Category: Products

GandCrab ransomware crew loses $1M after Bitdefender releases free decrypter

Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week.

The Romanian antivirus maker says that at least 1,700 GandCrab victims were able to successfully decrypt GandCrab-locked files within hours after the tool’s release. Most of these users were located in South Korea, China, India, and the US, according to statistics released by the company.

Read more about the success of the free GandCrab decrypter on ZDNet.

Windows Defender: First Full Antivirus Tool to Run in a Sandbox

In a major move for Windows security, Microsoft has built Windows Defender to run in a sandboxed environment. Microsoft began the process of moving Windows Defender to a sandbox after much input from the security community.

Windows Defender runs with high privileges to scan systems for malicious content; because of this, it’s already a prime target for cyberattacks. If someone successfully exploits a bug in Windows Defender, an entire system can be taken over. With Windows Defender running in a restrictive process execution environment, attackers who break in are stuck inside the isolated environment and can’t affect the rest of the system.

Read more about the new version of Windows Defender on DarkReading.

Free decryption tool released for multiple GandCrab ransomware versions

The No More Ransom project released today an updated and more potent decryption tool for the GandCrab ransomware in what Europol has described as the “latest victory of law enforcement in the battle against ransomware.”

The decryption tool was developed by Romanian PoliceEuropol, and Bitdefender, and has been made available on the No More Ransom project website for download. The tool is an update on a first version that was released in February by Bitdefender.

Read more about the new GandCrab ransomware decryption tool on ZDNet.

Will Microsoft finally kill the password with its Authenticator upgrade?

Microsoft is hoping to finally kill passwords within businesses with its latest upgrade to its Microsoft Authenticator App.The password is increasingly viewed as an insecure way to authenticate users, with employees often resorting to weak passwords as they try to keep up with corporate demands for frequent changes.

The Microsoft Authenticator app eliminates the need for passwords, by offering authentication via a combination of phone and fingerprint, face or PIN for a more secure, multi-factor sign-in. Now Microsoft has extended its support for passwordless login using the app to the hundreds of thousands of Azure Active Directory-connected apps used by business.

Read more about the new feature for businesses on TechRepublic.

Will Google’s Titan security keys revolutionize account security?

Google’s Titan security keys are now available in the Google Store for businesses and individuals. If Google gets its way, the Titan keys, which come in USB and Bluetooth form factors, will be the new standard in two-factor account protection.

Authentication keys are nothing new, nor is the FIDO authentication framework that Google has built Titan around. What is new is a company as big as Google marketing and selling its own hardware key. With as large a market as Google has, the Titan could be the hardware key that finally replaces vulnerable two-factor authentication (2FA) methods.

Read more about Google’s Titan security keys, and learn how to get and use them for your organization, on TechRepublic.

New email malware detection can outperform the top 60 antivirus engines

Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab in Israel have developed a new method for detecting malicious emails that is more effective than the top 60 antivirus engines on the market, according to a press release provided exclusively to TechRepublic.

Email-Sec-360°, the new method from BGU, relies on 100 email features to detect a malicious message, according to the release. Developed by Ph.D. student and researcher Aviad Cohen, the method is built on machine learning principles and operates without internet access, making it a useful solution for both individuals and businesses.

Read more about the new email malware detection technique on TechRepublic.

Thanatos ransomware: Free decryption tool released for destructive file-locking malware

Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.

In order to combat the destruction caused by files which can’t be decrypted, researchers at Cisco Talos have built and released a free tool for decrypting the files – ThanatosDecryptor, which is available to download now.

Read more about Thanatos ransomware and the free file decryptor released by researchers at Cisco Talos on ZDNet.

WPA3 Brings New Authentication and Encryption to Wi-Fi

Wi-Fi connections soon will become easier to secure with a newly available security protocol from the Wi-Fi Alliance. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3, which was first announced earlier this year, is now available for inclusion in products. It brings two deployment models, personal and enterprise, along with a related security set called Easy Connect.

Kevin Robinson, vice president of marketing for the Wi-Fi Alliance, says WPA3 is intended to meet the security needs of wireless users in a security landscape that has become very dynamic. “WPA3 simplifies configuration and adds more authentication and increased cryptographic levels,” Robinson says.

Read more about the official launch of the Wi-Fi Alliance’s latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks, on DarkReading.

Is your Android phone a ‘toxic hellstew’ of vulnerabilities? There’s an app to help you find out

It seems that some Android smartphone makers are lying to users about the patch status of their devices, telling them that they’re up-to-date when they aren’t. Here’s how to find out if your Android smartphone is lying to you.

The first step is to take a trip to the Google Play Store and download SnoopSnitch, an app developed by Security Research Labs, the company behind the report that first discovered that Android smartphone makers weren’t being truthful with users in the first place. The app is free, and download and installation takes only seconds.

Read more about the new SnoopSnitch app developed by Security Research Labs, which can tell you which vulnerabilities have been patched on your Android smartphone, which patches are missing, as well as which new vulnerabilities have yet to be patched, on ZDNet.

New Intel processors to have hardware-based protections against Meltdown, Spectre 2

Intel has officially pushed out microcode updates with Spectre and Meltdown mitigations for all of the processors it launched in the past five years. In addition to this, the company’s CEO announced new, redesigned processor lines that will start shipping later this year and will include hardware-based protection for Meltdown (exploiting CVE-2017-5754, a rogue cata cache load flaw) and variant 2 of Spectre (exploiting CVE-2017-5715, a branch target injection vulnerability).

“While [Spectre] Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two,” Intel CEO Brian Krzanich announced. “We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 [Spectre] and 3 [Meltdown]. Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors.”

Read more about Intel’s announcement that the company has redesigned processor lines that will have hardware-based protections against Meltdown and Spectre 2 on Help Net Security.