Welcome to the Weekly Webroot Digest!
This is a weekly series to highlight the best articles and news stories going on in the Community.
What was your favorite story? What topics would you like to see? Sound off in the comments!
With a few interesting changes to the original Scarab ransomware, Scarabey is quickly targeting Russian-speaking users with brute force attacks on unsecured RDP connections, rather than with the spam email campaigns used by its predecessor. Additionally, Scarabey takes the ransom a bit further by deleting 24 files from the encrypted machine for every 24...
Endpoint and Host security techniques have diverged. There used to be considerable similarity between the techniques and tools used to secure desktops, servers, and even networks. Desktops evolved to become Endpoints, as mobile devices proliferated and they were assembled into a collective of being in the category of not-a-server.
Lets attackers persuade users to open Microsoft Office documents, web pages, and spam e-mails. The South Korean Computer Emergency Response Team (KR-CERT) has issued a security alert warning of a zero-day vulnerability affecting Adobe’s Flash Player.
The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.
This is yet another innovative evolution to the word document macro script game. Users should always educated themselves and never enable any macro scripts when prompted. Historically, it has been used to deliver ransomware. Our Ransomware Prevention Guides have always recommended to disable macro scripts in the Microsoft office suite applications. You can do this in the trust center under settings.
If you want to start a new post you can do so in a few different spots.
Curious to hear if you think we dont' have enough boards or what else you're looking for!
We would not currently protect against this type of attack. This is really still a macro/script attack and having macros in Office documents covered would have stopped the payload in this highly targeted attack. The clever use of steganography to deliver the second powershell script still required the email attachment to be downloaded and the macro executed in this case. Macro and script protection is actively being worked on.