Leaderboard

Security researchers detected a new ransomware strain that leveraged piracy as a means of distributing itself to Mac users. On June 29, a Twitter user reached out to Malwarebytes about a malicious Little Snitch installer that was available for download on a Russian forum known for sharing torrent links. A close look at the installer revealed that it used a generic icon and arrived within a disk image file. Upon activation, this resource loaded the legitimate installer and uninstaller apps for Little Snitch, a program which alerts users when an app attempts to connect to a web server. The program also installed an executable called “patch” in the /Users/Shared directory. After a script moved it to a location that appeared to relate to Little Snitch and renamed it “CrashReporter” for the purpose of blending in, “patch” removed itself from the /Users/Shared directory, launched its copy and then launched the Little Snitch installer. This process didn’t go so well, however. As Malwarebytes explained in its research: Further investigation revealed that the threat relied on a malicious installer for DJ software called “Mixed In Key 8.” The malware delivered by that installer was similarly hesitant to get to work, but after Malwarebytes changed the clock setting of its virtual machine, disconnected from the network and restarted the computer a few times, the ransomware finally sprung into action and launched its encryption routine. This process led the threat to encrypt settings files and the keychain files, thus producing error messages and spinning beach balls. Researchers at the security firm learned from others that the Mac ransomware eventually deployed a ransom note with instructions for payment. Even so, it was unable to replicate this behavior. Screenshot of encryption message posted to RUTracker forum (Source: Malwarebytes) This isn’t the first time that researchers have detected ransomware targeting Mac users. Back in 2017, for instance, researchers spotted another crypto-malware strain that relied on cracks to pirate commercial software for distribution. As such, organizations should follow these steps to prevent a ransomware infection from occurring in the first place. Via tripwire.com

The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files. Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library. Windows Codecs Library handles how the OS compresses large multimedia files such as photos and videos, and then decodes them for playback within applications. The out-of-band updates, addressing a critical-severity flaw (CVE-2020-1425) and important-severity vulnerability (CVE-2020-1457), were sent out via Windows Update Tuesday night and affect several versions of Windows 10 and Windows Server 2019. Both vulnerabilities allow for remote code execution “in the way that Microsoft Windows Codecs Library handles objects in memory,” according to the updates. CVE-2020-1425, if exploited, could allow an attacker to execute arbitrary code, while CVE-2020-1457 can be exploited to allow a bad actor to obtain information that would further compromise the user’s system. Both flaws can be exploited if users of affected systems open corrupted media files within applications that use the native Windows Codecs Library. Microsoft included a complete list of the Windows 10 and Windows Server distributions affected in its advisories, which offered little in terms of specific detail on the flaws. The company did say, however, that there are no mitigations or workarounds for the vulnerabities. Affected customers need to take no action to receive the update, as they will be automatically updated by Microsoft Store, according to the company. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App. Microsoft credited security researcher Abdul-Aziz Hariri for identifying the flaws and reporting them to Trend Micro’s Zero Day Initiative (ZDI), according to a published report in ZDNet. It’s not completely uncommon for Microsoft to release updates outside of the second Tuesday of every month, also known as “Patch Tuesday.” However, typically the company does so in response to vulnerabilities uncovered by third-party security researchers—including from rivals such as Google — that are found to be under attack. Microsoft said it has not detected either Windows Codecs Library flaw being exploited in the wild. These patches come weeks after Microsoft’s regularly scheduled June Patch Tuesday, where it released patches for 129 vulnerabilities – the highest number of CVEs ever released by Microsoft in a single month. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server, Windows Shell, VBScript and other products. Unlike other recent monthly updates from Microsoft, its June updates did not include any zero-day vulnerabilities being actively attacked in the wild. Via threatpost.com

Am trecut noi peste Sality, Confiqer... Trecem si peste Covid.

A fost super tare doar prin simplul faptul ca am putut urmari ce speaker vreau eu si sa sar de la unul la altul imediat. Este primul meu Cisco Live de acasa si chiar ma uitam le Twitter cand de entuziasmata era lumea ca poate face acelasi lucru. Am avut acces si la prezentari imediat, fiind uecate in Cloud aproape insant. Beneficiile au ramas aceleasi ca si cum ai fi platit bilet, dar asta doar daca erai invitat. Eu printr un noroc am fost invitat sa particip si am avut niste chestii gratis plus niste reduceri masive la carti. Dar puteai participa si doar daca te inscriai sau esti partener Cisco.

ITPRO.TV - MTA - Security Fundamentals - 98-367: Security Fundamentals English | mp4 | H264 1280x720 | AAC 2 ch | 8 hr 14 min | 2.71 GB eLearning In this episode, Daniel and Mike introduce you to some of the core security principles and practices that anyone looking to get into IT should be familiar with. Here they specifically discuss the CIA triad; Confidentiality, Integrity, and Availability. Contents Core Security Principles Episode Length:29 minutes, 43 seconds Core Security Principles Part 2 Episode Length:32 minutes, 40 seconds Physical Security Episode Length:34 minutes, 52 seconds Internet Security Episode Length:32 minutes, 14 seconds Wireless Security Episode Length:28 minutes, 53 seconds Topic Title:Understand operating system security User Authentication Episode Length:38 minutes, 31 seconds Permissions Episode Length:34 minutes, 5 seconds Password and Audit Policies Episode Length:34 minutes, 30 seconds Encryption Episode Length:33 minutes, 36 seconds Encryption Part 2 Episode Length:37 minutes, 51 seconds Email Protection and Malware Episode Length:29 minutes, 36 seconds Topic Title:Understand network security Dedicated Firewalls and NAP Episode Length:33 minutes, 29 seconds Network Isolation Episode Length:35 minutes, 29 seconds Protocol Security Episode Length:27 minutes Topic Title:Understand security software Client and Server Protection Episode Length:31 minutes, 37 seconds Screenshots:

Asa cum zice Skreach. In afara poti gandi. Aici au gandit altii pentru tine, trebuie sa fii robot.