Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK. Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware, other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, […]
One of the major concerns for the US economy is to deal with Cyber security. The critical infrastructure like the energy system, interdependent systems, water, communications, natural gas, and fuel distribution, the highly dynamic electric power sector, are all going through an advanced and intelligent energy technology. This doesn’t mean that distributed grid of the future […]
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don’t have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that […]
The Police are supposed to protect and serve but Taiwanese police in the news for distributing malware-infected USB sticks to the winners of a cybersecurity-related quiz during a conference hosted by the Presidential Office in December 2017. According to reports, the National Police – the Criminal Investigation Bureau (CBI) awarded 250 USB sticks with 8GB of storage capacity however it turned out […]
Assemblyline is a scalable distributed file analysis framework. It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, in a bid to help companies and […]
Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning. Scannerl works on Debian/Ubuntu (but will probably work on other distributions as well). It uses […]
[jpshare]Ransomware JAFF Back in action this late April, circulating through malicious PDF files.Necurs, one of the biggest botnets, went disconnected amid the occasion time of 2016 and from May 11, Necurs began spreading another ransomware called JAFF. Check Point’s global sensors have spotted as many as 40,000 emails in the last few hours, at an […]
A new ransomware called Mole was found by security researcher Brad Duncan while he was analyzing a new SPAM campaign. After examining this sample, I feel that this is probably another variant of the CryptoMix family as it has many similarities to the Revenge and CryptoShield variants. As a note, in this article I will be referring to this infection as the […]
This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts. The torrent leecher Looking to download a movie or software without paying for it? There might be associated risks. It just might […]
A new CryptoMix, or CryptFile2, variant called Revenge has been discovered by Broad Analysis that is being distributed via the RIG exploit kit. This variant contains many similarities to its predecessor CryptoShield, which is another CryptoMix variant, but includes some minor changes that are described below. As a note, in this article I will be referring to this […]
Facebook is one of the most used social media platforms in the world, and that makes it an attractive target for cyber criminals and online scammers. The latest to join the bandwagon of message-based scams on the social network is “This is you?” scam. What’s happening is that users receive a message on their Facebook […]
A security researcher named slipstream/RoL has discovered the Karma Ransomware, which pretends to be a Windows optimization program called Windows-TuneUp. What is worse is that this sample was discovered as software that would potentially be distributed by a pay-per-install software monetization company when people install free software downloaded from the Internet. I have been railing against adware […]
Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today released its Second Quarter, 2016 State of the Internet / Security Report. The report, using data gathered from the Akamai Intelligent Platform™, highlights the cloud security landscape, specifically trends with DDoS and web application attacks, as well as malicious traffic […]
A new ransomware called Alma Locker has been discovered by Proofpoint researcher Darien Huss that encrypts a victim’s data and then demands a ransom of 1 bitcoin within five days. There has been a lot of ransomware released lately, but thankfully most of them have been broken implementations or have had suspended command and control servers. Though Alma Locker still […]
Numbers so random no one can predict how random they’ll be. The Tor project has cooked up a new way to generate random numbers to help secure its next-generation onion router. Random numbers are essential for secure communications, because they’re used to generate encryption keys. If the numbers used to do so are even a little […]