Tag Archive for: lands

BianLian ransomware crew goes 100% extortion after free decryptor lands • The Register

/in


The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion.

Cybersecurity firm Avast’s release in January of a free decryptor for BianLian victims apparently convinced the miscreants that there was no future for them on the ransomware side of things and that pure extortion was the way to go.

“Rather than follow the typical double-extortion model of encrypting files and threatening to leak data, we have increasingly observed BianLian choosing to forgo encrypting victims’ data and instead focus on convincing victims to pay solely using an extortion demand in return for BianLian’s silence,” threat researchers for cybersecurity company Redacted wrote in a report.

A growing number of ransomware groups are shifting to relying more on extortion than data encryption. However, it seems the impetus for this gang’s move was that Avast tool.

When the security shop rolled out the decryptor, the BianLian group in a message on its leak site boasted that it created unique keys for each victim, that Avast’s decryption tool was based on a build of the malware from the summer of 2022, and that it would terminally corrupt files encrypted by other builds.

The message has since been taken down and BianLian changed some of its tactics. That includes not only moving away from ransoming the data, but also how the attackers post masked details of victims on their leak site to prove they have the data in hand in hopes of further incentivizing victims to pay.

Masking victim details

That tactic was in their arsenal before the decryptor tool was available, but “the group’s use of the technique has exploded after the release of the tool,” Redacted researchers Lauren Fievisohn, Brad Pittack, and Danny Quist, director of special projects, wrote.

Between July 2022 and mid-January, BianLian posted masked details accounted for 16 percent of the postings to the group’s leak site. In the two months since the decryptor was released, masked victim details were in 53 percent of the postings. They’re also getting the masked details up on the leak site even faster, sometimes within 48 hours of the compromise.

The group also is doing its research…

Source…

Proton Drive’s Secure Cloud Storage Finally Lands on Android, iOS

/in


Proton today launched Android(Opens in a new window) and iOS(Opens in a new window) apps for its Proton Drive secure cloud storage service—a service it claims is “the most private and secure” available today.

The Swiss company is best known for its encrypted mail service Proton Mail launched in 2014, but has also launched Proton VPN (2017), Proton Calendar (2019), and most recently Proton Drive in 2020 for secure file storage. Now Proton Drive is finally coming to mobile devices(Opens in a new window).

Thousands of Proton community members participated in the beta test of Drive for iPhone, iPad, and Android devices. With the apps now available, users can upload files and photos from their smartphones and tablets, or access existing files stored in their Drive. The apps include an offline mode, allowing a user to activate offline access for a file or folder and retain access to it even if there’s no mobile signal or Wi-Fi connection available.

Recommended by Our Editors

Security comes in the form of Proton’s open-source and publicly-audited end-to-end encryption, which automatically protects the contents of files from prying eyes, and Proton can’t access the contents of files either. All data is stored on servers located in Switzerland and Germany, which Proton says ensures “strong legal and hardware protections.”

PCMag Logo Beskar Ingot Bits and Bytes! Hands On With Seagate’s Mandalorian-Themed Hard Drive and M.2 SSD

Get Our Best Stories!

Sign up for What’s New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Source…

University of Colorado Boulder: CU Boulder lands $750k research grant for 5G communications security – India Education | Latest Education News | Global Educational News

/in


University of Colorado Boulder: CU Boulder lands $750k research grant for 5G communications security – India Education | Latest Education News | Global Educational News | Recent Educational News

Source…

Second July Google Chrome Security Update Lands On Windows, Mac, Linux

/in


Google has just confirmed the second clutch of security updates for the Chrome browser in July. Version 103.0.5060.134 for all Windows, Mac, and Linux users will become available in the coming days. While this update will roll out automatically, users who don’t restart their browser regularly are advised to check manually and force the security patch activation.

July 22 Update below. This post was originally published on July 20

As I reported earlier in the month, a zero-day Chrome vulnerability was confirmed by Google as being actively exploited by attackers. That vulnerability was CVE-2022-2294 and very little detail was released about it for obvious reasons. Now that there has been plenty of time for users to apply the fix, in the form of the first Google Chrome security update for July, that detail has started to emerge courtesy of the threat researchers at Avast who discovered it. In a newly published report, the researchers reveal how the vulnerability was used by attackers targeting users in the Middle East, in particular journalists in Lebanon.

The Avast researchers say that they can “confidently attribute it to a secretive spyware vendor” which they name as Candiru. A year ago, almost to the day, Citizen Lab research claimed that Candiru was “a mercenary spyware firm that markets ‘untraceable’ spyware to government customers. Their product offering includes solutions for spying on computers, mobile devices, and cloud accounts.” Avast says Candiru had laid low following the publication of this research but, in March 2022, researchers had seen it come back with tools targeting Avast users, once again in Lebanon as well as Palestine, Turkey, and Yemen. Those tools used a zero-day for Google Chrome.

Avast reports how the zero-day was designed to target Chrome users on the Windows platform, because it used a WebRTC bug it also impacted Microsoft Edge and even Apple Safari. All versions of Chrome have since been patched.

This, if you really needed reminding, is a good reason to ensure you don’t hang around installing these security updates for Chrome. With billions of users spread across multiple platforms, it is a very profitable target for malicious actors. As stated…

Source…