EUVD-2008-3883

Malware in sbrugna...

Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists Group

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups,...

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobal...

Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan RAT that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity...

New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks

A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or...

Bad Rabbit Ransomware – What is it and how to stay safe

Trend Micro is tracking multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to...

Bad Rabbit Linked to ExPetr/Not Petya Attacks

A link has been confirmed between the Bad Rabbit ransomware outbreak detected yesterday in major organizations in Russia and Ukraine and this summer’s ExPetr/Not Petya attacks. Researchers at Kaspersky Lab said there are “clear ties” between the two attacks though one major piece of the puzzle is...

BadRabbit Ransomware Attacks Hitting Russia, Ukraine

A ransomware attack has put a halt to business inside a handful of Russian media outlets and a number of major organizations in the Ukraine, including Kiev’s public transportation system and the country’s Odessa airport. The attacks are known as Bad Rabbit and harken back to the ExPetr/NotPetya...

Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against...

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco's Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has...

Mamba Ransomware Resurfaces in Brazil, Saudi Arabia

Mamba was among the first samples of ransomware that encrypted hard drives rather than files that was detected in public attacks, primarily against organizations in Brazil and in a high-profile incursion against the San Francisco Municipal Transportation Agency last November. Researchers at...

Mamba Ransomware Encrypts Hard Drives Rather Than Files

Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive. The malware, called Mamba, has been found on machines in Brazil, the United States and India, according to...

Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running o...

CVE-2008-3897

DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer...

Design/Logic Flaw

DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer...

CVE-2008-3897

DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer...

CVE-2008-3897

The vulnerability CVE-2008-3897 affects DiskCryptor 0.2.6 on Windows. The root cause is that pre-boot authentication passwords are stored in the BIOS keyboard buffer and the buffer is not cleared before or after use, allowing local users to read sensitive information from memory. Impact is partia...

[IVIZ-08-006] DiskCryptor Security Model bypass exploiting wrong BIOS API usage

----------------------------------------------------------------------- iViZ Security Advisory 08-006 25/08/2008 ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com...

Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1)

Multiple Vendor BIOS - Keyboard Buffer Password Persistence 1 source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on th...

Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)

// source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memor...