Versa Networks
October 4, 2018
Ransomware is a form of malicious software that latches onto a system and encrypts the files within it, making them inaccessible to the user. The attackers behind this malicious activity typically demand payment in terms of currency (crypto or cash) in return for the keys to decrypt the files. A recent ransomware which has become viral since January 2018 is named GandCrab. This ransomware is believed to be distributed as a Ransomware-as-a-Service [2,3]. GandCrab initially differentiated from other ransomware by demanding a ransom in DASH [7] cryptocurrency. The developers behind GandCrab have been continuously updating and releasing improved versions, with…
Principal Security Architect
November 2, 2017
Fin7 is a cybercrime group that employs spear phishing attacks to deliver malware that uses fileless malware techniques, sophisticated evasions and persistence. They mostly target the financial sector. In this blog, we are going to take a high-level look at one such sample seen in the wild, which employs several layers of obfuscated JScript, powershell and DLL embedded within a Microsoft Word document. The sample analyzed has the MD5 hash 29a3666cee0762fcd731fa663ebc0011. Through a series of deeply embedded base64 encoded scripts, obfuscated code and use of powershell, this strain achieves stealth and evasion. The document arrives as an email attachment in…
Versa Networks
October 18, 2017
Several Security Vulnerability have been patched in recently in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities. Apache Tomcat is the most widely used web application server, with over one million downloads per month and over 70% penetration in the enterprise datacenter. The Apache Tomcat development team publicly disclosed the presence of a remote code execution vulnerability, tracked as CVE-2017-12617, affecting the popular web application server. The Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 are affected. The vulnerability is classified as “important” severity, has been…
Versa Networks
October 10, 2017
Apache’s gaps has been in news for quite a while, and this has led to the massive milestone of Equifax being compromised to the tune of 143 million records. This has been a difficult year for Apache, with so many vulnerabilities being reported. Refer to the link for a list of Apache vulnerabilities reported in 2017. Though previous years also accounted for large chunks of Apache vulnerability, this year it has been in news for two particular vulnerabilities, CVE-2017-5638 (which led to the compromise of user data through the Equifax breach) and CVE-2017-9805 (due to the fact that the public…