January 22, ZDNet – (International) TeslaCrypt flaw opens the door to free file decryption. A security researcher discovered that the TeslaCrypt ransomware and variants of TeslaCrypt 2.0 contained a design flaw in how the ransomware’s encryption keys were stored in a victim’s computer following the discovery that a new Advanced Encryption Standard (AES) key was generated during each encryption session, revealing that researchers could use specialized programs to retrieve prime numbers of the stored keys to reconstruct a decryption key. Researchers developed software that generates decryption keys for TeslaCrypt files with the extensions .ECC, .EZZ, .EXX, .XYZ, .ZZZ, .AAA, .ABC, .CCC, and .VVV. Source
January 21, Softpedia – (International) Backdoor account found on devices used by White House, US military. AMX released a firmware update for its NX-1200 device, a central controller used by the White House for conference room equipment, after a security researcher from SEC Consult discovered that older versions of the devices’ firmware were embedded with a series of backdoor accounts under the username, “BlackWidow” and “1MB@tMaN” that could have allowed attackers to spy on users and hack the device. A source code named “setUpSubtleUserAccount” was found to set up hidden user accounts without appearing in the devices’ configuration screen, posing several vulnerabilities. Source
January 21, Softpedia – (International) Kovter malware victims were secret zombies in the ProxyGate proxy network. Security researchers from Forcepoint detected that the Kovter malware was recently distributed through an email campaign attached with ZIP files that when opened, executes a JavaScript file and connects to a web server without the users’ consent and downloads the Kovter malware, and two additional payloads including the Miuref adware and the ProxyGate installer. Researchers believe the author of the campaign may be running other malicious campaigns through ProxyGate’s network to increase his available proxy output Internet Protocol (IP) address by using the Kovter’s payload. Source