Secret Keeper – Python Script To Encrypt & Decrypt Files With A Given Key

Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard (AES). CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. FeaturesSecret Keeper has the ability to generate a random encryption key base on the user input.Secret Keeper can successfully encrypt and decrypt .txt and .docx file types.How to Install and Run in Linux[1] Enter the following command in the terminal to download it.git clone https://github.com/Sameera-Madhushan/Secret-Keeper[2] After downloading the program, enter the following command to navigate to the Digger directory and listing the contentscd Secret-Keeper && ls[3] Install dependenciespip3 install -r requirements.txt[4] Now run the script with following command.python3 Secret-Keeper.pyHow to Install and Run in Windows[1] Download and run Python 2.7.x and Python 3.7 setup file from Python.orgIn Install Python 3.7, enable Add Python 3.6 to PATH[2] Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.[3] Afther that, Run Command Propmt and enter these commands:git clone https://github.com/Sameera-Madhushan/Secret-Keepercd Secret-Keeperpip3 install -r requirements.txtpython3 Secret-Keeper.pyWorthy of AttentionEncryption of image files, audio files & video files using secret keeper may results corrupted outputs. Please make sure to have a backup before trying to encrypt above mentioned file types. (No issue with .txt and .docx file types) Please help me to fix this. Please make sure to remember the encryption key you enter. If you lose it you’ll no longer be able to decrypt your files. If anyone else gains access to it, they’ll be able to decrypt all of your files. Download Secret-Keeper

Link: http://feedproxy.google.com/~r/PentestTools/~3/zdhOMfTiOhQ/secret-keeper-python-script-to-encrypt.html

Black Friday & Cyber Monday Deals: Phishing and Site Skimmers

It’s that time of year again! The most glorious of shopping seasons has arrived, and users have commenced their annual tradition of flooding e-stores in search of the best deals that their money can buy. Threat actors, keen to take advantage of increased seasonal shopping activity, are deploying targeted phishing campaigns and site skimmers in the hopes of cashing in. The spectrum of attacks is reaching users in nearly all aspects of their online presence. Email, tweets, and websites are all vehicles of abuse. Zscaler has seen a steady rise in phishing attacks leading up to Black Friday and Cyber Monday, and we’ll provide an overview of them here. Fig. 1: Malicious activities from mid-October through mid-November. The turquoise bars represent targeted phishing attacks. Targeted phishing Examining one of the targeted phishing campaigns illustrates the need for caution when shopping online. The faked Amazon screen provides the perfect example, because Amazon is probably the most prolific online shopping site used during the holidays. Aside from the address bar, it’s a relatively good knock-off. Fig. 2: Faked Amazon sign-in form. This attack doesn’t stop at compromising your Amazon credentials. This site also wants your credit card information! Fig. 3: Faked Amazon billing page. A closer look at this attack shows that the attackers don’t even have the decency to encrypt your stolen credentials. Fig. 4: Wireshark exposes the packets moving between client and server over HTTP. The best defense is to always be conscious of the address bar. A store like Amazon is never going to ask you for sensitive information away from the Amazon site. Site skimmers Other sophisticated attacks that have proven to be even more insidious are site skimmers like MageCart. MageCart refers to a hacker group that is responsible for large-scale attacks on e-commerce sites. MageCart will compromise a well-known or trusted site and inject malicious, obfuscated JavaScript that can tap into purchases. The injected script will add a form to the payment page at runtime using Document Object Model (DOM) properties. Information skimmed from this attack can include all the personal information requested by the compromised e-commerce page. More information about this type of attack is detailed in another blog. Despite several security vendors taking notice, users are still being impacted daily. An updated chart on MageCart hits since our September 28 blog shows that this advanced attack is not stopping anytime soon. Fig. 5: MageCart activity between September 20 and November 15. The best defense against this threat is to have a malware detection tool that is inline with the browser. These tools have the best chance of detecting the malicious JavaScript code on an online store’s page. Cryptocurrency Mining The final attack we’ll review is the use of cryptojacking. Unlike the other attacks discussed, cryptojacking does not target the user’s sensitive information but rather their system resources. A small piece of javascript can be injected into a page which will leverage the user’s browser processes to mine cryptocurrency for the attacker. Attackers will leverage user susceptibility to the shopping season to bolster their cryptowallets. Fig. 6: An online shopping aggregator linking to Amazon, but redirecting user’s to mine Monero Cryptocurrency Behind the scenes of this shopping site, lies a small piece of javascript that redirects the user’s system resources to mine cryptocurrency through the application, CoinHive. Fig. 7: Coinhive injection script will use the user’s system resources to mine the cryptocurrency, Monero. The best defense against this kind of attack is to use javascript blocking browser applications like ScriptSafe or NoScript to toggle what sites may execute javascript.  Conclusion The ThreatLabZ team at Zscaler works diligently to ensure that customers do not fall victim to malicious activities described above. Users should be cautious and protect themselves by reviewing our security checklist, particularly during the shopping season: Check the authenticity of the URL or website address before clicking on a link Ensure online retailers and banking sites use HTTPS/secure connections Do not use unsecured public Wi-Fi for shopping Inspect the source of emails with enticing shopping deals; be wary of any suspicious attachments Steer clear of unofficial mobile application stores Use two-factor authentication whenever possible, especially on sensitive accounts such as those used for banking Always ensure that your operating system and web browser are up to date and have the latest security patches installed Use browser add-ons like Adblock Plus to block popups and potential malvertisements Use browser add-ons like No Coin to block a site’s attempts to use your computer for cryptocurrency mining Back up your documents and media files Review the Identity Theft Guide and FAQs from the Federal Trade Commission Review the  National Cybersecurity and Communications Integration Center’s (NCCIC) Holiday Scams and Malware Campaigns warning and recovery actions message Wishing you all a very happy, healthy, and safe Thanksgiving! Zscaler™, Zscaler Internet Access™, Zscaler Private Access™, ZIA™ and ZPA™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the property of their respective owners.

Link: https://www.zscaler.com/blogs/research/black-friday-cyber-monday-deals-phishing-and-site-skimmers

OWASP Top 10 Security Risks – Part II

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks.
The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

Injection
Broken Authentication
Sensitive data exposure
XML External Entities (XXE)
Broken Access control
Security misconfigurations
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with known vulnerabilities
Insufficient logging and monitoring

In our previous post, we explained the first two items on the OWASP Top 10 list: injection and broken authentication.
Continue reading OWASP Top 10 Security Risks – Part II at Sucuri Blog.

Link: http://feedproxy.google.com/~r/sucuri/blog/~3/CijdZ9TSBIM/owasp-top-10-security-risks-part-ii.html

Obfuscated JavaScript Cryptominer

During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our customer’s website.
We have previously discussed how cryptomining can happen in many covert ways. In this post, we will show you how a malicious code can create a cryptominer.
Malware that Creates Cryptominer Code
Take a look at the following malware: