Read Time:4 Second
Tehran denied any link, claiming Tirana’s action was “based on such baseless claims”
Monthly Archives: September 2022
Intro to crypto wallet authentication
Read Time:45 Second
Modern application development has wrestled with numerous shortcomings in the security paradigm. Blockchain can mitigate several of those shortcomings, but it requires devising means to integrate with conventional applications.
Mainstream cyber security businesses are already working on this, accelerating the blockchain-enabled security landscape.
This article will give you an understanding of how crypto wallets work and the role they play in authentication.
What is a crypto wallet?
A crypto wallet is, at its heart, a software client that manages cryptographic keys.
In asymmetric cryptography, which blockchain is built on, two keys are generated that are known as a key pair. The public key is able to create encrypted cipher text that only the private key can decrypt. The pair can also be used to sign data, proving the sender holds the private keys (without revealing the private key).
How posting personal and business photos can be a security risk
Read Time:56 Second
Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold. Couple this with the individual employee’s or customer’s photos working their way onto social network platforms for others to see and admire, and the value of that gold increases, success being quantified by impressions, views and individual engagements.
Harvesting photo data for competitive intelligence, targeting attacks
The value of that gold doubles when not only does the company harvest data and call it a success, but their competitors also analyze such photos capturing a plethora of useful data points, including geotagged data, metadata of the photo, and identity of the individuals caught in the frame. They, too, call it a success. Yes, the digital engagement involving location data and or location hints within photos is a double-edged sword.
Ukraine Shutters Two More Russian Bot Farms
wordpress-5.9.4-1.fc35
Read Time:6 Second
FEDORA-2022-d7526a0af3
Packages in this update:
wordpress-5.9.4-1.fc35
Update description:
WordPress 5.9.4 Security Release
wordpress-6.0.2-1.fc36
Read Time:7 Second
FEDORA-2022-3efca55d7a
Packages in this update:
wordpress-6.0.2-1.fc36
Update description:
wordpress-6.0.2-1.fc37
Read Time:7 Second
FEDORA-2022-2dc13cc97f
Packages in this update:
wordpress-6.0.2-1.fc37
Update description:
wordpress-6.0.2-1.el9
Read Time:7 Second
FEDORA-EPEL-2022-b58697855e
Packages in this update:
wordpress-6.0.2-1.el9
Update description:
Joint CyberSecurity Advisory on Vice Society (AA22-249A)
Read Time:2 Minute, 54 Second
On September 6th, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on Vice Society ransomware group that has been active since the middle of 2021 and targets multiple industry sectors including education, healthcare, and government. The threat actor uses double extortion tactics, which victims are threatened for permanently losing encrypted files and leaking stolen data to the public should ransom payment is not made.Why is this Significant?This is significant because alleged Vice Society victims listed on the data leak site includes organizations in education, healthcare, and government sector, which are often exempted by other major ransomware groups. Of the last ten victims (as of September 7, 2022), more than half of them are in education and healthcare sectors.Once the threat actor sets foot into the victim’s network, it laterally moves around the network, exfiltrates valuable information, and deploys ransomware which encrypts files on the compromised machine. The stolen data will be made available to the public, which may cause damage to the reputation of the affected companies.What is Vice Society Ransomware Group?Vice Society is a ransomware group that has been active since at least the middle of 2021 and targets both Windows and Linux systems. What’s unique about this ransomware group is that it deploys third-party ransomware to its victims instead of developing its own ransomware. Such ransomware reportedly includes HelloKitty, FiveHands and Zeppelin ransomware.Below is a typical ransom note left behind by the Vice Society threat actor:As the ransom note states, deployed ransomware encrypts files on the compromised machines. Before the ransomware was pushed by the threat actor, it propagates through the victim’s network using tools such as SystemBC, PowerShell Empire, and Cobalt Strike, and exfiltrate confidential information. The ransom note also provides a few contact email addresses. The threat actor puts additional pressure onto the victim by stating that stolen information will be released to the public if the victim does not email the attacker within seven days. The threat actor operates its own leak site where the threat actor lists victims and releases stolen data. The alleged victims are in many countries around the globe that include but not restricted to Argentina, Australia, Australia, Beirut, Brazil, Canada, Columbia, France, French Guiana, Germany, Greece, Indonesia, India, Italy, Kuwait, Malaysia, Netherland, New Zealand, Poland, Saudi Arabia, Singapore, Spain Sweden, Switzerland Thailand, and United Kingdom, United States.Top page of Vice Society leak siteA reported infection vector used by the Vice Society ransomware group is exploitation of vulnerabilities (CVE-2021-1675 and CVE-2021-34527) that affect Microsoft Windows Print Spooler. CVE-2021-34527 is also known as PrintNightmare, which FortiGuard Labs previously released Outbreak Alert and Threat Signal on. For more information PrintNightmare, see the Appendix for a link to “Microsoft PrintNightmare” and “#PrintNightmare Zero Day Remote Code Execution Vulnerability”.Microsoft released a patch for CVE-2021-1675 and CVE-2021-34527 in June and July 2021 respectively.What is the Status of Coverage?FortiGuard Labs provides the following AV signatures against known ransomware samples used by Vice Society threat actor:W32/Buran.H!tr.ransomW32/Filecoder.OJI!trELF/Filecoder.8BB5!tr.ransomW32/Generic.AC.171!trFortiGuard Labs has the following IPS coverage in place for the “PrintNightmare” vulnerability (CVE-2021-34527) as well as CVE-2021-1675:MS.Windows.Print.Spooler.AddPrinterDriver.Privilege.EscalationAll network IOCs are blocked by the WebFiltering client.
ZDI-22-1186: (Pwn2Own) ConnMan wispr_portal_web_result wp_object Double Free Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ConnMan. Authentication is not required to exploit this vulnerability.