JavaScript Attachments: Don't RUN

There's a new ransomware program infecting computers called RAA that's written entirely in JavaScript and locks users' files by using strong encryption. It's rare to see client-side malware written in web-based languages such as JavaScript, which are primarily intended to be interpreted by browsers. Attackers have taken to this technique in recent months resulting in a spike in malicious email attachments.


http://www.infoworld.com/article/3083419/javascript/dont-run-js-email-attachments-they-can-carry-potent-ransomware.html

http://www.pcworld.com/article/3083392/security/dont-run-js-email-attachments-they-can-carry-potent-ransomware.html

Comments

Post a Comment

Popular posts from this blog

Two-Factor Authentication

Image
Many organizations now are using multi-factor security for user authentication, especially in higher-risk cases (e.g., admin users, remote access). Many popular consumer-oriented services offer this as a feature as well. If your Gmail, Apple, Microsoft, Facebook, Twitter, Yahoo, or other account doesn't currently require a two-factor or two-step login, it is easy to enable. If your bank or other online financial service doesn't offer this feature, tell them you want it or move to one that does. Here are two great sites with a lists of services that support two-factor authentication and links to set it up:    https://twofactorauth.org/ http://www.pcmag.com/article2/0,2817,2456400,00.asp Most two-factor authentication schemes can work from an app or a text message on your smartphone. It can take a bit of learning at first, but for most users it quickly becomes routine and trouble-free.
Read more

Vulnerability in Cisco Devices VPN Functionality

Image
A few weeks ago a vulnerability was publicized in the VPN functionality of Cisco PIX firewalls, along with a tool to exploit it. This exploit was part of the Shadow Brokers dump of tools allegedly stolen from the NSA; in this case it was the BENIGNCERTAIN tool. This exploit was viewed as being of limited impact, since Cisco discontinued support for the PIX firewall years ago in favor or their newer ASA firewall line. This weekend it was announced that the same vulnerability exists in the IOS software that powers the vast majority of Cisco devices. This means that Cisco routers and routing switches with VPN functionality can be exploited with the BENIGNCERTAIN tool as well, rendering their VPN sessions subject to snooping. The vulnerability affects all versions of IOS going back to 12.2, as well as most versions IOS XR and IOS XE. Cisco has not yet released updated software to fix this issue, and they say there are no work-arounds; they have, however, published intrusion detectio...
Read more

Ransomware Attack on Office365 Corporate Users

Image
A phishing campaign was discovered last week that targeted possibly millions of users of Microsoft's Office365 Corporate service. The campaign was delivering the Cerber ransomware, which encrypts documents, videos, and photos on the compromised computer, as well as any network file shares to which the compromised computer is attached, and then demands a ransom to provide the ability to decrypt them. The malware was delivered via a document with malicious macros embedded in it. Previous versions of Cerber were delivered via web-based exploits that exploited Flash vulnerabilities. The malware was able to bypass the built-in security tools in Office365, but was detected using the Check Point SandBlast malware protection system. The SandBlast technology can run on a Check Point firewall, as an agent on network endpoints, or as a cloud-based service. To learn more about Check Point Sandblast, contact Anchor.
Read more