Tag Archive for: developer

Developer Leaks LockBit 3.0 Ransomware-Builder Code

/in


One problem with running a ransomware operation along the lines of a regular business is that disgruntled employees may want to sabotage the operation over some perceived injustice.

That appears to have been the case with the operators of the prolific LockBit ransomware-as-a-service operation this week when an apparently peeved developer publicly released the encryptor code for the latest version of the malware — LockBit 3.0 aka LockBit Black — to GitHub. The development has both negative and potentially positive implications for security defenders.

An Open Season for All

The public availability of the code means that other ransomware operators — and wannabe ones — now have access to the builder for arguably one of the most sophisticated and dangerous ransomware strains currently in the wild. As a result, new copycat versions of the malware could soon begin circulating and adding to the already chaotic ransomware threat landscape. At the same time, the leaked code gives white-hat security researchers a chance to take apart the builder software and better understand the threat, according to John Hammond, security researcher at Huntress Labs.

“This leak of the builder software commoditizes the ability to configure, customize, and ultimately generate the executables to not only encrypt but decrypt files,” he said in a statement. “Anyone with this utility can start a full-fledged ransomware operation.” 

At the same time, a security researcher can analyze the software and potentially garner intelligence that could thwart further attacks, he noted.  “At minimum, this leak gives defenders greater insight into some of the work that goes on within the LockBit group,” Hammond said. 

Huntress Labs is one of several security vendors that have analyzed the leaked code and identified it as being legitimate.

Prolific Threat

LockBit surfaced in 2019 and has since emerged as one of the biggest current ransomware threats. In the first half of 2022, researchers from Trend Micro identified some 1,843 attacks involving LockBit, making it the most prolific ransomware strain the company has encountered this year. An earlier report from Palo Alto Networks’ Unit 42 threat research team…

Source…

10 common developer misconceptions about web application security

/in


Where it all begins: The troubled relationship between software innovation and security

Software development is all about making things work and creating new functionality that solves problems and unlocks new possibilities. That creative buzz is part of the appeal of web development – and yet Invicti research shows that 32% of web developers spend at least five hours a day addressing security issues. All too often, inefficient communication and inadequate tools reduce cause developers to treat security-related requests as a chore and distraction that has no clear reason and brings no visible results. This mistrust is reinforced by common misconceptions about web application security – many not exclusive to developers.

Misconception #1: Security is not a development problem

Reality: Application security is a crucial part of modern web development, especially as you move towards DevSecOps.

AppSec/API Security 2022

Let’s start with the mother of all application security misconceptions: that security is someone else’s problem. Whether you’re putting your trust in tools, external systems, or the security team, it’s tempting to put security out of mind and focus only on building software. In reality, web applications are now so complex and can be attacked in so many ways that the only way to truly secure them is to make security everyone’s business – starting but also ending with development. After all, whenever vulnerabilities are found in your custom web applications, the fix requests eventually end up in development, so efficiently dealing with them as they arrive is crucial to avoid bottlenecks and prevent professional burnout.

Misconception #2: Our web framework takes care of security

Reality: A good quality framework can prevent many security flaws but is nowhere near enough on its own.

Web frameworks and libraries have revolutionized development, providing the scaffolding to build production sites and applications using only a fraction of the time and resources that it would take to develop from scratch. Choosing a framework with a solid security record is a must as it helps you entirely avoid some classes of technical vulnerabilities – but only some classes, and only when using…

Source…

BGMI developer Krafton strengthens in-game security measures to provide fair gameplay

/in


Battlegrounds Mobile India gained back its popularity within no time. After returning to India, the game crossed over 50 million downloads on the Google Play Store in few weeks. The developers rewarded all the players with exclusive in-game rewards and hosted many events to maintain the hype around the Indian version of Pubg Mobile. However, it has only been a couple of months since its launch, and players are already experiencing difficulties in the game due to the rise in the number of hackers. 

Hackers in Battlegrounds Mobile India are players that manipulate the resources available in the game to have an unfair advantage over other players. For instance, a player might disable their footsteps so that other players cannot hear them, or a player might use a cheat that makes their bullet cross walls and other covers. Such hackers have an advantage over other players in the game and can easily win matches. The number of hackers in Battlegrounds Mobile India has constantly been rising, and the concern among the gaming community in the country is folding out to be big. 

Krafton to implement stronger in-game measures for providing fair gameplay to players

In such a crucial situation, the developer and publisher of Battlegrounds Mobile India, Krafton has shared a new blog post, highlighting the extensive measures that the company is taking to curb the abuse of resources in the game. From now on, Krafton will implement a detailed revalidation of game data for top-ranked players in the game. Revalidation might include scrutiny of players that are at conqueror ranks in the game. As hackers have a high chance to win a game, it is quite logical to say that they might reach higher ranks in the game before anyone else does. Krafton mentions that if such an account is found using cheats, it will be banned. 

Regarding advertising cheats and cheat programmes, Krafton has said that it will implement strong measures if an account is found advertising or promoting the sale of illegal weapons and cheats. The developer will closely examine the profile pictures, linked websites, videos and other promotional content that might be linked to a player’s BGMI account. The developers have…

Source…

Web developer provides tips for hacking prevention

/in


With the click of a button, hackers could be taking your personal information and access almost anything.

As someone who has been involved with computers since he was four, and currently working in web development, George Karabassis says it’s becoming easier for hackers to get your information.

“We are becoming more digitalized,” Karabassis said. “We’re more depending on the internet. There’s a sudden rise of cyber security.”

The Better Business Bureau says they often get calls from people who have given out information thinking they were on a legitimate website only to become victims of identity theft.

Even apps are being utilized as tools to gather personal information. Karabassis says there are ways to protect yourself and loved ones from online spies.

“We need to get into the habit to frequently change our passwords from our multiple social media accounts,” Karabassis said. “This is because there are multiple database leaks which are happening from multiple companies including Facebook or Twitter.”

Karabassis recommends changing your passwords at least every two months, and to create a backup password and user name for every account.

“To further secure your social media account so that even if hackers know your password they will still not be able to log into your account,” Karabassis said.

News

With the click of a button, hackers could be taking your personal information and access almost anything.
As someone…
More >>




13 hours ago



Saturday, June 12 2021


Jun 12, 2021


Saturday, June 12, 2021 5:05:00 PM CDT


June 12, 2021

Source…