Security Leftovers
-
The Register UK ☛ Researcher trolls Microsoft over bug disclosure annoyance • The Register
-
Security Affairs ☛ Researcher releases free GPU-Based decryptor for Linux Akira ransomware
Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due to unexpected complexities. The tool doesn’t work like traditional decryptors but instead brute-forces encryption keys using timestamp-based methods.
The researchers explained that he devised the decryption technique recently after he helped a company recovering their data from the Akira ransomware without paying the ransom. The company was infected with a variant that has been active from late 2023 to the present.
Nugroho’s decryptor brute-forces encryption keys by exploiting Akira ransomware’s use of timestamp-based seeds. Akira generates unique keys for each file using four different timestamps with nanosecond precision, hashed through 1,500 rounds of SHA-256. The researcher analyzed log files, file metadata, and hardware benchmarks to estimate encryption timestamps, making brute-forcing decryption keys more efficient.
-
Audiocasts/Shows
-
The Cyber Show ☛ #043 | S5 | Specials | Zero Trust | Part One [Ed: The Cyber Show ☛ direct MP3 link]
Join the team for part one of this three part series, as Andy follows Ed, Helen and media crew Alicja through Threatlocker's Zero Trust World 2025 event in Florida and reflect on zero trust in cybersecurity.
-
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
The attackers were seen controlling multiple Microsoft 365 organization tenants (either new or compromised), creating administrative accounts, creating misleading full-text messages mimicking Microsoft transaction notifications, initiating a purchase or trial subscription event to generate a billing email, and then sending phishing emails using Microsoft’s infrastructure.
-
-
Entrapment (Microsoft GitHub)
-
The Register UK ☛ GitHub supply chain attack spills secrets from 23K projects
StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes in open source projects, noting that more than 23,000 GitHub repositories currently use the automation project's code.
-