The first variant discovered by Jakub is called PayDOS and is a batch file converted into a executable. When run, the executable will extract the batch file into the %Temp% folder and run it from there. Once executed, batch file will scan certain folders for certain file extensions and rename the file so that one letter of the extension is changed. For example, test.png may become test.dng. It does not actually encrypt the files.
Yesterday I attended a joined seminar with Virtuit Systems & FBI Cyber Division.
Focal areas: Ransomeware and Zero-Day Attacks and How to fight against them
Opening with a one (1) hour discussion:
Philip Frim, Supervisory Special Agent with the FBI’s Newark Division.
- Development of FBI’s Cyber Division Program
- Computer Analysis and Response Team (CART)
- Security Threat: Ransomeware
- Educating the workforce on security
- Building relationships with FBI
FBI’s Cyber Division Program
Developed to address cyber-crime in a coordinated and cohesive manner with specially trained personal at the FBI headquarters with a total of 56 field offices.
Cyber-Task-Force travel around the world to assist in computer intrusion cases, gathering vital intelligence to identify dangers to national security and our economy.
Security Threat: Ransomeware
Examples of how catastrophic the loss of sensitive or proprietary information can and does disrupt regular operations and cause financial losses to organizations.
Reputation impacts to organizations due to Ransomeware and security breaches
The FBI doesn’t support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization that it will get its data back
Paying a ransom not only emboldens current cyber criminals to target more organizations, it offers incentive for criminals to continue this illegal activity. Paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals such as human trafficking, and terrorism.
Prevention by the use of awareness training for employees, the addition of technical controls (NGFW, threat prevention), and development of business continuity plan covering Ransomeware attacks.
- Develop communication to make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating system, software, and firmware on digital devices regularly.
- Ensure antivirus and anti-malware solutions are set to automatically update and scan.
- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and is necessary.
- Configure access controls, including file, directory, and network share permissions.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations.
- Back up data regularly and verify the integrity of those backups.
- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
Building relationships with FBI
Focused on companies building relationships with their local FBI Cyber division field offices to establish a channel of communication, reporting structure and a Contact to reach out to in the case of a security incident.
Introduce and develop into corporate incident policy, areas covering liability of sharing data with law enforcement such as the FBI. Corporations to work with lawyers or legal team in doing such.
In addition to the talk there was a demonstration of:
- Dell’s threat protection and endpoint security suite
- Network threat visualizer “DarkTrace” https://www.darktrace.com
I would like to give a big thanks to John Rovito over at VirtuIT Systems for having me out this week.
Its that time again. When our hard working friends over at Apple release their new iOS version. This time its version 10. The question I asked myself and I am sure many are asking… Will my older devices be compatible to the new OS.
This is what I have found:
- iPad Pro 12.9-inch
- iPad Pro 9.7-inch
- iPad Air 2
- iPad Air
- iPad 4th generation
- iPad 3rd generation
- iPad 2
- iPad mini 4
- iPad mini 3
- iPad mini 2
- iPad mini
- iPhone 6s
- iPhone 6s Plus
- iPhone 6
- iPhone 6 Plus
- iPhone SE
- iPhone 5s
- iPhone 5c
- iPhone 5
It would not be a Friday without something. I got reports from users that they were getting bounce back emails.
Error [0x80004005-00000000-00000000] is referenced in the emails. When logging into the web portal the users have a message that their daily limit of messages recipients has been reached.
The following post shows the list of limitations
Gene Wilder, who regularly stole the show in such comedic gems as “The Producers,” “Blazing Saddles,” “Young Frankenstein,” “Willy Wonka and the Chocolate Factory” and “Stir Crazy,” died Monday at his home in Stamford, Conn. His nephew Jordan Walker-Pearlman said he died of complications from Alzheimer’s disease. He was 83.
Rest in peace old friend, you will love on in memory forever
Sang no better than this:
And you’ll be
In a world of pure imagination
Take a look
And you’ll see
Into your imagination
With a spin
The world of my creation
What we’ll see
Simply look around and view it
Anything you want to, do it
Want to change the world?
There’s nothing to it
Life I know
To compare with pure imagination
You’ll be free
If you truly wish to be
Close your eyes and you will see one
Want to be a dreamer, be one
Anytime you please and please save me one
Somewhere in heaven a door opens, through the Veil he enters and the words are spoken “The champ is here”
One of the most transcendent athletes ever to compete in our country (and the world), Muhammad Ali, who died Friday at the age of 74.
A true legend. RIP, Champ (Muhammad Ali).
A few weeks back, I had the chance to visit the Team #22KILL website and to participate in this now social media awareness challenge to bring about awareness not only to myself but to others that a shocking number of soldiers and veterans die every day as a result of suicide.
Marked by the hashtag “#22Kill” , “#22KillPushUpChallenge,” or “#22pushups”, people are responding with 22 push-ups for a cause.
As stated on the site the goal is to “Help us reach our goal to get 22 Million pushups – To honor those who serve and to raise awareness for veteran suicide prevention through education and empowerment.”
So my journey began via my YouTube channel
Starting From Day 1 to Day 22
Suicide Prevention, whether it be for vet’s or the everyday person is a serious cause that needs your support.
If You Need help? For Yourself or a Loved one.
Call the National Suicide Prevention Lifeline at: 1 (800) 273-8255
You will find supportive individuals willing to offer you the tools you need.
If you want to join the challenge – or challenge a friend – make sure that you include the hashtag “#22Kill” and that your post is made “public” so that 22Kill can keep their count accurate. You can also become a veteran advocate yourself by volunteering through the 22Kill organization website.
The flaws could allow arbitrary code execution when the 7-Zip library processes specially crafted files
Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.
The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco’s Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.
The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.
Previous research has shown that most developers do a poor job of keeping track of vulnerabilities in the third-party code they use and that they rarely update the libraries included in their projects.
“7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today,” the Cisco Talos researchers said in a blog post. “Users may be surprised to discover just how many products and appliances are affected.”
A search on Google reveals that 7-Zip is used in many software projects, including in security devices and antivirus products. Many custom enterprise applications also likely use it.
The out-of-bounds read vulnerability, tracked as CVE-2016-2335, stems from 7-Zip’s handling of Universal Disk Format (UDF) files, while the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files.
To exploit the flaws, attackers can craft specially crafted files in those formats and deliver them in a way that would cause the vulnerable 7-Zip code to process them.