Russian man receives longest-ever prison sentence in the US for hacking

A 32-year-old Russian hacker was sentenced to 27 years in prison in the U.S. for stealing millions of payment card details from businesses by infecting their point-of-sale systems with malware.

The sentence is the longest ever handed out in the U.S. for computer crimes, surpassing the 20-year jail term imposed on American hacker and former U.S. Secret Service informant Albert Gonzalez in 2010 for similar credit card theft activities.

Roman Valeryevich Seleznev, a Russian citizen from Vladivostok, was sentenced Friday in the Western District of Washington after he was found guilty in August of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

Securing risky network ports

Data packets travel to and from numbered network ports associated with particular IP addresses and endpoints, using the TCP or UDP transport layer protocols. All ports are potentially at risk of attack. No port is natively secure.

“Each port and underlying service has its risks. The risk comes from the version of the service, whether someone has configured it correctly, and, if there are passwords for the service, whether these are strong? There are many more factors that determine whether a port or service is safe,” explains Kurt Muhl, lead security consultant at RedTeam Security. Other factors include whether the port is simply one that attackers have selected to slip their attacks and malware through and whether you leave the port open.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

Healthcare records for sale on Dark Web

Last August a Baltimore substance abuse treatment facility had its database hacked. Patient records subsequently found their way onto the Dark Web, according to DataBreaches.net. The group noticed such things as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information.

In the DataBreaches.net blog, the hacker “Return,” who they think is Russian, described how he compromised the Man Alive clinic: “With the help of the social engineer, applied to one of the employees. Word file with malicious code was downloaded.”

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

FAQ: What is blockchain and how can it help business?

Blockchain sounds like a way to keep boats anchored, which isn’t a bad analogy, considering what the technology purports to do.

While some IT experts herald it as a groundbreaking way of creating a distributed, unchangeable record of transactions, others question the nascent technology’s usefulness in the enterprise, which has traditionally relied on centrally-administered databases to secure digital records.

Even so, companies are moving fast to try and figure out how they can use it to save time and money. And IT vendors are responding to customers calls for info, with some already looking to include it as part of their services.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

11 technologies developers should explore now

New and evolving technologies are rapidly reshaping how we work—offering creative opportunities for developers who are willing to pivot and adopt new skills. We took a look at 11 tech trends experts say are likely to disrupt current IT approaches and create demand for engineers with an eye on the future.

It isn’t all about The Next Big Thing. Future opportunities for developers are emerging from a confluence of cutting-edge technologies, such as AI, VR. augmented reality, IoT, and cloud technology … and, of course, dealing with the security issues that are evolving from these convergences.

If you’re interested in expanding your developer’s toolkit, check out these trending domains—and our tips on how to get ahead by getting started with them.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

XPan, I am your father

XPan, i am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. Harvesting victims via weakly protected RDP (remote desktop protocol) connections, criminals are manually installing the ransomware and encrypting any files which can be found on the system.

Interestingly, this XPan variant is not necessarily new in the malware ecosystem. However, someone has chosen to keep on infecting victims with it, encouraging security researchers to hunt for samples related to the increasing number of incident reports. This sample is what could be considered as the “father” of other XPan ransomware variants. A considerable amount of indicators within the source code depict the early origins of this sample.

“Recupere seus arquivos aqui.txt” loosely translated to “recover your files here” is a phrase that not many Brazilian users are eager to see in their desktops.

The ransomware author left a message for Kaspersky in other versions and has done the same in this one, with traces to the NMoreira “CrypterApp.cpp” there’s a clear link between different variants among this malware family.

XPan, i am your father

NMoreira, XPan, TeamXRat, different names but same author.

Even though many Brazilian-Portuguese strings are present upon initial analysis, there were a couple that caught our attention. Firstly, the ransomware uses a batch file which will pass a command line parameter to an invoked executable file, this parameter is “eusoudejesus” which means “I’m from Jesus”. Developers tend to leave tiny breadcrumbs of their personality behind in each one of their creations, and in this sample we found many of them.

XPan, i am your father

A brief religious reference found in this XPan variant.

Secondly, a reference to a Brazilian celebrity is done, albeit indirectly. “Computador da Xuxa” was a toy computer sold in Brazil during the nineties, however it’s also a popular expression which is used to make fun of very old computers with limited power.

XPan, i am your father

This is what cybercriminals think of your encrypted computer: just a toy they can control.

“Muito bichado” equals to finding a lot of problems in these type of systems, in this case meaning that the environment in which is XPan is executing is not playing fair and the execution is quite buggy.

XPan, i am your father

Lastly, we have the ransomware note demanding the victim to send an email to the account ‘[email protected]. Considering that the extension for all the encrypted files in this variant is ‘.one’ this seems like a pretty straightforward naming convention for the criminals’ campaigns.

XPan, i am your father

The rescue note in Portuguese.

Upon closer inspection, we discovered that this sample is nearly identical to another version of Xpan which used to be distributed back in November 2016 and used the extension “.__AiraCropEncrypted!”. Every bit of executable code remains the same, which is quite surprising, because since that time there were several newer versions of this malware with an updated encryption algorithm. Both samples have the same PE timestamp dating back to the 31st of October 2016.

The only difference between the two is the configuration block which contains the following information:

  • list of target file extensions;
  • ransom notes;
  • commands to execute before and after encryption;
  • the public RSA key of the criminals.

XPan, i am your father

The decrypted configuration block of Xpan that uses the extension “.one”.

The file encryption algorithm also remains the same. For each target file the malware generates a new unique 255-byte random string S (which contains the substring “NMoreira”), turns it into a 256-bit key using the API CryptDeriveKey, and proceeds to encrypt the file contain using AES-256 in CBC mode with zero IV. The string S will be encrypted using the criminals’ RSA public key from the configuration block and stored in the beginning of the encrypted file.

According to one of the victims that contacted us, criminals were asking for 0.3 bitcoin to provide the recovery key, using the same approach as they did with before: the user sends a message to a mailbox with his unique ID and patiently awaits for further instructions.

The victims so far are small and medium businesses in Brazil: ranging from a dentist clinic to a driving school, demonstrating once again that ransomware makes no distinctions and everyone is at risk. As long as there are victims, assisting them and providing decryption tools whenever possible is necessary, no matter the ransomware family or when it was created.

XPan, i am your father

Victims: we can help

This time luck is on the victims’ side! Upon thorough investigation and reverse engineering of the sample of “.one” version of Xpan, we discovered that the criminals used a vulnerable cryptographic algorithm implementation. It allowed us to break encryption as with the previously described Xpan version.

We successfully helped a driving school and a dentist clinic to recover their files for free and as usual we encourage victims of this ransomware to not pay the ransom and to contact our technical support for assistance in decryption.

Brazilian cybercriminals are focusing their efforts in creating new and local ransomware families, attacking small companies and unprotected users. We believe this is the next step in the ransomware fight: going from global scale attacks to a more localized scenario, where local cybercriminals will create new families from scratch, in their own language, and resorting to RaaS (Ransomware-as-a-service) as a way to monetize their attacks.

MD5 reference

dd7033bc36615c0fe0be7413457dccbf – Trojan-Ransom.Win32.Xpan.e (encrypted file extension: “.one”)
54217c1ea3e1d4d3dc024fc740a47757 – Trojan-Ransom.Win32.Xpan.d (encrypted file extension: “.__AiraCropEncrypted!”)

Read more here:: Securelist

GTC Add 5th ISP to Ultrafast FTTH Broadband Network for New Build UK Homes

Utility infrastructure provider GTC (Brookfield Utilities UK) has announced that their ultrafast 300Mbps Fibre-to-the-Home (FTTH/P) network, which is deployed for new build homes in the United Kingdom, has added a fifth ISP, Pure Broadband, to its open-access platform. At present it’s already possible to buy related services via four different ISPs including Seethelight, VFast, Direct […]

Read more here:: ISPreview