Tag Archive for: registry

GitHub, NPM registry abused to host SSH key-stealing malware

/in


Malicious NPM packages designed to upload stolen SSH keys to GitHub were discovered by software threat researchers this month.

GitHub removed two packages from the NPM registry in early January  — warbeast2000 and kodiak2k  — both of which were designed to grab private SSH keys from machines they are installed on and store the keys on an attacker-controlled GitHub repository.

The SSH key-stealing malware tools were first discovered by researchers at ReversingLabs using the company’s Software Supply Chain Security platform. The malicious packages were found during the first week of January 2024 and removed by the GitHub-owned NPM registry shortly after they were reported.

The details of warbeast2000 and kodiak2k were first disclosed by ReversingLabs in a blog post on Jan. 23.

“Since there are instructions in the code’s comments, the [package] author’s intention is possibly to share malicious code with other malicious actors,” Lucija Valentić, a software threat researcher at ReversingLabs and author of the blog post, told SC Media. “They may also be hoping for developers and users to download and install warbeast2000 and kodiak2k.”

Software developers at risk from dangerous NPM packages

The warbeast2000 and kodiak2k packages both use a postinstall script to retrieve additional JavaScript code from an external source and execute it on a victim’s machine. At least one of the packages (warbeast2000) retrieves this second malicious script from a Pastebin address.

The payload installed and executed by warbeast2000 targets the id_rsa file located at /.ssh within the victim’s home directory to grab the private SSH key stored within this file. “Id_rsa” is the default file name for SSH keys generated by ssh-keygen, which is standard on Unix, Linux and macOS systems as well as Git for Windows.

After reading the private SSH key, warbeast2000’s final payload copies the key, encodes it in Base64 and uploads it to a GitHub repository controlled by the attacker. Warbeast2000 has no other functions and does not appear to imitate other legitimate packages.

Kodiak2k’s payload works similarly to warbeast2000’s, but instead of going after id_rsa, it searches (home…

Source…

Trend Micro antivirus modified Windows registry by mistake — How to fix

/in


Trend Micro

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified.

According to hundreds of customer reports that started streaming in earlier this week on the company’s forum and on social networks, the false positive affected update packages stored in the Microsoft Edge installation folder.

As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ_FRS.VSNTE222 and Virus/Malware: TSC_GENCLEAN.

Fix and workaround available

The cybersecurity software maker addressed the issue and published an advisory urging customers to update their products and ensure that the Smart Scan Agent Pattern and Smart Scan Pattern are updated to the latest version.

“Trend Micro is aware of a detection issue that was reported earlier today regarding a potential false positive with Microsoft Edge and a Trend Micro Smart Scan pattern,” the company said.

“The pattern has been updated to remove the detection in question and we are doing an investigation on the root cause of the issue. More information can be provided after the investigation is complete.

“Please confirm that both the Smart Scan Agent Pattern is 17.541.00 or later AND Smart Scan Pattern is 21474.139.09 or later which resolves the issue.”

Trend Micro also shared a temporary workaround if the pattern update didn’t fix the issue which requires adding multiple Microsoft Edge folders to Apex One’s exclusion list.

Restoring registry changes

While the fix provided by Trend Micro for the false positive can easily be applied by updating Apex One, some customers also reported that this issue also led to Windows registry entries being altered after the agent’s Damage Cleanup tool was executed.

“It was reported that some customers observed some registry changes as a result of the detection depending on their endpoint cleaning configuration settings,” Trend Micro added.

Widnows Registry changes seen by Trend Micro customer
Widnows Registry changes seen by Trend Micro customer

This requires affected users to restore backups made by the Apex One agent through a procedure that will help revert the changes made…

Source…

How to hack the Registry File to change the size of the Windows 11 taskbar

/in


Normally, Microsoft does not allow users to modify the relative size of the Windows 11 taskbar. But with a hack of the Registry File, we can make that possible.

windows-11.jpg
Image: Microsoft

While Microsoft Windows 11 is full of ways to customize and personalize your overall user experience, there are still more than a few obvious exceptions that cannot be readily modified. One of these is the size of the Windows 11 taskbar. Whether your screen resolution is 4K or VGA, the relative size of the taskbar is constant.

However, with a tweak of the Windows 11 Registry File, users can adjust the size of the taskbar to be relatively smaller or larger based on their current display needs. This how-to tutorial shows you how to add the Registry File key necessary to make this possible.

SEE: Maximize your work-from-home productivity with these tools (TechRepublic Premium)

Change the size of the Windows 11 taskbar

Disclaimer: Editing the Windows Registry file is a serious undertaking. A corrupted Windows Registry file could render your computer inoperable, requiring a reinstallation of the Windows operating system and potential loss of data. Back up the Windows Registry file and create a valid restore point before you proceed.

To make our edits in the Windows 11 Registry File, we will type “regedit” into the Windows 11 search tool. From the results, choose the Regedit app and then use the left-hand window to navigate to this key, as shown in Figure A.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\

Figure A

Right-click the “Advanced” key and select New | DWORD (32-bit) Value and give the new key the name “TaskbarSI”, as shown in Figure B.

Figure B

Now, double-click the TaskbarSI key you just created and change the Value data to either a “0” (zero) to make the taskbar smaller or a “2” to make the taskbar larger, as shown in Figure C.

Figure C

Click the OK button when you are finished, close the Regedit app, and then restart your Windows 11 PC. When the computer restarts, the taskbar should be larger or smaller than normal.

To restore the Windows 11 taskbar to its original size, you have two options. You can either…

Source…

Singapore’s HIV Registry Data Exposed Online – pymnts.com

/in
  1. Singapore’s HIV Registry Data Exposed Online  pymnts.com
  2. HIV Status of More Than 14,000 People Leaked in Singapore Data Breach  The Wall Street Journal
  3. Singapore HIV registry data leaked online in health breach  BBC News
  4. HIV positive patients’ medical records LEAKED in data breach affecting more than 1,000 people  Mirror Online
  5. Data of 14,200 diagnosed with HIV in Singapore leaked online  ZDNet
  6. View full coverage on read more

“data breach” – read more