Facebook Releases 'OSquery' Security Tool for Windows

OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.

But now the social network has announced that the company has developed a Windows version of its osquery tool, too.

When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.

OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.

Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.

In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.

This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.

This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.

So, if your organization was running a Windows environment, you were out of luck.

But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.

"As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security," reads the earlier version of Facebook's blog post provided to The Hacker News.

"We saw the long-held misconception of 'security by obscurity' fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it."

To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.

You can read the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.

Facebook Hacking Tool that can hack YOURS account

Yes, you heard me right.

A newly discovered Facebook hacking tool actually has the capability to hack Facebook account, but YOURS, and not the one you desire to hack.

How to Hack Facebook account? How to Hack my Girlfriends Facebook account? My boyfriend is cheating on me, How do I hack his Facebook Account?

These are the queries that most of the Internet users search on Google.

But Beware! If you come across any Facebook hacking tool that promises you to help you hack your friends Facebook accounts, you may end up downloading a hacking tool that could hack you, instead of them.

Dubbed Remtasu, the tool is marketing itself as a Facebook hacking tool but actually is aWindows-based Trojan that has accelerated globally over the past year, and has now capability to disguise itself as an app for accessing people's Facebook account credentials.

The tool contains a Keylogger that can capture all your keystrokes and store them in a file that is subsequently sent to the attacker's server.

The malicious Facebook hacking tool is exploiting "the constant desire of a lot of users to take control of accounts from this well-known social network," according to a Monday blog post by IT security company ESET.

How Remtasu Works:

The malicious tool is delivered via direct download websites.

Once a user visits one of these websites, the dangerous Win32/Remtasu.Y malware automatically gets downloaded and executed on victim's machine and hide itself among other files.

Remtasu has capability to:

• Open and obtain information from the clipboard.
• Capture keystrokes.
• Store all the data in a file which is subsequently sent to an FTP server.

The worst part is yet to come:

The malware remains on the infected computer even when the victim reboots their system or attempts to find the malware threat in the list of active processes.

"In this case, the malware replicates itself, saving the copy in a folder that it also creates within the system32 folder," reads the post. "The new InstallDir folder remains hidden inside the system files, making it difficult for users to access."

Most affected parts of the world include Colombia, Turkey, Thailand and elsewhere. In past, Remtasu was distributed through malicious files attached to phishing emails purporting to be from legitimate government or businesses organisations.