wiredmikey writes from a report via SecurityWeek: A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain. CyberX VP of research David Atch told SecurityWeek that the KillDisk variant they have analyzed is a well-written piece of ransomware, and victims are instructed to pay 222 bitcoins ($210,000) to recover their files, which experts believe suggests that the attackers are targeting "organizations with deep pockets." From the report: "The ransomware is designed to encrypt various types of files, including documents, databases, source code, disk images, emails and media files. Both local partitions and network folders are targeted. The contact email address provided to affected users is associated with Lelantos, a privacy-focused email provider only accessible through the Tor network. The Bitcoin address to which victims are told to send the ransom has so far not made any transactions. Atch pointed out that the same RSA public key is used for all samples, which means that a user who receives a decryptor will likely be able to decrypt files for all victims. According to CyberX, the malware requires elevated privileges and registers itself as a service. The threat terminates various processes, but it avoids critical system processes and ones associated with anti-malware applications, likely to avoid disrupting the system and triggering detection by security products."

Read more of this story at Slashdot.

wiredmikey writes from a report via SecurityWeek: A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain. CyberX VP of research David Atch told SecurityWeek that the KillDisk variant they have analyzed is a well-written piece of ransomware, and victims are instructed to pay 222 bitcoins ($210,000) to recover their files, which experts believe suggests that the attackers are targeting "organizations with deep pockets." From the report: "The ransomware is designed to encrypt various types of files, including documents, databases, source code, disk images, emails and media files. Both local partitions and network folders are targeted. The contact email address provided to affected users is associated with Lelantos, a privacy-focused email provider only accessible through the Tor network. The Bitcoin address to which victims are told to send the ransom has so far not made any transactions. Atch pointed out that the same RSA public key is used for all samples, which means that a user who receives a decryptor will likely be able to decrypt files for all victims. According to CyberX, the malware requires elevated privileges and registers itself as a service. The threat terminates various processes, but it avoids critical system processes and ones associated with anti-malware applications, likely to avoid disrupting the system and triggering detection by security products."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: When you think of North Korea, the first thing that springs to mind is probably not a well-featured tablet PC. But that's just what researchers at the Chaos Communication Congress hacking festival revealed on Tuesday. Called Woolim, this tablet is designed to limit the distribution of contraband media, track its users, and generally act as a propaganda platform for the Democratic People's Republic of Korea (DPRK). Woolim is a small, white Android device that looks like a fairly standard tablet. The hardware itself is made by Chinese manufacturer Hoozo, but the North Korean government has removed some components such as those for wi-fi and bluetooth, and put its own bespoke software on top. After the researchers presented work covering RedStar OS, North Korea's Linux-based operating system, a South Korean NGO offered the tablet to the group. Woolim is just one of several tablets designed for North Korea, but Woolim appears to be the most recent, likely dating from 2015. The tablet has PDFs on how to use it; various propaganda texts for users to read as well as the capability to play local TV and connect to the country's own internet, and it also comes with a slew of educational apps, such as French, Russian, and Chinese dictionaries. There's even an app for kids which teaches them how to type with a keyboard, and video games such as Angry Birds that have been lightly customized. The tablet only allows specific files to be used or played: users cannot just load whatever they want onto the device. Woolim also constantly keeps tabs on what its users are up to. Whenever a user opens an app, the tablet takes a screenshot. These screenshots are then available for viewing in another app, but they can't be deleted.

Read more of this story at Slashdot.

The head of the state-run pension fund is detained deepening the political crisis in South Korea.

Union leaders among 30 held over walkout by thousands of workers of factories that supply clothes to top Western brands.

Microsoft may have plans to improve gaming experience on Windows 10. The speculation comes after long time watcher @h0x0d found a new "gamemode.dll" in the latest Windows 10 developer build, reports GameSpot. The feature appears to allow Windows 10 to adjust CPU and GPU resources when running a game to allocate more power for the game that's running instead of toward any background apps. From the article: The feature will reportedly launch as part of the Creators update and will be enabled for Windows Insider users soon. What's unclear is exactly which games this is compatible with. It's possible it could be limited to only to those downloaded from the Windows Store, or it might be much more far-reaching. We should know more once Windows Insiders testers get their hands on the feature.

Read more of this story at Slashdot.

TODO

Test your Dist::Zilla plugin

Test your Dist::Zilla plugin