LockBit Ransomware: Lessons Learned from High-Profile Breaches

 


Definitely! When providing an overview of Lockbit ransomware, your goal will be to give your readers a clear understanding of what Lockbit ransomware is, its origins, and its key features. Here are the details of the details you can include in that section:

Definition: Let's start by providing a brief definition of LockBit ransomware. Explain that Lockbit is a type of malicious software that encrypts files on a victim's computer or network and demands a ransom payment in exchange for the decryption key.

History and Evolution: Discuss the origins of the Lockbit ransomware. Mention when it first emerged and any significant developments or editions it has seen since its inception. This helps readers understand the timeline and evolution of ransomware.

Distribution Methods: Describe how LockBit ransomware typically spreads. Explain that cyber criminals often use various techniques such as phishing emails, malicious attachments, exploit kits, or exploiting vulnerabilities in software or systems. Discuss any specific distribution methods commonly associated with LockBit ransomware.

Encryption Mechanisms: Explain the encryption techniques employed by Lockbit ransomware. Mention that Lockbit usually uses strong encryption algorithms to encrypt files and make them inaccessible to the victim. Provide some details on the encryption algorithm it uses, such as AES (Advanced Encryption Standard) or RSA (Rivest-Shamir-Edelman).

Ransom notes and extortion tactics: Discuss the tactics used by LockBit operators to communicate with victims and demand ransom payments. Explain that LockBit ransomware usually leaves ransom notes on the compromised system or sends them via email. Mention any distinguishing features of the ransom notes, such as file names or extensions commonly associated with LockBit.

Notable High-Profile Breach: Provide examples of significant high-profile breaches involving the Lockbit ransomware. Discuss well-known incidents where LockBit ransomware has affected organizations or institutions, with an emphasis on the scale and impact of these attacks.

By including these details in your overview section, readers will have a solid understanding of what LockBit ransomware is, how it spreads, and its key features. This sets the stage for the next sections of your blog post, where you can delve deeper into the lessons learned from high-profile breaches and effective mitigation strategies.

TSMC denies LockBit hack as ransomware gang demands $70 million: Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.

Boost Your Internet Speed with Faster DNS IP Addresses




DNS Provider Name
Primary DNS Server
Secondary DNS Server
Google
8.8.8.8
8.8.4.4
OpenDNS Home
208.67.222.222
208.67.220.220
CloudFlare
1.1.1.1
1.0.0.1
Quad9
9.9.9.9
149.112.112.112
Level3
209.244.0.3
209.244.0.4
Verisign
64.6.64.6
64.6.65.6
DNS.WATCH
84.200.69.80
84.200.70.40
Comodo Secure DNS
8.26.56.26
8.20.247.20
Norton ConnectSafe
199.85.126.10
199.85.127.10
GreenTeamDNS
81.218.119.11
209.88.198.133
SafeDNS
195.46.39.39
195.46.39.40
OpenNIC
23.94.60.240
128.52.130.209
SmartViper
208.76.50.50
208.76.51.51
Dyn
216.146.35.35
216.146.36.36
FreeDNS
37.235.1.174
37.235.1.177
Alternate DNS
198.101.242.72
23.253.163.53
Yandex.DNS
77.88.8.8
77.88.8.1
UncensoredDNS
91.239.100.100
89.233.43.71
Hurricane Electric
74.82.42.42
puntCAT
109.69.8.51


15 Fastest Free and Public DNS Servers List

The Domain Name System (DNS) plays a crucial role in translating human-readable domain names into machine-readable IP addresses. It acts as a phonebook for the internet, allowing users to access websites by simply typing in their domain names. However, the default DNS servers provided by your internet service provider (ISP) may not always offer the fastest response times. By utilizing faster DNS IP addresses, you can significantly improve your internet speed and overall browsing experience. In this blog post, we will explore how to find and configure faster DNS IP addresses on your devices.

1. Understanding DNS:
Before diving into the process of optimizing your DNS settings, it's essential to have a basic understanding of how DNS works. Explaining the role of DNS in translating domain names to IP addresses and the importance of fast DNS resolution will set the foundation for the subsequent steps.

2. Finding Faster DNS IP Addresses:
There are several reputable DNS providers that offer faster response times and enhanced security features compared to the default DNS servers provided by your ISP. Google Public DNS, Cloudflare DNS, and OpenDNS are among the popular choices. This section will guide you through the process of identifying and selecting a faster DNS provider.

3. Configuring Faster DNS on Windows:
For Windows users, this section will provide step-by-step instructions on how to change your DNS settings. It will cover both the manual configuration method and using third-party tools that simplify the process.

4. Configuring Faster DNS on macOS:
Similar to Windows, macOS allows you to customize your DNS settings. This section will walk you through the process of changing DNS IP addresses on your Mac, including using the Network preferences panel or third-party applications.

5. Configuring Faster DNS on Mobile Devices:
With the majority of internet browsing happening on smartphones and tablets, it's crucial to optimize DNS settings on mobile devices as well. This section will cover the steps to change DNS settings on iOS and Android devices, ensuring a faster browsing experience on the go.

Optimizing your DNS settings by using faster DNS IP addresses can significantly improve your internet speed, reduce latency, and enhance your overall browsing experience. By following the steps outlined in this blog post, you can easily configure faster DNS on your devices, ensuring faster and more reliable access to websites. 


Canon lide 300 scanner driver windows 7, 32 offline

 Canon lide 300 scanner driver windows 7, 32 offline

There are internet search canon 300 scanner offline so don’t any, driver for google engine. I got only online installation driver windows 64 bit/32 bit and when work IT support, given originations like banks, insurance, then other corporation. They are only limited access for internet other block. 

not easy managements to the install driver for system that why I’m upload this CD DRIVER  

So final you for cd for canon lide 300 scanner driver I will be cd file to the upload the Mediafire server. You can easy download 70.22 MB file zip

 

Malware in the form of Windows 11 upgrade tool

 

Hackers use malicious Windows 11 upgrade software to infect users

Browse digital currencies and wallets. Microsoft has provided an upgrade tool for its users to check their system with this tool to see if it can be installed.

Windows 11 is available to them or not. One of the requirements of the system is the Trusted Platform Module (TPM) version 2.0. Hackers put fake site addresses in search results and users who do not research and check reputable sites,

                          Aiming to install Windows 11.Fake site with a look like a Microsoft site

                               Windows 11-upgrade 11 [.] com Fake site with address

By visiting this site and clicking on Download Now, users will receive an ISO file containing malware.

The download process will not run if a VPN or TOR is used.Infection process

According to CloudSEK, the threat actors behind the campaign are using new malware that researchers have. Using the Inno Setup Windows installer was called "Inno Stealer".To be honest, no code similarities were found with other examples of data theft programs currently in use, and no evidence of malware uploading was found on the Total Virus scanning platform.

In the first step, the loader file written in Delphi language is called Windows 11 setup inside the ISO, which by executing it creates a temporary file called is-PN131.tmp and another .TMP file that the loader writes 3,078 KB of data. The loader also uses Create Process to create new processes that help the Persist, create new processes, and extract 4 more files.

The Persist process is performed by adding the .LNK shortcut file to the Startup folder and specifying access permissions using icacls.exe.Two of the four extracted files are Windows Command Scripts to disable security

Registry, add exceptions to Defender, delete security products and remove shadow volume.

According to the researchers, the malware removes the security products of Emsisoft and ESET, probably because these products detect it as malicious.

The third file is a command execution tool that runs with the highest system scores. And the fourth file is the VBA script to run dfl.cmd.

In the second stage of infection, a file with the extension .SCR is placed in the following path:

C:\Users\\AppData\Roaming\Windows11InstallationAssistant

This file is used to unpack and execute the main program upload by creating a process called

Windows11InstallationAssistant.scr is done.

Malware capabilities

Malware capabilities are the same as malware in its category, such as browser data theft, cookie theft, wallet information theft, digital passwords and clipboard theft, etc.

The following are the browsers and wallets targeted in this campaign:

The target wallets of this campaign

One of the interesting features of Inno Stealer is that it has multi-threaded network management and data theft functions.All data stolen through PowerShell is copied and encrypted into the user's temporary directory and then sent to C&C ("windows-server031.com")

The process of communicating with the C2 server

These Delphi-based uploads, which are sent as TXT files, use the same INNO loader mechanism.

Security solution. The Windows 11 upgrade process has paved the way for the spread of malware campaigns, and this is not the first time this has been reported.

 It is recommended to avoid downloading ISO files from obscure sources and only do the main operating system upgrades from within your Windows 10 control panel or download the installation files directly from the source.

If an upgrade to Windows 11 is not available to you, trying to circumvent the restrictions manually is useless, as this will come with a host of downsides and serious security risks.

Ransomware Gang black cat attack organizations

Ransomware gang has attacked at least 60 organizations globally as of March. BlackCat, also known as ALPHV, is a relatively new group of cybercriminals that operates a Windows ransomware-as-a-service. But while it only appeared on the ransomware crime scene in November 2021, security researchers and federal law enforcement have linked its developers and money launderers. 

To the notorious Darkside/Blackmatter crime rings, "indicating they have extensive networks and experience with ransomware operations," security researchers at Cisco Talos and Palo Alto Networks Unit 42 also noted BlackCat preference for Rust, with Unit 42 saying the gang was "one of the first, if not the first" of its kind to use this programming language. The fact that the gang writes its ransomware in Rust, as opposed to C/C++, is interesting. Rust arguably has crucial safety measures built in, That meaning the malware could be more stable and reliable. 

Like C/C++ toolchains, the Rust environment can be used to build programs for embedded devices, and integrate with other programming languages, said Attivo Networks Chief Security Advocate Carolyn Crandall. The alert also includes BlackCat indicators of compromise and warns the ransomware typically leverages previously compromised user credentials to gain access to a victim's system. "Initial deployment of the malware leverages PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim's network," After breaking in, the malware compromises Active Directory user and administrator accounts, and it uses Windows Task Scheduler to configure malicious group policy objects to deploy ransomware. But before it executes the ransomware, BlackCat steals a victim's data, including

sources by: thecybersecurityhub.com

Apple to launch their first car (Release date design & Price Rumors)

Apple Car is nowhere near lunching stage and it will soon be launched. The development work and design is completed this suggest we can witness new Apple car very soon.

In in April 2021, interview Apple CEO Tim cook discussed autonomous cars which was shocking to the world, and this proves that Apple has a number of projects going on behind the scenes.

Design (probable in image):

 


 

Price rumors:

Some of the team members and experts pointed out that it won’t cost more than USD $40,000 will be a family car and focuses on a mass market.

Editor: Parbat Raman Rizal

Microsoft is warning of a zero-day vulnerability cve-2021-40444

Microsoft is warning of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the threat actors. The vulnerability was exploited by threat actors in malspam attacks spreading weapon zed Office docs. 

The remote code execution vulnerability in MSHTML affects Microsoft Windows, the issue received a CVSS score of 8.8. MSHTML is the main HTML component of the Windows Internet Explorer browser, it is also used in other applications. The vulnerability was reported by Mandiant researchers Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, and Haifei Li from EXPMON. EXPMON researchers defined the attack exploiting the CVE-2021-40444 flaw as a highly sophisticated zero-day exploit attack against Microsoft Office users.

Mitigation published by Microsoft:

Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.

Warning if you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To disable ActiveX controls on an individual system:

1. To disable installing ActiveX controls in Internet Explorer in all zones, paste the following into a text file and save it with the .reg file extension.

2. Double-click the .reg file to apply it to your Policy hive.

3. Reboot the system to ensure the new configuration is applied.

Dahua IP camera forget password how to reset

 

                           Dahua IP camera forgot password how to reset


Today I’m trying to reset step by step guide dahua (IR BULLET NETWORK CAMERA) model no: DH –IPC- HFW1230S1P –S4. Device Initialization and Password Reset for Networking Cameras.

The first step removes the front side camera black flat plastic then two crew open the screwdriver


The second step installation “Config Tooltthis one is old version software and other new version software General_ConfigTool_ChnEng_V5.000.0000001.7.R.20210227” whatever choose and download to the installation you system.


Third step power on IP camera and see this one, whole point 1 as 2 so you will need to touch the screwdriver for just 10 sec. Next step jumper blue cable and orange cable, touch to the lags hold just 10 sec and it’s successfully reset your password.


Fourth step plug in net cable to the camera to pc tab to Network properties click, to the “Ethernet” then click Properties see IPV4 manually change IP address.


Install “Config Tool” click and open tab to the “Search setting” put there manually IP address, and default user “admin” then password “admin” press ok. It’s searching IP for camera IP address show on Config tools

Using “ConfigTool” allows you to initialize remote devices over the same LAN, and supports initializing multiple devices at the same time. Instructions

Step 1 Double click the on the desktop and enter the main interface.

Step 2 Click the to enter the IP configuration screen.

Step 3 Select uninitialized device(s) and then click “initialize” device initialization interface.

Step 4 Select device(s) to initialize, and then click “Initialize” and you access ton the web-base brower type IP address 192.168.1.108 hit enter then open the page login user: admin then New Password.

Data breach of the Ministry of Home Affairs Nepal


 Kathmandu. Data breach of the Ministry of Home Affairs Nepal, the personal information of Nepali citizens has been leaked online. It has been found that sensitive details of citizens are leaked from the websites of various ministries and departments of the government.

The District Administration Office, Makawanpur has been posting the details of the service recipients online. But security experts have expressed concern that the release of a citizen's personal details could lead to possible cyber-attacks and abuse.

A Google search engine for 'site.gov.np sanket number' reveals the details of the service recipients who have obtained passport services from the District Administration Office, Makwanpur.

It includes the name, address, citizenship number, passport number and other details of the citizen.

Assistant District Officer of Makwanpur Baburam Aryal said that the details have been made public online for the information of the service recipients who have applied for passports.

He said that arrangements have been made to keep the details online and provide information to the service recipients in case the passport is ready.

"Other administration offices have also informed the service recipients by making the details public online," he said. "The old details have been removed after a certain period of time. “Stating that the service recipients have not raised the issue of personal privacy so far, he mentioned that if there is any danger from this, it will be removed from the website.

sources by techpana

 

Vulnerable products are used in an organization hacked

 When outdated and vulnerable products are used in an organization, the way to penetrate that organization will be open.

In the broadcast images, it can be seen that Windows 7 is installed on Evin prison systems. Windows that went out of business a year and a half ago and support has stopped. If other equipment is not managed and updated in this way, experts know that it will not be difficult to penetrate this system!

A year and a half ago here the necessary warning was repeatedly given and it was said that from today every Windows 7 is a vulnerability in the organization.

Hackers group have leaked security camera footage from inside Iran's notorious Evin prison showing the brutal treatment of inmates. The surveillance video shows inmates fighting, being hit by guards and dragged along the floor, and in one scene smashing a bathroom mirror in an attempt to use the glass to self-harm. One clip shows the hacker group taking control of monitors in the prison control room, flashing a message stating Evin prison is a stain of shame on Raisi's black turban and white beard" and calling for "nationwide protests to release political prisoners. 

Ebrahim Raisi, the new president of Iran, is a hardline cleric who is subject to US sanctions for alleged human rights abuses, with accusations against him including presiding over a torture regime in Evin prison and ordering mass executions. His victory means hardliners will have full control over all branches of government in Iran for the first time in almost a decade, after ultra-conservatives took a majority in last year's parliamentary elections. 

In a tweet on Tuesday, the head of Iran's prison organisation, Mahammad Mehdi Has Mohammadi, confirmed the authenticity of the leaked security camera footage. Accepting responsibility for the "unacceptable behaviour", Mr Mohammadi committed to dealing seriously with the offenders and, according to a translation by Al Jazeera, wrote: 

I also apologise to God, our dear supreme leader, the great nation and the honourable prison guards, whose efforts will certainly not be ignored due to these errors." Evin prison is notorious for hosting political prisoners, including many dual-nationals and citizens of Western countries, including Nazanin Zaghari-Ratcliffe and Kylie Moore-Gilbert.

How-to Guide Stuff Off Shodan

 As technology advances and society becomes more interconnected, the chances of your digital device being located on full spectrum search engines has increased dramatically. Asset and device owners may choose to intentionally expose their devices to the public Internet, but some are unaware of this potential and unknowingly face a higher risk of cyberattack. The ability to query for Internet-connected assets is vital to managing attack surface, and Shodan.io can support those efforts.

WHAT IS SHODAN1 Shodan (www.shodan.io) is a web-based search platform for Internet connected devices. This tool can be used not only to identify Internet connected computers and Internet of Things/Industrial Internet of Things (IoT/IIoT), but also Internet connected Industrial Control Systems (ICS) and platforms. Further, potential exploits, default passwords and other attack elements can be harvested from search results. Integrations with vulnerability tools, logging aggregators and ticketing systems allow Shodan to be seamlessly incorporated into an organization’s infrastructure.

full read download pdf 


How Linux works 2nd Edition



Praise for the first edition of how linux works

 “A great resource. In roughly 350 pages, the book covers all the basics.” —eWEEK “I would definitely recommend this book to those who are interested in Linux, but have not had the experience to know the inner workings of the OS.” —O’ReillyNet “One of the best basic books on learning Linux, written with the power user in mind. Five stars.” —Opensource-Book-Reviews.com “Succeeds admirably because of the way in which it’s organized and the level of technical detail it offers.” —Kickstart News “This is a very different introduction to Linux. It’s unflashy, concentrates on the command line, and digs around in the internals rather than on GUI frontends that take the place of more familiar MS Windows tools.” —TechBookReport.com “This book does a good job of explaining the nuts and bolts of how Linux operates.” —Hosting Resolve

You can Read fully this PDF

Nepal's cyber security why weaknesses point



Nepal's cyber security why weaknesses point

A few weeks ago, about two thousand government websites were hacked after four hours closed. Question has been raised in Nepal's cyber security.




Experts believe that the hackers attack on the server of national information technology centering of government agencies websites showed a weak state of cyber security.
They said that the incident is large and threatening the national security in the future, will not increase its lessons. Officials say that after the incident adopting more vigilance for cyber security, government officials.


Due to weakness of cyber security, the lack of necessary policy and action plan, lack of investment in security and lack of regular safety test is the main three reasons.

Ø  Predecessor required
According to Cyber ​​Security Advisor Saroj Lamichenne, the government should formulate policy and method for dealing with such incidents.
Lamichhane says: "To avoid such threats, it is necessary to set a definite period and plan cyber security with priority."
He suggested that the criteria for purchase equipment of information technology used in government bodies should be made.
In the event of increasing the use of technology globally, Nepal also needs to formulate timely policy.

"Cyber ​​assault for Nepal cannot be seen as a major subject in the instantaneous situation, even if it is not serious about such issues, it may have to face a major risk at once," he added.
 


Ø  Low investment in security

 

Vice President of Computer Association Nepal (CAN) Federation, Sunnah Pandey said that due to government depression, the country could not invest in information technology sector because the country could not progress relatively well about cyber security.

He said that the government has started keeping important personal details such as citizenship and driver's permission on websites, and said that there could be no higher cost in the future, if not to invest immediately in that area.
Pandey says, "The website seems to be justified after leaving the website now. Information may be stolen at the time of the website running.


He has experienced two or three teams to secure the server in other countries.
"A team is working to attack the server in a new way and another team will resist it so that it can be done immediately after the attack is attacked."
He said that the government wants to save the software from cyber-attack in Nepal.

 

Ø  Security alert

 

Based on the needs of the government, based on a certain type of software, rather than using a website by using the website, then officials say successful hackers are able to attack the same number.
Information Officer of National Information Technology Center, Ramesh Prasad Pokharel told BBC Nepali service, "It has started using non-software software to minimize such incidents - it will likely reduce the potential to hack in future."
According to him, the recent hack did China and India hackers, and it affected the flow of service to various important bodies.

The release issued by the Center was stated that government service was blocked in the official domain name server (gov.np DNS) due to the huge traffic coming from abroad in the Government Unified Data Center.
Pokharel says: "Such conditions have also been made repeatedly, even if there is no definite criterion or policy about making important things like government agencies websites. “There is no security test to continue at that time."

 

 

Ø  Policy arrangements

 

Although cyber assault through the internet cannot be stopped, it can be said that Rosa Kiran Basukula, deputy director of the Nepal Telecommunication Authority, was made rapidly by speeding the process of making necessary policy rules.
Bacukala says: "We have presented the documents regarding cyber security policy in collaboration with the International Telecommunications Association before the government."

He said that it is important to safeguard the website and discourage cybercrimes if the payment for online banking and internet is accelerating.
Sources By: BBCNEPAL