Blog

MICROSOFT HELPS FIXING DESKTOP FLAWS FOR WINDOWS 10

Microsoft has recently released new patches looking upon the threats and flaws which is leading to the elevated risks associated with wormable vulnerabilities. They have also mentioned that users are urged to patch by Microsoft Security Response Centre (MSRC).

What Hackers Did Previously

Hackers Previously Did

Previously the attackers used to attack by sending specially crafted requests to their respective remote service of targeted unpatched windows system via RDP. After successfully sending this they could change, view or delete data; also, they can create a new user account with all rights of a user or administrator.

Microsoft Released Patch

Microsoft Patch

Looking upon this rising issue, Microsoft has introduced a patch against two leading flaws where they have also stated, “the users are urged to patch”. Patching this will lead the user to make its device more secure and prevent their device from the attackers. This will also help prevent their personal data to come into the public eye and will always be protected from these attackers.

Previous Patch

Microsoft Previous Patch

There was a flaw introduced Bluekeep which was patched three months ago. Bluekeep used to threat actors to create malware which used to be propagated between windows devices running vulnerable RDS installations.

To know more please visit our website Ideastack.

Comodo Threat Research Lab uncovers new trick used by hackers to attack enterprises  

A different type of phishing email attack targeting enterprises using SWIFT monetary messaging services has been discovered this month by Comodo Threat Research Lab. SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging forces are employed by approximately 11,00 banking, business clients and safety organizations.

Cybercriminals are now employing it to aim enterprises by sending a phishing email and mailing malware in their inboxes. The attackers send emails with attachments and direct the recipient to open the add-on to get information about the quantity that has been transferred to their chosen account. However, the add-on contains malware (Trojan.JAVA.AdwindRAT), which is transmitted into the user’s system if it is opened. 

 anti-adware process.

Once it has entered into the system, the malware can evolve and enter the registry, spawn numerous processes, and can also try to get rid of antivirus and anti-adware process. It additionally drops malicious files to make an association with the domain in a secretly hidden encryption network. 

Comodo has warned that this virus can disable Windows restore alternative and the User Account Control. The malware works as a cyberspy, enabling attackers to spy the scheme and access the in order about venture network and endpoints. 

 

The moment attackers have access to all the complex information, they can go through additional viruses into the system to rob some of the most private information of the organizations.  

Comodo rationed that the hackers are using SWIFT systems for hiding in plain sight because of basic human psychology to feel excited arousal for money, especially where bank account affairs are concerned.  

If you are looking to avoid this type of malware attack you must go through  Ideastack VPS server with full protection to all System servers.

Slingshot malware attacking router-connected devices since 2012 without detection 

Researchers from Kaspersky Lab uncover exposed a malicious loader named Slingshot, which is vigorously attacking clients through routers for the past six years without even being detected.

Characteristically, the routers download and function many DLL (dynamic link library) documents from the devices. The hackers used routers to devise a malicious DLL to the package of another rightful DLLs. These malevolent DLLs cooperate with the connected devices by targeting the memory.

Malware Attacking

The liabilities were uncovered in routers made by MikroTik. The clients of MikroTik routers run WinBox Loader software for router connectivity. When this software is made functional, the device is then connected to an isolated server to download the Slingshot virus. Researchers say that this malware involves two modules called Canada and GollumApp, which enable data theft.

Canada is a seed mode module that deals with the complete and overall control of the affected computer to the attacker with no limits. It can carry out harmful code in the scheme without causing a blue screen.

GollumApp is a consumer mode module that contains around 1500 user-code functions. Using these modules, Slingshot can crop screenshots, keyboard data, network data, passwords, and desktop activities.

encrypted file system

What makes Slingshot dangerous is the numerous tricks its actors use to avoid detection. It can even shut down its components when it detects signs that might indicate forensic research. Furthermore, Slingshot uses its an encrypted file system on an unused part of a hard drive,” as was noted by the researchers of Kaspersky.

These researchers have also stated that Slingshot is a complicated malware and developers who founded it might have spent a huge amount of time and money. “Its infection vector is remarkable – the best of our knowledge.”

For more information, you can visit: Ideastack

Petya/Petwrap ransomware

Petya_Petwrap Ransomware

Affected Countries:

UK, Ukraine, India, The Netherlands, Spain, Denmark, and others.

Behavior:

Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer.

Actions to be taken:

1. Block source E-mail address:

[email protected]

2. Block domains:

http://mischapuk6hyrn72.onion/
http://petya3jxfp2f7g3i.onion/
http://petya3sen7dyko2n.onion/
http://mischa5xyix2mrhd.onion/MZ2MMJ
http://mischapuk6hyrn72.onion/MZ2MMJ
http://petya3jxfp2f7g3i.onion/MZ2MMJ
http://petya3sen7dyko2n.onion/MZ2MMJ
http://benkow.cc/71b6a493388e7d0b40c83ce903bc6b04.bin
COFFEINOFFICE.XYZ

Accueil

3. Block IPs:

95.141.115.108
185.165.29.78
84.200.16.242
111.90.139.247

4. Apply patches:

Refer(in Russian): https://habrahabr.ru/post/331762/

5. Disable SMBv1

6. Update Anti-Virus hashes:

a809a63bc5e31670ff117d838522dec433f74bee
bec678164cedea578a7aff4589018fa41551c27f
d5bf3f100e7dbcc434d7c58ebf64052329a60fc2
aba7aa41057c8a6b184ba5776c20f7e8fc97c657
0ff07caedad54c9b65e5873ac2d81b3126754aac
51eafbb626103765d3aedfd098b94d0e77de1196
078de2dc59ce59f503c63bd61f1ef8353dc7cf5f
7ca37b86f4acc702f108449c391dd2485b5ca18c
2bc182f04b935c7e358ed9c9e6df09ae6af47168
1b83c00143a1bb2bf16b46c01f36d53fb66f82b5
82920a2ad0138a2a8efc744ae5849c6dde6b435d

myguy.xls EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6

BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD

Everything You Need To Know About Encryption

When it comes to computing, encryption is the process by which plain text or any other kind of data is transformed from a legible form to a programmed version that can only be decoded by another unit if they have access to a decryption key. Encryption is one of the most important processes that give data security, especially for end-to-end security of data transferred across networks.

Data Center Security

Encryption is used on the internet on a large scale, mainly to secure user information being transmitted between a browser and a server, including passwords, payment information and other personal information that should be kept private. Organizations and individuals also usually use encryption to secure sensitive data stored on computing devices, servers and mobile devices like phones and/or tablets.encrypted file system

Unencrypted data, that is usually pointed as plain text is encrypted using an encryption algorithm and an encryption key. This methodology generates ciphertext that can only be seen in its unique form if decrypted with the correct key. 

Decryption is simply the inverse of encryption, subsequent the same steps, but taking back the order in reverse which the keys are functional. Today’s most widely implemented encryption algorithms fall into two topics: symmetric and asymmetric.

Hosting Service provider list

Symmetric-key encryption is usually much faster than asymmetric encryption, but the sender must exchange the key used to encrypt the data with the recipient before the recipient can execute decryption on the ciphertext. The need to steadily distribute and manage large numbers of keys means most cryptographer methods use a symmetric algorithm to efficiently encrypt data, but use an asymmetric algorithm to securely swap over the secret key.

Following are a few benefits of Encryption:

Authentication: the origin of a message which can be verified.

Integrity: A proof that the inside of a message have not been transformed since it was sent.

Nonrepudiation: the sender of a message cannot reject transferring the message.

For more information, you can visit: Ideastack