One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 380340 |
| Date de publication | 2017-06-30 13:00:00 (vue: 2017-06-30 13:00:00) |
| Titre | Week in Review 30th June 2017 |
| Texte | New Petya Variant Unless you’ve been away for the week on a deserted location with no access to the internet, radio, or television, you’ve likely been bombarded with news of the Petya ransomware variant that took offline most of the Ukraine as well as spreading around to other countries. It echoes the disastrous impact WannaCry had just a few short weeks ago. Our own AlienVault labs team broke down what they saw Microsoft has a nice technical post on how the attack works Lesley Carhart has written a very accessible post explaining the attack and the surrounding issues. Perhaps the biggest victim this time round was Cadbury’s, as it had to shut down its famous chocolate factory in Hobart. How I obtained direct publish access to 13% of npm packages This is a great post on how ChALkeR was able to obtain direct publish access to 13% of npm packages – with an estimated reach of up to 52% once you factor in dependency chains. It’s interesting because it’s relatively straightforward using three basic techniques of bruteforcing, reusing passwords from leaks, and npm credentials on GitHub. The issue has been addressed in an npm blog post. Just in case you need to check your credentials You are not Google Neither are you Amazon, or LinkedIn, or Facebook, or Netflix etc. A great post especially for engineers. This line of thinking can be expanded into security too. Just because a large, well-funded, and highly targeted company is using the latest bleeding edge next generation security products and tools, it doesn’t mean every company needs to adopt the same toolset. Rather, it’s about looking at what matters most, and getting security controls that are appropriate. I really need to find better ways of explaining my thoughts, the paragraph I just wrote throws me back to days of being a consultant. Legal boundaries and privacy The long-running case between the US Department of Justice and Microsoft has taken another turn as the DoJ has petitioned the US supreme court to get involved in allowing the US government access to Microsoft emails stored at its Dublin data centre. As Microsoft president and chief counsel Brad Smith argued in a blog post, if the US government has the right to directly seize internationally-held data, then other countries will of course expect the same right. This in effect would allow international digital raids for American or other nations’ data, in the US or around the worl |
| Envoyé | Oui |
| Condensat | ‘five 2017 30th able about access accessible accused addressed adopt again against ago algorithm alienvault all allow allowing allows amazon american another appear appropriate are argued around attack attackers australia available avoid away back ban based basic because been before being believe better between biggest bill bleeding bleepingcomputer blog bombarded boundaries brad breaks broke bruteforcing but bypass cadbury’s can carhart case centre chains chalker check chief chocolate claims clarify close cloud code com/2017/06/28/defense com/homenews/senate/339981 com/news/government/senate commissioner company companys computing concerns conclusions consultant controls could counsel countries course court crack credentials dangerous data day days defense department dependency deserted details digital direct directly disappointment disastrous dod doesn’t doj down draft dublin due echoes edge effect emails employees/ encryption engadget engineers especially estimated etc europe every evidence execute expanded expansion expect explaining eye eyes’ facebook factor factory fails famous fbi find fought found from funded gabriel gdpr generation german get gets getting github google government governments great hack hacking had has have held here highly hobart how however http://thehill https://www immediately impact impunity influence interesting international internationally internet interviews investigations involved issue issues it’s its june just justice kaspersky keeping labs large latest law leaders leaks legal lesley likely limited line linkedin location long looking malware manner mariya matters may mean measures meeting microsoft mindset more moscow most moves nasty nations’ near need needs neither netflix new news next nice not npm nuisance obtain obtained offline oficials once one online other own packages paragraph parliament passed passwords patch perhaps perspective petitioned petya police position possibly post powers precedent president privacy products provided public publish pun pushed radio raids ransomware rather reach ready really recently recommends related relatively remotely researcher results reusing review right round running russian same saw say security seize senate set shannon short shut significant skype smith software/ sorts spreading stored straightforward stuff substantiate supreme surrounding taken targeted team technical techniques television thanks then thinking thoughts three throws time too took tools toolset turn ukraine uncovered under unless upgrade use users using variant version very victim vulnerability wannacry ways weakening weaker week weeks well what where which will won wonder works world would written wrote you’ve your zero |
| Tags | Guideline |
| Stories | NotPetya Wannacry |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.