InfoSec Week 1, 2017

Posted on 07 January 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Koolova ransomware or better "awarenessware" decrypts files if victims read 2 articles about ransomware. No money involved.
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/

An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a Bitcoin ransom to return the data.
https://www.bleepingcomputer.com/news/security/mongodb-databases-held-for-ransom-by-mysterious-attacker/
http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/

Company PagerDuty open sourced their Incident Response Documentation. "The PagerDuty Incident Response Documentation is a collection of best practices detailing how to efficiently deal with any major incidents that might arise, along with information on how to go on-call effectively." Very useful material. I have included link to the hacker news, because interesting discussion appeared there.
https://www.pagerduty.com/blog/incident-response-documentation/ https://github.com/PagerDuty/incident-response-docs https://news.ycombinator.com/item?id=13309761

ThreatConnect researcher Robert Simmons published paper "Open Source Malware Lab". It examines usage of the open source tools like Cuckoo Sandbox, Thug, Bro Network Security Monitor and Volatility Framework when analyzing malware samples.
https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware-lab

New malware visual analysis platform KAMAS is published as a research paper on the Arxiv.org. "KAMAS, a knowledge-assisted visualization system for behavior-based malware analysis. KAMAS supports malware analysts with visual analytics and knowledge externalization methods for the analysis process."
https://arxiv.org/pdf/1612.06232.pdf


Comments !