Wednesday September 13, 2017

Security Roundup - We Are All Screwed - Apache Struts 2 - KediRAT - UNITEDRAKE

Have you been keeping up with the latest and "greatest" security threats? Surely you heard about Equifax screwing 143 million pooches last week, right? HardOCP security staff tells us that Apache Struts 2 is behind all that, and it is super easy to pull off. You can read more about that here, or just watch a video with nice soothing music that plays while your bank accounts are being comprised.

Tons of new malware strains are now being introduced that use Gmail as the host, which makes it extremely hard to detect in an environment outside of the Google network. Get you some Kedi RAT that poses as a nice Citrix file. Clicker beware!

And finally Shadow Brokers dropped a new NSA hacking tool last week; UNITEDRAKE. While not good, not near as bad as what we have seen in the past. Here is the full documentation (PDF) should you want to play with it in your own sandbox.

Discussion