@stacksofplates said in Researchers use Intel SGX to put malware beyond the reach of antivirus software: Did you see what Intel said regarding this: Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure. Outside of the threat model?......... Haha, whatever that means.

@travisdh1 said in Decrypting Rapid Ransomware: Might be an opportunity to get started with that if you don't. Not sure what FoolishIT.com is.. Ill have to look that up in a little

@dbeato said in Dell Machines Unable to VPN Due to SmartByte Bloatware: @scottalanmiller said in Dell Machines Unable to VPN Due to SmartByte Bloatware: SmartByte, a bit of bloatware or possibly malware - certainly closer to malware than not, is shipping by default on some Dell laptops and desktops. If you are doing a clean OS install as is best practice, this bloatware will be unknown to you. But if you keep the random stuff that ships with your machine, you may run into networking problems. SmartByte has been found by Cisco (and us, now that we know about it with clients) to break network connections and specifically has been found to cause VPNs to fail to connect. You'll need to disable, or better remove, or best do a proper, clean OS install, to get your machine able to network reliably. None of my Dell Devices has ever come with this. Not even laptops bought through Amazon. In the past Dell and HP have had the Cisco AnnyConnect client but that is found more on home and retailers like Best Buy, Staples or such. Then again I don’t buy Dell Inspiron (Which are the ones with SmartByte for sure) I never run into it because I would never run a machine without doing a proper OS install, you never know what is on there. But we ran into this (and I've been ranting about how people got into the process of not doing a clean install - dealing with that separately) just now because someone had a machine that didn't get installed and, of course, terrible bloatware problems.

@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?: @scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?: @momurda said in HP Possible pulling a Lenovo with Stealthy spyware?: I don't trust hardware manufacturers to write good software. I trust them to make good hardware. That, too. This really doesn't compute to me. If you have bad drivers, how can you expect your hardware to perform well? How often do you have vendors making their own drivers? Sometimes, but not all that often.

@stuartjordan said in NextCloud Introduces a Ransomware Protection App: That is Great to hear, they are constantly developing on the project. They really are. It's very busy.

Pretty sure that ShadowCopy is still time only.

After monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now. NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same. Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who. You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen: It never bothers to generate a valid infection ID The Master File Table gets overwritten and is not recoverable The author of the original Petya also made it clear NotPetya was not his work This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker. Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware." Cybersecurity has moved from tech to a CEO and Board-level business issue You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from tech to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to: Have weapons-grade backups Religiously patch Step users through new-school security awareness training.

@stus Thanks. Was just reading about it here.

@EddieJennings said in PowerPoint Hovering Attack: @mlnews Looks like the tl;dr is don't enable content unless you're 100% sure of the source. Or download it. Or open it....

Never used this but take a look... http://www.smikar.com/

I mean I know it all sucks and it would be awesome if all the right people got all the right info and took all the right actions. but they don't and won't. So we need to push everyone that we can to do what they can. It's just what we have to work with.

Someone in the CIA is busy explaining to some congressional sponsors how their "no one will ever know it was us" isn't going as planned.

@travisdh1 No, yeah that's a good point. Just didn't think about it like that.

@Ambarishrh said in virus cleanup-advise needed: Can webroot help me here, thinking of using webroot and see if it can clean Maybe. Anything "might" work. But you'll never know.

@Dashrender said in DNSMessenger malware: That's all fine and dandy my point was that this hack is currently worthless on its own it requires a previous hack in order to make this one work The point is not how the infection was started. The point is that the infection itself is completely fileless. Never writing data to the disk. There are multitudes of ways into a Windows system that an attacker could use to execute the initial code.

Wow, that IS a scary one.