Page 5 of 6 FirstFirst ... 3456 LastLast
Results 81 to 100 of 112

Thread: Malware & other nasty IT / cyber things

  1. #81
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    South Korean hosting co. pays $1m ransom to end eight-day outage
    Criminals were talked down from 4.4M USDs...


    https://www.theregister.co.uk/2017/0...a_pays_ransom/
    Last edited by OUTLAW 09; 06-20-2017 at 06:54 AM.

  2. #82
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Honda halts Japan car plant after WannaCry virus hits computer network
    http://reut.rs/2sU6jvK

  3. #83
    Council Member
    Join Date
    Dec 2009
    Posts
    87

    Default

    Nuclear war fears had a public component of "duck and cover".

    Cyber war fears should have a public component of "patch and update".

    Here in NZ, due to our recent and serious seismic activity, we've had a national resilience campaign for personal preparation in case of a future disaster.

    I believe strongly that we are well past the point where we should be conducting national continuous "patch and update" campaigns, to the point of aggressive nudging behaviour in perpetual pursuit of herd device immunity.

    "Loose lips sink ships" for the age of interconnectivity.

  4. #84
    Council Member
    Join Date
    Dec 2009
    Posts
    87

    Default

    Quantum entanglement as a means of potential cyber/coms resilience:

    https://www.scientificamerican.com/a...ntum-internet/

    I knew quantum computing would be an eventual game changer with even recent 1024 bit encryption, but was unaware of quantum entanglement being used as a potential tool to defend against hacking and cracking.

    It's way over my head, but Moore's Law continues on its 52 year relentless journey.

  5. #85
    Council Member
    Join Date
    Dec 2009
    Posts
    87

    Default

    A cyber attack the world isn't ready for

    https://www.nytimes.com/2017/06/22/t...erweapons.html

    Wannacry is the focus, but Doublepulsar backdoor may be a bigger threat

  6. #86
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    BTW...while the US Congress approved 200M USDs to fight Russian info warfare BUT US social media FB, Twitter, Instagram and others seem to be unable to control hate, violence and propaganda being posted minute by minute EVEN though they admit they could....

    BTW...the Trump government has promised a propaganda pushback but not spent a single cent of the 200M USD...

    BTW...the Germans have effectively told the US social media companies to either control what they know they can actually control and if not then 50K Euros per violation.....ACTUALLY not a problem for them to pay the fines as they make billions.....

    At least the Germans are doing something compared to the apparent inaction of Trump who has 200M USDs to spend in this effort....
    Last edited by davidbfpo; 06-25-2017 at 12:33 PM. Reason: brevity

  7. #87
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Snapchat launches new feature that lets people know where you are at any moment

    Not good for your own personal safety....

  8. #88
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    A former employee was sentenced to one year and one day in prison for damaging the IT networks of several water utility providers across the US East Coast.
    http://securityaffairs.co/wordpress/...ks-hacked.html


    Adam Flanagan (42) of Bala Cynwyd, PA was sentenced to#one year and one day in prison by a Pennsylvania court#for#damaging the IT networks of several water utility providers across the US East Coast.
    The news was reported by#Bleeping Computer, the man#worked between November 2007 and November 2013 as engineer for an unnamed company that manufactured smart water, electric, and gas readers.
    Among the Flanagan’s tasks, there was the set up#of Tower Gateway Basestations (TGB) for the customers, which were mainly water utility networks.
    The Tower Gateway Basestations#are essential components for water facility networks composed of smart meters installed at people’s homes that exchange data with water facility operators’ systems.
    These networks allow water facility operators to collect consumption#data and check the status of the installs at the customers’ homes.
    On November 16, 2013, the company fired#Flanagan for undisclosed reasons, then the man decided to punish the company by shutting down the TGB stations paralyzing the water facility networks of the company customers. Flanagan also changed passwords on some TGBs, using offensive words.
    The utility providers had to send out employees at customer homes to collect monthly readings about their consumption.
    “According to court documents, the FBI tracked down Flanagan’s actions to six incidents in five cities across the US East Coast: Aliquippa (Pennsylvania), Egg Harbor (New Jersey), Kennebec (Maine), New Kensington (Pennsylvania), and Spotswood (New Jersey).”reported#Catalin Cimpanu#from#Bleepingcomputer.

    The investigators were able to identify the former employee as the responsible of the incidents, then the US authorities filed charges on November 22, 2016.#Flanagan faced a maximum sentence of 90 years in prison, plus a $3 million fine. He pleaded guilty on March 7, 2017, before receiving his sentence on June 14, 2017.
    Flanagan faced a maximum sentence of 90 years in prison, plus a $3 million fine. He pleaded guilty on March 7, 2017#and on June 14, 2017 he was sentenced to one year in the jail, let me say that judges were clement.
    Last edited by OUTLAW 09; 06-26-2017 at 11:11 AM.

  9. #89
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Pinkslipbot banking Trojan exploiting infected machines as control servers
    http://securityaffairs.co/wordpress/...ng-trojan.html

    Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot)
    Attached Images Attached Images

  10. #90
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    !!! Zero-day Skype flaw causes crashes, remote code execution (CVE-2017-9948) -

  11. #91
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    NOTE

    All of the running information on the Russian deliberate cyber attack on Ukraine is being threaded on the Russian propaganda thread....as it is in fact a Russian targeted cyber attack...especially when one "sees" the control servers sitting deep inside Russia.....

  12. #92

  13. #93
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Puppet Strings - Dirty Secret for Free Windows Ring 0 Code Execution https://zerosum0x0.blogspot.com/2017...-for-free.html
    Attached Images Attached Images

  14. #94
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Petya’s kill-chain diagram in Windows 10. Device Guard, Credential Guard, UEFI Secure Boot, AppLocker, KASLR, HALNX

    https://blogs.technet.microsoft.com/...form=hootsuite
    Attached Images Attached Images

  15. #95
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    ThreadContinue - Reflective Injection Using SetThreadContext() and NtContinue()
    https://zerosum0x0.blogspot.com/2017...injection.html
    Attached Images Attached Images

  16. #96
    Council Member
    Join Date
    Dec 2009
    Posts
    87

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    Petya’s kill-chain diagram in Windows 10. Device Guard, Credential Guard, UEFI Secure Boot, AppLocker, KASLR, HALNX

    https://blogs.technet.microsoft.com/...form=hootsuite
    One interesting item is the limited execution time of 60 minutes.

    I'm not a cyber SME, but I wonder where 60 minutes sits on the continuum?

    If on the low end, and assuming it was done so intentionally, does that mean this might have been meant as both an intentional attack(not ransomware) on Ukraine as well as a message NATO/EU/US unlikely to draw a direct cyber counterattack?

    To me, if the 60 minute execution time is quite short, then it would seem to be designed to burn out like digital Ebola with a limited incubation period, instead of lingering like the Plague.

  17. #97
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by flagg View Post
    One interesting item is the limited execution time of 60 minutes.

    I'm not a cyber SME, but I wonder where 60 minutes sits on the continuum?

    If on the low end, and assuming it was done so intentionally, does that mean this might have been meant as both an intentional attack(not ransomware) on Ukraine as well as a message NATO/EU/US unlikely to draw a direct cyber counterattack?

    To me, if the 60 minute execution time is quite short, then it would seem to be designed to burn out like digital Ebola with a limited incubation period, instead of lingering like the Plague.
    You have some interesting comments....there is nothing by accident on this malware....appears to be sloppy in coding but highly destructive when unleashed...appears to be ransomware but it is really a wiper of MBF of computer...and interestingly when detected by say AV or MS Defender software it immediately starts to destroy the MBF with no hesitation whatsoever...

    Coupled with a LASDump hacking tool designed to collect all passwords laterally from the infected pc as well as all lateral domain servers and pass that info via exfil then this was in fact a highly thought through cyber attack...setting up the network for future easier attacks...

    BTW..you are correct..by appearing to be at first a ransomware they slide under the Article 5 radar......that was intentional...

    Alone the damage to Maersk Shipping was a total of 480M USDs...that is a lot of damage for a so called ransomware.

    PLUS the choice of targets were exactly what you would expect from a direct cyber invasion...banks and ATMs, fuel points, food stores, radio and TV and social media, transportation ground and air and the central bank....all designed to create panic and confusion in the first hours...

    https://www.theguardian.com/technolo...ukraine-russia

    A ransomware attack that affected at least 2,000 individuals and organisations worldwide on Tuesday appears to have been deliberately engineered to damage IT systems rather than extort funds, according to security researchers.
    The attack began in Ukraine, and spread through a hacked Ukrainian accountancy software developer to companies in Russia, western Europe and the US. The software demanded payment of $300 (£230) to restore the user’s files and settings.
    The malware’s advanced intrusion techniques were in stark contrast with its rudimentary payment infrastructure, according to a pseudonymous security researcher known as “the grugq”.

    The researcher said the software was “definitely not designed to make money” but “to spread fast and cause damage, [using the] plausibly deniable cover of ‘ransomware’”.
    This analysis was supported by UC Berkley academic Nicholas Weaver, who told the infosec blog Krebs on Security: “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.”
    Last edited by OUTLAW 09; 07-06-2017 at 05:40 PM.

  18. #98
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    2,592

    Default

    In early May six U.S. intelligence and law enforcement agency chiefs were asked in an open Senate hearing whether they’d let their networks use Kaspersky software, often found on Best Buy shelves. The answer was a unanimous and resounding no. The question, from Florida Republican Marco Rubio, came out of nowhere, often a sign a senator is trying to indirectly draw attention to something learned in classified briefings.

    Eugene Kaspersky took to Reddit to respond. Claims about Kaspersky Lab’s ties to the Kremlin are “unfounded conspiracy theories” and “total BS,” the company’s boisterous, barrel-chested chief executive officer wrote.
    https://www.bloomberg.com/news/artic...-intelligence#
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  19. #99
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    WARNING

    Russian trolls are attacking twitter users with an app that makes Twitter think you're trying to approve a malicious third party app, causing Twitter to lock your account for safety reasons.

    Don't fret, you've not been hacked, this is part... of an intense pro-active troll-farm op designed to keep users from discussing the crumbling Trump presidency.

    Russia sees their asset (Trump) falling apart and are doing everything to control the news. It's a hail-mary pass.

    Today we have seen over 2.5M Russian controlled Twitter bots swarming out to block as many anti Trump twitter accounts that are reporting on anything pertaining to Trump, Trump Jr. and Russians.

    Currently Trump Followers have climbed to 1.8M in just under four weeks AND all are non human bots that is averaging 450K per week and that costs a lot of money to create even on the criminal side of twitter.

    This is a concentrated attack against non Trump supporters on Twitter AND Twitter Support has remained largely silent.....WHY is that.

    This is the third type of Russian twitter attack in the last ten days...

    There is now a true Russian social media info war and it is up front and in your face and the US government also says nothing.

  20. #100
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    WARNING

    Private Email of Top U.S. Russia Intelligence Official Hacked http://foreignpolicy.com/2017/07/14/...cial-hacked/#…

    Some are saying APT28 GRU again.

Similar Threads

  1. Russo-Ukraine War 2016 (April-June)
    By davidbfpo in forum Europe
    Replies: 1088
    Last Post: 07-01-2016, 08:44 PM
  2. Leadership of Cyber Warriors: Enduring Principles and New Directions
    By SWJ Blog in forum Media, Information & Cyber Warriors
    Replies: 0
    Last Post: 07-11-2011, 02:41 PM
  3. USAF Cyber Command (catch all)
    By selil in forum Media, Information & Cyber Warriors
    Replies: 150
    Last Post: 03-15-2011, 09:50 PM
  4. Replies: 51
    Last Post: 01-08-2011, 07:42 PM
  5. Question 5: Cyber space (oh you know I had to ask at least one of these)
    By selil in forum TRADOC Senior Leaders Conference
    Replies: 7
    Last Post: 08-14-2009, 03:27 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •