News & Updates

Enlarge / Clouds hover above the surrounding geothermal waters at the Blue Lagoon near Reykjavik, Iceland in 2008. (credit: Matt Cardy / Getty Images)

For the last six weeks, the neo-Nazi site The Daily Stormer has struggled to find a permanent domain name. The site lost its original .com address last month after site editor Andrew Anglin wrote a post mocking Heather Heyer, victim of the deadly hit-and-run attack in Charlottesville. The site bounced around from domain to domain, with each registrar canceling the site’s service within a few hours or days of registration.

But for the last week, the site has been available at an address at Iceland’s .is domain. ISNIC, Iceland’s domain authority, is pondering how to handle the situation.

“What we worry about is the reputation of the .is domain,” ISNIC CEO Jens Pétur Jensen told the Reykjavik Grapevine. “ISNIC does not want to have the reputation that we’re a safe haven for criminals.”

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

I’m proud to share with you the second report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report Petya.

CybSec Enterprise recently launched a malware Lab called it Z-Lab, that is composed of a group of skilled researchers and lead by Eng. Antonio Pirozzi.

It’s a pleasure for me to share with you the second analysis that we have recently conducted on the Petya Ransomware.

We have dissected the ransomware and discovered interesting details that are included in our report.

Below the abstract from the analysis, the detailed report is available for free on our website.

Abstract

In a modern environment, where data stored in computers play a fundamental role in the private and work routine, we must consider the problem of the risk of losing these data. In fact, the ever-increasing threat, that is spreading, is Ransomware. In the last 15 years, malware writers have realized that they may have anyone in their hand with his data.

Figure 1: Characteristic Petya Skull with the corresponding UI containing the payment ransom instructions.

In this context, we studied a well-known ransomware that has particularly hit the public, Petya. Petya first appeared in March 2016 affecting Windows systems propagating with e-mail attachments or Dropbox links. Unlike a classic ransomware that encrypts only files containing data (i.e. doc, pdf, xls, txt, jpg, and png… files) without tampering the OS. Petya works differently because it creeps in the Windows bootloader and enciphers the MFT (Master File Table) making the files inaccessible.

Thus, we created a strategy for analyse this ransomware divided into three macro-phases.

In the first phase, we have a look of the malware executable global view. We extracted from the binary some strings, among which “http://petya5koahtsf7sv[dot]onion/” and “http://petya37h5tbhyvki[dot]onion/”, referring the established Onion site (only reachable with TOR network) for the payment of the ransom. Other strings are related to the function names, and are used to retrieve, at runtime, the correspondent handle of the specific function that uses the API call to the “GetProcAddress()” routine. This is a technique widely used by malware writers, and it is named Runtime Linking.

In the behavior analysis phase, we discovered that the malware:

  • gains the access to the disk in order to overwrite the original MBR
  • enciphers the original MBR and moves it in another disk sector
  • writes after the Petya Bootloader its own kernel
  • reboots the system using an undocumented API call “NtRaiseHardError()
  • shows a fake CHKDSK routine that actually crypts the MFT
  • displays the characteristic Petya interfaces

In the last phase, we focused on the reverse engineering of the Petya kernel. We analysed the code written on the disk deriving the control flow and the structures of the kernel, which contains:

  • routine for data encryption based on Salsa20 algorithm
  • routine for the validation of the key supplied by the Petya writers after the payment of the ransom
  • routine of MFT decryption and its restore
  • routine of MBR restore

petya

Figure 2: Detail of Petya kernel

You can download the full ZLAB Malware Analysis Report at the following URL:

http://csecybsec.com/download/zlab/Report_petya_final

If you are intersted also into the first analysis conducted on NotPetya download the report at the following Link:

CSE CybSec ZLAB Malware Analysis Report: NotPetya

About the author: Antonio Pirozzi

Principal Malware Scientist and Senior Threat Researcher for CSE CybSec Enterprise spa

Actually, he holds more than 10 Infosec International Certification, from SANS, EC-Council and Department of Homeland Security.
His experience goes beyond the classical Computer Security landscape, he worked on numerous projects on GSM Security, Critical Infrastructure Security,  Blockchain Malware, composition malware, malware evasion.

 

 

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Petya, malware)

medianet_width = “300”;
medianet_height = “250”;
medianet_crid = “733976884”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post CSE CybSec ZLAB Malware Analysis Report: Petya appeared first on Security Affairs.

Source: Security affairs

Enlarge / Fortnite’s new Battle Royale mode includes this explosive splash screen. (credit: Epic Games)

It’s inevitable: every time a wildly successful video game comes along, imitators quickly follow in its footsteps. The tradition began with Pong and Pac-Man clones, and that practice has continued on PCs, consoles, and smartphones ever since. “Homages” at best and “blatant ripoffs” at worst have always been a part of the game industry.

I couldn’t help but think of this after my first thrilling time playing PlayerUnknown’s Battlegrounds in May of this year. You may have heard about this PC game: it’s a somewhat familiar-looking military shooter, albeit with clever rules that gradually force dozens of players to a giant island’s random “center” point. The result feels like a video game version of the Japanese film Battle Royale. The “early access” game is also setting records for concurrent player counts on Steam—which is particularly wild considering it costs $39.99, as opposed to popular free-to-play games like Dota 2.

Before the player counts climbed sky-high, however, I had already predicted a very PUBG future. “How long until other games rip this off?” I said to my online team via voice chat, shortly after I was sniped while foolishly running across one of PUBG‘s open fields.

Read 28 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

If you’ve somehow landed on this page, then you’re here because of only one reason. Your Windows Explorer has stopped working all of a sudden. We understand that it is hard to use a PC when the Windows Explorer error keeps on popping again and again. However, there is no need to panic as we’ll just […]

The post [Fix] Windows Explorer Has Stopped Working on Windows 10/7 appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

The Redmi 4X is one of the most popular smartphones from the Chinese manufacturer, Xiaomi. OUKITEL seems to be readying up an entry-level phone called OUKITEL C8 to take on the Redmi 4X. Even though it is a budget phone, the company is brave enough to incorporate a full-screen design that supports an aspect ratio of […]

The post OUKITEL C8 Budget Phone with 18:9 Display is a Lethal Weapon for Xiaomi Redmi 4X appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

If YouTube is not working for you, there could be many reasons behind it. In this article, we have mentioned all common YouTube errors and their solutions. So, if you are facing any issues with YouTube, you can solve them easily by going through our guide. Let’s start with a brief introduction. Since YouTube was bought by […]

The post YouTube Not Working | Fix All YouTube Errors appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

Google has just released an updated version of Chrome 61, version 61.0.3163.100, that addresses 3 security flaws, two of which rated high-severity.

The new version is already available for Windows, Mac, and Linux users and includes a total of three vulnerabilities.

The first high-risk bug, tracked as CVE-2017-5121, is an Out-of-bounds access in V8 reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14.

The expert received a $ 7,500 reward under the Google bug bounty program.

The second high-risk vulnerability, tracked as CVE-2017-5122, is an Out-of-bounds access in V8 as well that was reported by Choongwoo Han of Naver Corporation on 2017-08-04.

The CVE-2017-5122 vulnerability was also awarded a $3,000 bounty.

According to Krishna Govind from Google, many vulnerabilities in Google solutions have been detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Google Chrome

To date, Google has already fixed 25 vulnerabilities (8 of them were assessed as High-severity issues) affecting different Chrome 61 releases, half of which were reported by external researchers.

Google already paid over $30,000 in bug bounty rewards to the external security researchers who discovered the vulnerabilities, the highest one was $7,500.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Google Chrome, bug bounty)

medianet_width = “300”;
medianet_height = “250”;
medianet_crid = “733976884”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Google released a Chrome 61 update that patches 2 High-Risk Flaws appeared first on Security Affairs.

Source: Security affairs

Enlarge / CEO Mark Zuckerberg speaks at Facebook’s 2016 “F8” conference. (credit: Facebook)

Mark Zuckerberg is giving up on an audacious plan to sell most of his Facebook shares without diminishing his total control over the company. The plan, which Facebook announced last year, would have given shareholders two new non-voting shares for each voting share they owned. Zuckerberg hoped to sell these shares to finance his charitable ambitions.

But shareholders sued, arguing that the plan would further consolidate power in Zuckerberg’s hands with no benefits to other shareholders. Zuckerberg was scheduled to testify in court in the case on Tuesday. Abandoning the plan saves Zuckerberg from having to do that.

Most companies operate according to a one-share-one-vote principle. But several high-profile technology companies, including Google, Facebook, and Snap, give extra per-share voting rights to founders and early investors. These extra votes give Larry Page and Sergey Brin a majority of Google’s voting power even though they own much less than half of Google’s shares. The same is true at Snap, where co-founders Evan Spiegel and Bobby Murphy together exercise a majority of the company’s votes, giving them total control over the company’s management.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Experts at Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems.

It has happened again, security researchers with Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems.

Leaked data includes server logs and credentials for internal systems, the huge trove of documents was found on an unprotected Amazon S3 bucket.

The archive seems to refer to internal Verizon Wireless systems, known as Distributed Vision Services (DVS), that is a middleware system used by the company to deliver data from the back-end systems to the front-end applications used by employees and staff in stores and at call centers.

“On September 20th, Kromtech Security researchers discovered publicly accessible Amazon AWS S3 bucket containing around 100MB of data attributing to internal Verizon Wireless system called DVS (Distributed Vision Services).” states a blog post published by Kromtech.

“DVS is the middleware and centralized environment for all of Verizon Wireless (the cellular arm of VZ) front-end applications, used to retrieve and update the billing data.”

The Amazon cloud storage contained several files, mostly scripts and server logs that included some login credentials to internal systems, some folders contained internal Verizon confidential documents, another folder contained 129 Outlook messages with internal communications within Verizon Wireless domain.

The repository contained:

  • Admin user info that could potentially allow access to other parts of the network
  • Command notes, logs including
  • B2B payment server names and info
  • Internal PowerPoints showing VZ infrastructure, with server IPs, marked as “Verizon Wireless Confidential and Proprietary information”
  • Global router hosts
  • 129 saved Outlook messages with access info and internal communications

Although no customers data are involved in this data leak, some scripts could be used by an attacker to elevate privileges within the internal systems and access them.

Some documents, marked as “confidential and proprietary materials,” include detailed information on the internal infrastructure, including server IP addresses and global router hosts.

It’s not clear why the confidential documents were exposed on a public server.

According to ZDNet, the unprotected Amazon S3 storage server was controlled by an employee that told ZDNet on the phone Thursday that the files were “not confidential,” he also added that Verizon was fully aware of the server’s existence.

This is the third incident suffered by Verizon in the last two years, in March 2016, hackers reportedly stole the records of 1.5 million customers in July 2017 which were offered for sale in the criminal underground, in July 2017 data belonging to 14 million U.S.-based Verizon customers have been exposed on an unprotected AWS Server by a partner of the telecommunications company.

A Verizon spokesperson confirmed that the company is “aware” of the incident.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Verizon, data leak)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post New Verizon data leak, the second one in a few months appeared first on Security Affairs.

Source: Security affairs

Enlarge / Um, yes, that was Adobe PSIRT’s private PGP key on their website. Best get their new public key.

Having some transparency about security problems with software is great, but Adobe’s Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT’s e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:

Nurminen was able to confirm that the key was associated with the [email protected]m e-mail account.

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/