Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-07-29 15:50:05 |
A week in security (July 22 – 28) (lien direct) |
The latest cybersecurity news for the week of July 22–28. We look at Phobos ransomware, stalkerware's similarities to parental monitoring apps, and the investigation into Malaysian Airlines Flight 17.
Categories:
A week in security
Tags: a week in securityAdwCleanerAmazongBlueKeepcloud securityElasticsearchElectronic Privacy Information CenterFaceAppfacebookFederal Trade CommissionFlight 17FTCMalaysian AirlinesMarcus Hutchinsoffice 365online privacyparental monitoringparental monitoring appsPhobospre-installed softwareransomwareRing doorbellrussiarussian disinformationstalkerwareUS Federal Trade CommissionWannaCryweek in security
(Read more...)
|
|
Wannacry
|
|
|
2019-07-27 13:00:00 |
WannaCry Hero Marcus Hutchins Won\'t Go to Jail for Old Hacking Crimes (lien direct) |
Russian election hacks, Amazon's police partnerships, and more security news this week. |
|
Wannacry
|
★★★
|
|
2019-07-26 17:36:00 |
Marcus \'MalwareTech\' Hutchins gets no prison time, one year supervised release (lien direct) |
US legal case against security researcher who helped stop WannaCry ransomware outbreak comes to an end. |
Ransomware
|
Wannacry
|
|
|
2019-07-26 15:10:00 |
Malware Researcher Hutchins Sentenced to Supervised Release (lien direct) |
Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware. |
Malware
|
Wannacry
|
|
|
2019-07-26 11:55:00 |
Judge Rules No Jail Time for WannaCry \'Killer\' Marcus Hutchins, a.k.a. MalwareTech (lien direct) |
Marcus Hutchins, better known as MalwareTech, has been sentenced to "time served" and one year of supervised release for developing and selling the Kronos banking malware.
Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court.
In response to today's sentencing Hutchins said: "Sentenced to time served! Incredibly thankful for |
|
Wannacry
|
|
|
2019-07-18 17:03:01 |
Over 800,000 Systems Still Vulnerable to BlueKeep Attacks (lien direct) |
Users and organizations continue to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708, but over 800,000 systems are still exposed to attacks.
|
Vulnerability
|
Wannacry
|
|
|
2019-07-18 12:43:05 |
Thousands of NHS computers are still running Windows XP from beyond the grave (lien direct) |
Two years after the WannaCry ransomware outbreak shone a light on the computer security of the the UK's National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2300 PCs running the outdated operating system.
Read more in my article on the Tripwire State of Security blog.
|
Ransomware
|
Wannacry
|
|
|
2019-07-11 16:21:03 |
Wannacry ransomware attack: Industry experts offer their tips for prevention (lien direct) |
Wannacry remains a significant threat for companies. Learn how your organization can guard against it. |
Ransomware
Threat
|
Wannacry
|
|
|
2019-07-08 13:00:00 |
File transfer security risks and how to avoid them (lien direct) |
Ransomware attacks increased by 105% in the first quarter of 2019, according to Beazley’s tally of insurance claims and data analytics. Other alarming reports show that new variants of Ransomware keep appearing almost every month. In addition, two years after the WannaCry Ransomware attacks, 1.7 million computers still remain at risk in 2019 according to TechCrunch. Fortunately, there are cybersecurity solutions that can protect your data during file transfer and file storage.
File transfer and storage risks
Cloud adoption continues to grow as more businesses discover the cost saving potential and convenience that comes with it. However, misconfigured servers are still a major risk for companies using infrastructure and platform as a service. Misconfigured servers are characterized by default accounts and passwords, unrestricted outbound access, enabled debugging functions, and more. The number of files exposed on misconfigured servers, storage and cloud services in 2019 is 2.3 billion according to an article on ZDNet.
However, not all businesses primarily use the cloud for file transfer and data storage. Some people still prefer using bulk USB drives because they do not require an internet connection, and can be physically protected. Apart from this, their use cannot be restricted for the owner, and they have been reducing in size yet their storage capacity has been increasing. However, USB’s could come from a vendor preloaded with malware that can infect everything they are plugged into.
You can protect your computer system
The greatest risk of USBs is that they are very small yet someone can use them to steal massive amounts of data and easily take that data anywhere. Some companies and organizations like the US military have responded to this risk by banning their use completely. To ensure employees or workers stick to this ba |
Ransomware
Malware
|
Wannacry
|
|
|
2019-07-04 11:52:01 |
Cost-cutting could put the NHS at risk of suffering another cyberattack. (lien direct) |
A new report has concluded that the United Kingdom's NHS remains vulnerable to cyberattacks two years on the from WannaCry ransomware attack that cost the healthcare provider £92m in damages and lost productivity. According to a new report on NHS Cyber Security by Imperial College London's Institute of Global Health Innovation, outdated computer systems, lack […]
|
Ransomware
|
Wannacry
|
|
|
2019-06-13 13:00:03 |
May 2019\'s Most Wanted Malware: Patch Now to Avoid the BlueKeep Blues (lien direct) |
In May, the most significant event in the threat landscape was not a new type of malware: it was a serious vulnerability in older versions of Windows operating systems that – if exploited by criminals – could lead to the type of mega-scale ransomware attacks we saw in 2017 with WannaCry and NotPetya. The…
|
Ransomware
Vulnerability
Threat
Guideline
|
NotPetya
Wannacry
|
★★★
|
|
2019-06-13 12:00:01 |
Expert: Patch Bluekeep Now or Face WannaCry Scenario (lien direct) |
The flaw known as BlueKeep could be as dangerous as EternalBlue, the basis of recent malware like WannaCry, according to a report by BitSight.
The post Expert: Patch Bluekeep Now or Face WannaCry Scenario |
Malware
|
Wannacry
|
|
|
2019-05-29 13:23:00 |
How WannaCry is still launching 3,500 successful attacks per hour (lien direct) |
The proliferation of unpatched systems in manufacturing and healthcare settings allows the North Korean state-sponsored malware to persist. |
Malware
|
Wannacry
|
★★★★★
|
|
2019-05-28 06:20:06 |
Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708) (lien direct) |
Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to assess the danger. I find nearly 1-million devices on the public Internet that are vulnerable to the bug. That means when the worm hits, it'll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry and notPetya from 2017 -- potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.To scan the Internet, I started with masscan, my Internet-scale port scanner, looking for port 3389, the one used by Remote Desktop. This takes a couple hours, and lists all the devices running Remote Desktop -- in theory.This returned 7,629,102 results (over 7-million). However, there is a lot of junk out there that'll respond on this port. Only about half are actually Remote Desktop.Masscan only finds the open ports, but is not complex enough to check for the vulnerability. Remote Desktop is a complicated protocol. A project was posted that could connect to an address and test it, to see if it was patched or vulnerable. I took that project and optimized it a bit, rdpscan, then used it to scan the results from masscan. It's a thousand times slower, but it's only scanning the results from masscan instead of the entire Internet.The table of results is as follows:1447579 UNKNOWN - receive timeout1414793 SAFE - Target appears patched1294719 UNKNOWN - connection reset by peer1235448 SAFE - CredSSP/NLA required 923671 VULNERABLE -- got appid 651545 UNKNOWN - FIN received 438480 UNKNOWN - connect timeout 105721 UNKNOWN - connect failed 9 82836 SAFE - not RDP but HTTP 24833 UNKNOWN - connection reset on connect 3098 UNKNOWN - network error 2576 UNKNOWN - connection terminatedThe various UNKNOWN things fail for various reasons. A lot of them are because the protocol isn't actually Remote Desktop and respond weirdly when we try to talk Remote Desktop. A lot of others are Windows machines, sometimes vulnerable and sometimes not, but for some reason return errors sometimes.The important results are those marked VULNERABLE. There are 923,671 vulnerable machines in this result. That means we've confirmed the vulnerability really does exist, though it's possible a small number of these are "honeypots" deliberately pretending to be vulnerable in order to monitor hacker activity on the Internet.The next result are those marked SAFE due to probably being "pached". Actually, it doesn't necessarily mean they are patched Windows boxes. They could instead be non-Windows systems that appear the same as patched Windows boxes. But either way, they are safe from this vulnerability. There are 1,414,793 of them.The next result to look at are those marked SAFE due to CredSSP/NLA failures, of which there are 1,235,448. This doesn't mean they are patched, but only that we can't exploit them. They require "network level authentication" first before we can talk Remote Desktop to them. That means we can't test whether they are patched or vulnerable -- but neither can the hackers. They may still be exploitable via an insider threat who knows a valid username/password, but they aren't exploitable by anonymous hackers or worms.The next category is marked as SAFE because they aren't Remote Desktop at all, but HTTP servers. In other words, in response to o |
Ransomware
Vulnerability
Threat
Patching
Guideline
|
NotPetya
Wannacry
|
|
|
2019-05-27 19:59:38 |
A lesson in journalism vs. cybersecurity (lien direct) |
A recent NYTimes article blaming the NSA for a ransomware attack on Baltimore is typical bad journalism. It's an op-ed masquerading as a news article. It cites many to support the conclusion the NSA is to be blamed, but only a single quote, from the NSA director, from the opposing side. Yet many experts oppose this conclusion, such as @dave_maynor, @beauwoods, @daveaitel, @riskybusiness, @shpantzer, @todb, @hrbrmst, ... It's not as if these people are hard to find, it's that the story's authors didn't look.The main reason experts disagree is that the NSA's Eternalblue isn't actually responsible for most ransomware infections. It's almost never used to start the initial infection -- that's almost always phishing or website vulns. Once inside, it's almost never used to spread laterally -- that's almost always done with windows networking and stolen credentials. Yes, ransomware increasingly includes Eternalblue as part of their arsenal of attacks, but this doesn't mean Eternalblue is responsible for ransomware.The NYTimes story takes extraordinary effort to jump around this fact, deliberately misleading the reader to conflate one with the other. A good example is this paragraph:That link is a warning from last July about the "Emotet" ransomware and makes no mention of EternalBlue. Instead, the story is citing anonymous researchers claiming that EthernalBlue has been added to Emotet since after that DHS warning.Who are these anonymous researchers? The NYTimes article doesn't say. This is bad journalism. The principles of journalism are that you are supposed to attribute where you got such information, so that the reader can verify for themselves whether the information is true or false, or at least, credible.And in this case, it's probably false. The likely source for that claim is this article from Malwarebytes about Emotet. They have since retracted this claim, as the latest version of their article points out.In any event, the NYTimes article claims that Emotet is now "relying" on the NSA's EternalBlue to spread. That's not the same thing as "using", not even close. Yes, lots of ransomware has been updated to also use Eternalblue to spread. However, what ransomware is relying upon is still the Wind |
Ransomware
Malware
Patching
Guideline
|
NotPetya
Wannacry
|
|
|
2019-05-27 16:53:02 |
BlueKeep scans observed from exclusively Tor exit nodes (lien direct) |
GreyNoise experts detected scans for systems vulnerable to the BlueKeep (CVE-2019-0708) vulnerability from exclusively Tor exit nodes. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry-like attack. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that it can […]
|
Vulnerability
|
Wannacry
|
|
|
2019-05-25 12:02:02 |
0patch issued a micropatch to address the BlueKeep flaw in always-on servers (lien direct) |
0patch, released a security patch to address the BlueKeep vulnerability, that can be deployed by administrators to protect always-on servers. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry-like attack. The issue is a remote code execution flaw in Remote Desktop […]
|
Vulnerability
|
Wannacry
|
|
|
2019-05-21 21:30:03 |
Another WannaCry May Be Coming – Are You Ready? (lien direct) |
The vulnerability is severe enough that Microsoft took a pretty unusual step in releasing updates for Windows XP and Server 2003 in addition to currently supported versions of Windows that are affected. Unlike WannaCry, this threat is seen as extremely easy to exploit. It took a leaked NSA tool to exploit the WannaCry vulnerability, whereas the fear …
The ISBuzz Post: This Post Another WannaCry May Be Coming – Are You Ready? |
Tool
Vulnerability
Threat
|
Wannacry
|
|
|
2019-05-21 13:59:01 |
Deux ans après Wannacry, les rançongiciels ciblent en priorité vos sauvegardes (lien direct) |
Le rançongiciel est devenu en quelques années l'un des acteurs principaux dans le paysage des cyberattaques. En 2017, les attaques rançongiciel ont même pris des proportions jamais vues jusqu'alors. |
|
Wannacry
|
|
|
2019-05-17 12:36:04 |
Microsoft alerte sur une faille semblable à WannaCry (lien direct) |
Suite à l'alerte, par Microsoft, d'une nouvelle faille de sécurité semblable à WannaCry, veuillez trouver ci-dessous l'analyse de Dagobert Levy, Vice President, France et Europe du Sud, de Tanium. |
|
Wannacry
|
|
|
2019-05-17 09:30:02 |
EternalBlue reaching new heights since WannaCryptor outbreak (lien direct) |
Attack attempts involving the exploit are in hundreds of thousands daily
|
|
Wannacry
|
|
|
2019-05-16 23:13:01 |
Microsoft Warns Against Critical, WannaCry-like Flaw (lien direct) |
Microsoft's announcement urging users of older versions of Windows to apply a patch to protect against a potential widespread WannaCry-like attack. Two years on from the WannaCry attack, which affected computers in over 70 countries, Tanium's recent research showed that organisations are still struggling with patching hygiene, leaving their critical assets exposed. This vulnerability is so bad that #Microsoft …
The ISBuzz Post: This Post Microsoft Warns Against Critical, WannaCry-like Flaw |
Vulnerability
Patching
|
Wannacry
|
|
|
2019-05-15 12:57:05 |
Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks (lien direct) |
Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS flaw allowing WannaCry-Like attacks. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a Windows zero-day flaw and an RDS vulnerability that can be exploited to carry out WannaCry-like attack. The zero-day vulnerability addressed by Microsoft Patch Tuesday […]
|
Vulnerability
|
Wannacry
|
|
|
2019-05-15 06:06:05 |
Microsoft Patches RDS Vulnerability Allowing WannaCry-Like Attacks (lien direct) |
Microsoft's Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a zero-day and a flaw that can be exploited by malware to spread similar to the way the notorious WannaCry did back in 2017.
|
Malware
Vulnerability
|
Wannacry
|
|
|
2019-05-14 17:11:03 |
Microsoft Patches \'Wormable\' Flaw in Windows XP, 7 and Windows 2003 (lien direct) |
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
The vulnerability (CVE-2019-0709) resides in the "remote desktop services" component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates. |
Ransomware
Malware
Vulnerability
Threat
|
Wannacry
|
|
|
2019-05-13 08:32:01 |
Over a million computers remain at risk 2 years post WannaCry. (lien direct) |
As many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data. Data generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark - with most of the vulnerable devices in the U.S. But that only accounts for devices directly connected […]
|
|
Wannacry
|
|
|
2019-05-10 16:53:03 |
The WannaCry Security Legacy and What\'s to Come (lien direct) |
The WannaCry attack proved pivotal, changing the way organizations go about securing their environments. |
|
Wannacry
|
|
|
2019-05-07 09:14:03 |
NSA Hacking Tools Used by Chinese Hackers One Year Before Leak (lien direct) |
A Chinese threat group was using hacking tools developed by the NSA more than a year before Shadow Brokers leaked them in April 2017, tools that were later used in highly destructive attacks such as the WannaCry ransomware campaign from May 2017. [...] |
Threat
|
Wannacry
|
★★★
|
|
2019-04-30 15:00:00 |
Sophisticated threats plague ailing healthcare industry (lien direct) |
Black hat hackers are after patient healthcare data, and such breaches will only intensify. Which forms of malware are behind the attacks? We take a look at the advanced threats targeting a sector struggling to keep up.
Categories:
Cybercrime
Malware
Tags: 2019 data security incident response reportdecatur county general hospital breachEternalBluefiless malwarehealthcarehealthcare cybersecurityhealthcare malwarehealthcare securityHIPAARansom.WannaCryptransomwareriskwareriskware.mictrayriskware.tool.hckrootkit.fileless.mtgenspywarespyware.agentspyware.emotetspyware.trickbottrickbottrojan.bitcoinminertrojan.emotettrojan.fakemsTrojan.TrickBotTrojansWannaCryworm.pariteworm.qakbotworms
(Read more...)
|
Malware
|
Wannacry
|
|
|
2019-04-25 10:43:01 |
Smashing Security #125: Pick of the thief! (lien direct) |
WannaCry’s “accidental hero” pleads guilty to malware charges, Samsung and Nokia have fingerprint fumbles, the NCSC publishes a list of 100,000 dreadful passwords, and Apple finds itself at the centre of an identity mix-up.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
|
Malware
Guideline
|
Wannacry
|
|
|
2019-04-23 20:46:04 |
WannaCryptor \'accidental hero\' pleads guilty to malware charges (lien direct) |
>Marcus Hutchins, who is best known for his inadvertent role in blunting the WannaCryptor outbreak two years ago, may now face a stretch behind bars
|
Malware
|
Wannacry
|
|
|
2019-04-22 19:22:00 |
Kronos : Le tueur de Wanacry face à 10 ans de prison pour la création d\'un logiciel pirate (lien direct) |
En 2017, Marcus Hutchin, connu sous le pseudonyme de MalwareTech, stoppait le rançongiciel WannaCry. Deux ans plus tard, il fait face à 10 ans de prison. Il a avoué la création et la diffusion du logiciel pirate Kronos. En 2017, le ransomware Wannacry faisait la Une de la presse. Ce logiciel pirate ...
Cet article Kronos : Le tueur de Wanacry face à 10 ans de prison pour la création d’un logiciel pirate est apparu en premier sur ZATAZ.
|
Ransomware
|
Wannacry
|
|
|
2019-04-19 20:10:00 |
Security researcher MalwareTech pleads guilty (lien direct) |
WannaCry hero faces up to ten years in a US prison. |
|
Wannacry
|
|
|
2019-04-10 11:34:04 |
New Extortion Email Threatens to Install WannaCry and DDoS Your Network (lien direct) |
A new extortion email scam campaign is underway that states that your computer was hacked and that it was discovered you were hiding your taxes. The alleged hackers then demand 2 bitcoins or they will notify the "Tax Department", DDoS your network, and then install the WannaCry ransomware. [...] |
|
Wannacry
|
|
|
2019-04-09 15:36:04 |
Get Ready for the First Wave of AI Malware (lien direct) |
While viruses and malware have stubbornly stayed as a top-10 “things I lose sleep over as a CISO,” the overall threat has been steadily declining for a decade. Unfortunately, WannaCry, NotPetya, and an entourage of related self-propagating ransomware abruptly propelled malware back up the list and highlighted the risks brought by modern inter-networked business systems and the explosive growth of unmanaged devices.
|
Ransomware
Malware
Threat
|
NotPetya
Wannacry
|
|
|
2019-04-04 03:00:02 |
3 Stages to Mounting a Modern Malware Defense Program (lien direct) |
You would be hard-pressed these days to remain ignorant of the growth of ransomware incidents experienced by organizations large and small. We've seen a ton of press around these events, from CryptoLocker to WannaCry. The impact of this type of malware is newsworthy. The landscape of malware is changing, however. While ransomware is still a […]… Read More
|
Ransomware
Malware
|
Wannacry
|
|
|
2019-03-26 08:00:02 |
Survey: Geopolitical Issues Affect How Two-Thirds of Cybersecurity Professionals Do Business (lien direct) |
It's a turbulent time in geopolitics today, and activity in the geopolitical landscape inevitably intertwines with increased cyber activity across borders. Reports of nation-state attacks are on the rise. Attacks on U.S. energy infrastructure, NotPetya, the Sony breach and the WannaCry global outbreak have all recently been attributed to nation-states. Trust in foreign technology has […]… Read More
|
|
NotPetya
Wannacry
|
|
|
2019-03-19 19:40:03 |
Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack (lien direct) |
Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more. |
Ransomware
|
Wannacry
|
|
|
2019-03-12 16:27:00 |
The Advanced Persistent Threat files: Lazarus Group (lien direct) |
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
Categories:
Criminals
Threat analysis
Tags: APTLazarusNorth Korea
(Read more...)
|
Threat
Medical
|
Wannacry
APT 38
|
|
|
2019-02-26 11:00:03 |
Cryptojacking Rises 450 Percent as Cybercriminals Pivot From Ransomware to Stealthier Attacks (lien direct) |
>Cybercriminals made a lot of noise in 2017 with ransomware attacks like WannaCry and NotPetya, using an in-your-face approach to cyberattacks that netted them millions of dollars from victims. But new research from IBM X-Force, the threat intelligence, research and incident response arm of IBM Security, revealed that 2018 saw a rapid decline in ransomware […]
|
Ransomware
Threat
|
NotPetya
Wannacry
|
★★
|
|
2019-02-09 21:14:02 |
Ransomware as a Service : le juteux business model de Satan & Co (lien direct) |
Ces dernières années, des attaques de ransomware très médiatisées, comme WannaCry et NotPetya, ont fait les gros titres au niveau mondial pour avoir infecté des milliers d'ordinateurs en chiffrant les fichiers qui restent ensuite " tenus en otage " jusqu’au paiement d'une rançon par la victime...
Cet article Ransomware as a Service : le juteux business model de Satan & Co est apparu en premier sur ZATAZ.
|
Ransomware
|
NotPetya
Wannacry
|
|
|
2019-01-10 14:00:00 |
Top 12 Blogs of 2018 (lien direct) |
Time to look back on the top AlienVault blogs of 2018! Here we go:
A North Korean Monero Cryptocurrency Miner by Chris Doman
Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies. The Installer we’ve analysed above may be the most recent product of their endeavours.
VLAN Hopping and Mitigation by Pam
This type of exploit allows an attacker to bypass any layer 2 restrictions built to divide hosts. With proper switch port configuration, an attacker would have to go through a router and any other layer 3 devices to access their target. However, many networks either have poor VLAN implementation or have misconfigurations which will allow for attackers to perform said exploit. In this article, I will go through the two primary methods of VLAN hopping, known as 'switched spoofing', and 'double tagging'. I will then discuss mitigation techniques.
DNS Poisoning and How To Prevent It by Jeff Thompson
The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.]
4 SIEM Use Cases That Will Dramatically Improve Your Enterprise Security by Stephen Roe
Companies both large and small must plan to protect their data. Failing to do so puts you at risk for financial trouble, legal liability, and loss of goodwill.
Make sure to deploy SIEMs to prevent such misfortunes befalling your business. If you know how to put them to use, SIEMs provide value out of the box. Here’s a quick recap on how SIEMs can benefit you with a few clicks.
Prevent SQL injection attacks by keeping an eye on the health of your systems. This will keep you ready if and when attacks do happen.
For handling watering hole intruders, SIEMs make it easy to monitor suspicious communication hinting at an attack in progress.
If you’re worried about malware infection, commun |
Malware
Guideline
|
Wannacry
APT 38
|
|
|
2019-01-03 05:04:00 |
NRSMiner updates to newer version (lien direct) |
More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […] |
Malware
|
Wannacry
|
|
|
2018-12-25 15:27:03 |
18 Months Later, WannaCry Still Lurks on Infected Computers (lien direct) |
Eighteen months after the initial outbreak of the WannaCry Ransomware infection, the malware continues to rear its head on thousands, if not hundreds of thousands, of infected computers. [...] |
Malware
|
Wannacry
|
|
|
2018-12-20 14:00:00 |
Let\'s Chat: Healthcare Threats and Who\'s Attacking (lien direct) |
Healthcare is under fire and there’s no sign of the burn slowing.
Look, it’s no secret that hackers have been targeting hospitals and other healthcare providers for several years — and probably no surprise that healthcare is one of the top target industries for cybercrime in 2018. In the US alone, in fact, more than 270 data breaches affecting nearly 12 million individuals were submitted to the U.S. HHS Office for Civil Rights breach portal (as of November 30, 2018). This includes the likes of unauthorized access or disclosures of patient data, hacking, theft of data, data loss and more.
Bottom line, if you’re tasked with protecting any entity operating in the healthcare sector, you’re likely experiencing some very sleepless nights — and may just need a doctor yourself.
So . . . who’s wreaking all this havoc and how? According to AlienVault Labs, opportunistic ransomware is still a preferred method of attack. However, researchers are reporting a rise in the number of targeted ransomware attacks in the healthcare sector. These attacks are often backed by organized criminals who see opportunities for making money from healthcare providers and other similar entities who must protect and keep assets, systems, and networks continuously operating.
One such criminal group operating the SamSam ransomware is thought to have earned more than $5 million dollars by manually compromising critical healthcare networks (see below for more info). The group behind SamSam has invested heavily in their operations (likely an organized crime syndicate) and has won the distinction of being the subjects of two FBI Alerts in 2018.
And, according to AlienVault Labs, the methods used by SamSam are more akin to a targeted attack than typical opportunistic ransomware. SamSam attacks also seem to go in waves. One of the most notable was a spring 2018 hit on a large New York hospital which publicly declined to pay the attacker’s $44,000 ransomware demand. It took a month for the hospital’s IT system to be fully restored.
SamSam attackers are known to:
Gain remote access through traditional attacks, such as JBoss exploits
Deploy web-shells
Connect to RDP over HTTP tunnels such as ReGeorg
Run batch scripts to deploy the ransomware over machines
SamSam isn’t going away either. AlienVault Labs has seen recent variants. You might want to read more about the threat actors behind SamSam, their methods of attacks, and recommendations for heading |
Threat
|
Wannacry
APT 19
APT 18
APT 22
APT 23
|
|
|
2018-12-20 08:51:01 |
GUEST ESSAY: Top cybersecurity developments that can be expected to fully play out in 2019 (lien direct) |
From a certain perspective, 2018 hasn't been as dramatic a cybersecurity year as 2017, in that we haven't seen as many global pandemics like WannaCry. Related: WannaCry signals worse things to come. Still, Ransomware, zero-day exploits, and phishing attacks, were among the biggest threats facing IT security teams this year. 2018 has not been a […] |
|
Wannacry
|
|
|
2018-12-12 16:52:03 |
L\'ANSSI s\'engage lors du Global forum de l\'OCDE sur la sécurité numérique (lien direct) |
Les attaques de grande ampleur, comme Wannacry, sont l'illustration que la sécurité numérique ne se limite plus à un jeu de paix et de sécurité internationale mais est également un enjeu économique majeur. Bien que la responsabilité soit nécessairement partagée en matière de sécurité numérique entre trois types d'acteurs : les Etats, les utilisateurs et […] |
|
Wannacry
|
|
|
2018-12-05 12:30:04 |
Ransomware Is Constantly Evolving But We Can Defeat It Through Innovation (lien direct) |
When two large-scale ransomware campaigns – WannaCry and NotPetya – caused widespread disruption in 2017 the headlines suggested they heralded a new era of large-scale attacks. WannaCry spread across 150 countries and severely affected the NHS in the UK and many other large organisations in the US including hospitals, vehicle manufacturers, petrol stations, railways and …
The ISBuzz Post: This Post Ransomware Is Constantly Evolving But We Can Defeat It Through Innovation |
Ransomware
|
NotPetya
Wannacry
|
|
|
2018-12-02 13:29:00 |
Baies informatiques : Êtes-vous prêt pour la prochaine cyber-attaque ? (lien direct) |
Il y a un peu plus d'un an, Wannacry frappait des centaines d’entreprises et services publics. Une cyber-attaque provoquée par une absence de mise à jour et de l’exploitation de failles radicales. Mais il pourrait ne s'agir que d'une période de calme avant la tempête. Il est indispensable pour toutes les organisations de gérer l'obsolescence […]
L'article Baies informatiques : Êtes-vous prêt pour la prochaine cyber-attaque ? est apparu en premier sur Data Security Breach.
|
|
Wannacry
|
|
|
2018-11-29 19:19:03 |
WannaCry: One year later, is the world ready for another major attack? (lien direct) |
ZDNet's Danny Palmer examine's the aftermath of WannaCry, Notpetya, and Bad Rabbit. |
|
NotPetya
Wannacry
|
★★★
|