What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-06-30 16:07:28 | Eternal Blues – Un scanner pour débusquer les machines vulnérables à la faille SMBv1 utilisée par Wannacry et notPetya / Petwrap (lien direct) | Petya, notpetya, petwrap, Expetr, GoldenEye et j'en passe, profite de la faille SMBv1 que Microsoft a patchée en mars 2017 et qui a leakée des mains de la NSA il y a peu sous le nom EternalBlue et EternalRomance. Je ne vais pas revenir sur le problème, car j'ai exprimé le fond de ma pensée > Lire la suite Cet article merveilleux et sans aucun égal intitulé : Eternal Blues – Un scanner pour débusquer les machines vulnérables à la faille SMBv1 utilisée par Wannacry et notPetya / Petwrap ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. | NotPetya Wannacry | ||
 |
2017-06-30 14:56:00 | Ransomware attacks: Here\'s what we need to learn from WannaCry and Petya (lien direct) | Ransomware is here to stay, which means it's time to make a few changes to how we respond. | Wannacry | ||
 |
2017-06-30 13:00:00 | Week in Review 30th June 2017 (lien direct) | New Petya Variant Unless you’ve been away for the week on a deserted location with no access to the internet, radio, or television, you’ve likely been bombarded with news of the Petya ransomware variant that took offline most of the Ukraine as well as spreading around to other countries. It echoes the disastrous impact WannaCry had just a few short weeks ago. Our own AlienVault labs team broke down what they saw Microsoft has a nice technical post on how the attack works Lesley Carhart has written a very accessible post explaining the attack and the surrounding issues. Perhaps the biggest victim this time round was Cadbury’s, as it had to shut down its famous chocolate factory in Hobart. How I obtained direct publish access to 13% of npm packages This is a great post on how ChALkeR was able to obtain direct publish access to 13% of npm packages – with an estimated reach of up to 52% once you factor in dependency chains. It’s interesting because it’s relatively straightforward using three basic techniques of bruteforcing, reusing passwords from leaks, and npm credentials on GitHub. The issue has been addressed in an npm blog post. Just in case you need to check your credentials You are not Google Neither are you Amazon, or LinkedIn, or Facebook, or Netflix etc. A great post especially for engineers. This line of thinking can be expanded into security too. Just because a large, well-funded, and highly targeted company is using the latest bleeding edge next generation security products and tools, it doesn’t mean every company needs to adopt the same toolset. Rather, it’s about looking at what matters most, and getting security controls that are appropriate. I really need to find better ways of explaining my thoughts, the paragraph I just wrote throws me back to days of being a consultant. Legal boundaries and privacy The long-running case between the US Department of Justice and Microsoft has taken another turn as the DoJ has petitioned the US supreme court to get involved in allowing the US government access to Microsoft emails stored at its Dublin data centre. As Microsoft president and chief counsel Brad Smith argued in a blog post, if the US government has the right to directly seize internationally-held data, then other countries will of course expect the same right. This in effect would allow international digital raids for American or other nations’ data, in the US or around the worl | Guideline | NotPetya Wannacry | |
 |
2017-06-30 09:35:59 | Rebuffing Ransomware: Common Sense Advice from CompTIA (lien direct) | The Petya ransomware attack – the second major global cyberattack in two months – left a trail of locked computers and compromised networks in some 65 countries around the world. Like the WannaCry attack in May, Petya this week exposed weaknesses in cybersecurity defenses. It also reinforces the notion that it's a case of when, ... | Wannacry | ||
 |
2017-06-30 03:38:12 | Windows 10 to Get Built-in Protection Against Most Ransomware Attacks (lien direct) | Ransomware Ransomware Everywhere Not a Single Place to Hide!
But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.
Two massive ransomware attacks - WannaCry and Petya (also known as NotPetya) - in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car
|
NotPetya Wannacry | ||
 |
2017-06-29 21:35:19 | Why Petya, Like WannaCry, Signals A New Era Of Cybercrime (lien direct) | The ISBuzz Post: This Post Why Petya, Like WannaCry, Signals A New Era Of Cybercrime | Wannacry | ||
 |
2017-06-29 20:25:53 | NonPetya: no evidence it was a "smokescreen" (lien direct) | Many well-regarded experts claim that the not-Petya ransomware wasn't "ransomware" at all, but a "wiper" whose goal was to destroy files, without any intent at letting victims recover their files. I want to point out that there is no real evidence of this.Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.But these things aren't evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.The simplest, Occam's Razor explanation explanation is that they were simple mistakes. Such mistakes are common among ransomware. We think of virus writers as professional software developers who thoroughly test their code. Decades of evidence show the opposite, that such software is of poor quality with shockingly bad bugs.It's true that effectively, nPetya is a wiper. Matthieu Suiche†does a great job describing one flaw that prevents it working. @hasherezade does a great job explaining another flaw. But best explanation isn't that this is intentional. Even if these bugs didn't exist, it'd still be a wiper if the perpetrators simply ignored the decryption requests. They need not intentionally make the decryption fail.Thus, the simpler explanation is that it's simply a bug. Ransomware authors test the bits they care about, and test less well the bits they don't. It's quite plausible to believe that just before shipping the code, they'd add a few extra features, and forget to regression test the entire suite. I mean, I do that all the time with my code.Some have pointed to the sophistication of the code as proof that such simple errors are unlikely. This isn't true. While it's more sophisticated than WannaCry, it's about average for the current state-of-the-art for ransomware in general. What people think of, such the Petya base, or using PsExec to spread throughout a Windows domain, is already at least a year old.Indeed, the use of PsExec itself is a bit clumsy, when the code for doing the same thing is already public. It's just a few calls to basic Windows networking APIs. A sophisticated virus would do this itself, rather than clumsily use PsExec.Infamy doesn't mean skill. People keep making the mistake that the more widespread something is in the news, the more skill, the more of a "conspiracy" there must be behind it. This is not true. Virus/worm writers often do newsworthy things by accident. Indeed, the history of worms, starting with the Morris Worm, has been things running out of control more than the author's expectations.What makes nPetya newsworthy isn't the EternalBlue exploit or the wiper feature. Instead, the creators got lucky with MeDoc. The software is used by every major organization in the Ukraine, and at the same time, their website was horribly insecure -- laughably insecure. Furthermore, it's autoupdate feature didn't check cryptographic signatures. No hacker can plan for this level of widespread incompetence -- it's just extreme luck.Thus, the effect of bumbling around is something that hit the Ukraine pretty hard, but it's not necessarily the intent of the creators. It's like how the Slammer worm hit South Korea pretty hard, or how the Witty worm hit the DoD pretty hard. These things look "targeted", especially to the victims, but it was by pure chance (provably so, in the case of Witty).Certainly, MeDoc was targeted. But then, targeting a s | Wannacry | ||
 |
2017-06-29 19:05:17 | Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone (lien direct) | A fourth ransomware campaign focused on Ukraine has surfaced today, following some of the patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya. [...] | NotPetya Wannacry | ||
 |
2017-06-29 16:00:39 | Apple Covers All the Bases with Over 100 Security Updates in May (lien direct) | In mid-May, while the world was waking up to deal with the chaos caused by the WannaCry ransomware spreading over the web, Apple was making its users safer again. Released on May 15th, a new set of patches dropped for iOS, macOS Sierra, and both the El Capitan and Yosemite version of OS X. So many different fixes were implemented that it would be difficult to cover exactly what ... Read more | Wannacry | ||
|
2017-06-29 14:47:21 | 6 tips to avoid ransomware after Petya and WannaCry (lien direct) | Ransomware attacks continue to wreak havoc on businesses worldwide. Here are six recommendations from PwC to prevent and mitigate these cybercrimes. | Wannacry | ||
|
2017-06-29 13:00:00 | Data Carving in Incident Response - Steps Toward Learning More Advanced DFIR Topics (lien direct) |
Introduction
I have been in information security since March 2010, when I got out of the Navy after navigating nuclear submarines for almost 7 years. Little did I know that with this change of career, I was about to be in for the ride of my life.
I have been steadily progressing as a "blue teamer" or enterprise defender this whole time and have undertaken learning one of (what I believe to be) the most difficult blue team trades: reverse engineering malware. The purpose of this blog is to allow readers to follow along if they want to get into the trade as well as to force me to take actual notes periodically.
Background: The Beginning
To understand my background, here is a graphic showing my career progression:
I started my career with only basic fundamental knowledge of information security. However, applying the work ethic and desire to excel I learned in the Submarine Force, I set out to become the best information security professional that I could. My first job out of the Navy was not very technical. I realized this and enrolled for both online and in-person training. I took a UNIX and Linux class in person and that itself has taken me far. I use Linux or a UNIX variation often in my current role and have used it in my past two roles as well.
I learned auditing as part of being a government employee, so that I could assess the security of systems to support them, attaining Certification & Accreditation (C&A; now known simply as Authorization in the federal space). I continued to push myself to learn technical concepts and refine my knowledge. After I left the federal government and came back to the same agency as a contractor, my former supervisor commented that I "was too technical to be a 'govvie'."
As a UNIX administrator, I was able to unleash my theoretical knowledge and be at ground-zero for technology. I was involved with patching and remediation, system migrations from PA-RISC to Itanium, and modernization of the web experience.
Over the course of a few years, I had already worked as an auditor, a systems engineer, and a Senior UNIX Administrator focused on security, and had completed my undergraduate and graduate degrees in Information Security as well. At this point, I wanted a change and wanted to be closer to family, so I accepted a job as Director of IT Security/ISSO in Atlanta.
Background: 2013 to Mid-2017
When I started this job, I was afforded something I had never had before: freedom and latitude. I found that I could be as technical as I wanted to, as long as it didn't cost much. Over time, I learned how to administer Active Directory, Group Policy, McAfee ePO, Tenable Security Center, Gigamon, and Sourcefire. Prior to this role, I had only managed HP-UX and Red Hat servers. It felt like a knowledge explosion to have a chance to learn so many new things.
As Director of IT Security and ISSO, I had to revisit my roots in Governance and Regulatory Compliance (GRC) in writing Policies and Procedures to meet federal and contractual requirements. Beyond this, I was able to build on my technical foundation and deploy, analyze, and maintain various technologies as well as participate in "Hack the Pentagon." This was a confidence booster and a challenge. I had no other security people to consult internally. I had to learn to make things work in an efficient and secure manner.
As time went on, things changed with the contract, the management, and the team. Within three years, I had outgrown my position. There was no more opportunity for development or upward mobility and things were beginning to feel toxic. I felt like I was losing my passion for Infosec. Luckily, Sword & Shield came to my rescue. I began my |
Wannacry APT 32 | ||
 |
2017-06-29 10:08:40 | How Does Samba Compare to WannaCry? (lien direct) | Many reports are drawing comparisons between the Samba vulnerability and WannaCry, but they don't pose the same widespread risk. | Wannacry | ||
 |
2017-06-29 10:00:00 | Why Enterprise Security Needs a New Focus (lien direct) | The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics. | Wannacry | ||
 |
2017-06-28 22:25:19 | Petya Malware is about wreaking Havoc, not collecting Ransom | The Register (lien direct) | In-brief: On Tuesday, a ransomware infection spread across Europe and even affected companies and systems as far away as the United States and Brazil. Iain Thomson at The Register breaks down the malware used in the attack, dubbed NotPetya because it disguises itself as the Petya ransomware, although in the end it seems it was designed to wreak...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/379201736/0/thesecurityledger -->»Related StoriesWannaCry: What's in a name? Confusion | Digital GuardianIs this Cyber War? Ransomware Attack Hits Banks, Transport, Government in UkraineIdentity at Scale: how the Internet of Things will Revolutionize Online Identity | NotPetya Wannacry | ||
 |
2017-06-28 18:05:00 | A Technical Analysis of the Petya Ransomworm (lien direct) | Yesterday, a new ransomware wreaked havoc across the world. This new malware variant, which combines the functionality of ransomware with the behaviors of a worm, is being called Petya, Petrwrap, and even NotPetya, since researchers are still investigating as to whether its ability to modify the Master Boot Record of a targeted machine is based on the Petya family of malware. Fortinet has designated this new hybrid form of malware as a ransomworm, and this outbreak was reported to use the same worm mechanism to spread across the Internet as WannaCry,... | NotPetya Wannacry | ||
 |
2017-06-28 15:02:08 | Preventing Petya – stopping the next ransomware attack (lien direct) | Check Point's Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer networks. It appears to be using the 'EternalBlue' exploit which May's WannaCry attack also exploited. It was first signaled by attacks on […] | Wannacry | ||
 |
2017-06-28 14:56:16 | UK\'s Metropolitan Police Still Using 10,000 Windows XP Computers (lien direct) | Legacy Windows XP systems used by public authorities in the UK remains a concern. The WannaCry outbreak last month followed by the current 'NotPetya' outbreak -- both using a vulnerability patched in newer versions of Windows, but initially unpatched in XP -- highlights the problem. | NotPetya Wannacry | ||
 |
2017-06-28 08:06:34 | Cyberattaque mondiale – Une campagne de " cyberextorsion " d\'une violence inouïe (lien direct) |  WannaCry n'était visiblement qu'un début. Cette nouvelle cyberattaque propageant un ransomware nouveau baptisé Petrwrap est très virulente et 38 millions de PC dans le monde sont potentiellement vulnérables. D'importantes entreprises ont déjà été touchées aux quatre coins du monde. |
Wannacry | ||
|
2017-06-28 07:35:34 | L\'attaque ransomware Petya est l\'équivalent de l\'attaque WannaCry, mais cette fois-ci, l\'opération a été menée par des professionnels (lien direct) |  Une famille de ransomware particulièrement redoutable fait actuellement des ravages aux quatre coins du globe. Des similarités avec l'attaque WannaCry du mois dernier sont régulièrement évoquées mais les chercheurs en sécurité insistent également sur le fait qu'il s'agit d'une opération bien plus travaillée, plus professionnelle, et potentiellement nettement plus dommageable pour les entreprises qui en sont victimes. |
Wannacry | ||
|
2017-06-28 07:31:20 | Nouveau ransomware : 38 millions de PC vulnérables à EternalBlue, voire plus ! (lien direct) |  Après l'attaque massive WannaCry qui a touché le monde le mois dernier, un nouveau ransomware vient d'être identifié et touche actuellement plusieurs entreprises internationales telles que WPP, Maersk et Saint. |
Wannacry | ||
|
2017-06-28 06:30:06 | Petya Ransomware : Le point de vue de FireEye (lien direct) |  Le 27 juin 2017, plusieurs organisations - notamment en Europe - ont signalé des perturbations importantes qu'elles attribuent à Petya ransomware. Sur la base des informations initiales, cette variante de la Petya ransomware peut se propager via l'exploit EternalBlue utilisé dans l'attaque WannaCry du mois dernier. |
Wannacry | ||
|
2017-06-28 01:24:49 | \'Shadow Brokers\' Threatens to Unmask A Hacker Who Worked With NSA (lien direct) | The Shadow Brokers, a notorious hacking group that leaked US cyberweapons - which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya - has now threatened to unmask the identity of a former hacker who worked for the NSA.
Besides this, the Shadow Brokers group has also doubled the price for its monthly subscription model of NSA's built hacking tools and zero-day
|
NotPetya Wannacry | ||
|
2017-06-27 23:01:00 | New Variant of Petya / PetrWrap Ransomware Strikes (lien direct) |
.png)
On June 27th the AlienVault Labs Team became aware of a new ransomware, a variant of the Petya malware, that is spreading rapidly and is known to have affected organizations in Russia and the Ukraine, and some other parts of Europe. A pulse detailing the Indicators of Compromise for this variant of Petya can be found in the AlienVault Open Threat Exchange (OTX) at https://otx.alienvault.com/pulse/59525e7a95270e240c055ead/.
Once it has compromised a system, the ransomware will:
Overwrite the Master Boot Record (MBR), encrypt individual files that match a list of file extensions (including documents, archives, and more), and after a reboot of the system will present the user a message requesting a ransom of $300 in Bitcoin to decrypt the system. To date, we understand that over $3000 has been paid in ransom, but we have not heard of any affected organizations having successfully decrypted their files.
Attempt to replicate itself to other systems on your network.
Understanding how this ransomware variant works is first in understanding how to protect your existing assets, and in detecting when any of your systems have been compromised. In addition to this blog we've also created a short white paper detailing the facts behind this ransomware. You can access it here.
What We Know About this Ransomware Campaign
What we know is that, like WannaCry, this variant of Petya affects Microsoft Windows computers and is technically a 'compute worm', meaning that it replicates itself in order to spread to other computers. In addition, the campaign does not rely on a user clicking on an attachment to infect the host, nor is it known to communicate with a Command & Control (C2 or C&C) server in order to get instructions.
What this variant of Petya is known to use to distribute itself to other systems are the PsExec service (PsExec is dropped as dllhost.dat by the ransomware) and WMI services. In addition, the ETERNALBLUE exploit toolkit (which was released by the Shadow Brokers group in April 2017 and used to such great success by WannaCry) is suspected to be a key part of the attack.
There are also reports that some organizations were infected through a software update for a Ukrainian tax accounting package called MeDoc, which given the locations of many of the attacked organizations and the below data from Kapersky is likely
Once a system has been compromised, the ransomware takes the following steps:
Writes a message to the raw disk partition
Clears the Windows Event log using Wevtutil
Restarts the machine
Encrypts files matching a list of file extensions (including .3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf .ppt, .pptx, .pst, .pvi, .py .pyc, |
Wannacry | ||
 |
2017-06-27 21:15:19 | Petya Weren\'t Expecting This: Ransomware Takes Systems Hostage Across the Globe (lien direct) | It appears that the current Petya payload is being distributed using the same exploits that were part of the leaks that powered the spread of WannaCry. | Wannacry | ||
 |
2017-06-27 20:26:29 | Petya-esque ransomware is spreading across the world (lien direct) |
Ringing in with echoes of WannaCry, Petya (or Petrwrap, NotPetya), is a new ransomware strain outbreak affecting many users around the world.
Categories:
Cybercrime
Malware
Tags: EternalBlueexploitgermanymalwarebytes labsNotPetyaPetrwrappetyaransomwareSMBspreadingukraineUnited Kingdomunited statesWannaCryWannaCryptWannaCryptor
(Read more...)
|
NotPetya Wannacry | ||
 |
2017-06-27 20:18:43 | \'Petya\' Ransomware Outbreak Goes Global (lien direct) | A new strain of ransomware dubbed "Petya" is worming its way around the world with alarming speed. The malware appears to be spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 -- the same bug that was exploited by the recent and prolific WannaCry ransomware strain. | Wannacry | ||
 |
2017-06-27 20:06:00 | Complex Petya-Like Ransomware Outbreak Worse than WannaCry (lien direct) | Today's global ransomware attack is spreading via EternalBlue and through local networks using PSEXEC and WMIC. | Wannacry | ||
|
2017-06-27 17:10:39 | WannaCry Hits Aus Speed Cameras (lien direct) | The ISBuzz Post: This Post WannaCry Hits Aus Speed Cameras | Wannacry | ||
 |
2017-06-27 17:07:50 | How To Protect Yourself Against Petya Ransomware (lien direct) | The latest attack the world has seen recently is a variant of the Petya ransomware virus. As of this writing, it appears a new variant of Petya has been released with EternalBlue exploit code built in, which WannaCry utilised to propagate around organisations. Unlike WannaCry, Petya is a different kind of ransomware. Common delivery methods […]… Read More | Wannacry | ||
|
2017-06-27 17:00:00 | New Ransomworm Follows WannaCry Exploits (lien direct) | We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... | Wannacry | ||
|
2017-06-27 16:49:00 | Petya Or Not? Global Ransomware Outbreak Hits Europe\'s Industrial Sector, Thousands More (lien direct) | With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample. | Wannacry | ||
|
2017-06-27 15:34:15 | Second Global Ransomware Outbreak Under Way (lien direct) | A massive ransomware outbreak is spreading globally and being compared to WannaCry. | Wannacry | ||
 |
2017-06-27 15:07:33 | New WannaCryptor-like ransomware attack hits globally: all you need to know (lien direct) | Numerous reports are coming out on social media about a new ransomware attack in Ukraine, which could be related to the Petya family. | Wannacry | ||
|
2017-06-27 13:35:56 | Farsight security research indicates that WannaCry-like attacks represent \'just another day at the office\' (lien direct) | We all remember WannaCry; the scale of the attack, spanning over 150 countries and almost a quarter of million computers. In the UK, at least, this was accompanied by a media frenzy, largely due to the highest profile victim of the attack being the National Health Service. As a highly emotional target here in the ... | Wannacry | ||
|
2017-06-27 12:56:23 | Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry (lien direct) | Watch out, readers! It is ransomware, another WannaCry, another wide-spread attack.
The WannaCry ransomware is not dead yet and another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.
According to multiple sources, a new
|
Wannacry | ||
 |
2017-06-27 12:08:02 | Another global ransomware attack underway as reports of Petya exploit spread (lien direct) | Latest cyber attack appears to be based on the same EternalBlue exploit used by the WannaCry ransomware that hit the NHS in May | Wannacry | ||
 |
2017-06-27 08:32:03 | Un malware encore plus virulent que WannaCry frappe les réseaux du monde entier (lien direct) | Une nouvelle attaque de ransomware infecte les entreprises. Le ver s'appuie sur le même vecteur d'attaque que WannaCry, mais en version améliorée.  |
Wannacry | ★★ | |
 |
2017-06-27 08:01:01 | Petya Variante de logiciels malveillants destructive Spreading via des informations d'identification volées et Eternalblue Exploit Petya Destructive Malware Variant Spreading via Stolen Credentials and EternalBlue Exploit (lien direct) |
mise à jour (21 juillet): Fireeye continue de suivre cette menace.Une version antérieure de cet article a été mise à jour pour refléter de nouvelles résultats.
Le 27 juin 2017, plusieurs organisations & # 8211;beaucoup en Europe & # 8211; perturbations importantes variante du ransomware Petya, que nous appelons «EternalPetya».Le malware a été initialement distribué via un système de mise à jour logiciel compromis, puis auto-copier via des informations d'identification volées et des exploits SMB, y compris le eternalblue exploit utilisé dans le Wannacry Attaque de mai 2017.
le vecteur d'infection initial pour ce
UPDATE (July 21): FireEye continues to track this threat. An earlier version of this post has been updated to reflect new findings. On June 27, 2017, multiple organizations – many in Europe – reported significant disruptions they are attributing to a variant of the Petya ransomware, which we are calling “EternalPetya”. The malware was initially distributed through a compromised software update system and then self-propagated through stolen credentials and SMB exploits, including the EternalBlue exploit used in the WannaCry attack from May 2017. The initial infection vector for this |
Malware | Wannacry | ★★★★ |
|
2017-06-27 05:00:49 | WannaCry: How We Created an Ideal Environment for Malware to Thrive, and How to Fix It (lien direct) | How in the world did we end up with a security paradigm where a malware infection can spread so rapidly and so broadly as WannaCry did? | Wannacry | ||
|
2017-06-26 15:27:04 | A week in security (June 19 – June 25) (lien direct) |
A compilation of security news and blog posts from the 19th to the 25th of June. We touched on topics like Barclays phish, Robux scam, breaking the attack chain and Incident Response.
Categories:
Security world
Week in security
Tags: attack chainbarclayscyberteamhondaIncident ResponsenayanaransomwareRobuxSkypeWannaCryweekly blog roundupztorg
(Read more...)
|
Wannacry | ||
|
2017-06-26 15:00:18 | Mobile Menace Monday: Fake WannaCry Scanner (lien direct) |
With all the buzz around the PC ransomware WannaCry, it's no surprise that a fake antivirus (FakeAV) has emerged on Google Play.
Categories:
Cybercrime
Mobile
Tags: AndroidantivirusFakeAVGoogle Playmobile menace mondayransomwaretriple mWannaCryWannaCryptWannaCryptor
(Read more...)
|
Wannacry | ||
|
2017-06-26 13:00:00 | Automated Incident Response in Action: 7 Killer Use Cases (lien direct) |
Picture this: It’s 2AM on Saturday and you’re startled awake by an alert on your phone. Indicators of a new variant of WannaCry ransomware have been detected in your network. But your home network provider is having an outage (again!) and you can’t remote in. You get dressed and race to office, maybe breezing through a few stop lights on the way, all while new alerts arrive on your phone indicating more systems have been compromised. As you arrive and start investigating the alarms and logs, the attack continues to spread rapidly . Desperate to stop it, you run to the server room and rip all the cables out of the routers and servers. In the stillness of your dead network, you sigh. You head to the break room to brew a pot of coffee and settle in for a long weekend.
Now imagine how vastly different that experience would be with automated incident response capabilities. As soon as the ransomware is detected and an alarm is raised, your system automatically responds by isolating the infected machines, and you hit the snooze button.
With the right automated incident response tools, IT security teams can stay in control of their incident response (IR) activities and respond to threats and intrusions swiftly and effectively, with less manual work—no wire-ripping required.
This is Part Two of a three-part blog series that examines how incident response automation and orchestration can make life easier for security teams. The blog series covers the following topics:
Part 1: Incident Response Orchestration: What Is It and How Can It Help?
Part 2: Automated Incident Response in Action: 7 Killer Use Cases
Part 3: Incident Response Automation and Orchestration in USM Anywhere
In Part One, we looked at what incident response orchestration is and how the right automation tools can help security teams respond to intrusions more quickly. While automation can’t replace human security analysts, it can help analysts conserve time for higher priorities and make the incident response processes run as swiftly as possible.
In this installment, we’ll take a look at examples of incident response automation in action, comparing them to what it would take to handle them manually. As you read through these examples, consider what kinds of automated IR capabilities would have the greatest impact on your own organization’s incident response processes and timelines.
1. One of your users interacts with a malicious IP address. You need to update your firewall to block the IP.
Firewalls help protect you from bad actors by filtering network traffic. Still, they have limits. Most firewalls aren’t connected to your other security tools and their rules are infrequently updated, meaning they may not be current to address the latest threats. Addressing this situation might entail detecting the problem using other security software, prioritizing the event, and manually updating a firewall with a new rule to block the malicious IP. At some organizations, you might even need to open a ticket to have another team or team member take action, further slowing down the response process.
With automated incident response, you can automatically update your firewall to block malicious IPs as they are detected. For example, USM Anywhere detects traffic to and from an external IP address that, through its integrated threat intelligence, it knows is malicious. USM Anywhere can instruct your Palo Alto Networks next-generation firewalls to block or isolate the IP address, using an automatic or manual incident response action.
2. One of your systems has been infected with malware. You need to limit the damage and find out how many systems are vulnerable before it spreads.
Relying on |
Wannacry | ||
|
2017-06-26 09:52:06 | UK electricity grid cyber-attack risk is \'off the scale\' (lien direct) | Concerns over the threat posed by cyber-attacks on power stations and electricity grids is “off the scale†in the UK energy sector, according to a leading industry figure. No other country in the world has an energy industry as worried about the risk from cyber threats, such as the WannaCry ransomware attack that recently hit ... | Guideline | Wannacry | ★★★★ |
 |
2017-06-24 09:53:09 | Microsoft Admits That It Disables Third-party Anti-virus Software \'Temporarily\' In Windows 10 (lien direct) | Microsoft temporarily disables anti-virus software for Windows 10 to keep users safe The recent worldwide cyberattack by the WannaCry ransomware cryptoworm targeted computers running the Microsoft Windows operating system around the world, making it the biggest unprecedented ransomware attack in cyber history and computer security a bigger concern. Following the attack, Microsoft had urged its unaffected users to [...] | Wannacry | ||
|
2017-06-23 15:30:58 | Threatpost News Wrap, June 23, 2017 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab's latest report, WannaCry hitting Honda, GhostHook, and Fireball. | Wannacry | ||
 |
2017-06-23 10:47:36 | Police cancel 590 speeding fines after WannaCry hits traffic cameras (lien direct) |  Australian drivers whose traffic offences were caught on malware-infected speed cameras may be off the hook after all.
|
Wannacry | ||
 |
2017-06-22 17:46:38 | News in brief: AI comes to Mars; WannaCry hits speed cameras; Edge bounty program extended (lien direct) | Your daily round-up of some of the other stories in the news |
Wannacry | ||
|
2017-06-22 14:10:46 | Endpoint Protection Firm Cybereason Lands $100m Softbank Investment (lien direct) | Alternatives to legacy endpoint protection software like anti virus is one of the hottest areas in the information security space. Yesterday’s announcement by Cybereason of a $100 Million investment by SoftBank only underscores that. Cybereason, which has offices in Boston, London and Tel Aviv, closed a Series D funding round from SoftBank...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/371437030/0/thesecurityledger -->»Related StoriesFinancial Malware, not Ransomware, drives most Cyber CrimeThe WannaCry Missing: Federal Systems, ConsumersThe Billion Dollar Headache: Sophisticated Ransomware takes aim at Small Business | Wannacry | ||
|
2017-06-22 12:15:18 | Health Care Endpoint Hygiene: A Post-WannaCry Call to Action (lien direct) | The idea of employing basic endpoint hygiene to keep your data safe seems like a no-brainer. So why was the WannaCry ransomware attack so damaging? | Wannacry | ||
|
2017-06-22 11:08:11 | WannaCry ransomware infects Australian traffic cameras, human error blamed (lien direct) |  55 traffic and speed cameras in the state of Victoria, Australia, have been accidentally infected with the WannaCry ransomware.
Read more in my article on the Tripwire State of Security blog.
|
Wannacry |
To see everything:
Our RSS (filtrered)
