Security Alerts & News
by Tymoteusz A. Góral

History
#1091 CryptXXX ransomware updates ransom note, payment site
For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files.

“To make it more difficult for administrators, this release no longer uses special extensions for encrypted files,” said researcher Lawrence Abrams on the BleepingComputer website. “Now an encrypted file will retain the same filename that it had before it was encrypted.”

Researcher and SANS Internet Storm Center handler Brad Duncan found the latest update to CryptXXX, in particular to post-infection activity. Duncan found the changes on a Windows machine compromised by the Neutrino Exploit Kit involved in the pseudo-Darkleech campaign.
Read more
#1093 DLink WiFi camera flaw extends to 120 products
#1092 10 million Android phones infected by all-powerful auto-rooting apps
#1091 CryptXXX ransomware updates ransom note, payment site
#1090 Android KeyStore encryption scheme broken, researchers say
#1089 Symantec: Latest Intelligence for June 2016
#1088 New OSX/Keydnap malware is hungry for credentials
#1087 After hiatus, in-the-wild Mac backdoors are suddenly back
#1086 European Union’s first cybersecurity law gets green light
#1085 Criminals winning 'cyber arms race' - UK National Crime Agency
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12