This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.
Dark Reading is reporting on a new banking trojan called ‘Silence’ that mimics techniques similar to the Carbanak hacker group targeting banks and financial institutions. The attack vector is similar – target individuals using spear-phish emails to trick them into running a malicious attachment which will connect to download a dropper to further infect the user’s machine. This attack does not use an exploit against a vulnerability, but rather takes advantage of social engineering to fool the user into executing the malicious payload and infecting their machine.
Silence is interesting in that the trojan’s capabilities include a screen grabber that will take multiple screenshots of the user’s active monitor and upload the real-time stream to a command and control server for monitoring by the adversary. This technique allows the threat actor to identify which users have access to specific banking applications, systems, and accounts that they can use for financial gain.
(updated: 10/26/2017 with additional file hashes and mitigations)
A new ransomware campaign has affected at least three Russian media companies in a fast-spreading malware attack. Fontanka and Interfax are among the companies affected by the Bad Rabbit ransomware named by the researchers who first discovered it. The malware is delivered as fake Flash installer, it uses the SMB protocol to check hardcoded credentials. Bad Rabbit does not employ any exploits to gain execution or elevation of privilege. The Ukrainian computer emergency agency CERT-UA has issued an alert incident and mentioned that Odessa airport and Kiev subway were also affected. It is unsure whether this alert is regarding Bad Rabbit, but they suspect that it may be the start of a new wave of cyberattacks.
This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. (This posting has been updated on 9/6/2017 and 10/25/2017 to reflect new feature capabilities in the release, as noted below.)
A major challenge for enterprise InfoSec teams is keeping their finger on the pulse of two constantly changing elements: external cyber threats and internal technology needs.
Staying a step ahead and proactively adjusting their organization’s security posture accordingly is a must in order to keep attack risks as low as possible. So what are the major shifts in threats and business technology use that CISOs and their staff face in 2017? And how should they respond to these changes?
You will find comprehensive answers to those and other critical InfoSec questions in a new SANS Institute whitepaper written by security analyst John Pescatore.