Home Tags Encrypt

Tag: encrypt

IT threat evolution Q1 2017

Wersquo;ve become accustomed to seeing a steady stream of security breaches month after month; and this quarter has been no exception, including attacks on Barts Health Trust, Sports Direct, Intercontinental Hotels Group and ABTA.

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.

Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge

The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure.

The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005.

The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.To read this article in full or to leave a comment, please click here

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

Cybercriminals prefer to chat over Skype

Law enforcement and government officials don’t like encrypted peer-to-peer chat platforms such as WhatsApp and Jabber because it is harder to eavesdrop on what cybercriminals are planning.

But according to a recent study of global cybercriminal operations, the bulk of criminal discussions don’t happen over encrypted chat.
Skype is the preferred mode of communication among cybercrime gangs worldwide.Skype, owned by Microsoft and widely used by consumers and enterprises, doesn’t encrypt messaging end-to-end the way the secure messaging apps do.

But it is still popular among cybercrime gangs around the world, FlashPoint analysts found in a study of communications platforms used by financially motivated cybercriminals.To read this article in full or to leave a comment, please click here

Report: Cybercriminals prefer Skype, Jabber, and ICQ

The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning.Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The newer platforms are more user-friendly and more convenient, but also offer greater security, said Leroy Terrelonge, Director of Middle East and Africa Research at Flashpoint, which recently released a report about the communication platforms cyber criminals have been using over the past four years.To read this article in full or to leave a comment, please click here

Pirate radio: Signal spoof set off Dallas emergency sirens, not hacking

System doesn't encrypt commands used to set off signals, official admitted.

Why we need to encrypt everything

If you've been paying attention lately, you've likely noticed that more of your everyday websites are going HTTPS by default: Twitter, Facebook, LinkedIn, and even your favorite search engine.This is a good development.

For years, critics have derid...

Trust issues: Know the limits of SSL certificates

Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them.

Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA.

Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to leave a comment, please click here

Facebook appeal over New York search warrants fails

Facebook’s appeal against 381 warrants for information from the accounts of its users was rejected by a New York court on the ground that earlier orders refusing to quash the warrants issued in a criminal proceeding could not be appealed.The decision by the New York State Court of Appeals did not address key issues of whether the broad searches were unconstitutional, and whether internet services like Facebook have standing to challenge such warrants on behalf of their users, particularly when they are served with ‘gag orders’ that prevent providers from informing subscribers about the warrants.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]“This case undoubtedly implicates novel and important substantive issues regarding the constitutional rights of privacy and freedom from unreasonable search and seizure, and the parameters of a federal statute establishing methods by which the government may obtain certain types of information,” wrote Judge Leslie E.
Stein, writing for the majority.To read this article in full or to leave a comment, please click here

A free decryption tool is now available for all Bart ransomware...

Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victi...

Ransomware in targeted attacks

Ransomware's popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money.
In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization's network nodes and servers.