Connect with us

Press Release

Member of the REvil ransomware extradited to the United States to face trial for the Kaseya attack

Published

on

Member of the REvil ransomware extradited to the United States to face trial for the Kaseya attack

Member of the REvil ransomware extradited to the United States to face trial for the Kaseya attack
Vasinkyi is thought to be an affiliate of the REvil ransomware, charged with breaking into corporate networks around the world, stealing unencrypted data, and then encrypting every device connected to the network.
The DOJ revealed shortly after Vasinkyi’s arrest that he was behind the ransomware attack against managed services provider Kaseya, which affected thousands of businesses all across the world.

The release from the U.S. DoJ stated that during the alleged attack on Kaseya, Vasinskyi “enabled the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that allowed the Kaseya production feature to deploy REvil ransomware to “endpoints” on Kaseya client networks.”

Data on PCs belonging to companies using Kaseya software worldwide were encrypted after remote access to Kaseya endpoints was achieved and ransomware was installed on those computers.

In order to decrypt every one of Kaseya’s impacted customers, the REvil operation (also known as Sodinokibi) wanted $70 million. But once a law enforcement operation managed to access the ransomware business’s servers, the FBI was given the decryption key.

Vasinskyi is thought to be one of REvil’s long-term associates and has been involved in at least nine ransomware operations against American businesses that have been verified.

Eleven counts are supported by the indictment, which was revealed after his detention and links them to separate attacks on North American businesses.

The accusations against Vasinskyi for his acts are as follows:

conspiracy to commit fraud and similar computer-related behaviour
intentional harm to systems behind a firewall
collaborating to launder money
Vasinskyi will be imprisoned for a total of 115 years if found guilty on all counts. He will also lose all of his possessions and financial resources.

In order to remotely manage their clients’ networks, such as pushing out patches, providing remote help, and controlling the Windows domain, managed service providers utilise specialised software.

Since the beginning of the GandCrab and REvil ransomware operations, an affiliate has continuously demonstrated proficiency with MSP platforms by leveraging them to encrypt the clients of targeted MSPs.

With the help of the specific software that managed service providers employ, such as the Kaseya, ConnectWise, and WebRoot MSP platforms, successful attacks against these providers have been made possible.

The Kaseya assault may have been carried out by the same affiliate since it made use of previously undiscovered zero-day vulnerabilities and deep system knowledge.

Vasinskyi’s arrest and potential imprisonment, if he is this affiliate, will be advantageous to the MSP sector because there will be one less threat player to be concerned about.

REvil in suspense
Given that Ukraine and the United States do not currently have an extradition agreement, the Vasinkyi case is a victory for American law enforcement and the judiciary.

He is not, however, a fundamental member of the famed RaaS (ransomware as a service) group, but rather one of the countless REvil affiliates.

Two alleged REvil associates were detained on November 4, 2021, in Romania and Kuwait as part of a global law enforcement operation orchestrated by Europol and Interpol.

The Federal Security Service (FSB) announced the arrest of fourteen alleged REvil members on January 15, 2022, but the group’s top operatives are still believed to remain at large.

Even if the REvil ransomware organisation has been shut down, it wouldn’t be unexpected if some of its core members or affiliates later rebranded as a new operation.

 

Continue Reading

Press Release

Characteristics That Set Mega888 Apart From Other Online Casinos

Published

on

Characteristics That Set Mega888 Apart From Other Online Casinos

The world of online gaming has never been the same since the launch of Mega888. It may be argued that the casino is the greatest online casino for all of your gambling needs because it has accomplished so much in such a short period of time.

There is a list of other online casinos, however the majority of them cannot be compared to Mega888. So what precisely sets Mega888 apart from other online casinos? We’ve put together a collection of justifications to aid you comprehend Mega888’s virtues.

The casino provides patrons with a wealth of amenities. So, these are the characteristics that set Mega888 apart from other online casinos in the gambling sector.

Quality of the Online Casino Overall
Prior to going any further, it is important to note the casino’s general level of excellence. One of the main reasons Mega888 is trustworthy is because it never takes advantage of or scams its customers.

The casino will take steps to protect every player from fraud of any kind, making Mega888 a trustworthy and respectable online casino. The Mega888 team is always developing new features to improve the playing experience.

The high-quality games that Mega888 has to offer are among its best features. The online casino’s selection of games goes well beyond simply having outstanding gameplay. The online casino is top-notch because the games have incredible graphics and the casinos provide outstanding customer service to all of their customers.

Mega888 Has Several Different Games.
The range of games available at Mega888 is one of the premium attractions. Mega888 provides an incredible selection of games, all of which are of the highest calibre. The online casino offers a wide variety of games, including shooting, fishing, and arcade games.

Additionally, if you still think that this is insufficient, players can choose from a number of table games. The developers at Mega888 are constantly working to provide fresh material for the players at the online casino, so whenever a player enters the site, they will find new games.

To keep the platform updated with new games each month, the online platform occasionally undergoes maintenance. Consequently, each time you play at the online casino, you will have a distinctive gaming experience. Players can currently choose from hundreds of slot games, numerous live table games, and much more.

Mega888’s security is impenetrable.
The security of the Mega888 is one of its key characteristics. All gamers at Mega888 are helped by the security system’s design, which protects them from danger or attacks from outside sources. However, this wouldn’t have been possible if Mega888 hadn’t given the security team a sizable sum of money from their annual budget.

This indicates that the online casino places a high priority on security and won’t compromise it for anything. There is no history of fraud or account hacking at the online casino’s security. It demonstrates that the online casino ensures the confidentiality of all player financial and personal information right from the start.

You won’t ever need to be concerned about a hack or scam involving your account. The online casino has a good reputation, and Mega888 has received approval from numerous organisations as a legitimate online gaming platform. Additionally, numerous licencing companies have endorsed the casino, demonstrating that it is a secure and safe location to gamble.

The two-factor authentication barrier that Mega888 has for players between the email and the Mega888 Apk is its best security feature. This means that it would be nearly impossible for any outside attacker to access a player’s account without going through two distinct layers of security.

Additionally, if a hacker tries to steal money from a transaction, the online casino’s management team will immediately transfer the money to the legitimate owner after learning about the behaviour.

The security system’s usage of a 128-bit encryption technique is another observable aspect. The casino maintains sensitive data using this technique, including user names, passwords for Mega888 accounts, and financial information.

The online casino’s high level of encryption prevents many hackers from accessing any accounts. Last but not least, the online casino has a firewall that prevents hackers from accessing the site.

Services for Instant Cash Out Using Mega888
Every online casino has its unique cash-out options, and given that these services are available online, it is crucial for the platform to guarantee that the casino offerings are reliable and prompt. Mega888 ensures that their services are simple to use.

All of Mega888’s services to its players appear to be seamless. All that is required of players is consistency and a willingness to take financial risks when playing at an online casino. The casino has remarkable and simple processes in place so that players may withdraw their money with little hassle.

You must get in touch with a dealer in order to collect your money. You have a number of options for doing that, some of which include WeChat, real-time chat, phone calls, or WhatsApp. Make sure that the choice you choose is practical for you since the dealers Mega888 offers are knowledgeable, competent, and professional.

Every request a player submits receives a response within 24 hours, and any questions they may have will be addressed as soon as possible. Players can retrieve their money in the quickest and safest possible manner in this fashion.

Last Words
Overall, Mega888 might have a lot of characteristics that make it a casino you definitely want to play at. However, before you take the major step of gambling with your own money, it’s crucial to understand more about the games and their rules.

Continue Reading

Press Release

PHP source code was given backdoors thanks to a compromise of the Git server.

Published

on

PHP source code was given backdoors thanks to a compromise of the Git server.

The official PHP Git repository was breached in the most recent software supply chain attack, and the code base was modified.

Yesterday, two malicious commits were uploaded to the PHP team’s git.php.net server, which hosts the php-src Git repository.

Threat actors had verified these commits as if Rasmus Lerdorf and Nikita Popov, two well-known PHP developers and maintainers, had made them.

PHP Git server has an RCE backdoor installed.
Yesterday, two malicious contributions were uploaded to the official PHP Git repository in an effort to corrupt the PHP code base.

The event is concerning because 79% of websites on the Internet still use PHP as their server-side programming language.

The attackers released a mystery update upstream called “repair typo” in the malicious commits [1, 2] that BleepingComputer saw under the guise of a little typographical patch.

Looking closer at the newly added line 370, where the zend eval string function is used, reveals that the code in fact creates a backdoor for quickly achieving Remote Code Execution (RCE) on a website using this hacked version of PHP.

Developer Jake Birchall for PHP responded to Michael Voek, who had discovered the error originally, with the explanation, “This line executes PHP code from within the useragent HTTP header, if the string starts with ‘zerodium’.”

Nikita Popov, a PHP maintainer, explained the following to us via email:

“During a regular post-commit code review a few hours after the first commit, it was discovered. The modifications were immediately undone because they were blatantly malicious “According to Popov, BleepingComputer.

The malicious commit was also done under Rasmus Lerdorf’s identity, the person who created PHP.

But that should come as no surprise because with source code version control systems like Git, it is possible to sign off a change locally under a different identity [1, 2] and then upload the spoof commit to the remote Git server, where it appears to have been signed off by the person listed on it.

According to PHP maintainers, this malicious activity originated from the compromised git.php.net server rather than from the compromise of an individual’s Git account, despite the fact that a thorough investigation of the incident is still ongoing.

The official PHP codebase has been moved to GitHub.
Following this event, the PHP maintainers have chosen to move the official PHP source code repository to GitHub as a precaution.

We’ve made the decision to stop running the git.php.net server even though our investigation is still ongoing since we believe that keeping our own git infrastructure is an unnecessary security risk.

Popov stated that the GitHub repositories, which were previously merely mirrors, “would become canonical.”

After this modification, Popov demands that any future code updates be uploaded directly to GitHub rather than the git.php.net site.

Anyone who wants to contribute to the PHP project must now join the PHP organisation on GitHub.

The same security alert includes advice for doing that.

You would need to have two-factor authentication (2FA) set on your GitHub account in order to join the organisation.

Beyond the two commits that were mentioned, “We’re investigating the repositories for any corruption,” says Popov.

In order to learn the full scope of this attack and whether any code was transmitted downstream before the fraudulent commits were discovered, BleepingComputer contacted Popov and the PHP security team.

Although it might have been cloned or forked in the interim, no tags or release artefacts reflect the changes.

Popov added to BleepingComputer, “The changes were in the development branch for PHP 8.1, which is scheduled for release at the end of the year.

The PHP team has confirmed to BleepingComputer that they want to decommission their git server ultimately and switch to GitHub permanently in the coming days.

Continue Reading

Press Release

ADOBE ENDS SUPPORT FOR FLASH TODAY AND WILL START BLOCKING FLASH CONTENT FROM JANUARY 12; MAJOR BROWSERS WILL BLOCK FLASH CONTENT FROM JAN. 1 (T.C. SOTTEK/THE VERGE)

Published

on

BLOCKING FLASH CONTENT FROM

Adobe ends support for Flash today and will start blocking Flash content from January 12; major browsers will block Flash content from Jan. 1  —  It’s the end of the line  —  Adobe scheduled its famous Flash software to end on December 31st, 2020, and today is the day.

Continue Reading

Trending