ICS-CERT Warns of CAN Bus Vulnerability

The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert on Friday to warn relevant industries about a vulnerability affecting the Controller Area Network (CAN) bus standard.

read more

Source

Advertisements

The Fireball malware already infected more than 250 million computers worldwide running both Windows and Mac OS

Check Point have discovered a massive malware campaign spreading the Fireball malware, it has already infected more than 250 million computers worldwide Security researchers at Check Point have discovered a massive malware campaign spreading the Fireball malware. The malicious code has already infected more than 250 million computers worldwide running both Windows and Mac OS. […]

The post The Fireball malware already infected more than 250 million computers worldwide running both Windows and Mac OS appeared first on Security Affairs.

 

Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom

A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware. The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend. The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows […]

The post Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom appeared first on Security Affairs.

A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware.

The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend.

The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows SMB exploit Eternal Blue to compromise unpatched OS or computers running unsupported versions of Windows OS.

Microsoft took the unprecedented decision to issue security patches for Windows 2003 server and XP in order to protect its customers.

Now there is a good news for the owners of some computers running Windows XP that was infected by the WannaCry ransomware, they may be able to decrypt their data without paying the ransom ($300 to $600).

Wanadecrypt WannaCrypt ransomware

The Quarkslab researcher, Adrien Guinet, has published a software, called Wanadecrypt, he used to recover the decryption key required to restore the files on an infected XP computer. The expert successfully tested the Wanadecrypt software on a small number of infected XP computers, but it is not clear if the technique works on every PC.

Experts downplayed the discovery because Windows XP computers weren’t affected by the massive WannaCry attack. Still, but the Guinet’s method could be helpful to XP users hit in other attacks.

“This software has only been tested and known to work under Windows XP,” he wrote in a readme note issued with the software. “In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!”

Another popular expert, Matt Suiche, reported he was not able to use the WannaKey tool.

The WannaCry ransomware uses the Microsoft Cryptographic Application Program Interface included with Windows to implements most of its encryption features.

Once created the key, the interface erases the key on most versions of Windows, but experts discovered that a limitation on Windows XP OS can prevent this operation.

This implies that the prime numbers used in the WannaCry Key generation may remain in the memory of the machine until it is powered down allowing Wanadecrypt to extract it from the infected XP.

“If you are lucky (that is the associated memory hasn’t been reallocated and erased), these prime numbers might still be in memory,” Guinet wrote.

Anyone who has been infected by WannaCry should avoid restarting their XP computers to try to decrypt the files, the researcher is now working to extend the results of his discovery to other OSs.

Pierluigi Paganini

(Security Affairs – Wanadecrypt, WannaCry)

The post Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom appeared first on Security Affairs.

Source

Researchers say global cyber attack similar to North Korean hacks

Reuters Researchers say global cyber attack similar to North Korean hacks Reuters The United States accused it of being behind a cyber attack on Sony Pictures in 2014. An official at South Korea’s Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported …

Source: Researchers say global cyber attack similar to North Korean hacks

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.

Source: Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Wikileaks Reveal CIA Capabilities to Break into Apple Products

Wikileaks Reveal CIA Capabilities to Break into Apple Products New revelations from Wikileaks have shown capabilities to break into Apple products. Among the new cache are revelations on the CIA spying programs and capabilities to infect Apple Mac Computer firmware.

Source: Wikileaks Reveal CIA Capabilities to Break into Apple Products