How to Transfer Your LastPass Passwords to Bitwarden

February 20, 2021 – 6:43 AM

Starting on March 16, 2021, LastPass is changing how its free plan works. You will no longer be able to use the desktop and mobile apps simultaneously. If you wish to use LastPass on your smartphone and your computer, you’ll need to pay for the company’s $3/month plan.

Alternatively, you can switch to Bitwarden. Bitwarden is a secure, open-source password manager that offers cross-device sync and unlimited password entries for free.

Bitwarden’s Premium plan only costs $10/year and gets you access to its two-factor authentication feature (including hardware keys support), emergency access, and 1GB encrypted storage. Bitwarden is available for every platform you can imagine. You can use its desktop app, browser extensions, mobile apps, web client, and even command-line tools.

Moving from LastPass to Bitwarden is actually quite easy. All you have to do is to generate a CSV file from your LastPass account that you can then import directly into Bitwarden.


Ziggy ransomware shuts down and releases victims’ decryption keys

February 7, 2021 – 1:12 PM

The Ziggy ransomware operation has shut down and released the victims’ decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims.

Over the weekend, security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.

In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.”

After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys.

Today, the Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.


New phishing attack uses Morse code to hide malicious URLs

February 7, 2021 – 10:40 AM

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.

Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short sound) and dashes (long sound).

Starting last week, a threat actor began utilizing Morse code to hide malicious URLs in their phishing form to bypass secure mail gateways and mail filters.

BleepingComputer could not find any references to Morse code being used in phishing attacks in the past, making this a novel obfuscation technique.


Seven Common Microsoft Active Directory Misconfigurations that Adversaries Abuse

February 7, 2021 – 7:24 AM

The modern IT organization has a wide variety of responsibilities and competing priorities. As a result, cybersecurity is often overlooked in favor of projects that have an immediate impact on business operations. Unfortunately, this operating model inevitably leads to unaddressed vulnerabilities and security misconfigurations in services and Active Directory. We’ll refer to these unknown vulnerabilities and misconfigurations as “Skeletons in the IT Closet.” These skeletons are then leveraged by attackers to move laterally within a network and escalate privileges within the Active Directory domain.

In this blog, we explore seven of the most common system and Active Directory misconfigurations, how adversaries take advantage of them, and how IT and security teams can address them to strengthen their organization’s overall cybersecurity posture.


Proof-of-concept exploits published for the Microsoft-NSA crypto bug

January 16, 2020 – 5:06 AM

Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).

The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS.

According to a high-level technical analysis of the bug from cyber-security researcher Tal Be’ery, “the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.”

According to both the NSA, the DHS, and Microsoft, when exploited, this bug (tracked as CVE-2020-0601) can allow an attacker to:

  • launch MitM (man-in-the-middle) attacks and intercept and fake HTTPS connections
  • fake signatures for files and emails
  • fake signed-executable code launched inside Windows