Emotet malware officially removed from all infected devices globally

The infamous botnet that once empowered over 70% of global infections was apparently successfully uninstalled from all infected systems globally, yesterday.German police, in association with other police agencies, has captured the C2 servers of Emotet botnet and disabled operations. Emotet was infamous for making backdoors through which second-stage payloads such as Qbot and TrickBot, were able to procure ransomware malware such as ProLock, Ryuk, and Conti. This botnet was reported to have been operated by TA542, also known as Mummy Spider.

(TechDator Magazine)

Computer security world in mourning over death of Dan Kaminsky

Celebrated information security researcher Dan Kaminsky, has died. He was 42. Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet’s infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades. He was heralded for his work in spotting flaws in SSL, and in automating the detection of Conficker malware infections. He had been a stalwart of the security research scene for years, and was a much-loved regular at conferences big and small. He would talk with and advise anyone – even paying the entrance fees for some researchers or letting them crash in his hotel room floor – and it was this generosity that people are overwhelmingly remembering this weekend. Here’s David Spark.

I knew Dan Kaminsky only professionally as I have interviewed him a number of times at conferences like RSA and Black Hat, and I’m going to say [he was] always incredibly affable and fantastic on camera. I mean, this is something I’ve always sort of run into – someone who’s really, really smart usually has a difficulty digesting all this wisdom for a simple sound bite or for an audience that doesn’t know as much about cyber security as they do. And he knew how to entice the viewer with a very thoughtful commentary on security and also just being incredibly engaging that you were just eager to hang on every word he had to say, he would be greatly missed. 

I know his friends and the rest of the community will sorely miss him. 

(The Register and all of us at CISOSeries.com)

Password manager Passwordstate hacked to deploy malware on customer systems

Click Studios, the Australian software firm behind Passwordstate, notified its 29,000 customers via email on Friday, after a malware-laced update was live for 28 hours between April 20 and 22. Once the intrusion was discovered, the attackers immediately took down their C&C server, which prevented investigators from discovering what additional payloads and other actions the attackers had performed. It is also very likely that the malware had full access to customers’ password stores. Click Studios has recommended that customers change all their passwords as soon as possible.

(The Record)

Thanks to our episode sponsor, Aptible

Remember this? It’s the end of the quarter which means urgent sales requests for security documentation. Well, thanks to Aptible Comply those days are over. Comply Rooms is a completely free, sales enablement tool built specifically for compliance teams to provide immediate, self-serve, and secure access to trust packets. With Rooms you just upload your security docs and NDA, then input your customer’s emails to invite them where they download automatically watermarked documents. The process that used to take days is now done in minutes. Go to aptible.com/ciso to create your free Room now.

Millions of Pentagon dormant IP addresses spring to life following Trump departure

On January 20th, Global Resource Systems LLC, an obscure company based in Florida discreetly announced to the world’s computer networks that it now was managing 56 million IP addresses that had been owned by the Pentagon, a number that quickly increased to 175 million which amounts to 6 percent of the IPv4 sector, worth billions of dollars on the open market, and usually controlled by telecommunications giants. The reason for the release and the way it was done both remain unclear, but a spokesperson for an elite Pentagon unit known as the Defense Digital Service, which reports directly to the Secretary of Defense, says it is a “pilot effort [that] will assess, evaluate and prevent unauthorized use of DoD IP address space.”

(The Washington Post)

QLocker gang makes $260,000 in 5 days using the 7zip utility

As of last Monday, users of QNAP’s Network Attached Storage systems world suddenly found their files encrypted. The Qlocker gang behind the attack didn’t even have to create their own malware program to do this – they simply scanned for QNAP devices connected to the Internet and exploited them using recently disclosed vulnerabilities. These exploits allowed the threat actors to remotely execute the 7zip archival utility to password protect all the files on victims’ NAS storage devices. The ransoms were priced around $500 to make them more acceptable to their small business victims.

(Bleeping Computer)

Ransomware gang wants to short the stock price of their victims

The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets. In a message posted on their dark web portal, the Darkside crew said it is willing to notify unscrupulous market traders in advance so they can short a company’s stock price before they list its name on their website as a victim. This is another new twist on the growing trend of ransomware extortion and appears to be a response to companies who have started to refuse to pay ransoms.

(The Record)