Computer programmers: GREAT time to refresh your ebook library!

Packt Publishing is running a sale - their ENTIRE inventory of ebooks and videos is $5 per item! Books ranging from $20 on up, only $5! I don't know how long the sale will be running, but it is one heck of a deal.

Packt also has a Book of the Day. Sign up for their mailing list, check the web site daily, and you can bind it to your library and read it anytime you like online. Good way to expand your library in subjects that may be on the periphery of your field but not really core to what you're doing that you might want to dig in to sometime.

https://subscription.packtpub.com/search?utm_source=all%20updates&utm_campaign=2a15eb6572-dollar_5_bestseller_programming_15_12_22


In other CS book news, Humble Bundle has several programming-related books up.

An O'Reilly bundle went up, launched a day or two ago, on "Gift for the technically inclined". 17 days remaining.
https://www.humblebundle.com/books/gifts-for-technically-inclined-oreilly-2022-books

A Wiley Cybersecurity bundle, lots of stuff on pen testing, crypto - both currencies and graphy, etc. 15 days left.
https://www.humblebundle.com/books/holiday-encore-become-cybersecurity-expert-wiley-books

Functional Programming by the Pragmatic Programmers: stuff for Scala, Kotlin, Elm, Elixer, etc. 10 days remaining.
https://www.humblebundle.com/books/functional-programming-pragmatic-programmers-books

And three days left on a No Starch Press bundle on Hacking. I do like No Starch, good people.
https://www.humblebundle.com/books/hacking-no-starch-press-books-2022

Russian courts and mayor offices being hit by a wiper malware attack

It's an interesting attack. Once infected, the malware sits there. It contacts a control server and asks permission to attack. When permission is granted, it goes into the Windows Registry and makes changes to prevent Remote Desktop from contacting the computer, so remote administrators can't get into the PC and try to stop the attack. Pretty clever move, that. Then it stops database services so that databases are available. Normally database services lock their databases so those files can't be wiped, stopping the services make them vulnerable.

THEN the wiper launches! It poses as a ransomware attack, launching a pseudo-random number generator, overwriting the files with gibberish and giving them a .cry extension, thus it is now known as the Cry Wiper. The random gibberish makes it look like the file is encrypted, but analysis of the code reveals that it's a random number generator, meaning that even if you pay the demanded 0.5 Bitcoin ransom, you're never getting anything back.

It's common in ransomware attacks to change the extension of the file so people can recognize that they've been compromised and the files are no longer what they were.

Another clever thing about this is that it automatically excludes program and system files: com, exe, dll, etc., so the computer will continue to run perfectly normally, but no data will survive. The articles that I've read don't mention if this will crawl across network shares or seek elevated access privileges, but they weren't very deep articles.

A similar program struck Ukraine earlier this year, probably launched by Russian hacker group(s).

No attribution to this attack has been found. Since no ransomware can be collected, even though a Bitcoin digital wallet is provided, that's probably a dead trail.

https://arstechnica.com/information-technology/2022/12/never-before-seen-malware-is-nuking-data-in-russias-courts-and-mayors-offices/

https://it.slashdot.org/story/22/12/03/0044234/new-crywiper-data-wiper-targets-russian-courts-mayors-offices