• As you may be aware, a new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe.
    Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics. This now seems to be the third major outbreak of the year.
    Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle -- it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without their decryption service".
    The criminals behind Bad Rabbit are tricking people into infecting themselves, by disguising the malware as an Adobe Flash installer and planting it on legitimate websites that have been compromised.
    However, a security researcher at Cybereason, claims to have found a vaccine for the attack, which should completely prevent Bad Rabbit from infecting your computer. This is a simple procedure that is carried out by blocking the execution of file “c:\windows\infpub.dat” and “C:\Windows\cscc.dat”, the main files the ransomware relies on in-order to carryout its attack.
    This makes sense because the ransomware needs the files, "infpub.dat" and "cscc.dat" to execute its attack, and by blocking them on your PC prior to any attack, you have prevented Bad Rabbit from carrying out its job.
    Prevention they say, is better than cure.

    Please follow the steps below to fully protect yourself.
    First, create these two files in c:\windows:
    infpub.dat
    cscc.dat

    You can do that really quickly by starting cmd.exe as an admin:
    image4.png

    Then type the following commands:
    echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat
    Next, remove all their permissions by right clicking each file and selecting properties:
    image7.png


    Then select the security tab:
    image3.png

    Now click advanced, opening the following window:
    image2.png
    Click change permissions, opening the following window:
    image5.png

    Then, uncheck the “Include inheritable permissions from this object’s parents” box.
    After you do that, the following window will pop up. Click “remove”.
    image6.png


    You are now done. Remember to perform this action for the two files you created.

    If you are running Windows 10, repeat the same steps but instead of unchecking the inheritance box, click the “disable inheritance button”:
    image8.png


    And then select “Remove all inherited permissions from this object":
    image1.png




  • Hackers can steal macOS keychain passwords using unsigned applications, it works on the latest version of macOS, High Sierra 10.13, and previous releases.


    Cyber security expert Patrick Wardle, director of research at Synack, revealed that unsigned applications can steal macOS Keychain passwords, including plaintext passwords from the latest version of macOS High Sierra and previous versions of macOS.

    The researchers tested the exploit on Sierra and High Sierra, but he confirmed that El Capitan appears vulnerable as well. This issue is not a ‘High Sierra specific’ vulnerability.
    The researchers shared a video that shows how an unsigned application can exfiltrate sensitive data from the macOS Keychain, including plaintext passwords.

    OS keychain hack

    “What does your attack do?



    A: I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen! :(” explained Wardle.



    on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭
    https://

    It interesting to note that the attack does not require root permissions. The attack does require the knowledge of the master password, it only needs the targeted user to download and launched a malicious application, clearly ignoring the warnings displayed when an app from an unidentified developer is being executed.

    “Q: What are the prerequisites for this attack?


    A: As this is a local attack, this means a hacker or piece of malware must first infect your your Mac! Typical ways to accomplish this include emails (with malicious attachments),  fake web popups (“your Flash player needs updating”), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc). Theoretically, this attack would be added as a capability or as a payload of such malware. For example, the malware would persist, survey the system, then use this attack to dump the keychain. If I was writing a modular mac backdoor or implant, I’d call it the “dump keychain” plugin :)”  added the expert.




    Wardle reported the discovery to Apple along with a proof-of-concept (PoC) code, he avoided to publicly disclose technical details to prevent malicious actors from abusing the technique.
    Security experts always recommend customers to download applications only from trusted sources and pay attention to the security warnings displayed by the operating system.

    “A few things. As mentioned before, this attack is local, meaning malicious adversaries have to  first compromise your mac in some way. So best bet – don’t get infected. This means run the latest version of macOS and don’t run random apps from emails or the web. Also, this attack requires that the keychain is unlocked. By default the keychain is unlocked when the user logs in. However, you can change the keychain password (so it is not automatically unlocked during login, or (via the Keychain Access app) lock the keychain while you are not using it. ” suggests Wardle to stay safe.

    Unfortunately, Apple’s bug bounty program doesn’t cover macOS., this means that the expert will not be rewarded. Well, let's hope that Apple will make his case an exception.


  • Skylake is the codename for Intel's sixth-generation range of Core laptop and desktop PC processors. They've already been superseded by the seventh-gen CPUs and you can find out how Skylake compares with Kaby Lake.

    But Skylake isn't dead yet. No. Intel has launched Skylake X CPUs, which are the high-end enthusiast versions.

    Interestingly, Intel isn't using the Core i7 branding as it has done in previous years but add a new number: 9. The Core i9 range could be in response to AMD's Ryzen processors, which were named to seem similar to Intel's Core i5 and i7 ranges. 

    Last year at Computex, Intel unveiled its first 10-core consumer CPU, the company's move into the world of a "megatasking." It was a pricey chip, launching at around $1,700, but it satisfied the needs for users who needed to juggle several intensive tasks at once. Now, Intel has upped the ante with a whole new family of processors for enthusiasts, the Core X-series, and it's spearheaded by its first 18-core CPU, the i9-7980XE.

    Priced at $1,999, the 7980XE is clearly not a chip you'd see in an average desktop. Instead, it's more of a statement from Intel. It beats out AMD's 16-core Threadripper CPU, which was slated to be that company's most powerful consumer processor for 2017. And it gives Intel yet another way to satisfy the demands of power-hungry users who might want to do things like play games in 4K while broadcasting them in HD over Twitch. And as if its massive core count wasn't enough, the i9-7980XE is also the first Intel consumer chip that packs in over a teraflop worth of computing power.




    If 18 cores is a bit too rich for you, Intel also has other Core i9 Extreme Edition chips in 10, 12, 14 and 16-core variants. Perhaps the best news for hardware geeks: the 10 core i9-7900X will retail for $999, a significant discount from last year's version.

    All of the i9 chips feature base clock speeds of 3.3GHz, reaching up to 4.3GHz dual-core speeds with Turbo Boost 2.0 and 4.5GHz with Turbo Boost 3.0. And speaking of Turbo Boost 3.0, its performance has also been improved in the new Extreme Edition chips to increase both single and dual-core speeds. Rounding out the X-Series family are the quad-core i5-7640X and i7 models in 4, 6 and 8-core models.




    While it might all seem like overkill, Intel says its Core i9 lineup was driven by the surprising demand for last year's 10-core chip. "Broadwell-E was kind of an experiment," an Intel rep said. "It sold... Proving that our enthusiast community will go after the best of the best... Yes we're adding higher core count, but we're also introducing lower core counts. Scalability on both ends are what we went after."

    As you can imagine, stuffing more cores into a processor leads to some significant heat issues. For that reason, Intel developed its own liquid cooling solution, which will work across these new chips, as well as some previous generations. All of the new Core i9 processors, along with the 6 and 8-core i7 chips, feature scorching hot 140W thermal design points (TDPs), the maximum amount of power that they'll draw. That's the same as last year's 10-core CPU, but it's still well above the 91W TDP from Intel's more affordable i7-7700K.

    Over the past few years, Intel's laptop chips have been far more interesting than its desktop CPUs. Partially, that's because the rise of ultraportables and convertible laptops have shifted its focus away from delivering as much computing power as possible, to offering a reasonable amount of processing power efficiently. The new Core i9 X-series processors might not be feasible for most consumers, but for the hardware geeks who treat their rigs like hot rods, they're a dream come true.




    When is the Core i9 release date?

    Release date: June 2017*

    At the chips' launch at Computex 2017, Intel said the new processors would be on sale "in the coming weeks". *That applies to the Core i9-7900X downwards. 

    The i9-7920X will go on sale in August, while the top three chips don't yet have an official release date.

















  • There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

    The scope and severity of the fallout from the WannaCry attacks over the past week elicits plenty of "we told you so" head shakes about the dangers of ransomware. With a lightning-fast speed, the blackmail worm spread quickly.

    According to Europol, the attack had reached about 150 countries and more than 200,000 systems. When security researchers found a kill-switch for the attack that they used to their advantage, it didn't take long for new variants to start up again with infections occurring at a rate of 3,600 systems per hour.

    It was a nasty bit of business and while the hue and cry over ransomware shouldn’t be ignored, there are a lot more valuable lessons beyond those that have to do with cyber blackmail. Here are just a few of them.

    1: Vulnerability and Patch Management overshadows everything

    Patch, patch and patch. It's been the overwhelming mantra of security pros for decades, and this attack campaign shows us why. The rapid spread of the worm was made possible by the ubiquity of systems worldwide running on unsupported or unpatched operating systems.
    Hopefully, after this attack, organizations will significantly alter their continuous patch hygiene. Microsoft also released new emergency patches for Windows XP and 2003, even though it has stopped all security updates and technical support for XP since April 2014, which simply shows the seriousness of the attack and the risk of deploying out-of-date operating systems in work environments."

    2: Unknown Assets can cause you so much problems

    It's just about impossible to patch systems an organization doesn't even know exists. The insidious effects of WannaCry offer up a good illustration of how easy it is for attackers to scale attacks against the forgotten systems that can be lost through inconsistent asset management.
    "Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors," says Steve Ginty, senior product manager at RiskIQ. "For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, they provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall."

    3: Network Segmentation Can Be a Valuable Risk Reducer

    Of course, patch management isn't as simple as just finding every system and waving a magic wand over them. Many organizations struggle to update legacy and embedded systems due to a host of technical problems. It's why WannaCry found such fertile ground in healthcare organizations, since many medical devices are built on top of old Windows operating systems that are very difficult to update due to government regulations and the organizations' own concerns about causing system disruptions during updates. We all have faced challenge(s) while updating our work and personal devices at one point or the other.
    "In many cases, devices will never receive updates either because the OS is no longer supported and memory, storage, and processing constraints may prevent the device from operating effectively with the latest software. Finally, I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices, and simply avoid patching because the device works. Thus 'if it ain’t broke, don’t try to fix it' mentality can be tremendously detrimental to hospital security."
    This scenario is a perfect example of how compensating controls - like network segmentation - should have kicked in for a lot of organizations.
    "Of course, today, completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can be limited as much as possible," says Brighten Godfrey, co-founder and CTO of Veriflow. "Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized."

    4: Security Has Real-World Repercussions

    Speaking of healthcare, one of the big-picture lessons that security professionals around the world should be thinking deeply about is the fact that cybersecurity is no longer just a game of protecting data. When attacks happen today, they have real-world repercussions that can affect the safety of people's life and limb.
    "With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry," says Terry Ray, chief product strategist for Imperva.
    The attacks against the UK's National Health Service put hospital operations at a standstill and threatened the health of real people. As much as the security industry talks about its struggle with attackers as a game, using terminology like "whack-a-mole" and "cat-and-mouse" to describe the back-and-forth exchanges, the truth that WannaCry should bring home is that what we're engaged in is not frivolous or fun. The consequences are real and serious.

    5: It's Easy to Forget the 'A' in Security's 'CIA'

    So many security organizations get hung up on the confidentiality and integrity part of IT risk management that they forget the final leg of that three-legged stool: availability. According to estimates from Cyence researchers, the business interruption costs to companies from WannaCry will add up to over $8 billion.
    "Business interruption caused by the WannaCry malware is probably the most substantial and problematic component to this event. Organizations will suffer interruptions to their business, lost income, and extra expenses while the infection is being remediated – and it will take some time to get back to full productivity even after systems are restored.
    Obviously, these are big-picture lessons. And it will take time to turn these lessons into meaningful action. In the meantime, for those who've found they've lost access to their WindowsXP systems, there's at least some good news on that front. Security researchers with the French security firm Quarkslab have released a tool called Wannakey, which can help recover the private encryption key for infected WindowsXP systems.