DUHK ATTACK CAN RECOVER COMMON CRYPTOGRAPHIC KEYS

Another vulnerability set in the key-finding set of tools is now recently discovered – the DUHK attack or Don’t Use Hard-coded Keys.  DUHK can easily infiltrate devices using ANSI X9.31 Random Number Generator (RNG). Recently, several cryptographic key vulnerabilities were reported such as KRACK Wi-Fi attack and ROCA factorization attack. The mechanics of KRACK sums up Read more…

 

BAD RABBIT RANSOMWARE – A NEW RANSOMWARE ATTACK

A new globally-threatening ransomware emerged this year.   Dubbed as Bad Rabbit Ransomware, said ransomware is now rapidly spreading across Europe.  It has infected almost 200 major organizations in Russia, Ukraine, Turkey and Germany. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or Read more…

 

U.S. WARNED ENERGY FIRMS OF POSSIBLE CYBER-ATTACKS

The US government, specifically the FBI and Homeland Security have warned energy firms regarding in the increasing number of cyber-threats this 2017. In September 2017, The Dragonfly hacking group have emerged and executed a wave of cyber-attacks against energy facilities in Europe and North America such as nuclear, energy, aviation, water and critical manufacturing industries. Read more…

 

KASPERSKY LAB TIMELINE – COLLABORATION WITH RUSSIAN INTELLIGENCE

There has been a series of speculations and theories that the Kaspersky’s antivirus program functions differently, and provides a secret backdoor to Russian intelligence. Does the allegation have a decent basis? Or a mere coincidence? The Kaspersky Lab is previously a well-regarded information security firm founded in 1997 by a Russian national named Eugene V. Read more…

 

LOCKY RANSOMWARE RETURNS USING MICROSOFT WORD DDE FUNCTIONALITY

Locky Ransomware attempts again to invade the cyber-world, this October 2017, using the Dynamic-Data-Exchange (DDE) functionality of Microsoft Word. Beforehand, a ransomware known as Locky had made chaos across the world in 2016, and devastated a great number of computers worldwide. On August 2017, said ransomware made its way back into cyberspace using the Diablo6 Read more…

 

CUTLET MAKER, AN ATM MALWARE FOR SALE ON THE DARKNET

A malware dubbed as Cutlet Maker is now for sale over the Dark Net which could be used to crack ATMs in as fast as 60 seconds. ATMs nowadays become targets of cyber-criminals because of their increasing availability and vulnerability due to their conspicuous locations and lack of physical security.  A new method is now Read more…

 

ROCA VULNERABILITY ENDANGERS MILLIONS OF RSA KEYS WORLDWIDE

There is a newly discovered vulnerability, dubbed as ROCA (Return of Coppersmith’s Attack), in RSA encryption keys used in smart cards, security tokens and PC chipsets.  The said vulnerability can be found in chips made by German company Infineon Technologies AG. RSA (Rivest–Shamir–Adleman) is one of the first practical public-key cryptosystems and is widely used Read more…

 

APPLE’S UIALERTCONTROLLER CAN BE USED TO DISPLAY A PERFECT IOS PHISHING SCHEME

Apple’s iOS has proven to be the most formidable nowadays in terms of mobile security.  However, attackers have recently discovered a new IOS phishing scheme which could trick even the most careful users into giving their Apple ID password unknowingly. For skilled Apple users, they can be fairly familiar with the system notification which requires Read more…

 

HACKERS HAVE TARGETED ANOTHER ICO WEBSITE , “ETHERPARTY”

Etherparty is a digitalized, user-friendly contract creation tool that enables users to create smart contracts on the blockchain (a network that manages cryptocurrency).  However, only recently, another website which hosts an Initial Coin Offering has been hacked, following the steps of the many ICO websites that fell victim to hacking schemes earlier this year. One Read more…

 

Official website of NASA defaced by Prosox

The website of CERES (Clouds and the Earth’s Radiant Energy System) of the National Aeronautics and Space Agency (NASA) was hacked approximately 9:00 p.m. last September 17, 2017. CERES is an organization under NASA which conducts experiments focused on the role of clouds and energy cycle in global climate change. The website, under the subdomain Read more…