source: threatpost.com

Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options and comes with top-notch encryption.

Spora was spotted last week by ransomware experts at BleepingComputer, who said after Spora encrypts files on your computer, it offers four tiered payment options: Full Restore ($79); Immunity ($50); Removal ($20); and File Restore ($30). Spora also offers a Free option that allows you to decrypt two random files in order to win confidence that encrypted files can be restored. Pricing varies based on the system infected.

“Spora’s decryption service is something that we haven’t seen in any other ransomware decryption site,” wrote BleepingComputer in a technical breakdown of the ransomware. It said Spora had “the most sophisticated (payment site) it has seen from ransomware authors as of yet.”

Payment options are straightforward with Immunity meaning immunity from future attacks. The Select File option allows victims to choose a limited group of files to restore, but not a full system decryption.

The unique payment options, researchers believe are inspired by cybercriminals seeking more options to provide victims who may be less inclined to pay a full ransom. For example, a victim might be less inclined to pay $79 to recover files they had safely backed up. But they might pay $20 to have the ransomware removed from their system.

Another distinguishing feature of Spora is the implementation of the encryption which researchers say is well thought through. The ransomware works offline, staying low profile and generating no network traffic to outside C2 servers.

 

source: cnet.com

It seems that password security doesn't work.

Many of us rely on simple, easy-to-remember strings of characters and letters, including those found on your keyboard such as "1234567" or "qwertyu."

While these passwords are easy for you to remember, they're also no trouble for attackers using brute-force hacking techniques, or little more than a guess or two. Meaning hackers can easily compromise your online accounts and take over your digital identity.

Despite the growing availability of security features like two-factor authentication, it appears many people still haven't gotten the message about strong passwords.

The most common passwords used to protect our accounts haven't changed much over the past few years, and "123456" is still very much in existence, according to password management service Keeper Security.

 

The company scoured through 10 million passwords which became public domain during 2016 thanks to data breaches. Keeper Security found that almost 17 percent of people used "123456" to protect their accounts from intrusion, while "123456789," "qwerty" and "password" also made the list of 25 Most Common Passwords of 2016.

"We can criticize all we want about the chronic failure of users to employ strong passwords," Darren Guccione, CEO and co-founder of Keeper Security, said. "But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies. It isn't hard to do, but the list makes it clear that many still don't bother."

In total, four of the top 10 most common passwords were six characters or shorter. On average, it only takes seconds to brute-force hack these kinds of accounts. Allowing for such short passwords is the fault of online vendors and operators.

"While it's important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves," Guccione added. "IT administrators and website operators must do the job for them."

There is an interesting exception on the list: "18atcskd2w" was the No. 15 most common password discovered in the data. These accounts were created by bots designed to spread spam on online forums, according to security researcher Graham Cluley.

 

THE TOP 10 LOUSY PASSWORDS OF 2016 (yes, folks...these are really used!)

 

 

source: technewsworld.com

Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigNot long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and create a flexible pad containing the print that could be used to break into a phone.

Now the CCC hacker known as "Starbug" has used digital photography to perform the same trick without lifting any prints at all. At a recent cybersecurity conference, Starbug demonstrated how he created the thumb print of German Minister of Defense Ursula von der Leyen from several news photos.

"After this talk, politicians will presumably wear gloves when talking in public," Starbug said.

The process takes some effort. After finding some high-resolution photos, the fingerprint needs to be outlined on tracing paper, copied onto a plastic board, covered with graphite, then coated with wood glue to create the pad containing the print. The materials to perform the operation can be assembled for about US$200.

While Starbug may have created something that looks like the defense minister's fingerprint, one expert questioned other claims made by the hacker.

"If he can take that fingerprint to a scanner at the Ministry of Defense and make that scanner think he's the minister of defense, then he has done something, but I don't believe he's done that," said Chace Hatcher, CEO ofDiamond Fortress.

"The Chaos Computer Club is suffering from what it accuses the biometric industry of suffering from: hyperbole," he told TechNewsWorld.

"The Chaos Computer Club is pointing out weaknesses in the system, and that's a necessary and admirable thing, but this isn't the 'Holy Cow' moment Starbug purports it to be," Hatcher said. "The idea that public officials are going to start wearing gloves because of this is ludicrous."

Fingerprints From Selfies?

Given the number of selfies posted to the Internet every day, should we start worrying about hackers lifting our fingerprints from those images?

"Most ordinary photographs are not high-resolution enough to detect all the necessary ridges in a fingerprint," said Harry Sverdlove, CTO of Bit9 + Carbon Black.

Even if a high-resolution photo were posted to a social media site, it's unlikely it could be used for capturing fingerprints.

START 2017 WITH SOME

 

As the new year begins, it's probably the best time of the year to start stocking up on those things that (a) you realize that you really want and need, (b) you didn't get under the tree, or (c) found that your friend and/or neighbor has and you really need it after all.  Today, we bring you a little cornucopia of things that fill one or all of these categories.  In any case, they clearly meet or exceed Artemus' criteria for "Really Cool Stuff."  Take a look for yourself!

 

Available on Amazon.com, Spy Sites of Washington, DC is a must read and a must have!  Be one of the first to have your own copy.  The book hits the stands on January 13 and is available now as a pre-order!


The "AirBar," by Neonode gives your laptop (Windows or Mac) touchscreen capabilities. The sleek, lightweight device emits an invisible light field over the screen that senses touch from any finger, stylus, paintbrush, etc.


Mohu's "AirWavewireless over-the-air (OTA) and over-the-top (OTT) device that integrates live, local broadcast TV with free streaming channels in one easy to use on-screen guide.  The Mohu AirWave combines OTA and OTT content from across popular streaming devices, including Apple TV, Roku, Fire TV, Android, iOS and others.


Stay tuned for more "things I must have" in upcoming issues of "Artemus Spotlights."