Skip to main content

Posts

Showing posts from April, 2016

Solving HCL 7.1.59 installation error

I was encounter below error message when I tried to install HP Comware simulator (H3C cloud Lab). "The virtualbox version is lower than the HCL needed." My PC was installed with Virtualbox Version 5.0.16 and it is latest when I am writing this post. Below is the resolve method to skip this error. You just open registry editor and go to HKEY_LOCAL_MACHINE>SOFTWARE>Oracle>Virtualbox . Then change the Data Value of Version and VersionExt to 4.2.18 and try to reinstall Simulator. You will see no more error while installing it. Do not forget to revert to correct version data value in registry value after Simulator installation done. Have a good time. (Be knowledgeable, pass it on then)

Jigsaw Ransomware spotted in the wild

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Jigsaw (named after the fictional character) which encrypts the system files and also deletes them if the payment is not made on time. Infection cycle: The Trojan poses as firefox with the following properties: The Trojan adds the following files to the filesystem: %APPDATA%\Roaming\Frfx\firefox.exe (copy of original) [Detected as  GAV: Jigsaw.A (Trojan) ] The Trojan creates the following key to the Windows registry to enable startup after reboot: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""%APPDATA%\Roaming\Frfx\firefox.exe"" It displays the following iconic image and the message while encrypting the files: It starts countdown and threatens to delete the files mentioned each hour. The trojan finds the following files on the victim's machine and encrypts them: It copies the filenames before encrypting at the

Badlock: Windows SAM and LSAD Downgrade Vulnerability

An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. Microsoft and SAMBA are vulnerable to these attacks. The vulnerability is triggered when these protocols accept authentication levels that do not protect them adequately. It is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database. To exploit the vulnerability, an attacker could launch a man-in-the-middle (MiTM) attack, force a downgrade of the authentication level of the SAM and LSAD channels, and then impersonate an authenticated user. The attacker can access domain passwords as well. The security update addresses the vulnerability by modifying how the SAM and LSAD remote protocols handle authentication levels. There are two different CVE identifiers associated with this vulnerability: