Friday Digest - 27 MAR 2015

Published: 2015-03-27
Last Updated: 2015-03-28 00:59:25 UTC
by Russ McRee (Version: 1)
5 comment(s)

JS Malware uptick

We've been seeing an uptick in JS malware (TrojanDownloader:JS/Nemucod.K) loosely disguised as .doc files. The JavaScript is reasonably obfuscated but if executed does result in a trojan'd system. Payloads have been delivered as resumes, invoices, or shipping notices. You'll note payloads given nomenclature such as payload.doc.js.
Feel free to let us know if you've noticed similar, and send along samples via the diary submittal form for comparison (best submitted a password protected zip).

VirusTotal sample data:
1081e3e1ef855b011eaadfeea5f9e9c1
3a155fd510f16efc4104022e228de88d

Security Weekly

I was interviewed for Episode 411 of Paul Asadoorian's Security Weekly. While I had to often speak in sadly generic and vague terms, a few key takeaways popped out in the conversation.
We all largely agreed that the best tooling and datasets mean nothing when protecting organzations without applied context.
Consider the fact that one of the best ways for a security team to properly design and implement tooling and monitoring is to leverage the network architect to better understand design and layout. This allows goals to be established. Rather than a mission that is based on implementing a tool, the mission should be goal based. What are you trying to protect, not what are trying to install. The premise of operational threat modeling really factors here too. The practice can help prioritize area of importance (avoid boiling the ocean) and allow better goals determination.
Great talking with Paul and team, I appreciate the opportunity.

On a related note, check out Episode 409 with Keren Elazari, go watch her TED talk, then get a copy of this month's Scientific American which includes her article, How To Survive Cyberwar.

Book offering

Wiley is offering a free download (for a limited time) of The Database Hacker's Handbook: Defending Database Servers http://bit.ly/HackersHandbook

GitHub DDoS

GitHub has been under a brutal DDoS attack for 24 hours +.
https://github.com/blog/1981-large-scale-ddos-attack-on-github-com
Keep an eye on https://twitter.com/githubstatus for updates.

Doh!

Overheard by a pentester after a recent pentest:
Passwords.doc is a bad idea :-)

Have a great weekend!

Russ McRee | @holisticinfosec

Keywords:
5 comment(s)
ISC StormCast for Friday, March 27th 2015 http://isc.sans.edu/podcastdetail.html?id=4415

Comments


Diary Archives