Tag: keys | Page 2

Intel Boot Guard private keys have reportedly leaked, compromising the security of many computers

May 7, 2023/in Computer Security

It seems like every other day there are scumbags out there perpetrating a new hack, taking advantage of a vulnerability or trying to extort people with ransomware. MSI is the latest victim, with hackers leaking material stolen from a breach of MSI’s systems last month (opens in new tab).

This one has the potential to be serious. According to tweets by Alex Matrosov (opens in new tab), the founder of Binarly (opens in new tab), at least some of the previously stolen 1.5TB of data has been leaked. The data includes private keys, some of which appear to be Intel Boot Guard keys. The leak of such keys doesn’t just affect MSI systems, but those from other vendors too, including Lenovo and Supermicro.

Boot Guard is a cryptography technology designed to protect PCs from executing fake UEFI firmware or modified BIOS. Should an attacker bypass these checks, they could gain full access to a system, access secure data or use it for any number of scummy purposes.

The use of UEFI keys is especially concerning given the risk of so-called secondary downloads. Using traditional phishing or email delivery techniques, any malware developed subsequent to a firmware update using these keys would appear to be genuine, and antivirus software would ignore it.

Your next machine

Best gaming PC (opens in new tab): The top pre-built machines from the pros
Best gaming laptop (opens in new tab): Perfect notebooks for mobile gaming

The release of the data comes after a group calling itself Money Message claimed responsibility for the breach of MSI’s internal systems (via Bleeping Computer (opens in new tab)). The group demanded a $4,000,000 payment from MSI. The release of the data would suggest that MSI didn’t pay up.

The fallout from this leak will take time to analyze, not to mention the time it could take to develop mitigations. We can expect statements from the relevant parties in the coming days.

In the meantime, take care and avoid downloading any BIOS, firmware, or system apps from anywhere other than the official sites. That goes for all system software, not just MSI’s.

Source…

Over 40 lakh mobile users at hacking risk from compromised Shopify API keys, Telecom News, ET Telecom

February 10, 2023/in Internet Security

New Delhi: Over 40 lakh mobile phone users’ sensitive data is at hacking risk after cyber security researchers on Friday uncovered a critical security flaw in Shopify application programming interface (API) keys/tokens.

Cyber-security company CloudSEK‘s BeVigil, a security search engine for mobile apps, uncovered the vulnerability that puts over 40 lakh mobile customers’ sensitive data at risk.

From the millions of Android apps, 21 e-commerce apps were identified to have 22 hardcoded Shopify API keys/tokens, exposing personally identifiable information (PII) to potential threats.

By hardcoding the API key, the key becomes visible to anyone who has access to the code, including attackers or unauthorised users.

If an attacker gains access to the hardcoded key, they can use it to access sensitive data or perform actions on behalf of the program, even if they are not authorised to do so, said security researchers.

“The recent discovery of hardcoded Shopify keys in numerous Android apps is just another example of the lack of proper API security in the industry. This type of vulnerability exposes the personal information of users, as well as transactional and order details, to potential attackers,” said Vishal Singh, senior security engineer at CloudSEK.

Shopify is an e-commerce platform that allows individuals and businesses to create an online store to sell their products.

Over 4.4 million websites from more than 175 countries globally use Shopify.

With the ease of creating an online store, it also allows the integration of third-party apps and plugins to add additional functionality to the store. Shopify can be used to sell physical and digital products, and it also offers a point-of-sale system for brick-and-mortar stores.

“While this situation is not a limitation of the Shopify platform, it highlights the issue of API keys/tokens being leaked by app developers. As part of responsible disclosure, CloudSEK has notified Shopify and the affected apps about the hardcoded API keys,” said the company.

The researchers found that of the total hardcoded keys, at least 18 keys allow viewing customer-sensitive data, 7 API keys allow viewing/modifying gift cards and 6 API keys allow obtaining payment…

Source…

Dutch Police obtain 155 decryption keys for Deadbolt ransomware victims

October 18, 2022/in Internet Security

Police in the Netherlands said they were able to trick the group behind the Deadbolt ransomware to hand over the decryption keys for 155 victims during a police operation announced last week.

In a statement, the Dutch National Police said on Friday that they conducted a targeted operation where they effectively paid a ransom in Bitcoin, received the decryption keys and then were able to withdraw the payment before it fully went through.

Since January, thousands of customers using Taiwanese hardware maker QNAP’s network-attached storage (NAS) devices have reported being attacked by the Deadbolt ransomware group, which demands a ransom of 0.03 Bitcoin (about $600) for the decryption key.

After the initial attacks affected about 3,600 devices in January, the group continued to resurface with campaigns in March, May, June and September this year. They also expanded their attacks to include NAS devices from Asustor.

Message boards around the world have been flooded with customers lamenting the loss of files that included family photo albums, wedding videos and more. Dozens of users took to Reddit to complain that they were among those attacked in the latest campaign.

I just got hacked. Ransomware named DeadBolt found an exploit in @QNAP_nas storage devices, encrypting all files. They ask $1,000 from individuals or $1.8 million from QNAP. I have 50tb of data there, none of it essential or sensitive, but it hurts a lot. Time for a fresh start. pic.twitter.com/E8ZkyIbdfp

— Lex Fridman (@lexfridman) January 27, 2022

On Friday, the Dutch National Police said the group has encrypted more than 20,000 QNAP and Asustor devices since the campaign began, including more than 1,000 victims in the Netherlands.

The idea for the operation started with Dutch cybersecurity company Responders.NU, which figured out the ransom payment trick and worked on the operation with the Dutch National Police, the Public Prosecution Service, Europol, the French National Police and the French Gendarmerie.

“We assist many victims of ransomware and saw an opportunity to obtain decryption keys,” said Responders.NU cybersecurity expert Rickey Gevers. “We shared that with the cybercrime team of the police…

Source…

Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

October 17, 2022/in Internet Security

In a novel sting operation, the Dutch law enforcement officials tricked the Deadbolt ransomware gang into handing over decryption keys, providing the victims an opportunity to get encrypted files back without paying a ransom. Using the keys, they can unlock files for free.

Dutch Police is probably one of the most active and committed agencies when it comes to taking down cyber criminals and cybercrime. In 2018, the agency was behind in seizing two of the largest dark web marketplaces including AlphaBay and Hansa.

How Dutch Police Tricked Notorious Ransomware Gang

The Dutch National Police collaborated with cybersecurity firm RESPONDER.NU AND successfully obtained 150 decryption keys from the Deadbolt ransomware group.

NU said they could unlock the computers of all Dutch victims who had filed complaints. With the availability of decryption keys, the department could retrieve encrypted servers and files, including photos and administrative content, and the victims didn’t need to give in to the ransom demands of the Deadbolt extortionists.

According to the NU officials, they stole the decryption keys from the criminal group. The department’s cybercrime teams transferred funds in bitcoins to the extortionists as ransoms, but as soon as the gang gave them the decryption key, they withdrew funds.

Later, the police aided the victims of Deadbolt ransomware gangs by providing them with the decryption key and also helped international victims. Authorities claim it to be a ‘nasty blow’ to the cybercriminals as the police made it clear that they cannot run away from international law enforcement agencies.

Details of Deadbolt Attacks

In a press release, the police confirmed that Deadbolt ransomware attacks mainly focused on NAS (network-attached storage). The gang had encrypted over 20,000 QNAP and Asustor devices, and the victims were spread worldwide. Around a thousand of its victims were located in the Netherlands.

Source…

Tag Archive for: keys

How Dutch Police Tricked Notorious Ransomware Gang

Details of Deadbolt Attacks

Related News