A roundup of the week’s news, commentary, and observations.
Black Hat, BsidesLV, and DefCon are upon us! Next week will see the annual gathering of security professionals in Las Vegas. We will be there with our booth (1016) at Black Hat, and I will be presenting a talk, How to Become "The" Security Pro, at BsidesLV. Full details of where we will be next week and for future events can be found on our upcoming events page. We hope to see you there.
Ransomware is a huge issue for businesses and even individuals. While there are some examples of poorly executed ransomware campaigns, the majority of users that get infected either have to wipe their system and start from scratch if they don’t have backups – or resign themselves to paying the ransom.
However, ransomware gangs are in it for a business. Therefore, it is possible to negotiate price, or get extensions on payment deadlines. We wonder what is next? Easy to make monthly instalments?
Web Shells are commonly utilised to enable remote control of a machine. But what exactly is a web shell, and how do they work? This detailed post goes into some of the mechanics.
Bug Bounties elicit different responses on their usefulness and value. Whichever side of the fence you sit on as to how effective they are in improving security overall. It is undeniable that one of the best things that come out of these are where researchers publicly publish their findings in how they went about their work. This writeup entitled ‘How we broke PHP, hacked Pornhub and earned $20,000’ is no exception.
Open Threat Exchange (OTX) introduced some cracking new features this week. Most notable is the introduction of Private Groups, which allows users to create private groups other OTX users and control access to the htreat data shared within that group.
You’ve experienced a breach – should you tell? An interesting post which asks the question that most security professionals will consider at some point in their careers.
Security tools are plentiful, both free and commercial. But what if you wanted to know the best tools to implement the CIS security controls? Rich Johnson has been chronicling the tools that can help IT administrators comply with the standard formerly known as the “SANS Top 20 Security Controls.” This week he published part 16.
The Mad Max DGA (domain generation algorithm) is a targeted Trojan. Arbor networks has a nice write-up on how they reverse engineered it.
The IOC’s can be downloaded in OTX:
TorrentLocker has been travelling with several cases of international brand names being used by malware authors to propagate malware through phishing emails. These emails contain misleading links that download malicious Zip files, which, in turn, contain a JavaScript file that downloads the TorrentLocker ransomware. Fortinet has some insights on its blog.
The IOC’s for TorrentLocker can be downloaded in OTX: