Search Results for “Lawrence Abrams”

July 26, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Europol Says ‘No More Ransom’ Project Has Prevented Ransomware Gangs From Making Profits of at Least $108 Million

On the third anniversary of the No More Ransom project, Europol announced that users who downloaded and decrypted files using free tools made available through the project have prevented ransomware gangs from making profits of at least $108 million. No More Ransom was formed as an alliance among Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, and McAfee to battle ransomware and provide free decryption services and support to victims. The project now consists of 151 partners, with BleepingComputer joining the project in 2018 to offer decryptors, information, and help to a wider range of victims.

Related: Computer Business Review, SC Magazine,, ZDNet, Europol


August 16, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
‘KNOB’ Flaw Allows Attackers to Break Into Bluetooth Connections, Monitor or Manipulate Data Between Paired Devices

In a coordinated disclosure among the Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. KNOB, assigned CVE ID CVE-2019-9506,  affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 – 5.1, and allows an attacker to reduce the length of the encryption key used for establishing a connection, sometimes down to a single octet. The vulnerability was discovered by Daniele Antonioli from SUTD, Singapore, Dr. Nils Ole Tippenhauer, CISPA, Germany and Prof. Kasper Rasmussen, University of Oxford, England.

Related: IT Pro, SlashGear,, Help Net Security, Techradar, The Verge, Fast Company, Softpedia News, Digital Trends, Hacker Combat, CSO Online, CSO Online, Engadget, Tom’s Hardware, Forbes,, Slashdot, Bluetooth

Tweets:@hacks4pancakes @lgrangeia @bleepincomputer @BrianHonan @Viss

IT Pro: KNOB attack lets hackers insert themselves into your Bluetooth calls
SlashGear: Bluetooth security flaw has a silly name but serious consequences : KNOB Attack
Help Net Security: Critical Bluetooth flaw opens millions of devices to eavesdropping attacks
Techradar: Bluetooth security flaw leaves millions of devices open to attack
The Verge: Bluetooth vulnerability could expose device data to hackers
Fast Company: A Bluetooth encryption flaw could let hackers spy on your connections
Softpedia News: Major Bluetooth Security Flaw Discovered, Leaves Millions of Devices Vulnerable
Digital Trends: Critical Bluetooth security bug discovered. Protect yourself with a quick update
Hacker Combat: “KNOB” Security Flaw Exploits All Versions Of Bluetooth Devices
CSO Online: IDG Contributor Network: Are you being tracked through a Bluetooth security vulnerability?
Engadget: Serious Bluetooth flaw leaves devices open to attack
Tom’s Hardware: KNOB Attack Weakens Bluetooth Encryption
Forbes: New Critical Bluetooth Security Issue Exposes Millions Of Devices To Attack Bluetooth Security Flaw Makes Data Vulnerable To Attack
Slashdot: New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic
Bluetooth: Key Negotiation of Bluetooth

@hacks4pancakes: It’s very neat research but I’m a bit queasy that anyone felt Bluetooth was secure, ever.
@lgrangeia: Bluetooth is broken: A third party can force a one byte encryption key on any Bluetooth connection in range, even between already paired devices. It's bad.
@bleepincomputer: A branded web site for the Bluetooth KNOB attack was released today. This vulnerability allows attackers to decrease the length of the encryption key used during pairing so it can more easily be bruteforced.
@BrianHonan: via helpnetsecurity Critical Bluetooth vulnerability opens millions of devices to eavesdropping attacks
@Viss: @evilsocket @mpeg4codec @michaelossmann This seems up your respective alleys

October 15, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
North Korea’s Lazarus Group Uses Fake Cryptocurrency Software, Front Company to Gain Access to Macs and PCs

North Korean hackers known as the Lazarus Group North Korea have found a novel way to attack Macs or Windows PCs by using fake cryptocurrency software created by a front company, security researcher MalwareHunterTeam reports. The hackers created a fake company, JMT Trading, complete with an official-looking website. They then wrote an open-source cryptocurrency trading app and put it up on the code-sharing site GitHub.  But hidden within that code was malware that, when downloaded onto a target machine, could give the attackers the ability to execute commands remotely. The attackers might also be able to leverage the new technique to gain entry into actual cryptocurrency exchanges by asking admins and users of the exchanges to test and review their new app, Mac security researcher Patrick Wardle has also analyzed the Mac variant of the JMT Trader malware.

Related: Cyberscoop, IB Times, Softpedia News, Objective See, CISO Mag, Forbes

Tweets:@malwrhunterteam @malwrhunterteam @VK_Intel

October 14, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Windows 10 Tamper Protection Security Feature Now Available for Enterprise and Home Customers, Will Be Enabled by Default

Microsoft announced that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers and said it will be enabling this security feature on all Windows 10 devices by default. Tamper Protection prevents Windows Security and Windows Defender settings from being changed by programs, Windows command-line tools, Registry changes, or group policies. Users must modify security settings directly through the Windows 10 user interface or via Microsoft enterprise management software such as Intune.

Related: Dark Reading: Operations, gHacks, ZDNet Security, The Next Web, Help Net Security, GBHackers On Security, Softpedia News, Help Net Security,, IT Pro, gHacks, MSPoweruser

October 8, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Software Developer Hacked Back Against Muhstik Ransomware Gang and Released Decryption Keys, Free Decryptor to Allow Victims to Get Files Back

German software developer Tobias Frömel has hacked back on the Muhstik ransomware gang, which encrypted his files, by hacking their server and releasing nearly 3,500 decryption keys for all other victims to get their files back. He also released a free decrypter. The Muhstik ransomware gang, which has been active since the end of September, has been hacking into publicly exposed QNAP NAS devices and encrypting the files on them. After paying the ransom, Frömel also analyzed the ransomware and gained access to the PHP script that generates passwords for a new victim. He then published the decryption keys on Pastebin and published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [VirusTotal scan], and usage instructions are available on the Bleeping Computer forum.

September 19, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Wormable Malware Smoninru Mining Botnet Still Active With 90,000 New Victims in August, 4,700 New Infections Per Day

The wormable malware Smominru mining botnet continues to wreck havoc on corporate machines by not only installing cryptominers, but also stealing credentials, installing backdoors, and making system configuration modifications according to a new report from Guardicore Labs. Smominru spreads using the EternalBlue exploit and by brute-forcing RDP, MSSQL, Telnet and other exposed services. The botnet is still heavily active with 90,000 new victims in August 2019 and 4,700 new infections per day Guardicore says. Moreover, 25% of infected victims were reinfected more than once, showing that machines were not being properly patched and secured after being cleaned. Guardicore has released a PowerShell script that can scan for and detect the presence of this infection.

September 16, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Tor Project Has Raised $86,000 For Bug Fund That Pays Developers to Fix Critical Bugs

The Tor Project has raised $86,000 for a Bug Bash Fund that will be used to pay developers to quickly fix critical bugs in the privacy-oriented Tor browser. The types of bugs Tor considers critical are privacy issues such as when the browser may leak an IP address, issues with signing certificates for Tor addons or to evaluate and upgrade the Tor browser to new Firefox ESR releases.  Donors to the Fund can track how that money is being used as they will tag any bug tickets that utilize this money with the “BugSmashFund” tag.

September 12, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Chrome 77 Moves to Stable Desktop Channel With New Features, 36 Security Fixes, Change in EV Indicators

Google has released Chrome 77 to the Stable desktop channel, with new features and 36 security fixes, with 1 being marked as Critical and 8 as High severity. The one critical flaw addressed in Chrome 77 is described by Google as simply “Use-after-free in media” which Google says was reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29. Google has also changed how it displays extended validation (EV) SSL certificates for HTTPS websites. Chrome 77 no longer shows the company name in the browser’s address bar for sites that use extended validation TLS/SSL certificates. Instead, the company name has moved into the page info bubble that appears when you click on the lock icon as shown below.

Related: SecurityWeek, LinuxSecurity – Security Articles, ZDNet Security, TechNadu, Venture Beat, Android Central, Softpedia, CSO Australia, ZDNet

September 9, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
Thousands of Servers Infected by New ‘Lilocked’ Ransomware, So Far Only Infected Servers Are Websites Which Causes Encrypted Files to Appear in Google Search Results

A relatively new ransomware named Lilocked by researchers and Lilu by the developers is actively targeting servers and encrypting the data located on them, security researchers, including Michael Gillespie and Benkow discovered. The servers are all supporting websites causing the encrypted files to show up in Google search results. When a machine is infected, the ransomware will encrypt a file and then append the .lilocked extension to the file name. Google reports over 6,000 search results with web servers that have been encrypted by this ransomware and having their files renamed with a .lilocked extension, although many of these are duplicative results for the same websites. There is no known way to decrypt files encrypted by Lilu, but if a sample is discovered that may change.

Related: ZDNet Security,, fossBytes, Security Affairs, Spyware news, CyberSecurity Help s.r.o.

Tweets:@benkow_ @demonslay335 @maztec

August 20, 2019
Lawrence Abrams / Bleeping Computer

Lawrence Abrams / Bleeping Computer  
VLC Media Player Update Issued With Fixes 13 for Vulnerabilities That Can Lead to Crash or Code Execution

VideoLan has released VLC Media Player 3.0.8 which fixes 13 vulnerabilities that include numerous buffer overflow, null after free, null dereference, and division by zero vulnerabilities. These vulnerabilities could be exploited by a remote user creating a specially crafted file and tricking a user into opening it which would cause a crash or perform code execution in the context of the logged-in user.