Grunt is a JavaScript Task Runner. Any task runner is used for automating the repetitive tasks to increase productivity and efficiency.

Some of the automated tasks include

  • Implement standards
  • Unit Testing
  • End to end testing
  • Compiling
  • Automated task execution
  • File watching

Grunt is a command line tool available on the node platform. Once you have installed node, you would need to run the following command to make grunt command line available in your project.

npm install -g grunt-cli

To run grunt commands we would also require to create a Gruntfile.js because depending on the make of the grunt tool it looks for this file. Once we have this file then we could configure tasks inline, load tasks from external sources (files and modules), etc.

It’s always easy for me when I do some hand on so that’s what we would do. Create a new file named Gruntfile.js and add the following code to it.

 

 

Now move the folder where you created the Gruntfile.js and add a new file named as package.json. We will add the package that we care about which is uglify.

 

 

Download jQuery.version.js file or any other JavaScript that you would want to minify and add to the same folder

Now run the following command in your command line tool

  1. npm install -g grunt-cli

 

  1. npm init – fills all details is package.json

  1. npm install grunt (for grunt dependencies.)

 

  1. npm install

 

 

  1. grunt

 

 

And boom we have created our first Grunt automated task to minify a JavaScript file.

You can download the source code @googledrive or @onedrive

The new ransomeware first discovered by @Trojan7Sec. Once it encrypts all the data on your system then you would see the following message

OphionLocker Screen Message

OphionLocker Screen Message

 

It also add a textfile on your desktop with the details of making the payment and collecting the decryption key

OphionLocker Text

OphionLocker Text

 

The payment website looks like below

 

Ransom Page

Ransom Page

 

 

Fake Ransom

Fake Ransom

This ransomware does not securely delete your files or remove the shadow volume copies so it is still possible to recover your files using a file recovery tool or a program like Shadow Explorer.

 

More information on this can be found @trojan7malware.blogspot.co.uk

K-Cup

Do you use Keurig 2.0 or know anyone who does?

Keurig 2.0

Keurig 2.0

Then you might interested in knowing that the Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods (commonly known as K-Cups) uses weak verification methods and which could be subject to a spoofing attack through re-use of a previously verified K-Cup.

K-Cup

K-Cup

The complete hack is demonstrated at a video below:

The complete details of the vulnerability can be found at caffeinesecurity

This information is for educational purposes only. Please do not use it for any illegal purposes.

Make sure you patch your system to fix the kernel-mode driver vulnerability. This vulnerability could allow remote code execution in the following Windows Operating systems

 

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 7
  • Windows 8
  • Windows 8.1

 

You will find more details about the vulnerability and its fix here at Microsoft.com