Tag Archive for: defeated

Black Basta ransomwre decryptor developed, then defeated

/in


A new decryptor has been developed for Black Basta ransomware by security researchers. The program exploits a vulnerability in the encryption algorithm to decrypt files previously stolen by the cybercriminal gang. 

However, the decryptor, built by Security Research Labs (SRLabs), only allows for the recovery of data from between November 2022 and this month, as Black Basta appears to have now patched the flaw in its malware, BleepingComputer reports.

An image of a key overlaid over code, used to illustrate a story about Black Basta.
The decryptor exploits a flaw in the way large files were encrypted by Black Basta between November 2022 and January 2024. (Photo by Elena Abrazhevich / Shutterstock)

Only certain files can be recovered in that timeframe, too, said SRLabs. These include files with plaintext of 64 encrypted bytes and between 5,000 bytes and 1GB in size. “For files larger than 1GB, the first 5000 bytes will be lost but the remainder can be recovered,” wrote SRLabs researchers on the firm’s GitHub repository. The decryptor itself, dubbed “Black Basta Buster,” has now been released by the company.

It works by exploiting a weakness in Black Basta’s encryption algorithm, which creates a 64-byte keystream. When used to encrypt a file where the bytes are only zeroes, its XOR key was written to the file in question, allowing SRLabs researchers to decrypt it. Consequently, files containing large numbers of “zero-byte” sections like virtualised disk images are easier to recover, said the team. However, CISOs should be aware that an additional shell script is required to release more than one file at a time. 

Black Basta’s crime spree

Digital forensics and incident response companies have known about this quirk in Black Basta’s malware for months, BleepingComputer says, allowing clients to recover their data without having to pay ransoms. SRLabs’ ransomware decryptor is one of several such tools that were released toward the close of 2023. These included programs to recover data from Key Group ransomware, BlackCat and LockBit.

In addition to patching SRLabs’ decryptor, Black Basta had much to celebrate over the holidays….

Source…

Week in review: Kali Linux gets on Linode, facial recognition defeated, Log4j exploitation

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Dealing with threats and preventing sensitive data loss
Recently, Normalyze, a data-first cloud security platform, came out of stealth with $22.2M in Series A funding. This was the perfect time to catch up with co-founder and CEO Amer Deeba. In this interview with Help Net Security, he talks about the path data security as well as visibility challenges.

Who are the best fraud fighters?
Seasoned fraud expert PJ Rohall has recently become the new Head of Fraud Strategy & Education at SEON. In this Help Net Security interview, he talks about how he entered the industry, about the evolving fraud landscape, and offers advice to other fraud fighters.

Linode + Kali Linux: Added security for cloud instances
Kali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers.

Researchers defeat facial recognition systems with universal face mask
Can attackers create a face mask that would defeat modern facial recognition (FR) systems? A group of researchers from from Ben-Gurion University of the Negev and Tel Aviv University have proven that it can be done.

Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS).

Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication (MFA) set up to protect the accounts.

PayPal-themed phishing kit allows complete identity theft
Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers.

How to…

Source…

Bandwidth: We defeated ‘unprecedented’ ransomware hack in ‘running gun battle’

/in


RALEIGH – Hackers did indeed attack Raleigh-based communications provider Bandwidth seeking a ransom, but its CEO said the company didn’t pay and ultimately defeated what he called an “unprecedented” assault and “running gun battle.”

CEO David Morken briefed Wall Street Analysts in a conference call Monday after Bandwidth reported quartertly earnings and formally acknowledged losing as much as $12 million as a result of the September hack described as a DDOS, or distributed denial of service.

Bandwidth had denied to even acknowledge that the cyber attack was indeed ransomeware before Monday’s call.

“We did not pay a ransom and instead relied on innovative solutions and strategies to confront the threat, head on. To sum up, we believe, Bandwidth is now stronger than ever and we plan to leverage what we’ve learned to help make the ecosystem safer for enterprise communications,” he said.

Learning from the attack, Bandwidth has deployed additional safeguards – what he called prophylactic security” – against future hacks, he added.

Ransomware attacks, which have soared in recent years, have led to payoffs as much as $67 million plus inflict remediation cosots on average totalling more than $2 million.

Bandwidth projects bigger revenue loss from hack attack, stock drops

“It is a small price to pay right now as a prophylactic security to have that additional nominal step at the beginning of a user experience,” Morken explained.

Bandwidth is a global provider of communications services such as 911 access to a host of tech giants.

Bandwidth’s customers include Microsoft, Google, Zoom and many others that utilize internet-based services in Bandwidth’s product portfolio.

Morken also sought to assure analysts that the company, whose stock (Nasdaq: BAND) is down nearly 50% this year due in part to the attack, is regaining some customers who turned to other service providers in the VoIP [voice over internet protocol] marketplace for voice and data as Bandwidth suffered outages and service delays.

“Those conversations [with customers], unexpectedly have become extremely positive regarding Bandwidth being the most resilient and best place to…

Source…

Arizona election audit: Draft report confirms Biden defeated Trump in Maricopa County last November

/in


The state Senate Republicans who seized on former President Donald Trump’s lies about widespread election fraud and ordered up the report and Cyber Ninjas, the inexperienced company hired to conduct it, are set to detail their findings in a public presentation Friday.

The draft report emerged Thursday night, and audit spokesman Randy Pullen confirmed its validity to KJZZ Phoenix. “It’s not the final report, but it’s close,” he said.

The draft report shows that the hand recount found that President Joe Biden received 99 more votes than Maricopa County had reported after November’s election, while former President Donald Trump received 261 fewer votes than the county reported.

Maricopa County’s Republican-led board of supervisors pointed to the draft Thursday night, saying that it underscores the reality that the county ran an accurate election.

“You don’t have to dig deep into the draft copy of the Arizona Senate/Cyber Ninja audit report to confirm what I already knew — the candidates certified by the Maricopa County Board of Supervisors, Governor, Secretary of State and Attorney General — did, in fact, win,” board chairman Jack Sellers, a Republican, said in a statement.

“This means the tabulation equipment counted the ballots as they were designed to do, and the results reflect the will of the voters,” he said. “That should be the end of the story. Everything else is just noise.”

Elections experts in both parties, looking at the manner and the methods of the so-called “audit,” have said for months that its results will not be credible. It was conducted by the Florida-based company Cyber Ninjas, which had no experience auditing election results and is led by a man who has repeated wild conspiracy theories about election fraud. The company and its volunteers and subcontractors did not follow standard auditing procedures, and observers from Democratic Secretary of State Katie Hobbs’ office repeatedly noted instances in which those conducting the review broke their own rules.

No matter the outcome of Cyber Ninjas’ examination, the reality that Biden is president and won Arizona’s 11 electoral votes last year will not change.

Still, former President Donald Trump and those who have…

Source…