Last week we came across ransomware with unique evasion techniques in a new variant, or possibly a copycat, of the MedusaLocker ransomware. MedusaLocker ransomware, first seen in September 2019, came with a batch file to evade detection. Batch files contain script commands running in a Command Prompt on Windows machines and have the .bat extension. In the malicious … [Read more...]
HSTS – A Trivial Response to sslstrip
Intro HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A "secure connection" in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This … [Read more...]
Green Mountain Grill Security Analysis
Automated smokers like the Green Mountain Grill (GMG) Davy Crockett are great for smoking different meats and other foods without having to tend the grill during the entire process. GMG has pushed this idea further with a WIFI controller that monitors and controls the grill. Now, one doesn’t even need to leave the couch to maintain the grill. Unfortunately though, this … [Read more...]
Indicators of RDP Brute Force Attacks
I have been investigating an incident involving two EC2 instances on AWS that were infected with ransomware, cryptocurrency miners, and other types of malware. Sounds scary, right?! Well actually, the approaches that the attackers took to get onto the hosts do not appear to be that sophisticated, and this type of attack could occur in any environment, not just in the cloud. … [Read more...]
The Problem with Hacking Back: It Might Be Your Network
The US government is considering allowing companies to “hack back” against cyber attackers. The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to allow limited retaliatory strikes against cyber attackers. The full PDF amendment is available online. As noted in some comments in an article on the UK Register there is some skepticism about this … [Read more...]
