Hello, welcome to the Monday, January 23rd, 2017 edition of the Sandsenet Storm Center.

Stormcast, my name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

Brad wrote up a nice piece about new ransomware that he was running across, and it identifies itself as Sage 2.0.

The emails distributing the ransomware are done pretty simple, no subject line, so should be easy

to spot, but it makes it more likely that the victim opens the attachment by naming the attachment using

the victim's name.

Once opened, the Malware downloader then uses the usual tricks to get the victim to enable

macros by stating that either the Word document was created an earlier version of Word and to view it,

the victim has to enable editing. And in another version, it uses the rules where the document

claims to be encrypted. And again, enabling editing is supposedly then going to help you read

the document. Content security policy or CSP for

short is one way how websites can make exploiting cross-site scripting flaws a lot more difficult.

But deploying a meaningful content security policy is difficult. GitHub has been

publishing some blog posts about its CSP implementation and just published another one with some of the

CSP features they are using now to prevent actually also bypassing of CSP,

at least to prevent some of the more common techniques, how this is done.

So if you're interested in deploying CSP, I would highly recommend this blog post,

but also some of the earlier ones that GitHub published,

because they really go into some detail what features they're sort of using in CSP,

in particular for a large website like GitHub, of course. They had to be a little bit carefully in how they implemented. And for example, they do include some of the content

from their own Amazon cloud servers and such.

And so how they made that a little bit easier to filter with CSP.

...