Security News #0x62
- Did you know that you can use Metasploit to generate MSI (windows installer) files with your malware? Would you like a demo?
- Students- you need to know about the common processes that run on a Windows system. Do you know CSRSS.EXE does? Or what is the SVCHOST.EXE? Well the folks at System Forensics have put together a short summary of these common processes and explain a bit about each. This should definitely be on your reading list!
- Everyone in the business of cyber security is likely to get hacked at some point. Natural reactions vary, but embarrassment is probably high on the list. If you want to see someone handle this with class, you might want to read how Rich Mogull handled a tough situation.
- If you use Truecrypt to protect your data, you should be aware that its master keys must remain in RAM while the tool is in use. Thus, if an attacker gets to a powered on system, or can clush memory to disk, they have a shot at getting your protected data. Take a look at the piece from Volatility Labs to learn what is going on.
- Rob Fuller has posted his slides from ShmooCon, giving some simple ways to defend your network, from using EMET, to using proxies to block the Java UA at the perimeter to avoiding WPAD attacks. Well worth a look!
- As you think about the latest NSA revelations, remember that they are not the only actors trying to penetrate your network. Sometimes it is done for commercial gain, as in the most recent targeted Target attacks, but also for political reasons. The Electronic Frontier Foundation reports that they were the target of Vietnamese malware aimed at staffers, perhaps because of their stands against Vietnamese internet censorship.
- Fox is now reporting that attackers used a refrigerator to send email spam. Seriously.