Information Security News
and youll find jsfile"> computer\hkey_classes_root\.js = jsfile
computer\hkey_classes_root\jsfile = wshext.dll
Or, when you check the file extension in explorer, Shazam!, it" width="273" />
Worse yet, when you receive a JS file in an email, youll see an icon that makes it look like its a text or document file of some kind. On top of all of that, what were seeing as a common SPAM practice that makes this more confusing for the folks reading their mail is a double extension approach - so these are arriving as corporate layoffs.doc.js, bonus Q2.xls.js or ups shipping notice.pdf.js - when this shows up in your mail client, by default Windows (not so helpfully) wont display the known file extension of js, so your folks will see these as docs, excel sheets or pdf files.
In the spirit of defense in depth though, lets assume that one of our trusted business partners (who might be whitelisted in the spam filter) or one of our internal users (internal mail doesnt typically go through the spam filter) is already compromised. How do we protect our users in those scenarios? Lets re-associated .JS file with something that wont actually execute the file - how about notepad?
To do this for a single workstation, right-click on a .js file, and open it with notepad, be sure to click the always use the selected program to open this kind of file radio box when you do that.
For an entire organization, you can force the file association in Group Policy, at Computer Configuration / Preferences / Control Panel Settings / Folder Options, then add New / File Type
You can see here that we can change how the file opens, and even change the icon thats being displayed.
So if youre walking around the office, you can look for the screen that has 10 or 12 notepad files of code open, and feel good that theres one that didnt get infected! Or more likely (and sadly), check that machine to see how *else* they found to get infected :-)
Gartner's top-10 list of infosec techs addresses concerns over cloud, IoT
Cloud access security brokers, endpoint detection and response solutions, and remote browsers were among the infosec technology categories that made Gartner's 2016 top-10 list. Cloud access security brokers (CASBs), endpoint detection and response ...
12 Sights: Infosec Europe 2016
12 Sights: Infosec Europe 2016 This year's conference was held at London's Olympia exhibition center. The recent Infosecurity Europe 2016 conference in London drew attendees from more than 70 different countries. The free conference, which is Europe's ...
Dave Aitel is CEO of Immunity Inc., an offensive security firm that consults for Fortune 500s and government agencies. He is a former "security scientist" for the NSA and a past contractor for DARPA's Cyber Fast Track program. His firm specializes in vulnerability research, penetration testing and network testing tools. His views don't necessarily reflect the opinions of Ars Technica.
What occurred with the recently disclosed breach of the Democratic National Committee servers, and the dumping of stolen data on a WordPress site, is more than an act of cyber espionage or harmless mischief. It meets the definition of an act of cyberwar, and the US government should respond as such.
The claims by “Guccifer 2.0”—that a lone hacker carried out this attack—are not believable. Of course, anything is possible, but the attack looks to be an operation conducted by Russian intelligence services. Had this been a “normal” operation—that is, covert intel gathering by Russia's Foreign Intelligence Service or any other foreign intelligence service (as the Chinese have done in past election seasons)—it would be business as usual. To be honest, the US government would not really be justified in denouncing it, as it does the same thing. But what makes this attack very different—and crosses the line—is the Russian team’s decision to dump the Clinton campaign’s opposition strategy on the public Web, presumably for the dual purpose of both spreading misinformation about the party responsible for the breach and interfering with the Clinton campaign.
InfoSec 2016: IoT Security Needs A Serious Shake-Up, Says Sophos
The explosion of connected Internet of Things (IoT) devices could actually be raising the risk of serious security risks for businesses and consumers alike, it has been warned. Advertising. Speaking to TechWeekEurope at the recent InfoSecurity Europe ...