InfoSec Week 1, 2017

Posted on 07 January 2017

Koolova ransomware or better "awarenessware" decrypts files if victims read 2 articles about ransomware. No money involved.

An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a Bitcoin ransom to return the data.

Company PagerDuty open sourced their Incident Response Documentation. "The PagerDuty Incident Response Documentation is a collection of best practices detailing how to efficiently deal with any major incidents that might arise, along with information on how to go on-call effectively." Very useful material. I have included link to the hacker news, because interesting discussion appeared there.

ThreatConnect researcher Robert Simmons published paper "Open Source Malware Lab". It examines usage of the open source tools like Cuckoo Sandbox, Thug, Bro Network Security Monitor and Volatility Framework when analyzing malware samples.

New malware visual analysis platform KAMAS is published as a research paper on the "KAMAS, a knowledge-assisted visualization system for behavior-based malware analysis. KAMAS supports malware analysts with visual analytics and knowledge externalization methods for the analysis process."

Comments !