Home Tags Encrypt

Tag: encrypt

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

Cybercriminals prefer to chat over Skype

Law enforcement and government officials don’t like encrypted peer-to-peer chat platforms such as WhatsApp and Jabber because it is harder to eavesdrop on what cybercriminals are planning.

But according to a recent study of global cybercriminal operations, the bulk of criminal discussions don’t happen over encrypted chat.
Skype is the preferred mode of communication among cybercrime gangs worldwide.Skype, owned by Microsoft and widely used by consumers and enterprises, doesn’t encrypt messaging end-to-end the way the secure messaging apps do.

But it is still popular among cybercrime gangs around the world, FlashPoint analysts found in a study of communications platforms used by financially motivated cybercriminals.To read this article in full or to leave a comment, please click here

Report: Cybercriminals prefer Skype, Jabber, and ICQ

The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning.Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The newer platforms are more user-friendly and more convenient, but also offer greater security, said Leroy Terrelonge, Director of Middle East and Africa Research at Flashpoint, which recently released a report about the communication platforms cyber criminals have been using over the past four years.To read this article in full or to leave a comment, please click here

Pirate radio: Signal spoof set off Dallas emergency sirens, not hacking

System doesn't encrypt commands used to set off signals, official admitted.

Why we need to encrypt everything

If you've been paying attention lately, you've likely noticed that more of your everyday websites are going HTTPS by default: Twitter, Facebook, LinkedIn, and even your favorite search engine.This is a good development.

For years, critics have derid...

Trust issues: Know the limits of SSL certificates

Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them.

Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA.

Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to leave a comment, please click here

Facebook appeal over New York search warrants fails

Facebook’s appeal against 381 warrants for information from the accounts of its users was rejected by a New York court on the ground that earlier orders refusing to quash the warrants issued in a criminal proceeding could not be appealed.The decision by the New York State Court of Appeals did not address key issues of whether the broad searches were unconstitutional, and whether internet services like Facebook have standing to challenge such warrants on behalf of their users, particularly when they are served with ‘gag orders’ that prevent providers from informing subscribers about the warrants.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]“This case undoubtedly implicates novel and important substantive issues regarding the constitutional rights of privacy and freedom from unreasonable search and seizure, and the parameters of a federal statute establishing methods by which the government may obtain certain types of information,” wrote Judge Leslie E.
Stein, writing for the majority.To read this article in full or to leave a comment, please click here

A free decryption tool is now available for all Bart ransomware...

Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victi...

Ransomware in targeted attacks

Ransomware's popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money.
In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization's network nodes and servers.

Free public certificate authorities: Nice idea, big flaw

Readers often ask me how I feel about the latest free, public certificate authorities (CAs).
I always tell them the same thing: It's difficult for a free CA to actually provide any security assurance.

There is no free lunch.I was reminded of this maxim when I read a recent article from HashedOut revealing that the popular, free Let's Encrypt has issued more than 15,000 digital certificates with the word "PayPal" in the subject name. PayPal itself doesn't use Let's Encrypt, so it's likely that most of these digital certificates are related to phishing attacks (according to HashedOut's analysis, that would be a whopping 96.7 percent of them).To read this article in full or to leave a comment, please click here

Vastly improve your IT security in 2 easy steps

It’s a rough number, but I’d wager that 99 percent of computer security risk in most organizations can be attributed to two root causes: social engineering and unpatched software. I’m not talking about pure numbers of success exploits, but overall impact. Many CISOs and threat intelligence analysts have told me that 100 percent of the biggest events at their company involved social engineering.

Certainly, bad breaks enter your environment through other means, which is why we still need to secure our servers, encrypt our disks, and prevent physical intrusions.

But in terms of the biggest impact, most organizations can tie those events to two root causes.To read this article in full or to leave a comment, please click here

Cebit showcases security after Snowden

It's almost four years since Edward Snowden leaked U.S. National Security Agency documents revealing the extent of the organization's surveillance of global internet traffic, but he's still making the headlines in Germany.At the Cebit trade show in Hannover, Germany, he'll be looking back at that period in live video interview from Moscow on Tuesday evening.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]There have been a lot of changes on the internet in those four years, but one of the biggest is the growth in the use of encryption.To read this article in full or to leave a comment, please click here