Lucian Constantin

Author Archives: Lucian Constantin

Free decryption tools now available for Dharma ransomware

Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.Dharma first appeared in November and is based on an older ransomware program known as Crysis. It's easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.To read this article in full or to leave a comment, please click here

Free decryption tools now available for Dharma ransomware

Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.Dharma first appeared in November and is based on an older ransomware program known as Crysis. It's easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.To read this article in full or to leave a comment, please click here

Chrome for MacOS to block rogue ad injections and settings changes

Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.The Safe Browsing service is used by Google's search engine, as well as Google Chrome and Mozilla Firefox, to block users from accessing websites that host malicious code or malicious software. The service is also used in Chrome to scan downloaded files and block users from executing those that are flagged as malicious."Safe Browsing is broadening its protection of macOS devices, enabling safer browsing experiences by improving defenses against unwanted software and malware targeting macOS," Google said in a blog post Wednesday. "As a result, macOS users may start seeing more warnings when they navigate to dangerous sites or download dangerous files."To read this article in full or to leave a comment, please click here

Chrome for MacOS to block rogue ad injections and settings changes

Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.The Safe Browsing service is used by Google's search engine, as well as Google Chrome and Mozilla Firefox, to block users from accessing websites that host malicious code or malicious software. The service is also used in Chrome to scan downloaded files and block users from executing those that are flagged as malicious."Safe Browsing is broadening its protection of macOS devices, enabling safer browsing experiences by improving defenses against unwanted software and malware targeting macOS," Google said in a blog post Wednesday. "As a result, macOS users may start seeing more warnings when they navigate to dangerous sites or download dangerous files."To read this article in full or to leave a comment, please click here

Robots are just as plagued by security vulnerabilities as IoT devices

An analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic weaknesses that are common in IoT devices, raising questions about security implications for human safety.The robotics industry has already seen significant growth in recent years and will only further accelerate. Robots are  expected to serve in many roles, from assisting people in homes, stores and medical facilities, to manufacturing things in factories and even handling security and law enforcement tasks."When you think of robots as computers with arms, legs, or wheels, they become kinetic IoT devices that, if hacked, can pose new serious threats we have never encountered before," researchers from cybersecurity consultancy firm IOActive said in a new report.To read this article in full or to leave a comment, please click here

Robots are just as plagued by security vulnerabilities as IoT devices

An analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic weaknesses that are common in IoT devices, raising questions about security implications for human safety.The robotics industry has already seen significant growth in recent years and will only further accelerate. Robots are  expected to serve in many roles, from assisting people in homes, stores and medical facilities, to manufacturing things in factories and even handling security and law enforcement tasks."When you think of robots as computers with arms, legs, or wheels, they become kinetic IoT devices that, if hacked, can pose new serious threats we have never encountered before," researchers from cybersecurity consultancy firm IOActive said in a new report.To read this article in full or to leave a comment, please click here

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here

SHA-1 collision can break SVN code repositories

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.To read this article in full or to leave a comment, please click here

SHA-1 collision can break SVN code repositories

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.To read this article in full or to leave a comment, please click here

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month's Patch Tuesday and postpone its previously planned security fixes until March.Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a "last minute issue" that could have had an impact on customers, but the company hasn't clarified the nature of the problem.To read this article in full or to leave a comment, please click here

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month's Patch Tuesday and postpone its previously planned security fixes until March.Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a "last minute issue" that could have had an impact on customers, but the company hasn't clarified the nature of the problem.To read this article in full or to leave a comment, please click here

Cloudflare bug exposed passwords, other sensitive data from websites

For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here

Cloudflare bug exposed passwords, other sensitive data from websites

For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here

Stop using SHA1: It’s now completely unsafe

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.To read this article in full or to leave a comment, please click here

Stop using SHA1: It’s now completely unsafe

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.To read this article in full or to leave a comment, please click here

Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.To read this article in full or to leave a comment, please click here

Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.To read this article in full or to leave a comment, please click here

New macOS ransomware spotted in the wild

A new file-encrypting ransomware program for macOS is being distributed through bittorrent websites and users who fall victim to it won't be able to recover their files, even if they pay.Crypto ransomware programs for macOS are rare. This is the second such threat found in the wild so far, and it's a poorly designed one. The program was named OSX/Filecoder.E by the malware researchers from antivirus vendor ESET who found it.OSX/Filecoder.E masquerades as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac and is being distributed as a bittorrent download. It is written in Apple's Swift programming language by what appears to be an inexperienced developer, judging from the many mistakes made in its implementation.To read this article in full or to leave a comment, please click here

1 7 8 9 10 11 58