILES #.HTML and # RESTORING FILES #.TXT.

Furthermore, the ransomware disables the Windows startup recovery and to clear the Windows Shadow Volume Copies. So, it’s impossible to recover backup files.

“CryptoShield will then display a fake alert stating that there was an application error in Explorer.exe. At first, I was not sure if this was an error produced by the ransomware or just a crashing explorer.exe. As you read the alert closely, though, you can see spelling mistakes such as “momory” and an odd request that you should click on the Yes button in the next Window “for restore work explorer.exe“. The broken English really should have been the giveaway for me.”

Fake Explorer.exe Alert

“Once you press OK on the above prompt, you will be presented with a User Account Control prompt, which asks if you wish to allow the command “C:WindowsSysWOW64wbemWMIC.exe” process call create “C:UsersUserSmartScreen.exe” to execute. This explains why the previous alert was being shown; to convince a victim that they should click on the Yes button in the below UAC prompt.”

It is important to keep up to date every program and the OS, exploit kit triggers vulnerabilities in installed software to infect your computer.

The hash for this varian of the ransomware is:

sha256: bb65f0bf3d827958ae447c80ba824e214601094d4dc860b9decc08caae7dd89c

Written by: @GranetMan

Granet is a young and Junior IT Security Researcher, he is passionate in Linux, Arduino, Digital Forensics, Cyber Security, Free software and Malware Analysis



medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – CryptoShield, ransomware)

The post A new CryptoShield Ransomware being distributed via EITest campaign appeared first on Security Affairs.

Source: Security affairs

Sam the rhesus monkey had already experienced one hell of a ride to the edge of space when he splashed down into the Atlantic Ocean—but his adventure didn’t end there. Although the dry, original accounts of Sam’s 1959 flight offer scant detail about the journey, mainly confirming that NASA’s new Mercury capsule kept him alive, Bob Thompson tells a more colorful story.

Now in his early 90s, Thompson can still dominate a room with his commanding voice. And on a recent January morning, standing in his kitchen, Thompson did just that as he recounted the landing of Sam nearly six decades ago. In doing so, he offered a parable for NASA as it considers rescue operations for its Orion spacecraft at sea.

Read 15 remaining paragraphs | Comments


MNP – Ph. Jugie

We know little about the early Homo sapiens who migrated to Europe from Africa and the Middle East more than 70,000 years ago, but we’ve just found a new piece of the puzzle. A group of archaeologists has just described the discovery of a distinctive rock carving of an aurochs, a kind of extinct ox, its thick body peppered with dozens of carefully created, shallow holes called “punctuations.” What’s truly fascinating is that the markings on this limestone slab, carbon dated to 38,000 years old, strongly resemble other rock carvings from the same era scattered across France and Germany.

No, it’s not aliens. New York University anthropologist Randall White, who worked on the excavation that revealed the slab at the Abri Blanchard site in southwestern France, said that it’s simply a sign that many of these new arrivals in Europe shared some common cultural symbols. “Following their arrival from Africa, groups of modern humans settled into western and Central Europe, showing a broad commonality in graphic expression,” he said in a release. “This pattern fits well with social geography models that see art and personal ornamentation as markers of social identity at regional, group, and individual levels.”

Read 7 remaining paragraphs | Comments


Enlarge / As reviewers, women are a smaller slice of the pie. (credit: Cory Lerback)

Although women make up the majority of students in many fields of science, they’re underrepresented in terms of things like faculty hiring, invitations to conferences, grant awards, and nominations for professional awards. Another professional activity important for career advancement is participating in the peer review process, but, since that’s generally anonymous, it’s harder to track.

A new comment paper published in Nature shows that women are disproportionately underutilized as reviewers. This bias likely results from authors and editors who suggest female reviewers less often.

The authors of this paper analyzed a large dataset from the American Geophysical Union (AGU), which publishes 20 journals that collectively release nearly 6,000 papers per year. The AGU is the largest society publisher of earth science and space science. The data included more than 106,000 authors; the demographics of this group were similar to the science and technology demographics of the United States. For example, from 2013 to 2015, approximately 28 percent of AGU members were women, which is close to the ratio of female scientists and engineers who were employed during those same years.

Read 6 remaining paragraphs | Comments


Enlarge / US President Donald Trump signs an executive order in the Oval Office of the White House on January 30. He may soon be signing one related to H-1B visas. (credit: Andrew Harrer – Pool/Getty Images)

The Trump administration has drafted an executive order that would change the way H-1B visas are used. H-1Bs are widely used in the tech industry to hire foreign workers.

“Our country’s immigration policies should be designed and implemented to serve, first and foremost, the U.S. national interest,” the draft reads, according to Bloomberg, which has viewed the copy and first reported on the matter. “Visa programs for foreign workers… should be administered in a manner that protects the civil rights of American workers and current lawful residents, and that prioritizes the protection of American workers—our forgotten working people—and the jobs they hold.”

Businesses would have to try to hire American first. If they recruit foreign workers, priority would be given to the most highly paid, according to the Bloomberg report.

Read 7 remaining paragraphs | Comments


Enlarge / Alameda County Public Defender Brendon D. Woods spoke with reporters outside the courtroom, following the Tuesday hearing. (credit: Cyrus Farivar)

OAKLAND, Calif.—Both county prosecutors and local public defenders largely agreed that something need to be done about Alameda County Superior Court’s flawed court management software. But how a local judge will order it to be fixed remains unclear.

As Ars reported in December 2016, the Alameda County Superior Court switched from a decades-old courtroom management software to a much more modern one on August 1, 2016. Known as Odyssey Court Manager, the new management software is made by Tyler Technologies.

However, since then, the public defender’s office has filed approximately 2,000 motions informing the court that, due to its buggy software, many of its clients have been forced to serve unnecessary jail time, be improperly arrested, or even wrongly registered as sex offenders. During a Tuesday hearing, Public Defender Brendon Woods told the court that his clients have been deprived of their constitutional rights as a result.

Read 23 remaining paragraphs | Comments


Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums?

Your details may have been exposed, as it has been revealed that the two popular video gaming forums, “XBOX360 ISO” and “PSP ISO,” has been hacked, exposing email addresses, account passwords and IP addresses of 2.5 Million gamers globally.

The attackers hacked and breached both “XBOX360 ISO” and “PSP


A study revealed how hackers in the dark web are arming insiders with the tools and knowledge necessary to help steal corporate secrets.

The dark web is the right place where to buy and sell corporate secrets, experts at the risk management firm RedOwl and Israeli threat intelligence firm IntSights made an interesting research titled “Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web.

The research is disconcerting, hackers are operating services in the dark web to arm insiders with the tools and knowledge necessary to help steal corporate secrets, commit fraud, and conduct other illegal activities without leaving any tracks.

The researchers accessed the hidden service Kick Ass Marketplace (http://kickassugvgoftuk.onion/) and collected evidence of staff offering for sale internal corporate secrets to hackers, in some the unfaithful staff offered its support to attackers to compromise the network of their company.

Dark Web

The research revealed that at least in one case, someone at an unnamed bank was helping crooks to remain hidden in the corporate networks by using a malicious code.

The subscription for the service is of up to one bitcoin a month for access to corporate information offered in various threads.

The administrator of the service who goes with online moniker “h3x,” claimed that Kick Ass Marketplace has seven administrators, three hackers and two trading analysts that check the integrity of stolen data.

Months ago, the administrator claimed that its service boasted 15 investment firm members and 25 subscribers.

According to the researchers, the Kick Ass Marketplace is posting about five high confidence insider trading reports a week that allows the hidden service to pulls roughly US$35,800 a week. The analysis of the associated bitcoin wallet confirmed a total of 184 bitcoins that accounts for US$179,814.

The researchers also analyzed another hidden service dubbed The Stock Insiders ( that allows its clients to recruit retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.

” Another forum (see Figure 3), called “The Stock Insiders,” is also dedicated solely to insider trading. The forum was opened in April 2016. Its objective was to “…create a long-term and well-selected community of gentlemen who confidently exchange insider information about publicly traded companies.” 

The report is very interesting, it includes posts used by crooks to recruits money mule in charge of cashing out the stolen card data buy goods.

Below key findings of the report:

“By studying dark web forums focused on recruiting and collaborating with insiders, we found:

The recruitment of insiders within the dark web is active and growing. We saw forum discussions and insider outreach nearly double from 2015 to 2016.

The dark web has created a market for employees to easily monetize insider access. Currently, the dark web serves as a vehicle insiders use to “cash out” on their services through insider trading and payment for stolen credit cards.

Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organization’s perimeter security. As a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

Insider illegal activities are devastating for the victims, they can fully compromise entire organizations due to the disclosure of company secrets, the weaponizing of the insider is a criminal phenomenon that must carefully monitor.
Enjoy the report!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Dark Web,  insider)

The post Weaponizing of the insider in the Dark Web, a dangerous phenomenon appeared first on Security Affairs.

Source: Security affairs

Remember the Hacker who hacked Hacking Team?

In 2015, a hacker named Phineas Fisher hacked Hacking Team – the Italy-based spyware company that sells spying software to law enforcement agencies worldwide – and exposed some 500 gigabytes of internal data for anyone to download.

Now, the Spanish authorities believe that they have arrested Phineas Fisher, who was not just behind the embarrassing