Security Alerts & News
by Tymoteusz A. Góral

History
#733 Locky ransomware gets clever!
Locky ransomware rise to fame in recent months. Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails, and may have overshadowed the Dridex banking Trojan as the top spam contributor.

FireEye Labs recently observed a new development in the way this ransomware communicates with its control server. Recent samples of Locky are once again being delivered via “Invoice”-related email campaigns, as seen in Figure 1. When the user runs the attached JavaScript, the JavaScript will attempt to download and execute the Locky ransomware payload from hxxp:// banketcentr.ru/v8usja.

This new Locky variant was observed to be highly evasive in its network communication. It uses both symmetric and asymmetric encryption – unlike previous versions that use custom encoding – to communicate with its control server.
Read more
#735 WordPress patches SOME, XSS flaws in version 4.5.2
#734 NCA's bid to get Lauri Love US hack case passwords thrown out
#733 Locky ransomware gets clever!
#732 This unusual botnet targets scientists, engineers and academics
#731 FTC orders Apple, Google, Microsoft, Blackberry, Samsung to divulge mobile security practices
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12