The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and reputational damage.

In this story, we have covered everything you need to know about ransomware and how it works.

What is ransomware?

Ransomware is a malicious program that gains control over the infected device, encrypts files, and blocks user access to the data or a system until a sum of money, or ransom, is paid.

Crooks’ scheme includes a ransom note—with amount and instructions on how to pay a ransom in return for the decryption key—or direct communication with the victim.

images from Hacker News

VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.

“A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server,” the company said in its advisory.

The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

“In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix (CVE-2019-19781),” said Positive Technologies’ Mikhail Klyuchnikov, who discovered and reported the flaw to VMware.

“The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity to execute arbitrary commands on the server.”

images from Hacker News

A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed.

The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack can be extended beyond live video feeds to those streamed on YouTube and Twitch as long as a webcam’s field-of-view captures the target user’s visible upper body movements.

“With the recent ubiquity of video capturing hardware embedded in many consumer electronics, such as smartphones, tablets, and laptops, the threat of information leakage through visual channel[s] has amplified,” the researchers said. “The adversary’s goal is to utilize the observable upper body movements across all the recorded frames to infer the private text typed by the target.”

To achieve this, the recorded video is fed into a video-based keystroke inference framework that goes through three stages —

• Pre-processing, where the background is removed, the video is converted to grayscale, followed by segmenting the left and right arm regions with respect to the individual’s face detected via a model dubbed FaceBoxes
• Keystroke detection, which retrieves the segmented arm frames to compute the structural similarity index measure (SSIM) with the goal of quantifying body movements between consecutive frames in each of the left and right side video segments and identify potential frames where keystrokes happened
• Word prediction, where the keystroke frame segments are used to detect motion features before and after each detected keystroke, using them to infer specific words by utilizing a dictionary-based prediction algorithm

images from Hacker News

A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about.

Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working from home.

Like in an eerie doomsday movie, servers were left on in the office, but nobody was sitting in the chairs.

While everyone hopes that the world returns to its previous state, it’s evident that work dynamics have changed forever. From now on, we can assume a hybrid work environment.

Even companies that will require their employees to arrive daily at their offices recognize that they have undergone a digital transformation, and work from home habits will remain.

images from Hacker News

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.

Called “Shadow attacks” by academics from Ruhr-University Bochum, the technique uses the “enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.”

The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks.

To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that’s expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.

“The signers of the PDF receive the document, review it, and sign it,” the researchers outlined. “The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the signers.”

images from Hacker News