Security Alerts & News
by Tymoteusz A. Góral

History
#1744 ImageGate - malware in image and graphic files (VIDEO)
Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced its security researchers have identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these images through social media applications such as Facebook and LinkedIn.
#1743 It’s the final countdown for SHA1 SSL certificates
We’re in the final days of what are loosely known as SHA-1 SSL certificates. In certificates of this sort, the cryptographic hash or “message digest” that is used as a digital fingerprint is caclulated, as the name suggests, using the SHA-1 algorithm.

To be a cryptographic hash, rather than just a plain old checksum, an algorithm needs to create a fingerprint that is genuinely hard to forge. In other words, if I take a message M and create a digital fingerprint by calculating f(M) = X, you shouldn’t be able to go backwards from X and figure out anything about M.

You shouldn’t be able to come up with a message of your own, N say, such that f(N) is also X. And you shouldn’t be able to come up with two different messages that have the same fingerprint, where f(A)= f(B) but A is not equal to B.

Unless these conditions are met, the hashing function f() simply isn’t safe enough to use as any sort of digital fingerprint and therefore has no place in cryptography.
#1742 Research on unsecured WiFi networks across the world
The very nature of wireless Wi-Fi networks means that hackers or criminals simply need to be located near an access point in order to eavesdrop and intercept network traffic. Poorly configured access point encryption or services that allow data to be sent without any encryption pose a serious threat to user data.

Confidential data can be protected by encrypting traffic at wireless access points. In fact, this method of protection is now considered essential for all Wi-Fi networks. But what actually happens in practice? Is traffic always encrypted on public Wi-Fi networks? How does the situation differ from country to country? Kaspersky Security Network statistics can answer all these questions. We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us (this obviously excludes Antarctica and other regions where there is not enough data to draw any conclusions).
#1741 This cheap and nasty ransomware will try to encrypt files across your network and removable drives
One of the cheaper forms of ransomware that crooks can buy on the dark web has evolved worm-like capabilities which enable it to move across networks and external drives, and even to re-encrypt files which have already been encrypted by other ransomware.

The Stampado ransomware is available to buy on the dark web for just $39, and is described by the seller as 'cheap and easy to manage ransomware' and offers buyers a 'full lifetime license'.

While it might be expected that cheap ransomware offers wannabe cybercriminals very little bang for their buck, cybersecurity researchers at Zscaler have analysed Stampado and have found it to contain self-propagating features which make it extremely effective -- it can spread across multiple devices and drives connected to the infected system.
#1740 New decryption tool for Crysis ransomware
Since it first appeared, ransomware’s profitable business – in short, compromising and encrypting data belonging to companies and users and requesting payment in exchange for the restoration of infected files –has grown rapidly.

One of the threats that has had a significant impact and infected a considerable number of users worldwide was the family detected by ESET solutions as Win32/Filecoder.Crysis. However, and luckily, ESET has developed a free tool to decrypt files and recover the information that might have been compromised.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12