Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Tools. Show all posts
Security Tools
Antivirus Astro Locker Babuk Ransomware Chaos Malware Encryption malware Monero Security Tools

Users get Directly Infected by AstraLocker 2.0 via Word Files

Threat researchers claim that the developers of a ransomware strain named AstraLocker just published its second major version and that its operators conduct quick attacks that throw its payload directly from email attachments. This method is particularly unique because all the intermediary stages that identify email attacks normally serve to elude detection and reduce the likelihood of triggering alarms on email security tools.

ReversingLabs, a firm that has been monitoring AstraLocker operations, claims that the attackers don't appear to be concerned with reconnaissance, the analysis of valuable files, or lateral network movement. It is carrying out a ransomware operation known as "smash and grab." 

The aim of smash and grab is to maximize profit as quickly as possible. Malware developers operate under the presumption that victims or security software will rapidly discover the malware, hence it is preferable to move right along to the finish line. 

Smash-and-grab strategy 

An OLE object with the ransomware payload is concealed in a Microsoft Word document that is the lure utilized by the developers of AstraLocker 2.0. WordDocumentDOC.exe is the filename of the embedded program. 

The user must select "Run" in the warning window that displays after opening the document in order to run the payload, thus decreasing the threat actors' chances of success. 

Researchers point out that this approach is less sophisticated than the recent Follina vulnerability which requires no user involvement or even the use of macros improperly which requires some user interaction. 
 
Encryption set up

Despite its haste to encrypt, AstraLocker still manages to do certain basic ransomware actions: It attempts to disable security software, disables any active programs that can obstruct encryption, and steers clear of virtual computers, which might suggest that it is being used by lab researchers.

The virus sets up the system for encryption using the Curve25519 method after executing an anti-analysis check to make sure it isn't executing in a virtual machine and that no debuggers are set in other ongoing processes. 

Killing applications that might compromise the encryption, erasing volume shadow copies that would facilitate victim restoration, and disabling a number of backup and antivirus services are all part of the preparation procedure. Instead of encrypting its contents, the Recycle Bin is simply emptied.

AstraLocker origins 

AstraLocker is based on Babuk's stolen source code, a dangerous but flawed ransomware strain that left the market in September 2021, according to ReversingLabs' code analysis. Furthermore, the Chaos ransomware's developers are connected to one of the Monero wallet addresses stated in the ransom text.

Supposedly, this isn't the work of a clever actor, but rather someone who is determined to launch as many devastating attacks as possible, based on the tactics that support the most recent campaign.
Read more »
Security Tools
Cloud Network Cyber Security Encryption Tools infosec Security Tools

To Reliably Govern Multi-Cloud Workloads, IT Leaders Demand Better Security Insights

 

Gigamon has revealed the results of a Pulse. qa poll of IT and InfoSec experts to identify hurdles in progressing current multi-cloud plans. 

According to a recent Pew Research poll, 64 percent of Americans prefer to work in either an entirely remote or hybrid environment, pushing organizations to deal with the growing complexity of transferring and expanding workloads in the cloud. As a result, respondents to the Pulse.qa poll rank transparency over cloud data-in-motion as the most important security element globally. 

"Deep observability across hybrid and multi-cloud setups are required for every firm to stay competitive in a world of enhanced security risk and IT complexity. While each company's journey to service and infrastructure modernization is unique, bridging this visibility gap is critical to safeguarding and optimizing the network in order to provide a superior user experience." Gigamon's VP of brand and technical marketing, Bassam Khan, explained. 

Multi-cloud methods' challenges 

  • The successful administration of multi-cloud infrastructures is being hampered by increasing complexity and cost — 99 percent of respondents said the team lacked or violated an app service-level agreement (SLA) owing to challenges caused by an overly complicated cloud infrastructure. 
  • Attempts by tech executives to transfer and boost workloads in the cloud are being hampered by rising costs and complexity – High cloud expenses, according to 67 percent of respondents, are hindering the firms' ability to transfer applications and workloads as quickly as they need; 96 percent said connectivity bottlenecks or complex cloud troubleshooting attempts hold down migration efforts. 
  • The expense and complexities of cloud infrastructure deplete resources for other ventures and apps, frustrating already overworked IT employees — IT employee irritation was a close second (51%) to a lack of budget (61%) for critical applications. 

82 percent of IT and InfoSec leaders favor best-of-breed third-party security tools over cloud platform provider technologies to overcome these cloud migration bottlenecks and issues. Furthermore, the percent prefers a single point of visibility across the whole environment to a compartmentalized approach to cloud problems.

In a comparable pattern, multi-cloud is utilized. It gives organizations more ways to take advantage of the cloud's benefits. In response to demand, multi-cloud is certainly one of the most popular techniques.
Read more »
Security Tools
Computer Security Cyber Security Tool Cyberattack Google Google Security Tools Security Tools

Google’s security tools can shield from cyber-attacks

Google has long been asking users to enable its security tools for shielding all its services - from Gmail to Google Photos - from hacking attempts.

The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be.

Let's take a look.

Advantage

Adding phone number can fend off bot-based attacks.

Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts.

The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.

Protection

Two-factor authentication offers highest security.

Google has been saying this for years and the stats prove it - two-step verification is the securest offering right now.

The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.

Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.

Security key offers strongest shield.

Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.

Risk

Google also showed what happens when you don't use 2SV.

The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email.

These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don't have a 2SV on.

The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.
Read more »
Security Tools
Breaking News HconSTF Penetration Testing Security News Security Tools

HconSTF v0.5 codename 'Prime' Released


HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.

Hcon is very delighted to announce this, After around 14 months its released, HconSTF v0.5 codename 'Prime'  is here

Noticeable things for this version :
Now its more enhanced for,
  • Web Penetration Testing
  • Web Exploits Development
  • Web Malware Analysis
  • Osint , Cyber Spying and Doxing !!
  • and moch more with lots of hidden features

so HconSTF v0.5 briefly,
  • based on Firefox 17.0.1
  • Designed in Process based methodology
  • Less in size (40mb packed-80mb extracted), consumes less memory
  • More than 165+ search plugins
  • New IDB 0.1 release integrated
  • underlined Logging for each and every request
  • more NEW scanners for DomXSS, Reflected XSS
  • New reporting features like note taking, url logging for easy report making
  • Smart searchbox - just select and it will copy it and just change search engine to search
  • Integrated Tor, AdvoR, I2p and more proxies
  • New Grease monkey scripts (18 scripts)
More details can be found here.

Download


Read more »
Security Tools
BackBox Linux PenTesting Pentesting OS Security News Security Tools

Download BackBox Linux 3.01 -PenTesting Distro


The BackBox Team annnounced the updated release of BackBox Linux, the version 3.01. This release include features such as Linux Kernel 3.2 and Xfce 4.8.

BackBox is an Ubuntu based Linux distribution penetration test and security assessment oriented providing a network and informatic systems analysis toolkit. BackBox desktop environment includes a minimal yet complete set of tools required for ethical hacking and security testing.



What's new
  • New and updated hacking tools (ex. backfuzz, beef, bluediving, cvechecker, htexploit, metasploit, set, sqlmap, websploit, weevely, wpscan, zaproxy, etc.)
  • System improvements
  • Upstream components
  • Bug corrections
  • Performance boost
  • Improved auditing menu
  • Improved Wi-Fi dirvers (compat-wireless aircrack patched)

The ISO images (32bit & 64bit) can be downloaded from the following location:
http://www.backbox.org/downloads
Read more »
Security Tools
IT Security News Malware Analyzers Security News Security Tools

Hook Analyser 2.2 Released , malware analyzer tool


Hook Analyser is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis.

Features:
1. Spawn and Hook to Application
This feature allows analyst to spawn an application, and hook into it

2. Hook to a specific running process
The option allows analyst to hook to a running (active) process.

3. Perform quick static malware analysis
This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces.

4. Application crash analysis
This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.

Change log -

  • The UI and modules of the project have been re-written. The interactive mode is more verbose.
  • The (static) malware analysis module has been enhanced.
  • Bug fixes and other improvements.
Download it from here:
beenuarora.com/HookAnalyser2.2.zip

Read more »
Security Tools
ClubHack ClubHack 2012 EHN Knight X Plus Security Tools

'Knight X Plus' - Cyber intelligence product from ClubHack2012



ClubHack Introducing 'Knight X Plus' - Cyber intelligence product which gives you Power of Queen & Knight in your cyber intelligence .

A big data based OSINT platform that harnesses the power of cloud, big data and highly scalable architecture to do proactive monitoring, analysis and automated response of live cyber threats and opportunities

 Product Features:
  • Blazing Fast
  • Automated Information Retrieval
  • Knowledge Discovery
  • Cyber Media Monitoring
  • Geospatial Analysis
  • Analysis based on stats, time-series data, link analysis logic and more
  • Graphic Rich Visualizations for better understanding of the data
  • User Friendly UI
  • Drill Downs on almost anything

Platform Features:

  • Automated Alerts on Information / Knowledge Discovery
  • Pluggable approach to pour in any type of data
  • Unique Job Queue Management Design, built to scale in distributed processing
  • Post processing jobs can range from doing huge data crunching to “distributed ping” upto your imagination
  • Highly scalable, expand distributed engine in 10 minutes flat
  • Intelligent data storage for lightning fast retrieval
Further details can be found here:
http://knightxplus.com

Read more »
Software Release
DefCon Hackers Conference Security Tools Software Release

Tools released at Defcon can crack widely used PPTP encryption in under a day

Security researchers released two tools at the Defcon security conference which can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) as well as WPA2-Enterprise (Wireless Protected Access) sessions which use MS-CHAPv2 for authentication.


MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.


This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.


The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.


PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.


The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.


Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

Read more »
Subscribe to: Posts (Atom)