Posts

Researchers Quietly Cracked Zeppelin Ransomware Keys

Image
  Researchers Quietly Cracked Zeppelin Ransomware Keys Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said. “We’ve found someone who can crack the encryption.” Peter, who spoke candidly about the attack on condition of anonymity, said the FBI told him to contact a cybersecurity consulting firm in New Jersey called  Unit 221B , and specifically its founder —  Lance James . Zeppelin  sprang onto the crimeware scene in December 2019 , but it wasn’t long before James discovered multiple vulnerabilities in the malware’s encryption routines that allowed him to brute-

McDonald’s to launch cybersecurity apprenticeship program

Image
McDonald’s to launch cybersecurity apprenticeship program DIVE BRIEF McDonald’s to launch cybersecurity apprenticeship program Dive Brief: McDonald’s is set to launch its first registered cybersecurity apprenticeship program in the U.S., part of the government’s 120-day  Cybersecurity Apprenticeship Sprint . The restaurant chain’s program aims to bring talent from Chicago City Colleges to its headquarters. The cybersecurity sprint, championed by the White House, the U.S. Department of Labor, U.S. Department of Commerce, U.S. Department of Homeland Security and other federal agencies, resulted in 194 new cybersecurity registered apprenticeship programs that have been approved or are under development. More than 7,000 apprentices have been hired,  the White House  said Tuesday. The White House touted the registered apprenticeship model as a solution for numerous industries to train a skilled and diverse cybersecurity workforce. Of those that were hired in the private sector, 42% were peo

Disneyland Malware Team: It’s a Puny World After All

Image
Disneyland Malware Team: It’s a Puny World After All A financial cybercrime group calling itself the  Disneyland Team  has been making liberal use of visually confusing phishing domains that spoof popular bank brands using  Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is  ushank[.]com  — which was created to phish U.S. Bank customers. But this group also usually makes use of Punycode to make their phony bank domains look more legit. The U.S. financial services firm  Ameriprise  uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is https://www.xn--meripris-mx0doj[.]com [brackets adde