The notorious crypto-ransomware infections in the past, such as CryptoLocker and WannaCry, can immediately disrupt the access to files or systems after ransomware deployment. With no backups of the compromised systems, the victim has no choice but to pay the ransom and hope the attackers will restore the systems. Additionally, the threat actors pressure victims to pay the ransom demand by stealing the data and threatening to release the stolen data publicly. In the last year, ransomware is still the major malware threat, with 60% of managed service providers seeing attacks in the first half of 2020. The ransomware industry has continued to evolve with more sophisticated new ransomware families and more effective threat actors. We investigate the three most active ransomware families reported by Group–IB in 2020 (Maze, REvil and Ryuk). They stand out to other ransomware families with massive impact by leveraging sophisticated techniques. It is important to recognize the extensive analysis that has been done on these ransomware families by the security companies. Although each ransomware has different source codes, they show some common behaviors when they strike. We summary the behavioral patterns of the chosen ransomware families and present the characteristics of each ransomware family.
If you are familiar with OAuth 2.0, you probaly have heard of json web token many times (jwt token). In general, the access token in OAuth 2.0 protocol can have different formats and be protected by different crypotographic primitives. In this blog post, we will only discuss the jwt token in depth. JWT token is popular because it is powerful and authenticated. You can specify any assertions when creating the token to make it more expressive. The token is signed by the issuer (mostly not encrpted) so that no one can forge an token if he or she does not have the secret key. Sounds so far so good right? Until recently, I read some interesting attacks on the JWT token. So I decide to write a blog post about it. It is particulaly important to be aware of these attacks so that you can choose a secure implementatiion of jwt token library or if you want to implement secure jwt token from scratch. Let's dive in!
The Linux random number generator (LRNG) produces random data for many security related applications and protocols. The generator is part of the Linux kernel open source project which has different versions since the original one. The survey describes the generator of Linux kernel version 22.214.171.124. The study provides a comprehensive analysis of all functions in LRNG as well as a security analysis against cryptographic attacks.
The OAuth 2.0 protocol is one of the most widely deployed authorization protocols. The authorization is the process for granting approval to an entity to access a resource. The authorization task itself can be described as granting access to a requesting client, for a resource hosted on the resource server (RS). This exchange is mediated by the authorization server (AS). Popular social networks such as Facebook, Google implement OAuth 2.0, allowing users to delegate access to specific functions to the third party (client). For example, Google (AS) uses OAuth to allow the email application (client) to add entries into users calendar on her behalf. It also allows a user to log in to a third-party application using her identity managed by an AS. Authorization and SSO solutions have found widespread adoption in the web over last years, with OAuth 2.0 being one of the most popular frameworks. This article contains the following components: (1) Introduction of OAuth 2.0 framework in technical details. (2) Presentation of significant attacks found in the protocol itself and in the implementation. (3)Description of implementation decisions that trade security for simplicity. (4) Providing Simple and practical fix against the aforementioned attacks. Some simple and practical recommendations will also be very helpful to mitigate attacks on extensions of OAuth 2.0. For example, some fixes would also be applicable to improve the security of OAuth based access control in the constrained environment (i.e.IoT).