Category: Cybersecurity Researchers

Altaro is offering a free ebook “Ransomware: A Survival Guide”

Click on this link to visit the Altraro website to Download their free ebook titled “Ransomware: A Survival Guide”. They ask for your name and email to be able to D/L. Just do a Google search on “Temp Email” to find a site which will give you a free temp email address, if you do not wish to give out your email address.

The Altaro eBook is a short, yet interesting read about Ransomware.

Altaro also have a much more detailed video about Ransomware on their YouTube channel (see below).

Video is courtesy of the Altaro Software YouTube channel

Posted by Vincent Banial

WannaKey along with WanaKiwi may help to decrypt your WannaCry encrypted files without having to pay the Ransom

WannaKey works with older variants of Windows Server and Windows Workstation Operating Systems such as Windows Server 2003, Windows Server 2008, Windows XP, Windows 7, and Windows Vista.

When WannaCry encrypts your files, it creates a Private Key which is used to create the decrypt key. Then the Private key is erased. On older Windows systems the erase does not remove the data from memory. So if you are lucky and you have “not” rebooted the PC then there is a chance that WannaKey could recover the Private key, because it is still held in the system memory.

Once you have the Private Key then you can use a different program called wanakiwi to decrypt the files on the WannaCry encrypted PC.

The key point to remember is that the above process “MAY’ work. The Computer which was encrypted by WannaCry Ransomware, must “NOT” have been rebooted. Any files to download would be done using a different computer and then run on the encrypted PC via a USB flash Drive.  The WannaCry code did issue the command to erase the Private Key but the bug in older Windows Operating Systems is that Private Key has not been erased from the computer’s main memory.  With a bit of luck, you may be able to decrypt your WannaCry encrypted PC. Note there is no guarantee that this will work. If you are unsure how to go about this, then get a computer professional to help you.

Click on this Link to visit the GitHub page for Wannakey.

Click on thsLink to visit the

Click on this Link to visit the Comae Blog post by Matt Suiche titled “WannaCry — Decrypting files with WanaKiwi + Demos”. Matt goes thru the whole process along with screen shots.

Video is courtesy of the Vishnu Ava YouTube channel

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Posted by Vincent Banial

Disclaimer: Everything in the post above is subject to change without notice. There could be unintentional errors. Please confirm all info via the linked to websites and web pages. Best Practice is to also always create daily backups. If you try to decrypt a WannaCry encrypted personal computer or server, you do so at your own risk. There is no guarantee that the above info will be successful in decrypting the files.

Demo of FuzzBunch breaking into a virtual Windows 2008 Server. FuzzBunch is NSA created Malware which had been leaked by Shadow Brokers

Posted by Vincent Banial

It has been a while since I posted about Cyber Security. Last year’s round of posts were very well received. We even had a major Cyber Security firm linking to our posts.

What a “coincidence“, back in March of this year Microsoft patched a whole bunch of security holes in assorted Windows Operating Systems. On Friday, April the 14th 2017, a Hacker group called the Shadow Brokers released a ton of NSA developed weaponized software Exploits and Malware which allowed the NSA to break into computers around the globe. Not just break in, but potentially to also take control of computers running Windows Operating Systems prior to Windows 10. The Friday, April 14th Easter Egg contained over 200 megabytes of code which was dropped on GitHub.

Yes, Microsoft released a Security Update (patches) In March 2017 for their Windows Operating Systems which plugged the Security Holes used by the code which Shadow Brokers made available to the whole wide world on April 14th 2017. The key question is, will users and Network Admins apply those patches? If the March 2017 release of Microsoft patches are not installed, the computers remain vulnerable, as the Exploit and Malware code is available to everyone from Newbie Wannabe to Elite Hacker. Just wait till modified versions start being used.

One of the most powerful NSA coded Malware released is called FuzzBunch. The video below is a demo (in a controlled test environment) of FuzzBunch breaking into a virtual install of Windows 2008 Server.

Spiceworks did a survey of Network Server Operating systems being used. Windows 2008 Server was installed on over 40% of the Windows Server installations. People are even still using Windows 2003 Server. Hey, if it works and ain’t broke, why upgrade.

Click on this link to visit the Spiceworks website to read their 2016 post.

FUZZBUNCH from The Intercept on Vimeo.

Click on this link to visit the ARS Technica website to read their informative article about the Shadow Brokers April 14th Easter Egg NSA created weaponized software Exploits and Malware dump.

Click on this link to view other Cyber Security posts on Uniquely Toronto.

 

Robots can be Hacked – new findings from IOActive

Posted by Vincent Banial

IOActive published some major findings this week, that Robots can be hacked and rather easily.

Click on this link to read the IOActive post titled: “Hacking Robots Before Skynet.

Video is courtesy of the Humanoid Robot YouTube channel

In the following video an Artificial Intelligence clearly states that it will “Destroy Humans”.

Video is courtesy of the CNBC YouTube channel

Humans have already been killed by Robots. Click on the following link to read a post on Gizmodo.com titled: “Robot Cannon Goes Berserk, Kills 9”.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Cisco Talos Security Webinar

Participated in the Cisco Talos Security Webinar on Wednesday.

Last year I had posted about Kaspersky Lab reporting about a Bank exploit, where Russian Banks were targeted. Basically the Hackers were able to get Bank Accounting Staff to connect to a site where a keylogger and other Trojan Remote Control software was secretly uploaded and installed into “system RAM“, but not onto the Hard Disk or Network Storage. That allowed their remote control software (called Lurk) to be overlooked by Security Software, because Security Software usually scans stored files and not RAM. Once installed, the hackers could monitor the employees. When the employee went for lunch, they took over the PC and started to transfer funds around the world.

Video is courtesy of the DewClarke YouTube Channel

Earlier this year, Russian Authorities had arrested over 50 alleged Hackers who were alleged to be part of the group which targeted and Hacked into the Banks. The investigation into this group’s activities had been ongoing for years (at least since 2013). The Cisco Talos Security Webinar discussed the arrests and the aftermath. Cisco’s research seems to indicate that the same group was involved in other Internet Exploits. One of which was the Angler Ransomware.

Since the Russian arrests, certain malware has disappeared, along with certain DarkNet sites and BotNets. The Russian Authorities made the Internet a tad safer, at least for a short while.

Click on this Link to visit The Hackers News website to read about the Russian sting operation and arrest of 50+ alleged hackers involved in the Banking Exploit.

Click on this Link to view other Uniquely Toronto posts related to Cyber-Security issues.

 

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Dropbox Mega-Breach confirmed.

Over 60 million email addresses and passwords were hacked from Dropbox years ago. That data is floating around the folks on DarkNet. It is older and apparently not being marketed, yet some hacker have it. Even though the breach happened years back, the data still has value. People often rarely change their password. Similar Mega Breach data from prior breaches at LinkdIn and Tumblr, was being bought, sold and traded on DarkNet markets.

Click on this Link to visit the Motherboard site to read their post about Hackers stealing account data on tens of millions Dropbox users.

Click on this Link to visit Troy Hunt’s site. He was sent the hacked data from a supporter of “Have I Been Pwned?” site. Troy then found his own account data and also his wife’s account data and proceeded to confirm that the Dropbox Mega-Breach was real.

Video courtesy of the Fox Business YouTube channel

Click on this Link to visit theguardian newspaper website to read their post titled “Dropbox hack leads to leaking of 68m user passwords on the internet

Change your passwords often.
Use random numbers, letters and special characters,
for greater security.

Click on this link to view other CyberSecuirty related posts found on Uniquely Toronto.

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Malware infected Android Apps discovered by Cybersecurity Researchers

Warning for Android based Cell Phone Users. Cybersecurity Experts have found a Fake Google Chrome Update which instals Malware

The Cybersecurity Researchers at Zscaler Inc have posted a new finding of a Fake Google Chrome Update which installs Malware. The only way to get rid of the Android Infostealer Malware is to reset the Android Phone to factory settings (thus wiping claen).

Click on this line to be taken to the Zscaler website to read their Blog post ttiled: Android infostealer posing as a fake Google Chrome update.
Their post was written by Viral Gandhi

Click on this line to visit the Zscaler YouTube channel

Click on this line to visit the Zscaler website.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Next Suits and Spooks event to be held in London England on May 06 and 07 2015


Suits and Spooks Events are a bit like TED Talks, but focused on Cyber Security issues. From the Suites and Spooks webpage: “Each event draws thought leaders and decision makers from the public, private, defense, law enforcement and intelligence sectors who come to learn about and discuss some of the key security challenges which face our digitally connected nation and world

One unique aspect of the presentations made at Suits and Spooks is that after the first 10 minutes, the Audience can join in by asking questions or directly challenging the presenter. Audience participation resulting in Debate and Discussion is the cornerstone of these events.


The next Suits and Spooks Event will be held in London England on May 6th and 7th 2015.


Click on this line to view their prior events which were held in 2014 and to check out the agenda of presentations made.


Click on this line to visit the Registration page for the upcoming 2015 London Suites and Spooks Event.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial for Uniquely Toronto
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Just wanted to say Hello to our visitors from the American NSA agency , Canadian CSIS agency, Russian SVR agency and German BND agency. Sorry if I left out one or two others…


Thanks for dropping by and checking out this past weekend’s Cybersecurity related posts….

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Kaspersky Lab publishes details about the Equation Hacker group’s arsenal, including “nls_933w.dll” which can reprogram the hard drive firmware of over a dozen different hard drive brands


Kaspersky Lab presented at their Security Analysts Summit something even more scary than the details about the Carbanak Bank Cyber Heist. Per Karspersky the Carbanak group ripped off about 100 banks around the globe of about $1 Billion Dollars (and in my opinion very likely still counting).

Kaspersky Lab Experts referred to the Equation group as the “God” or the “Death Star” of Malware. Part of the huge arsenal of code which the Equation group has been developing over what looks like decades is nls_933w.dll“. “It allows them to reprogram the hard drive firmware of over a dozen different hard drive brands“.

Oncenls_933w.dll installs the Malware into the Hard Disk’s firmware, there is no way to remove it. Repartitioning will not affect it. Reformatting has no effect. The only way to get rid of this Malware from the targeted computer, is to physically destroy the Hard Disk.

Kaspersky Lab goes on to report that the Equation group seems to have existed long before the Stuxnet group.

The word “Elite” is part of the lexicon of Hackers. The Equation group therefore can be called the Elite of the Elite of the Elite of the Elite of the Elite and so on of Uber Hackers. To be able to hack and modify a Hard Drive’s firmware is unheard of. To be able to do so for Hard Drives of over a dozen different brands is insanely impossible. Yet the Equation group did it and very likely much more, that has yet to come to light. In comparison, this makes things like the REGIN Malware group’s incredible capabilities seem like no big deal.

Ok, enough of my rambling.

Click on this line to view the Kaspersky Lab report about the Equation group and their arsenal of jaw dropping Malware. On that page you will find a link to a downloadable PDF of the Question and Answer session from their presentation at the Security Analysts Summit.

Wow, this has turned into a CyberSecurity long weekend. Very impressive and rather scary stuff has been revealed by Kaspersky Lab.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Kaspersky Lab report: The Great Bank Robbery: Carbanak cybergang steals $1 Billion Dollars from 100 financial institutions worldwide

Video is courtesy of the Kaspersky Lab YouTube channel


The Kasperskpy Lab report which was presented at the Security Analyst Summit (on Feb 16 2015) is now available online.


Click on this line to visit the Kaspersky Lab SecureList page which discusses the report : The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide.
You can also download a PDF of the “Full” Report via a link on that webpage.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.