What’s new in the Segment landscape?
HTCAP - new (cool) features released
htcap, our super powerful web crawler/security scanner, has been updated with lots of cool features, such as:
- heuristic engine to detect duplicated contents
- the ability to crawl the DOM even if no ajax requests are triggered
- improvements on the synchronous DOM crawler
- url deduplication based on the request pattern
Check'em out on github!
New Ransomware Attack Discovered
In the last hours a new ransomware attack is targetting companies and governament agencies across Europe, including the Kiev airport, Chernobyl nuclear power plant and many Italian companies.
Once infected, the PC reboots itselfs and gets stuck BEFORE loading the operating system asking for the ransom.
The Segment's Team analized a sample of the malware and it realized that (probably) only the first few bytes of the disk gets encrypted. Hence it could be possible to recover some of the locked files without paying the ransom.
It seems that with common "file rescue" programs (such as photorec or authopsy) it's possible to read the unencrypted data on the disk and try to restore the files.
Behavior: Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer. Actions to be taken: 1. Block source E-mail address firstname.lastname@example.org 2. Block domains: http://mischapuk6hyrn72.onion/ http://petya3jxfp2f7g3i.onion/ http://petya3sen7dyko2n.onion/ http://mischa5xyix2mrhd.onion/MZ2MMJ http://mischapuk6hyrn72.onion/MZ2MMJ http://petya3jxfp2f7g3i.onion/MZ2MMJ http://petya3sen7dyko2n.onion/MZ2MMJ http://benkow.cc/71b6a493388e7d0b40c83ce903bc6b04.bin COFFEINOFFICE.XYZ http://french-cooking.com/ 3. Block IPs: 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 4. Apply patches: Refer(in Russian): https://habrahabr.ru/post/331762/ 5. Disable SMBv1 6. Update Anti-Virus hashes a809a63bc5e31670ff117d838522dec433f74bee bec678164cedea578a7aff4589018fa41551c27f d5bf3f100e7dbcc434d7c58ebf64052329a60fc2 aba7aa41057c8a6b184ba5776c20f7e8fc97c657 0ff07caedad54c9b65e5873ac2d81b3126754aac 51eafbb626103765d3aedfd098b94d0e77de1196 078de2dc59ce59f503c63bd61f1ef8353dc7cf5f 7ca37b86f4acc702f108449c391dd2485b5ca18c 2bc182f04b935c7e358ed9c9e6df09ae6af47168 1b83c00143a1bb2bf16b46c01f36d53fb66f82b5 82920a2ad0138a2a8efc744ae5849c6dde6b435d myguy.xls EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6 BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD
Segment’s disclosure is reaching the hype
The recent disclosure of our CEO, Filippo Cavallarin, has rapidly spread creating a big fuss internationally and among the clients of Interlogica group, we are part of.
In fact, in making this a phenomenal discovery by Segment, we can list The Register, Softpedia, Security Info and Reddit among several international headlines and social platforms Cyber Security-oriented.
The unveiled vulnerability, the Remote Code Execution of Microsoft Remote Desktop Client for Mac, focused on a criticality on the implementation of the RDP url schema, which enables the remote access to local resources.
In the rdp url scheme it is possible to specify a parameter that allows a malicious terminal server to read and write the user’s home directory without any interaction or knowledge. The publication of the proof-of-concept made essential for Microsoft and Apple to solve the bug by providing systems updates.
The raising hype around the news has become so disruptive because all our clients are aware of it, giving us a wider exposure.
Segment and Alien Vault now partner!
Thanks to the brand new partnership with AlienVault and its high skilled team, Segment can now offer high quality Managed Security Services.
AlienVault products allow Segment to meet its customer needs by building and running advanced Security Operation Centers (SOC) to monitor and manage the security of the whole IT network.
AlienVault is acknowledged as one of the world's largest IT security platforms able to manage unified security tools to better defeat digital threats.
Segment in Verona, last stop of the 2016 #SecuritySummit roadshow!
Still going into the depth of the Cyber Security, still having something new to tell!
Don’t forget to follow Segment in Verona at the 2016 #SecuritySummit and on our social!.
Tweet with us!
Visit the Security Summit website!
Segment sponsorship still goes on at the June session of the 2016 Security Summit
The 2016 Security Summit roadshow continues and is about to arrive at the next stop: Rome.
Thus, even the Segment sponsorship goes along: in the capital city it’s going to provide you with news and focus on the most relevant speeches of those days.
Breaking news directly on Twitter!!
Segment technical sponsor of the spring session’s HackInBo 2016
At its 6th edition, HackInBo is the free event on Cyber Security held in Bologna, a format never conceived before 2013.
This happening aims to provide a spot where cyber security experts can unhurriedly talk about emerging trends, latest issues on IT and Security, and keep all hackers and professionals updated.
Segment will provide the live streaming which will take place on Saturday, May 14th and the interviews to the speakers on Sunday, May 15th.
Segment and its first appearance at the March 2016 Security Summit
Since 2010 Security Summit roadshow has become the major event so far in the evolving italian security landscape. This occasion marks the hardship of safeguarding computing environments from cyber threats and the necessary call for security of digital data, networks and systems.
Over the years this showcase attracted more than ten thousands of people with details and overviews on the developing technology within the cyber protection market.
As a cybersecurity provider, Segment has decided to sponsor the streaming at the first session of the summit, that you can watch on the homepage.
Htcap: a web application scanner recently developed and already a success
The way to the success of this Segment tool, Htcap, has been paved by the article written by the editor in chief Mr.Zorz (here), describing it as “a free web application scanner that can crawl single page applications in a recursive manner by intercepting Ajax calls and DOM changes.
The app is focused mainly on the crawling process and uses external tools to discover vulnerabilities. It’s designed to be a tool for both the manual and automated penetration testing of modern web applications.[..]
The scan process is divided into two parts. Htcap crawls the target and collects as many requests as possible and saves them to a SQLite database. When the database is populated, you can explore it with tools such as SQLite3 or DBEaver, or export the results using built-in scripts.[..]
The tool supports three scan modes: passive, active and aggressive. When in passive mode, the app doesn’t interact with the page and only follows links. Active mode triggers all discovered events, while aggressive mode makes Htcap also fill input values and post forms.[...]”