cancel
Showing results for 
Search instead for 
Did you mean: 
Community Manager

The Webroot Weekly Community Digest: 2/9/18

Welcome to the Weekly Webroot Digest! 

 

This is a weekly series to highlight the best articles and news stories going on in the Community. 

 

What was your favorite story? What topics would you like to see? Sound off in the comments! 

 

CyberRundown-Scarab-800x400-v2-nll8noijezo00fcrtqthjxcbkkbqem6cdm24b6izs0.jpg

 

Cyber News Rundown: Scarab Ransomware Strikes Back

 

With a few interesting changes to the original Scarab ransomware, Scarabey is quickly targeting Russian-speaking users with brute force attacks on unsecured RDP connections, rather than with the spam email campaigns used by its predecessor. Additionally, Scarabey takes the ransom a bit further by deleting 24 files from the encrypted machine for every 24...

 

Security Glue Between the Silos of Endpoint, Server, Cloud and Network Security Gets More Critical

 

Endpoint and Host security techniques have diverged. There used to be considerable similarity between the techniques and tools used to secure desktops, servers, and even networks. Desktops evolved to become Endpoints, as mobile devices proliferated and they were assembled into a collective of being in the category of not-a-server.

 

Zero-day vulnerability discovered affecting every version of Adobe’s Flash Player on all platforms

 

Lets attackers persuade users to open Microsoft Office documents, web pages, and spam e-mails. The South Korean Computer Emergency Response Team (KR-CERT) has issued a security alert warning of a zero-day vulnerability affecting Adobe’s Flash Player.

 

OpenWall unveils kernel protection project

 

The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.

 

 

Community and Advocate Manager
New to the Community?
Get started with these tips.
4 REPLIES
Popular Voice

Re: The Webroot Weekly Community Digest: 2/9/18

Hey freydrew,

Thanks for sharing. I also just came across this article where the PowerShell command/tool, Invoke-PSImage, can be used to extract malicious scripts from images and execute them in memory; more info here - https://blog.knowbe4.com/2018-winter-olympics-malware-campaign-hides-malicious-powershell-script-in-...

Fileless attacks are not new, but I was wondering if Webroot had any protection built in currently to address this besides disabling and restricting PowerShell.

Sorry, I couldn't find a good place to post this, so I thought it might be OK to post it here. If there's a better place to post this, please let me know. I don't know how to start a new post, where to do it, and even if I'm allowed to. I usually just reply to other people's posts Smiley Happy


I am Webgroot.



Highlighted
Community Manager

Re: The Webroot Weekly Community Digest: 2/9/18

Hey Webgroot, 

 

This is yet another innovative evolution to the word document macro script game. Users should always educated themselves and never enable any macro scripts when prompted. Historically, it has been used to deliver ransomware. Our Ransomware Prevention Guides have always recommended to disable macro scripts in the Microsoft office suite applications. You can do this in the trust center under settings. 

 

If you want to start a new post you can do so in a few different spots. 

 

Product Related topics

Product Help topics

News and Announcements

 

Curious to hear if you think we dont' have enough boards or what else you're looking for! 

 

Thanks!

Community and Advocate Manager
New to the Community?
Get started with these tips.
Popular Voice

Re: The Webroot Weekly Community Digest

Yes, agreed. We do provide our users with security awareness training and have covered macros in Office documents, however this doesn't really answer the question of whether Webroot can protect against these kind of attacks Smiley Happy In the future, instead of macros there may be a more clever way to extract a malicious script from an image into memory. How would Webroot protect against that then? Ideally you wouldn't want to even get to that point, but as malicious actors become more crafty, we need to consider this possibility and find new ways to combat it.


I am Webgroot.



Threat Researcher

Re: The Webroot Weekly Community Digest

Hello,

 

We would not currently protect against this type of attack. This is really still a macro/script attack and having macros in Office documents covered would have stopped the payload in this highly targeted attack. The clever use of steganography to deliver the second powershell script still required the email attachment to be downloaded and the macro executed in this case. Macro and script protection is actively being worked on. 

 

-Dan

 

 

Webroot Threat Research