Today, many modern security products offer the important capability to see within secure web traffic, otherwise known as HTTPS or SSL/TLS. Though HTTPS is intended to secure your online purchases or banking transactions, attackers increasingly use HTTPS to hide their malware command and control (C&C) channels and other nefarious activity. Products like WatchGuard’s Firebox … [Read more...]
Data from LinkedIn breach used in targeted e-mail attack
Recently Corey Nachreiner discussed the LinkedIn breach in a Daily Security Byte. CERT-Bund, the federal computer emergency response team of Germany, now published a warning about targeted e-mails with attached malicious Word documents (faked invoice including Trojan code). The e-mails are personalized using real name and position of a recipient and exactly match information on … [Read more...]
Short-Lived Crypto-Ransomware
Last week, researchers found a new crypto-ransomware variant that gave its encrypted files a .locked extension, which seems similar to the Locky ransomware. For a short time, this caused some to assume that this was a new Locky variant, and for reasons I'll get to later, it gave them hope that we might be able to decrypt Locky files. Since I recently shared my own experiences … [Read more...]
Locky – New Crypto Ransomware in the Wild
Last week, a new ransomware variant called Locky began spreading in the wild. Locky encrypts data on an infected system using AES encryption, and then leaves a blackmail letter (which is localized in several languages) asking for half a bitcoin to get your data back. More disturbingly, it also searches for any network share (not just mapped shares), and encrypts data on those … [Read more...]