3. ANNABELLE &
MBRLOCK
Annabelle & MBRLock ransomware new evolution that
directly infecting the Windows computers Master Boot
Record (MBR) which Prevent Operating system to
loading and avoid the security scan.
MBR
MBR infection
None of the ransomware tool work
4. This Annabelle ransomware demand 0.1 Bitcoin as a ransom amount
also it displays the countdown to pay the ransom amount and if it
exceeds then the new screen will be displayed that is an indication of
completely infection system unusable ever and it destroys all hard
disk data.
5. FBI ISSUES ALERT OVER TWO NEW
MALWARE LINKED TO HIDDEN
COBRA HACKERS
The US-CERT has released a joint technical alert from the
DHS and the FBI, warning about two newly identified
malware being used by the prolific North Korean APT
hacking group known as Hidden Cobra.
Hidden cobra-Lazarus Group - Guardians of Peace-backed
by North korean government
Wannacry-sony pictures2014-Swift banking attack
The malware Hidden Cobra is using are—Remote Access
Trojan (RAT) known as Joanap and Server Message Block
(SMB) worm called Brambul.
6. JOANAP—A REMOTE ACCESS TROJAN
"fully functional RAT" Joanap is a two-stage malware that
establishes peer-to-peer communications and manages
botnets designed to enable other malicious operations.
Spread- download, compromised sites, malicious mails
Functions-file management, process management,
creation and deletion of directories, botnet management.
Compromised- 87 networks in 17 countries.
7. BRAMBUL — AN SMB WORM
Brambul is a brute-force authentication worm that abuses the
Server Message Block (SMB) protocol in order to spread itself to
other systems.
The malicious Windows 32-bit SMB worm functions as a service
dynamic link library file or a portable executable file often dropped
and installed onto victims' networks by dropper malware
"When executed, the malware attempts to establish contact with
victim systems and IP addresses on victims' local subnets," the
alert notes.
"If successful, the application attempts to gain unauthorized
access via the SMB protocol (ports 139 and 445) by launching
brute-force password attacks using a list of embedded passwords
The hackers can then use this stolen information to remotely
access the compromised system via the SMB protocol
8. FACEBOOK BUG
A New Facebook bug allows automatically suggested around
14 Million users new posts set in public by default from May
18 to May 22.
Privacy settings
Internal error
How
Bug fixed
9. “We’ve heard loud and clear that we need to be more
transparent about how we build our products and how those
products use your data – including when things go wrong.
And that is what we are doing here”- Facebook
10. REDEYE
RANSOMWARE
Newly Discovered RedEye Ransomware spreading via Twitter and target the
victims to encrypt the data and lock the file to demand the ransom amount in
Bitcoin.
RedEye Ransomware is capable of destroying the victim’s computer after the
warning time to pay the ransom amount.
Annabelle’s author
“scary & really nasty”
child.wav, redeye.wav, suicide.wav
Rijndael-Algorithmus – AES – 256
0.1 Bitcoin($765 USD)
12. A WOMEN SHARED OTP 28 TIMES TO
FRAUDSTERS AND LOST NEARLY 7 LAKHS
Where-Navi mumbai
When -May 17 to 23
How- victim was not aware of online banking. victim has
provided all the details including 16-digit debit card number and
the CVV numbers which is to be kept confidential and the
fraudster also asked to delete the messages received from the
bank.
Periodic calls
28 transactions
VISHING- A social engineering technique used by attackers over
the telephone system to gain financial details, by using this
method attackers steal payment card details.
13. MICROSOFT BUYS
GITHUB
Microsoft has
reportedly
acquired GitHub
for $7.5 billion
GitHub is a popular code repository hosting service that allows developers to
host their projects, documentation, and code in the cloud using the popular Git
source management system, invented in 2005 by Linux founder Linus Torvalds.
GitHub is used by many developers and big tech companies including Apple,
Amazon, Google, Facebook, and IBM to store their corporate code and privately
collaborate on software, but Microsoft is one of the top contributors to the web-
hosting service
15. MY HERITAGE
MyHeritage, the Israel-based DNA testing service designed
to investigate family history, has disclosed that the company
website was breached last year by unknown attackers
Login credentials of 92.3mn
“sensitive data such as family trees and DNA data are
stored by MyHeritage on segregated systems, separate from
those that store the email addresses, and they include added
layers of security. We have no reason to believe those
systems have been compromised.”
Accounts not compromised.
Forensic investigation & two factor authentication
19. Followed by vpnfilter
40,000 servers & internet connected devices
Around the world
Devices and services infected by the Prowli malware:
Drupal and WordPress CMS servers hosting popular websites
Joomla! servers running the K2 extension
Backup servers running HP Data Protector software
DSL modems
Servers with an open SSH port
PhpMyAdmin installations
NFS boxes
Servers with exposed SMB ports
Vulnerable Internet-of-Thing (IoT) devices
To protect
Patch update & strong password for devices
21. Discovered today
Russian Ips
Users Targeting via malicious SPAM Emails that contain a
statement which comes from “United States District Court”
with a malicious attachment
malicious VBscript
22. HACKERS USING EXCEL IQY FILES TO
DODGE ANTIVIRUS AND DOWNLOAD
MALWARE
Security researchers have discovered a new spam
email campaign using a novel approach to infect
victims. Users tricked into downloading and
executing malicious script via Excel.
23. Normal mails
Contains iqy files
open by default in Excel
Download from internet
Byepass antivirus
Install RAT(flawedAmmy)
system compromised
24. HEADLINES
1. Volkswagen using quantum computers to build better EV batteries-
engineers at Volkswagen have started using a quantum computer to
simulate the chemical structures like lithium-hydrogen and carbon
chains much faster.
2. Frontier Communications' password bug lets anyone into your account-
vulnerability in their two factor authentication
3. Hackers Can Hijack, Sink Ships: Researchers- Insecure configurations
and vulnerabilities in communications and navigation systems can
allow hackers to remotely track, hijack and sink ships, according to
researchers at penetration testing and cybersecurity firm Pen Test
Partners.
4. T-Mobile bug exposed personal customer data- BUG in their security
5. Apple discloses new protections against snoopy apps and websites at
WWDC event
Apple's newest enhancements to its Safari browser will inhibit websites
and apps -- including Facebook -- from using cookies and fingerprinting
techniques to track users across the internet.
