Webroot Community Weekly Highlights: 9/15/17

  • 15 September 2017
  • 11 replies
  • 37 views

Userlevel 7
  • Retired Webrooter
  • 1376 replies
Welcome to the Community Weekly Highlights!
 
This is a weekly series to highlight the best articles and stories happening all around the web. 
What was your favorite story? What topics would you like to see? Sound off in the comments!
 


George Anderson is the center of this Story.
 
He recently wrote his 5 Tips to Help MSPs Achieve a Multi-Layered Cybersecurity Strategy:
  1. Deploy Multi-Vector Protection
  2. Stop Threats Before They Reach Clients
  3. Lean on Education
  4. Practice Good Hygiene
  5. Implement Strong Backup Policies
Hop on over to Continuum's Blog to read the full article.
 


Help me color my hair for SpiceWorld!
In case you didn't already know, the biggest community event in IT is coming up next month in Austin.
 
In addition to doing some super awesome giveaways, we also want to have some more colorful fun!
 
Head on over to our SpiceWorks post and give it a spice-up!
 
 


Bashware: Malware Can Abuse Windows 10's Linux Shell to Bypass Security Software
In a report issued late last night, security researchers from Check Point have published technical details about Bashware, a technique that allows malware devs to use Windows 10's secret Linux shell to hide malicious operations.
 
Researchers say that current security software, including next-gen antivirus solutions, fail to detect these operations.
 
This happens because all lack support for Pico processes, a new class of Windows processes that Microsoft added to handle WSL operations.
 
BleepingComputer has the full rundown.
 
What story from the last week the most important for you? We love hearing your feedback!

11 replies

Userlevel 4
Badge +4
Lots of interest in manged DNS, look forward to an update on this.  
Userlevel 3
Seems like Webroots tech will be on top of the Bashware thing. Can someone confirm?
Userlevel 6
Badge +6
Storing backup policies is the key to recovering from malware, almost always. What backup software do you guys use? I'm using altero and novastor.
Badge +6
I'll definitely have to investigate this Bashware threat in Windows 10.  Is there further information coming as to WSA capability to remediate this threat?
Userlevel 4
Badge +6
Windows & Linux bugs, all in one machine! 
Userlevel 7
Badge +8
Will be evaluating DNS as soon as released. We currently use Cisco Umbrella
Userlevel 3
Great job on being on top of current events/news! Always good to know more on best practices on layered security.
The new bashware threat seems to be something that's going to be at the front of my company's security threat list real quick. Any updates on this?
Userlevel 4
Having Windows CLI interpret bash commands and convert them to corresponding code - what could go wrong???
Userlevel 4
Badge +3
A multilayered approach is the only way to go. Scan inbound and outbound with different engines.
Stop as much as possible as far outside the firewall as possible, with DNS proxy, spam/malware solutions etc.
 
It is our position to advise business owners what they should be doing at all times for their security. They are (hopefully) experts in their business - which is not IT.
That is why they pay us every month.
Userlevel 7
No update on the Bashware Story. Kevin Beaumont's comments from The Register's article sums it up:
 
“The research is valid, in that adding more subsystems to Windows will increase attack surface – but I don’t see it as a credible threat yet. I’ve seen no 'bashware' in wild. That feature is new, this stuff isn’t by default enabled, setting Dev mode needs admin rights.”
 
Microsoft also offered their statement:
 
"We reviewed and assessed this to be of low risk. One would have to enable developer mode, then install the component, reboot, and install Windows Subsystem for Linux in order for this to be effective. Developer mode is not enabled by default."

Reply