This is an explanation of yet another flavor of ransomware, this time leveraging Powershell in the exploit. This has therefore generated another defensive layer to consider in your fight against infection.
Month: March 2016
Jamie Butler on Detecting Targeting Attacks
Enjoy this interesting conversation on threat proliferation and ransomware from the team at ThreatPost.
https://threatpost.com/jamie-butler-on-detecting-targeting-attacks/117076/
Top Resources for Infosec Professionals – Retail Industry
This is a great list of resources for IT Security professionals working or consulting in the retail space.
Ransomware Forces Hospitals to Shut Down Network, Resort to Paper
This is yet another significant attack of ransomware against a medical provider, in this case a hospital system in the Washington, DC / Baltimore area.
Google Fixes Four Critical Vulnerabilities in Latest Chrome Build
Please note the new patches released by Google as well as the expansion of their bug bounty program.
https://threatpost.com/google-fixes-four-critical-vulnerabilities-in-latest-chrome-build/116990/
CRTC and US Federal Trade Commission sign deal to fight spammers and telemarketers
I am very happy to see the US and Canada join forces to battle spam and unwanted telemarketing.
Sophos Weekly Recap
Oracle releases out of cycle fix, Cisco patches six critical vulnerabilities
Both Oracle and Cisco released patches in the last couple of days, though Oracle’s patches are considered out-of-cycle and critical. Cisco’s patches are part of their standard semi-annual IOS security advisory notice.
Krebs – Crooks Steal, Sell Verizon Enterprise Customer Data
Ironic for sure, but this breach makes sense simply because of how rich the target environment is. Verizon has a strong team of IT Security professionals, so I feel confident this will be handled appropriately and expeditiously.
http://krebsonsecurity.com/2016/03/crooks-steal-sell-verizon-enterprise-customer-data/
W-2 Data Breach places 21K Sprouts Farmers Market employees at risk
This is yet another example of a well-crafted phishing attack that has resulting in the compromise of significant PII. These issues are not combated by technical controls alone. Organizations must dedicate resources to effective user awareness training and design policies and procedures that allow for proper checks and balances. IT can not solve all problems.
Virtual Sweater Vest 