What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-06-07 12:01:18 | Using Network Insights to Stay One Step Ahead of Emerging Threats (lien direct) | With the right network insights, analysts can deal with existing threats such as WannaCry, and quickly detect and respond to new attacks as they emerge. | Wannacry | ||
 |
2017-06-07 10:06:00 | Interpol Analyzes Global Response to WannaCry Attack (lien direct) | Interpol cybercrime unit chiefs gather to evaluate the global extent of WannaCry and track criminals via blockchain analysis. | Wannacry | ||
 |
2017-06-07 10:00:44 | Why Phishing Still Makes Us WannaCry (lien direct) | The ISBuzz Post: This Post Why Phishing Still Makes Us WannaCry | Wannacry | ||
 |
2017-06-07 09:56:10 | InfoSec 2017: how to protect yourself against the next WannaCry (lien direct) | What made WannaCry different from other ransomware attacks? We explain how it happened - and look at what lessons we've learned |
Wannacry | ||
 |
2017-06-07 05:55:40 | Researchers Port NSA EternalBlue Exploit to Windows 10 (lien direct) | Experts at RiskSense have ported the leaked NSA exploit named ETERNALBLUE for the Windows 10 platform. This is the same exploit that was used by the WannaCry ransomware as part of its SMB self-spreading worm in the mid-May WannaCry outbreak that affected over millions of computers across the world. [...] | Wannacry | ||
 |
2017-06-07 05:45:14 | Infosec17: WannaCry could be demise of ransomware (lien direct) | WannaCry could lead to the decline and even demise of ransomware due to its poor implementation and its role in underlining the importance of defending against this threat, says a security expert | Guideline | Wannacry | |
 |
2017-06-06 11:38:00 | Can edutainment videos prevent the next WannaCry? (lien direct) | Researchers are busy exploring why software vulnerabilities still exist, as well as creative ways to change users' attitudes about cybersecurity. | Wannacry | ||
 |
2017-06-06 06:51:17 | Fireball: Chinese malware infects 250 million computers around the world (lien direct) | Fireball Malware: Know How It Works And Find Out If Your PC Is Infected It looks like the gloomy cloud of malware attacks is in no mood to leave the digital world. First, it was the WannaCry ransomware attack on May 12, 2017 that brought more than 3,00,000 computers in over 150 countries to a [...] | Wannacry | ||
 |
2017-06-05 16:15:45 | Some non-lessons from WannaCry (lien direct) | This piece by Bruce Schneier needs debunking. I thought I'd list the things wrong with it.The NSA 0day debateSchneier's description of the problem is deceptive:When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice.The government doesn't "discover" vulnerabilities accidentally. Instead, when the NSA has a need for something specific, it acquires the 0day, either through internal research or (more often) buying from independent researchers.The value of something is what you are willing to pay for it. If the NSA comes across a vulnerability accidentally, then the value to them is nearly zero. Obviously such vulns should be disclosed and fixed. Conversely, if the NSA is willing to pay $1 million to acquire a specific vuln for imminent use against a target, the offensive value is much greater than the fix value.What Schneier is doing is deliberately confusing the two, combing the policy for accidentally found vulns with deliberately acquired vulns.The above paragraph should read instead:When the government discovers a vulnerability accidentally, it then decides to alert the software vendor to get it patched. When the government decides it needs as vuln for a specific offensive use, it acquires one that meets its needs, uses it, and keeps it secret. After spending so much money acquiring an offensive vuln, it would obviously be stupid to change this decision and not use it offensively.Hoarding vulnsSchneier also says the NSA is "hoarding" vulns. The word has a couple inaccurate connotations.One connotation is that the NSA is putting them on a heap inside a vault, not using them. The opposite is true: the NSA only acquires vulns it for which it has an active need. It uses pretty much all the vulns it acquires. That can be seen in the ShadowBroker dump, all the vulns listed are extremely useful to attackers, especially ETERNALBLUE. Efficiency is important to the NSA. Your efficiency is your basis for promotion. There are other people who make their careers finding waste in the NSA. If you are hoarding vulns and not using them, you'll quickly get ejected from the NSA.Another connotation is that the NSA is somehow keeping the vulns away from vendors. That's like saying I'm hoarding naked selfies of myself. Yes, technically I'm keeping them away from you, but it's not like they ever belong to you in the first place. The same is true the NSA. Had it never acquired the ETERNALBLUE 0day, it never would've been researched, never found.The VEPSchneier describes the "Vulnerability Equities Process" or "VEP", a process that is supposed to manage the vulnerabilities the government gets.There's no evidence the VEP process has ever been used, at least not with 0days acquired by the NSA. The VEP allows exceptions for important vulns, and all the NSA vulns are important, so all are excepted from the process. Since the NSA is in charge of the VEP, of course, this is at the sole discretion of the NSA. Thus, the entire point of the VEP process goes away.Moreover, it can't work in many cases. The vulns acquired by the NSA often come with clauses that mean they can't be shared.New classes of vulnsOne reason sellers forbid 0days from being shared is because they use new classes of vulnerabilities, such that sha | Guideline | Wannacry | |
 |
2017-06-04 20:28:08 | Jaff Ransomware Operation Tied to Cybercrime Store (lien direct) | Jaff, a ransomware family that emerged on May 12, the same day WannaCry did, appears connected to wider operations, as a recent sample was found to share server space with a refined cybercrime marketplace, Heimdal Security warns. | Wannacry | ||
|
2017-06-03 12:36:04 | \'Tallinn Manual 2.0\' - the Rulebook for Cyberwar (lien direct) | Tallinn - With ransomware like "WannaCry" sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world's only book laying down the law in cyberspace could not be more timely. | Wannacry | ||
|
2017-06-02 19:58:00 | WannaCry: The smart person\'s guide (lien direct) | WannaCry, also known as WannaCrypt, has spread around the world through a crafty attack vector and an ability to jump from machine to machine. Here's what you need to know about this security threat. | Wannacry | ||
 |
2017-06-02 18:32:11 | EternalBlue Exploit Spreading Gh0st RAT, Nitol (lien direct) | FireEye said threat actors are using the NSA's EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT. | Wannacry | ||
 |
2017-06-02 15:15:38 | Financial Malware, not Ransomware, drives most Cyber Crime (lien direct) | In-brief: data from the firm Symantec shows that financial malware targeting banks – not ransomware- is the most important and oft-used tool in the cyber criminal’s toolbox. The headlines might be all about ransomware like the recent WannaCry, but data from the firm Symantec shows that financial malware targeting banks is the most...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/343903052/0/thesecurityledger -->»Related StoriesFBI: Business Email Compromise is a $5 Billion IndustryAnalysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top TargetsReport: Major Upgrade, Investments Needed to Secure Connected Vehicles, Infrastructure | Wannacry | ||
|
2017-06-02 14:30:15 | Threatpost News Wrap, June 2, 2017 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week's Samba vulnerability, and the OneLogin breach. | Wannacry | ||
 |
2017-06-02 13:00:00 | Week in Review 2nd June 2017 (lien direct) |
Wake up calls
WannaCry hit around 150 countries, unleashing ransomware indiscriminately against hospitals, telecoms providers, and an assortment of companies across all verticals and of all sizes.
So, it’s not wrong to suggest, as Microsoft President Brad Smith did, that the governments of the world should treat this attack as a wake up call.
However, there’s one snag. As Alina Selyukh states in this article, there have been decades of cyber ‘wake up calls’ with little evidence that anyone has woken up.
The question for the security industry is, whether yelling from the bottom of the stairs like a parent trying to wake up a teenager is the solution, or would they need to resort to more drastic measures?
What is consent?
Consent is one of those topics that gets a lot of air time for the wrong reasons. Not least of all when it comes to making someone a cup of tea - as in this great video.
But in the realm of security, and more specifically the General Data Protection Regulation (GDPR) there is the issue of consent that is getting a lot of air time. Many are interpreting the regulation to mean that under GDPR consent is a mandatory requirement for all processing of personal data.
This well-written article articulates what GDPR does and doesn’t say about consent, and why it’s not always mandatory.
Free course by Troy Hunt: The GDPR Attack Plan
Biker gang hacks Jeeps
A biker gang allegedly stole and smuggled to Mexico over 150 Jeep Wranglers. They did this by matching VIN’s with credentials stolen from a Jeep dealer that contained the information needed to cut and program duplicate keys.
This serves as another reminder of how connected functionality can be taken advantage of by miscreants. So one has to wonder how much liability should rest with the Jeep for pairing sensitive data with publicly visible VIN.
The rise of ‘stalkerware’
While everyone is looking at the theatrics on display - the NSA or other government agencies with a vast array of surveillance tools, it can be easy to overlook the dangerous, and potentially life-threatening rise of stalkerware which enables domestic violence.
Online harassment and cyberstalking
This software company may be helping people illegally spy on their spouses
Abusers using spyware apps to monitor partners reaches ‘epidemic proportions’
Economic analysis of ransomware |
Wannacry | ||
 |
2017-06-02 09:26:30 | WannaCry Coding Mistakes Can Help Files Recovery Even After Infection (lien direct) | Last month WannaCry ransomware hit more than 300,000 PCs across the world within just 72 hours by using its self-spreading capabilities to infect vulnerable Windows PCs, particularly those using vulnerable versions of the OS, within the same network.
But that doesn't mean WannaCry was a high-quality piece of ransomware.
Security researchers have recently discovered some programming errors in
|
Wannacry | ||
 |
2017-06-02 09:18:00 | WannaCry and Jaff: Two Different Malware Attacks with A Common Goal (lien direct) | On Friday, May 12, two separate ransomware attacks were unfolding, each both using different distribution capabilities and malware. | Wannacry | ||
 |
2017-06-02 08:10:33 | MS-17-010: EternalBlue\'s Large Non-Paged Pool Overflow in SRV Driver (lien direct) | The EternalBlue exploit took the spotlight this month as it became the tie that bound the spate of malware attacks these past few weeks-the pervasive WannaCry, the fileless ransomware UIWIX, the Server Message Block (SMB) worm EternalRocks, and the cryptocurrency mining malware Adylkuzz. EternalBlue (patched by Microsoft via MS17-010) is a security flaw related to how a Windows SMB 1.0 (SMBv1) server handles certain requests. If successfully exploited, it can allow attackers to execute arbitrary code in the target system. The severity and complexity of EternalBlue, alongside the other exploits released by hacking group Shadow Brokers, can be considered medium to high. We further delved into EternalBlue's inner workings to better understand how the exploit works and provide technical insight on the exploit that wreaked havoc among organizations across various industries around the world. Post from: Trendlabs Security Intelligence Blog - by Trend Micro MS-17-010: EternalBlue's Large Non-Paged Pool Overflow in SRV Driver | Wannacry | ||
 |
2017-06-02 08:00:00 | Les acteurs de la menace tirent parti de l'exploit éternel pour livrer des charges utiles non de la wannacry Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads (lien direct) |
L'exploit «eternalblue» ( MS017-010 ) a d'abord été utilisépar Wannacry Ransomware et Adylkuzz Cryptocurrency Miner.Maintenant, plus d'acteurs de menaces tirent parti de la vulnérabilité à MicrosoftProtocole de bloc de messages du serveur (SMB) & # 8211;Cette fois pour distribuer Backdoor.Nitol et Trojan Gh0st Rat.
Fireeye Dynamic Threat Intelligence (DTI) a historiquement observé des charges utiles similaires livrées via l'exploitation de la vulnérabilité CVE-2014-6332 ainsi que dans certaines campagnes de spam par e-mail en utilisant Commandes de versions .Plus précisément, Backdoor.Nitol a également été lié à des campagnes impliquant une exécution de code distante
The “EternalBlue” exploit (MS017-010) was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block (SMB) protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic Threat Intelligence (DTI) has historically observed similar payloads delivered via exploitation of CVE-2014-6332 vulnerability as well as in some email spam campaigns using powershell commands. Specifically, Backdoor.Nitol has also been linked to campaigns involving a remote code execution |
Ransomware Spam Vulnerability Threat | Wannacry | ★★★★ |
|
2017-06-02 04:25:19 | Financial malware more than twice as prevalent as ransomware (lien direct) | While ransomware continues to make the headlines, particularly in the wake of WannaCry, research has revealed that financial threats are 2.5 times more prevalent | Wannacry | ★★★★★ | |
|
2017-06-01 17:39:59 | Is Crisis Patch Management Making Your Security Teams WannaCry? (lien direct) | The ISBuzz Post: This Post Is Crisis Patch Management Making Your Security Teams WannaCry? | Wannacry | ||
|
2017-06-01 14:09:04 | WannaCry Development Errors Enable File Recovery (lien direct) | Researchers at Kaspersky Lab have found a number of programming errors in the WannaCry ransomware code that put file recovery within reach of sysadmins. | Wannacry | ||
|
2017-06-01 12:00:23 | Kittens, bears or pandas: who\'s behind the biggest cyberattacks? (lien direct) | WannaCry is just the latest attack where everyone wants to know who's behind the outbreak - but how much do we really know about the cybercrooks? And how can we be sure?  |
Wannacry | ||
|
2017-06-01 11:30:22 | Free Anti-Ransomware Tool Achieves Top Marks In Independent Tests – Showing All Businesses Can Safeguard Against WannaCry Style Attacks (lien direct) | The ISBuzz Post: This Post Free Anti-Ransomware Tool Achieves Top Marks In Independent Tests – Showing All Businesses Can Safeguard Against WannaCry Style Attacks | Wannacry | ||
 |
2017-06-01 08:09:22 | Windows XP \'did not contribute much\' to WannaCry infection totals (lien direct) |  Even in the absence of encrypted files, no one wants a Blue Screen of Death.
David Bisson reports.
|
Wannacry | ||
 |
2017-05-31 13:06:37 | (Déjà vu) June Edition of the Ouch! Security Awareness Newsletter: https://securingthehuman.sans.org/resources/newsletters/ouch/2017 (Lessons learned from WannaCry), (Wed, May 31st) (lien direct) | --- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Wannacry | ||
|
2017-05-31 13:00:00 | File Integrity Monitoring Solutions – What Are They and Why You Need One, Part 3 (lien direct) |
With the recent WannaCry ransomware attack still top of mind for many IT professionals worldwide, it’s an important reminder to that you should monitor not just your networks and security devices, but also data on your servers and desktops. In the case of WannaCry, having File Integrity Monitoring (FIM) in place can enable you to detect changes to key data files that WannaCry tries to encrypt and inform you of the threat before the affected asset and its data become unusable and possibly irretrievable.
With emerging variants of WannaCry and the continuous onslaught of attacks against your infrastructure, whether you’re looking to protect a key asset like Active Directory, or perform change audit on any of your critical servers, a File Integrity Monitoring solution should be a part of your security defense. With that in mind, it’s important to re-iterate that FIM is not the ‘silver bullet’ of security solutions, but is definitely a powerful and effective defense that you should have in your IT security arsenal.
In my previous blogs on FIM, I introduced (part 1) the ‘what’ and the ‘why’ behind FIM as one invaluable approach to monitoring for malicious changes to files. I then introduced (part 2) some best practices for FIM, including what files to monitor and how to get the best value from your FIM deployment.
This week I’m going to discuss what to look for when selecting a FIM solution, caveats to be aware of, and how our AlienVault Unified Security Management (USM) products – AlienVault USM Anywhere and AlienVault USM Appliance – can help you implement a multi-faceted security program with its several essential security capabilities, including FIM.
Selecting a File Integrity Monitoring Solution
It can be difficult to find the right solution for your unique environment. Just a quick search on ‘File Integrity Monitoring’ brings up an overwhelming number of search results. But, which to look at and what are the differences among the various solutions?
Well, let’s start with the following list, which will provide you the key things to look for in your final solution:
Agent vs. agentless. Agent-based FIM solutions leverage software agents installed on target systems. They typically yield the most powerful analyses and can deliver change monitoring at or near real-time.
In contrast, agentless FIM tools get up and running very quickly because no agent is required. However, the feature set and depth of functions of agentless FIM tools is generally reduced, and the analysis isn’t real-time. This leaves potential risk from not being able to monitor change when you need it most. If you require the depth and feature richness of an agent-based system, consider a unified approach that integrates multiple security functions into a single agent for a smaller footprint and less management effort.
Standalone vs. HIDS. Some FIM solutions integrate with, or are a part of, a host-based intrusion detection system (HIDS). HIDS capabilities are a superset of FIM capabilities and can detect threats in areas other than files, such as system memory (RAM) or I/O. Standalone FIM tools generally provides file analysis only.
Performance. The more people in the organization you tal |
Wannacry | ||
|
2017-05-31 12:01:15 | WannaCry II: The Sequel No One Wants to See (lien direct) | Everyone loves a good sequel, but security professionals hope to avoid a follow-up to WannaCry, this summer's biggest surprise blockbuster. | Wannacry | ||
 |
2017-05-31 10:23:48 | Shadow Brokers : des hackers se cotisent pour récupérer les outils volés de la NSA (lien direct) | Le mystérieux groupe de pirates réclame l'équivalent de 20.000 euros pour la prochaine livraison d'outils de piratage de la NSA. Des chercheurs en sécurité veulent y souscrire pour les analyser et, ainsi, éviter une nouvelle catastrophe à la WannaCry.  |
Wannacry | ||
|
2017-05-31 09:46:57 | WannaCry shows validity of risk-based security, says RSA head (lien direct) | WannaCry and other recent cyber attacks underline the importance of adopting a risk-based approach to security, says RSA president | Wannacry | ||
 |
2017-05-31 09:44:46 | Shadow Brokers move bitcoins after hacking tool auction (lien direct) | Bitcoins worth £18,500 ($24,000) that were sent to hacker group the Shadow Brokers have been moved. The funds were received during an auction of hacking tools that failed to attract much interest before the group eventually released the tools for free. One leak included an exploit that helped the WannaCry ransomware to spread around the ... | Wannacry | ||
 |
2017-05-31 08:48:31 | Byline: WannaCry is Part of a Bigger Problem (lien direct) | The most important question related to the recent WannaCry attacks isn't who the attackers were, or how big the attack was. The question is, “How did this happen in the first place?†The vulnerability exploited by this attack had been patched by Microsoft months before. That patch was part of a widely publicized update that was issued in response to the massive set of NSA cyberespionage tools leaked by the secretive group known as Shadow Brokers. Everyone knew about it. Yet, apparently, few did anything about it. Failure... | Wannacry | ||
|
2017-05-31 07:33:02 | Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2), (Wed, May 31st) (lien direct) | Introduction In my previous diary, I did a very brief introduction on what the ACH method is [1], so that now all readers, also those who had never seen it before, can have a common basic understanding of it. One more thing I have not mentioned yet is how the scores are calculated. There are three different algorithms: an Inconsistency Counting algorithm, a Weighted Inconsistency Counting algorithm, and a Normalized algorithm [2]. The Weighted Inconsistency Counting algorithm, the one used in todays examples, builds on the Inconsistency algorithm, but also factors in weights of credibility and relevance values. For each item of evidence, a consistency entry of I width:300px" /> Today, I will apply ACH to a recent quite known case: WCry attribution. There has been lots of analyses and speculations around it, lately several sources in the InfoSec community tied WCry strongly to Lazarus Group [3][4][5][6], while some others provided motivation for being skeptical about such attribution [7]. Therefore, it is a perfect case to show the use of ACH: several different hypotheses, facts, evidences and assumptions. Digital Shadows WCry ACH analysis About two weeks ago, Digital Shadows published a very well done post on ACH applied to WCry attribution [8]. Regarding possible attribution to Lazarus though, as stated on their post, At the time of writing, however, we assessed there to be insufficient evidence to corroborate this claim of attribution to this group, and alternative hypotheses should be considered. Therefore among the hypotheses considered is missing one specifically for Lazarus in place of a more generic nation state or state affiliate actor. The following are the four different hypotheses considered by Digital Shadows: A sophisticated financially-motivated cybercriminal actor - H1 An unsophisticated financially-motivated cybercriminal actor - H2 A nation state or state-affiliated actor conducting a disruptive operation - H3 A nation state or state-affiliated actor aiming to discredit the National Security Agency (NSA) width:600px" /> Given the final scores computed, they have assessed that though by no means definitive, a WannaCry campaign launched by an unsophisticated cybercriminal actor was the most plausible scenario based on the information that is currently available. Just one note on my side, from my calculation seems they have made a mistake, and H2 score should be -2.121 rather than -1.414. This does not change the final result, but brings H2 and H3 way closer. My WCry ACH Analysis Although the Digital Shadows analysis was a very good one, I felt something was missing, both on the hypotheses as well as on the evidences side. Particularly, in my opinion, I would add three more hypotheses. When thinking about NSA being the final target of this, other than A nation state or state-affiliated actor aiming to discredit the NSA, I think that it should be considered also a (generic/unattributed) TA aiming at unveiling/exposing the extent of possible NSA network of compromised machines (H5). This is something one would expect from a hacktivist maybe, although it seems to be way more sophisticated than what hacktivist have got us used to. One difference with the H4 could be on the lack of supporting media narrative. While if one wants to discredit NSA would be ready to have a supporting media narrative, if the goal was simply to unveil and show to everyone the potential extent of NSA infected machines, the infection as it was would have been sufficient, given also the abundant media coverage it got. Although this may still be seen as too close to H4 to be a different hypothesis, I still do see a case for it. | Medical | Wannacry APT 38 | |
 |
2017-05-31 05:26:00 | IDG Contributor Network: Nothing new to (Wanna)Cry about (lien direct) | The WannaCry outbreak has been troubling in many regards – exposing flaws, and opening doors to much finger-pointing and blaming that have gone well beyond the handling and disclosure of nation-state cyber weapon stockpiling.The attackers likely had a good idea of how quickly and widely the attack would spread, evidenced by the fact that their ransom demand was created in 28 languages, suggesting that they had very high expectations of the success of their attack.WannaCry targeted Microsoft systems that were not running the latest patches, and older versions of Windows such as Windows XP, which is still widely deployed in the NHS despite being 16 years old and no longer supported by Microsoft, except under custom contracts.To read this article in full or to leave a comment, please click here | Wannacry | ||
|
2017-05-31 04:34:28 | Shadow Brokers prepares zero-day subscription service (lien direct) | Businesses may face an onslaught of zero-day attacks soon as the group that leaked the NSA exploits used in the WannaCry ransomware attacks prepares to release more stolen code | Wannacry | ||
|
2017-05-30 17:32:00 | Don\'t be the weak link that brings us all down: Keep your OS patched and up to date (lien direct) | The worldwide proliferation of WannaCry ransomware exposed a lack of urgency regarding OS security updates. That can't be allowed to happen. | Wannacry | ||
|
2017-05-30 16:10:22 | China, U.S. Most Affected by WannaCry Ransomware (lien direct) | New data released by security company Kryptos Logic reveals that China and the United States were affected the most by the WannaCry outbreak over the past weeks. | Wannacry | ★★★★★ | |
|
2017-05-30 15:55:19 | Latest WannaCry Theory: Currency Manipulation (lien direct) | The recent WannaCry outbreak is still a mystery. We know what (ransomware), and how (a Windows vulnerability on unsupported or unpatched systems); but we don't know who or why. We're not short of theories: Lazarus, North Korea, some other nation-state actor, Chinese or Russian actors -- but none of these has gained general acceptance. | Wannacry APT 38 | ||
|
2017-05-30 07:25:11 | New Data Shows Most WannaCry Victims Are From China, Not Russia (lien direct) | Data released yesterday by Kryptos Logic reveals that most WannaCry victims are located in China, and not Russia, as various antivirus vendors have announced during the WannaCry ransomware outbreak. [...] | Wannacry | ||
|
2017-05-29 11:53:24 | Should Google Be Doing More To Check Apps Amid WannaCry (lien direct) | The ISBuzz Post: This Post Should Google Be Doing More To Check Apps Amid WannaCry | Wannacry | ||
|
2017-05-29 11:10:00 | Linguistic Analysis Suggests WannaCry Hackers Could be From Southern China (lien direct) | It's been almost four weeks since the outcry of WannaCry ransomware, but the hackers behind the self-spread ransomware threat have not been identified yet.
However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to 'Lazarus Group,' a state-sponsored hacking group believed to work for the North Korean government.
Now, new research from dark web
|
Medical | Wannacry APT 38 | |
|
2017-05-26 21:00:35 | (Déjà vu) XData Ransomware Making Rounds Amid Global WannaCryptor Scare (lien direct) | The ISBuzz Post: This Post XData Ransomware Making Rounds Amid Global WannaCryptor Scare | Wannacry | ||
|
2017-05-26 18:21:05 | Video: Which version of Windows was most affected by WannaCry? (lien direct) | Surprisingly enough it's not Windows XP. | Wannacry | ||
|
2017-05-26 14:00:37 | Threatpost News Wrap, May 26, 2017 (lien direct) | Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw. | Wannacry | ★★★ | |
|
2017-05-26 11:35:57 | Samba exploit – not quite WannaCry for Linux, but patch anyway! (lien direct) | SMB is the Windows networking protocol, so SMB security holes like the one that led to WannaCry can't happen on Linux/Unix, right? Wrong!  |
Wannacry | ||
|
2017-05-26 10:00:00 | SMB exploité: utilisation de Wannacry de "Eternalblue" SMB Exploited: WannaCry Use of "EternalBlue" (lien direct) |
Server Message Block (SMB) est le protocole de transport utilisé par les machines Windows à une grande variété de fins telles que le partage de fichiers, le partage d'imprimantes et l'accès aux services Windows distants.SMB fonctionne sur les ports TCP 139 et 445. En avril 2017, Shadow Brokers a publié une vulnérabilité SMB nommée "EternalBlue", qui faisait partie du Microsoft Security Bulletin MS17-010 .
le récent wannacry ransomware profite de cette vulnérabilité pour compromettre les machines Windows, charger les logiciels malveillants et propageraux autres machines d'un réseau.L'attaque utilise les version 1 SMB et le port TCP 445 pour se propager.
con
Server Message Block (SMB) is the transport protocol used by Windows machines for a wide variety of purposes such as file sharing, printer sharing, and access to remote Windows services. SMB operates over TCP ports 139 and 445. In April 2017, Shadow Brokers released an SMB vulnerability named “EternalBlue,” which was part of the Microsoft security bulletin MS17-010. The recent WannaCry ransomware takes advantage of this vulnerability to compromise Windows machines, load malware, and propagate to other machines in a network. The attack uses SMB version 1 and TCP port 445 to propagate. Con |
Vulnerability Technical | Wannacry | ★★★★ |
|
2017-05-26 09:29:04 | WannaCry: Ransom note analysis throws up new clues (lien direct) | As the world works towards identifying the perpetrators of the WannaCry ransomware campaign, one group of cybersecurity researchers says they’ve likely determined the native language of the writer of the ransom note, another potential step towards attributing the attack. A number of cybersecurity firms have tentatively linked the attack to North Korea, but now analysis of WannaCry ... | Wannacry | ★★★★ | |
|
2017-05-26 03:52:28 | EternalRocks author throws in the towel after media attention (lien direct) | Security researcher who discovered worm that could have bigger impact than WannaCry says the author seems to have given up | Wannacry | ||
|
2017-05-25 22:54:00 | WannaCry: the rush to blame XP masked bigger problems (lien direct) | Many pointed the finger at Windows XP, but the worst hit computers were unpatched Windows 7 machines |
Wannacry |
To see everything:
Our RSS (filtrered)
