Skip to main content

Posts

Showing posts from August, 2016

Ryzerlo ransomware poses as Pokemon game

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Ryzerlo which encrypts the victim's files and leaves an email address to be contacted to unlock victim's files. Infection cycle: The Trojan comes across as Pokemon Go game with the icon Once the victim installs the executable, the trojan adds the some changes to the registry. The Trojan adds two autostart objects to enable startup after reboot: %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[numbers].exe (copy of original) It tries to connect to the C&C server and then t he trojan encrypts all the victims documents with extensions * .txt, * .rtf, * .doc, * .pdf, * .mht, * .docx, * .xls, * .xlsx, * .ppt, * .pptx, * .odt, * .jpg, *. png, * .csv, * .sql, * .mdb, * .sln, * .php, * .asp, * .aspx, * .html, * .xml, * .psd, * .htm, * .gif, * .png with .locked extension.  The trojan creates the following two files on the victim's desktop. One includ

QuadRooter - the flaw that can affect millions of Android devices

A set of 4 critical Android  vulnerabilities were recently published by  CheckPoint . Successful exploitation of any of these exploits can give the attacker root privileges on the affected device. It is possible for an attacker to construct a malicious app that triggers these exploits with no need for special privileges making these vulnerabilities extremely dangerous.  The vulnerabilities were found in the software drivers that accompany Qualcomm chipsets. Thereby any Android device using Qualcomm chipset is vulnerable, this counts to nearly 900 million smartphones and tablets. The report by CheckPoint goes into the finer details about the vulnerabilities but below is a high level description of the same: CVE-2016-2059 : The vulnerability is present in a kernel module introduced by Qualcomm called ipc_router that provides inter-process communication where it is possible to convert a regular socket (CLIENT_PORT) into a monitoring socket (CONTROL_PORT). CVE-2016-5340: Ashme

Old browsers are still running behind your firewall

On January 12th 2016, Microsoft announced it will stop supporting older versions of Internet Explorer. It means from now on, Internet Explorer 10 and prior will not get security updates. However many people are still using older versions of Internet Explorer, and it has become a potential threat. In July 2016, Dell SonicWALL observed that: - 0.7% of firewalls reported use of Internet Explorer 5.x. - 60.6% of firewalls reported use of Internet Explorer 6.x. - 71.1% of firewalls reported use of Internet Explorer 7.x. - 22.4% of firewalls reported use of Internet Explorer 8.x. - 24.3% of firewalls reported use of Internet Explorer 9.x. - 31.5% of firewalls reported use of Internet Explorer 10.x. Unpatched Internet Explorer is insecure and can damage the system. So, we, ICT For Myanmar would like to urges all our customers to review their environment and stop using Internet Explorer 10 and prior. Source : Dell SonicWall Security Center Have a good time.