iSA_LOGO_FINAL-new-3 (1)

Month: March 2018

Categories
Uncategorized

New Zenis ransomware encrypts files and deletes backups

Add Your Heading Text Here

Share it:

Zenis ransomware is a rare example of crypto-malware. Researchers still cant figure out clearly how this ransomware works. This malware does not only encrypts files but deletes backups too.

Zenis affect devices by exploiting Remote Desktop services. Once inside, it begins to encrypt data using AES cryptography.

Whilst encrypting data, Zenis ransomware renames files and appends Zenis-<2_chars>. file extension. Apart from data encryption, it deletes shadow volume copies, disable startup repair, and clear event logs.

Zenis also searches for files that are associated with backups and deleted them immediately.

Zenis ransomware gets into the machines by exploiting  Remote Desktop services connected to the internet directly.

We recommend connecting Remote Desktop Services to the internet via VPN with a strong password. Also, it is quite safer to have anti-malware solution on public-facing machines.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Categories
Uncategorized

Windows Remote Assistance Exploit

Add Your Heading Text Here

Share it:

A critical vulnerability has been discovered in Microsoft’s Windows Remote Assistance (Quick Assist) feature that affects all versions of Windows to date, including Windows 10, 8.1, RT 8.1, and 7, and allows remote attackers to steal sensitive files on the targeted machine.

Windows Remote Assistance is a built-in tool that allows someone you trust to take over your PC (or you to take remote control of others) so they can help you fix a problem from anywhere around the world.

The feature relies on the Remote Desktop Protocol (RDP) to establish a secure connection with the person in need.

However, Nabeel Ahmed of Trend Micro Zero Day Initiative discovered and reported an information disclosure vulnerability (CVE-2018-0878) in Windows Remote Assistance that could allow attackers to obtain information to further compromise the victim’s system.

The vulnerability affects Microsoft Windows Server 2016, Windows Server 2012 and R2, Windows Server 2008 SP2 and R2 SP1, Windows 10 (both 32- and 64-bit), Windows 8.1 (both 32- and 64-bit) and RT 8.1, and Windows 7 (both 32- and 64-bit).

Windows users are highly recommended to install the latest update for Windows Remote Assistance as soon as possible.

Source: thehackernews.com

Latest Post
Categories
Categories
Uncategorized

Memcached DDOS Exploit Code Released !!!

Add Your Heading Text Here

Share it:

Proofs-of-concept (PoC) exploit code for Memcached amplification attack have been shared online that could allow non-programmers to execute massive DDoS attacks using UDP reflections.

Last week there were two record-breaking DDoS attacks—1.35 Tbps hit Github and 1.7 Tbps attack against a certain US-based company using a technique called amplification/reflection attack.

By exploiting thousands of misconfigured Memcached servers left exposed on the Internet, Memcached-based amplification/reflection attack amplifies bandwidth of the DDoS attacks by a factor of 51,000.

Proof-of-Concept:

Memcacrashed.py is a python script that scans Shodan for IPs of vulnerable Memcached servers and allows a user to launch a DDoS attack against a desired target within seconds of running the tool.

Here is the link to the Memcacrashed.py :   https://cxsecurity.com/issue/WLB-2018030060

Proof-of-concept 2:

The author is PoC 2 is unknown, but the PoC 2 is written in C.

Here is the link to Proof-of-concept 2:  https://pastebin.com/ZiUeinae

Solution Against Memcached DDos Attack:

To mitigate the attack and prevent Memcached servers from being abused,  entirely disable UDP support if not in use.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Categories
Uncategorized

New 4G LTE Network is Vulnerable: Hackers can Track, Spam and Spy !!!

Add Your Heading Text Here

Share it:

A new research paper [PDF] recently published by researchers at Purdue University and the University of Iowa details 10 new cyber attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

The researchers employed a systematic model-based adversarial testing approach, which they called LTEInspector, and were able to test 8 of the 10 attacks in a real testbed using SIM cards from four large US carriers:  

  1. Authentication Synchronization Failure Attack
  2. Traceability Attack
  3. Numb Attack
  4. Authentication Relay Attack
  5. Detach/Downgrade Attack
  6. Paging Channel Hijacking Attack
  7. Stealthy Kicking-off Attack
  8. Panic Attack
  9. Energy Depletion Attack
  10. Linkability Attack

Among the above-listed attacks, researchers consider an authentication relay attack is particularly worrying, as it lets an attacker connect to a 4G LTE network by impersonating a victim’s phone number without any legitimate credentials.

Researchers have no plans to release the proof-of-concept code for these attacks until the flaws are fixed.

Source: thehackernews.com

Latest Post
Categories
Categories
Uncategorized

Two Discreet Ways to Explore The Deep Web

Anonymous hacker in front of his computer with red light wall backgroundAnonymous hacker in a black hoody with laptop in front of a code background with binary streams cyber security concept

Add Your Heading Text Here

Share it:

Unfortunately, search engines such as google and other similar ones can’t refer to web pages such as user databases, registration-required web forums, webmail pages, and pages behind paywalls. However, there are other ways of accessing these resources. In this article, we will show how to access resources residing on the dark web and deep net using specific deep web search engines.

The ‘Deep Web’ refers to all web pages that  search engines such as google, bing and others can’t find whilst the ‘Dark Net’  is where you can operate without been tracked. 

 notEvil:

This deep web search engine works like Google. It connects Internet users to content hosted inside the Tor network. However if you want to access content outside the Tor network, you need to download the Tor Browser Bundle and access this content over Tor.

parazite:
 ParaZite is another type of deep web search engine. Apart from its flexible search features, it also allows users to access other external deep web sites. It is advisable to use firewall and VPN before accessing Parazite.
 
 
 
#ISA_ltd
#ISA_informs
 
Latest Post
Categories
Categories
Uncategorized

Memcached flaw can Overflow Networks with 260 Gbps Traffic

Add Your Heading Text Here

Share it:

The following facts describes devastating effect of Memcached flaw:

  • A vulnerability in memcached allows attackers to amplify traffic up to 51,200 times for use in denial of service attacks.
  • Only 5,729 of the 88,00 known unprotected servers have been used in memcached attacks thus far, and security experts expect an imminent increase in such attacks.    Source : TechRepublic 

Memcached is a general-purpose distributed memory caching system. One of its primary goals is to speed up dynamic web applications by alleviating database load.  This is accomplished by storing frequently accessed content in RAM, which reduces the number of database queries needed to generate a web page.  Memcached server runs over TCP or UDP port 11211.

Cybercriminals have discovered a way to abuse  memcached servers to launch over 51,000 times powerful DDoS attacks beyond their original strength. This action could result in knocking down of major websites and Internet infrastructure.

Memcrashed amplification attack  works by sending a false request to the targeted server (vulnerable UDP server) on port 11211 using a spoofed IP address that matches the victim’s IP.

How to Resolve Vulnerable Memcached Servers:

  • Block or implement rate-limiting UDP on source port 11211.
  • Disable UDP support if not in use.

#ISA_informs

#ISA_ltd 

Latest Post
Categories
iSA_LOGO_FINAL new 2
Information Security Architects (ISA) Ltd is one of the leading Data Privacy and Security Practitioners in Ghana West Africa.
Services
Products
Newsletter

Sign up our newsletter for update information, insight and promotion.

Facebook Instagram Twitter Linkedin
Copyright © 2021, All rights reserved. Powered by Lynt Digital.