InfoSec Week 4, 2017

Posted on 28 January 2017

LUNAR is a UNIX security auditing tool which generates a scored audit report of a Unix host's security.

Spora Ransomware has started to spread worldwide, outside Russian-speaking countries.

VirLocker ransomware is back, packing user files into executables. Every encrypted file is transformed into executable, so the malware can spread faster. Fortunately, the infected users can access their data without paying the ransom.

A malicious Microsoft Word document targeted NATO members in a campaign during the Christmas and New Year holiday.
"The purpose of the document is first to perform a reconnaissance of the victims in order to avoid communicating with sandbox systems or analyst virtual machines. Second, the Adobe Flash requests a payload and an Adobe Flash exploit which is loaded and executed on the fly. This approach is extremely clever, from the attacker point of view, the exploit is not embedded in the document making it more difficult to detect for some security devices than the standard word trojan."

Google announced the launch of a Root Certificate Authority - Google Trust Services - that will allow the company to independently handle certificates on behalf of Google and Alphabet.

A hacker is accessing public and unsecured Apache Cassandra databases, creating extra table with a message that the database is unprotected.

Gmail will block .js file attachments starting February 13, 2017. The users who want to send .js files after this date can use Google Drive, Google Cloud Storage, or other storage solutions.

Facebook now supports physical security keys as a second form of identification.

Comments !