EclecticIQ and Pink Elephant partner to bring leading cyber threat intelligence to the South African cyber security community. The first step in this partnership will be a joint presence at the ITWeb Security Summit, Johannesburg, on 22-23 May, where EclecticIQ's product portfolio will be showcased.

C rypto-currencies tend to polarise opinion between sceptics and strong proponents, and to date, there has been little middle ground. However, this is quickly changing. Indeed, financial services firms in South Africa and globally are seeing increasing demand from their customers for access to....

U ntangle, a leader in comprehensive network security for small to medium enterprises (SME), has announced public cloud availability of Untangle NG Firewall for firewall as a service (FWaaS) deployments in South Africa through ProData , a strategic value-added distributor.

K eysight Technologies (NYSE: KEYS), a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, today announced that Ixia, a Keysight business, released the Ixia 2018 Security Report , highlighting the company's....

W hen people think about hackers, the image that comes to mind is of pimple-faced nerds who sit in a dark room with the gentle hum of a CPU as their only company. They also probably think hacking is a complicated process that takes hours and hours to accomplish.

B usinesses have to develop and release new features continuously to remain relevant. This capability is enabled by DevOps, which enables a continuous cycle of development, testing and release. But the very nature of DevOps can pose a security risk to the business, because the more new updates you....

Als het over DDoS-aanvallen gaat, wordt er veel gesproken over grote en complexe aanvallen. Maar in 2017 zijn DDoS-aanvallen juist minder groot geworden. Dat constateert de Stichting Nederlandse Beheersorganisatie Internet Providers in het DDoS data rapport 2017 .

When speaking on NATO’s alleged “Cyber-Defense pledge” in the conference, he claimed that it had helped nations to view their cyber-defenses universally. have undergone a series of cyber-attacks in the recent years. In France, TV- Cinq Monde was taken down by cyber-criminals, whereas Fancy Bear, a....

© Getty Images/iStockphoto ‘Keeping track of the ingenious ways in which cybercriminals are utilising digitally enabled means of laundering is one of the major policing challenges of the moment,’ says the University of Surrey’s Dr Michael McGuire. “We all have a stake in stopping cybercrime, which....

"America's voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress's three hundred and eighty million dollars, was itself hacked.

The Executive Cyberspace Coordination Act unveiled Tuesday would establish a national office for cyber space at the president’s office and comes after Rob Joyce, the Trump administrator’s cyber coordinator, resigned from his post. Robert Palladino, a spokesman for the National Security Council ,....

Aunque en lo que llevamos de año las criptomonedas han pasado un poco a segundo plano, aún siguen siendo una fuente de ingresos muy jugosa para los piratas informáticos. Por ello, cada poco tiempo seguimos viendo cómo estos crean diferentes clases de malware de este tipo, malware que, cuando infecta....

Answering questions which appear through Facebook memes may make you an ideal target for hackers, say security experts. A recent Facebook meme asked people about the first concert they ever saw, which incidentally is also a security question for many online accounts. Facebook memes are a popular phenomenon.

Nouveau vecteur de croissance pour le marché de la sécurité IT, les solutions basées sur l'intelligence artificielle pourraient représenter plus de 18 Md$ de chiffre d'affaires en 2023 (source : P&S Market Research). Parmi les offreurs de ce type de produits, on trouve des éditeurs déjà reconnus....

In-house lawyers expect to play a greater role in cybersecurity over the next 12 months as organisations brace themselves for the arrival of a tough data protection regime. The European General Data Protection Regulation comes into force on 25 May, placing new duties on organisations that process personal information.

Cisco Talos researchers have spotted a new variant of Telegrab malware designed to collect information from the Desktop version of the popular messaging service Telegram.

Security experts from Cisco Talos group have spotted a new strain of malware that is targeting the desktop version of end-to-end encrypted instant messaging service Telegram.

We all know that Telegram is under attack by Russia’s Media watchdog Roskomnadzor that asked the company to share technical details to access electronic messages shared through the instant messaging app. Last month, the Russian authorities blocked the Telegram app in the country because the company refused to hand over encryption keys of its users to Federal Security Service (FSB) of Russia for investigation purposes.

Now the analysis of the malware revealed it was developed by a Russian-speaking attacker “with high confidence,” the threat actor is mostly targeting Russian-speaking victims.

The malicious code is a variant of the Telegrab malware that was first spotted in the wild on 4 April 2018, it has been designed to harvest cache and key files from Telegram application.

A  second variant of the Telegrab malware emerged on 10 April 2018, the development team appears very active.

While the first variant of the Telegrab malware only stole text files, browser credentials, and cookies, the second version also implements the ability to collect data from Telegram’s desktop cache and Steam login credentials to hijack active Telegram sessions.

Talos researchers discovered that the malicious code is intentionally avoiding IP addresses related to anonymizer services.

“Over the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on April 4, 2018, with a second variant emerging on April 10.” reads the blog post published by Cisco Talos.

The researchers identified the author behind this malware with high confidence, he posted several YouTube videos tutorial for the Telegrab malware. The operators of this malware use several pcloud.com hardcoded accounts to store the exfiltrated data, the experts noticed that stolen info is not encrypted allowing anyone with access to these account credentials to access the exfiltrated data.

“Telegram session hijacking is the most interesting feature of this malware, even with limitations this attack does allow the session hijacking and with it, the victims’ contacts and previous chats are compromised,” says the Talos team.

The malicious code searches the hard drives on Windows targets for Chrome credentials, session cookies, and text files, which get zipped and uploaded to pcloud.com.

Cisco Talos researchers blame “weak default settings” on the Telegram Desktop version, the Telegrab malware, in fact, abuses the lack of Secret Chats that are not implemented on the desktop version of the popular application.

Cisco Talos experts explained that the Telegrab malware works “by restoring cache and map files into an existing Telegram desktop installation if the session was open.

“In summary, by restoring cache and map files into an existing Telegram desktop installation, if the session was open. It will be possible to access the victim’s session, contacts and previous chats.” continues the post. 

The analysis of the malware allowed the researchers to link it to a user that goes online by the name of Racoon Hacker, also known as Eyenot (Енот / Enot) and Racoon Pogoromist (sic).

The Telegram malware aimed at a surgical operation that can fly under the radar and compromise thousands of credentials in a few time.

Such kind of operations is usually not associated with cybercrime gangs that operate on a larger scale. Stolen credentials and cookies allow the malware operator to access the victim’s information on social media and email services (i.e. vk.com, yandex.com, gmail.com, google.com etc.) that are precious source of information for intelligence gathering.

“This malware should be considered a wakeup call to encrypted messaging systems users. Features which are not clearly explained and bad defaults can put in jeopardy their privacy.” concludes Talos experts.

“When compared with the large bot networks used by large criminal enterprises, this threat can be considered almost insignificant.” 

“The malware samples analysed are not particularly sophisticated but they are efficient. There are no persistence mechanisms, meaning victims execute the malware every time, but not after reboots”.

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199"; try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Pierluigi Paganini

(Security Affairs – Telegrab malware, Telegram)

The post Russian Telegrab malware harvesting Telegram Desktop credentials, cookies, desktop cache, and key files appeared first on Security Affairs.

Malgré un paysage de menaces de plus en plus dangereux et une sensibilisation mondiale accrue au piratage et aux violations de données, l’hygiène des mots de passe laisse beaucoup à désirer. Ainsi, un sondage récent de LastPass, un éditeur de gestionnaire de mots de passe, montrait que 91% des....

Согласно документу, большинство существующих средств защиты, которые применяют методы бизнес-правил для обнаружения угроз, не могут выявлять новые атаки, использующие реальные учетные данные пользователей для доступа к конфиденциальной информации. Это означает, что компании рискуют оказаться не в....

Stéphane Richard, PDG d'Orange. ERIC PIERMONT/AFP. L'opérateur lance une campagne de recrutement, Hello Jobs, dans onze villes pour faire connaître ses métiers et choisir ses futures recrues. Des juristes, des techniciens, des informaticiens, des chargés d'affaires, des ingénieurs, des....

De dag bestaat uit een reeks inspirerende lezingen en demonstraties met vakspecialisten uit binnen- en buitenland. Het is alweer de zestiende editie van het evenement. Tijdens de Black Hat Sessions vernemen IT-managers, security officers, techneuten en andere geïnteresseerden op het gebied van....