There were two successful attacks on TLD registries in the past week – the organizations that manages a top-level domain. Attack on Gandi On July 7 attackers took over more than 750 domains managed by one of Gandi’s partners showing up a web page with malware instead. The attack did not target the website or web server Read More …
It seems the malware NotPetya, which infected mainly computer in Ukraine recently, was spread by a regular software update. As reported previously, the option to decrypt data is only “simulated” – a real decryption is not possible. Backdoor in .NET According to an analysis by ESET the tax software M.E.Doc – a popular tax software in Ukraine – Read More …
Today, the Fedora Project released the stable version of their Linux Distribution – Fedora 26. The new version includes Gnome 3.24, GCC 7, Python 3.6 and many many other fresh releases. Anaconda, the Fedora Installer, got a new partitioning tool which is supposed to be “appreciated by enthusiasts and sysadmins who like to build up Read More …
Few days ago, WikiLeaks published the next CIA leak in their Vault7 series. This time it’s BothanSpy – a keylogger and traffic sniffer for SSH clients running on Windows or Linux (RHEL, CentOS, Debian, etc) machines. New client + library The software itself is a modified ssh client + library, and two python scripts doing Read More …
Several known crypto-experts published a document “Sliding Right into Disaster”, in which they describe a working attack on private 1024-bit RSA keys. The issues is inside of crypto library libgcrypt. Using a side-channel attack they were able to recover private 1024-bit RSA keys, and up to 13% of 2048-bit RSA keys. The attack itself was Read More …
Already on Tuesday reported gizmodo that the USA have prohibited the entry into the United States for Mozilla Developer Daniel Stenberg – author of the command line program curl. And that, although Stenberg has a valid visa, which should allow him to travel to the United States. ESTA despite visa rejected Stenberg could make no check-in for Read More …
Starting yesterday, a new WannaCry-Version called NotPetya is on the fly. Following other sources, the new ransomware already attacked and encrypted successfully well-known companies like Maersk, Ukraine National Bank, Merck, WPP and many others. The new version uses the same SMB issue Eternal Blue which was previously used by NSA to be able to hack Read More …
The Shadow Brokers, who published informations about stolen NSA-Documents which first results was the WannaCry attack of last weekend, announced to have even more sensitive data and details available. In a blog post, the group said it was setting up a “monthly data dump” and that it could offer tools to break into web browser, Read More …
According to some reports, a new version of WannaCry that does ignore the yesterday registered Domain has been found in the wild. The new version seems to be same to the previous, but will most likely not being stopped. New infections tomorrow As lots of PCs are off due to weekend, several experts expect a second flow Read More …
Meanwhile, the major attack of WannaCry aka WanaDecrypt0r 2.0 has been stopped. As I noted in my previous post, some stop switch was found by accident when an expert noticed that a special domain gets addressed from WannaCry. As the domain was available, he registered it hoping to collect more information and data sent out from the ransomware. Read More …