BadRabbit ransomware: suggested readings

Spreads via network, currently hits Russia, Ukraine, Germany, Japan, and Turkey   A variant of Petya/NotPetya/EternalPetya called BadRabbit and probably prepared by the same authors has infected several big Russian media outlets. BadRabbit uses SMB to propagate laterally with a hardcoded list of usernames and passwords. However, unlike NotPetya, it doesn’t use EternalBlue. Below some suggested…

CCleaner incident: what we need to know?

Looking for a good alternative to CCleaner? Take a look to BleachBit! A good analysis by Cisco Talos Version 5.33 of the CCleaner downloaded between August 15 and September 12 was modified to include the Floxif malware: We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and…

Fileless Malware for Dummies

Just some random thoughts about this kind of threat Some days ago, a non-technical friend asked me some informations about ‘fileless malware’. Has been pretty difficult to explain this concept to a person lacking a correct security knowledge, so i have make a recap of this talk in a brief article “4Dummies”.