What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-08-17 08:42:28 | Smashing Security #038: Gents! Stop airdropping your pics! (lien direct) |  WannaCry hero Marcus Hutchins (aka MalwareTech) pleads not guilty to malware charges, the Scottish parliament is hit by a brute force attack, IoT smart locks aren't so smart, and.. ahem.. someone is sending intimate pics via AirDrop to unsuspecting commuters.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
|
Guideline | Wannacry | |
 |
2017-08-17 07:45:38 | LG Electronics hit by suspected WannaCry attack (lien direct) | LG Electronics have been hit by ransomware that uses malicious code that could signal another WannaCry attack | Wannacry | ||
 |
2017-08-16 20:20:40 | Q&A: Why the HBO hack is destined to accelerate the fledgling cyber insurance market (lien direct) | By Byron Acohido, Following on the heels of the two globe-spanning ransomware worms, the HBO hack-with its distinctive blackmail component-rounds out a summer of extortion-fueled hacks and destruction and theft of valuable data at an unprecedented scale. WannaCry and Petya raced around the planet demanding ransoms after locking up servers at hundreds of organizations. The HBO hackers […] | Wannacry | ||
 |
2017-08-16 13:00:00 | GlobeImposter Ransomware on the Rise (lien direct) |
Ah, the summer anthem. That quintessential song that defines summertime as much as hot nights, barbeques, and beach vacations. Whether it’s the Beach Boys’ “I Get Around” (1964), Springsteen’s “Dancing in the Dark” (1984), or Pearl Jam’s “Last Kiss” (1999), the summer anthem is transcendent, yet perfectly emblematic of its time.
If InfoSec had a 2017 summer anthem, we might be hearing Taylor Swift or Drake singing about ransomware. Wouldn’t that be catchy? That’s because global ransomware campaigns like WannaCry and NotPetya have largely defined the summer season this year, and now, there’s a new ransomware remix topping the charts—GlobeImposter 2.0.
Originally detected in March 2017, GlobeImposter 2.0 targets Windows systems and is being distributed through malicious email attachments (MalSpam). In recent weeks, we’ve seen a surge in activity in the Open Threat Exchange (OTX) around GlobeImposter and its many variants. Thus, it’s important to understand how the ransomware initiates, spreads, and evades detection.
GlobeImposter Ransomware at a Glace
Distribution Method: Malicious email attachment (MalSpam)
Type: Trojan
Target: Windows systems
Variants: many (see below)
How GlobeImposter Works
The recent GlobeImposter attacks have largely been traced to MalSpam campaigns—emails carrying malicious attachments. In this case, the email messages appear to contain a .zip attachment of a payment receipt, which, in reality, contains a .vbs or .js malware downloader file.
Sample email subject lines include:
Receipt#83396
Receipt 21426
Payment-421
Payment Receipt 222
Payment Receipt#97481
Payment Receipt_8812
Receipt-351
Payment Receipt_03950
Once the attachment is downloaded and opened, the downloader gets and runs the GlobeImposter ransomware. You can get a list of known malicious domains from the GlobeImposter OTX pulse here. Note that some of the known malicious domains are legitimate websites that have been compromised.
Like other pieces of ransomware, GlobeImposter works to evade detection while encrypting your files. After encryption is complete, an HTML ransom note is dropped on the desktop and in the encrypted folders for the victim to find, including instructions for purchasing a decryptor. There are no known free decryptor tools available at this time.
You can read a detailed analysis of a sample of GlobeImposter at the Fortinet blog, here and at Malware Traffic Analysis, here.
GlobeImposter Variants on the Rise
What’s striking about the recent uptick in GlobeImposter ransomware activity is the near-daily release of new variants of the ransomware. Lawrence Abrams at BleepingComputer has a nice rundown of new GlobeImposter variants and file e |
NotPetya Wannacry APT 32 | ||
 |
2017-08-15 04:14:23 | Warning: Two Dangerous Ransomware Are Back – Protect Your Computers (lien direct) | Ransomware has been around for a few years but has become an albatross around everyone's neck-from big businesses and financial institutions to hospitals and individuals worldwide-with cyber criminals making millions of dollars.
In just past few months, we saw a scary strain of ransomware attacks including WannaCry, Petya and LeakerLocker, which made chaos worldwide by shutting down hospitals
|
Wannacry | ||
|
2017-08-15 04:06:33 | WannaCry hero Marcus Hutchins under house arrest (lien direct) | Briton, 23, pleads not guilty to charges of writing and distributing malware | Guideline | Wannacry | |
 |
2017-08-14 19:22:49 | Windows Search Bug Worth Watching, and Squashing (lien direct) | Patches are available-and should be applied-that address a critical vulnerability in Windows Search that some are calling the next WannaCry. Others aren't so ready to do that. | Wannacry | ||
 |
2017-08-14 17:15:53 | FancyBear Use Leaked NSA “WannaCry†Exploit To Target Hospitality Industry (lien direct) | The ISBuzz Post: This Post FancyBear Use Leaked NSA “WannaCry” Exploit To Target Hospitality Industry | Wannacry | ||
|
2017-08-14 06:10:01 | IPS as a Service Blocks WannaCry Spread Across the WAN (lien direct) | One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1.
Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that
|
Wannacry | ||
 |
2017-08-11 23:52:38 | “The Next WannaCry†Vulnerability is Here – Let\'s Stop it before it\'s too Late (lien direct) | This Tuesday, Microsoft released a security patch including 48 fixes, 25 of which are defined as “criticalâ€. While Microsoft updates happen every month, this one reveals an especially dangerous vulnerability – CVE-2017-8620. Behind this dull name hides a severe flaw affecting all current versions of Windows, which enables attackers to spread a contagious attack between […] | Wannacry | ||
|
2017-08-11 09:21:18 | Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests (lien direct) | An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks-this time to target Wi-Fi networks to spy on hotel guests in several European countries.
Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks
|
NotPetya Wannacry | ||
 |
2017-08-11 08:00:00 | APT28 cible le secteur de l'hôtellerie, présente une menace pour les voyageurs APT28 Targets Hospitality Sector, Presents Threat to Travelers (lien direct) |
Fireeye a une confiance modérée qu'une campagne ciblant le secteur de l'hôtellerie est attribuée à l'acteur russe apt28 .Nous pensons que cette activité, qui remonte au moins en juillet 2017, était destinée à cibler les voyageurs dans des hôtels à travers l'Europe et le Moyen-Orient.L'acteur a utilisé plusieurs techniques notables dans ces incidents tels que renifler les mots de passe du trafic Wi-Fi, empoisonner le service de nom NetBios et se propager latéralement via le eternalblue exploit.
APT28 utilise un document malveillant pour cibler l'industrie hôtelière
Fireeye a découvert un document malveillant envoyé en lance
FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several notable techniques in these incidents such as sniffing passwords from Wi-Fi traffic, poisoning the NetBIOS Name Service, and spreading laterally via the EternalBlue exploit. APT28 Uses Malicious Document to Target Hospitality Industry FireEye has uncovered a malicious document sent in spear |
Threat | Wannacry APT 28 APT 28 | ★★★★ |
 |
2017-08-10 08:53:31 | Petya, WannaCry and Mirai- 4 steps to protect yourself from the new normal (lien direct) | In the past year alone, cybercriminals have upped their game when it comes to high-profile global attacks, with Mirai, WannaCry and Petya all occurring one after the other. The effects have been devastating to some of the world's largest economies and industries. However, despite the attention in the media, this is not a new phenomenon. ... | Wannacry | ||
 |
2017-08-10 07:00:45 | 68% of Infosec Pros Felt Enterprise Security Lacking after WannaCry/NotPetya Attacks, Reveals Survey (lien direct) | The WannaCry and NotPetya attacks caused disruption on a global scale in the spring and early summer of June 2017. Following those malware campaigns, businesses around the world should have heard the alarms and responded by tightening their security systems in an effort to mitigate against similar attacks in the future. But reality doesn’t always […]… Read More | NotPetya Wannacry | ||
|
2017-08-09 09:37:32 | From zero-day exploits to rampant \'ransomware\': how advanced targeted attacks evolved in Q2, 2017 (lien direct) | The second quarter of 2017 saw sophisticated threat actors unleash a wealth of new and enhanced malicious tools, including three zero-day exploits and two unprecedented attacks: WannaCry and ExPetr. Expert analysis of the last two suggests the code may have escaped into the wild before it was fully ready, an unusual situation for well-resourced attackers. ... | Wannacry | ★★★★★ | |
|
2017-08-09 09:09:50 | More pseudo-ransomware attacks are probably on the way (lien direct) | In a new report examining cybersecurity trends for the quarter, it sounds like “ransomware†- emphasis on the air quotes - will remain very much in vogue through 2017. The last few months saw some major malware moments, most notably the WannaCry and NotPetya (a.k.a. ExPetr/Nyetya/Petya) attacks. Kaspersky Labs' quarterly report suggests that the trend ... | NotPetya Wannacry | ||
|
2017-08-09 09:06:11 | WannaCry hero malware trial postponed (lien direct) | The US court appearance of British WannaCry hero on charges of writing and distributing malware has been postponed. US authorities have postponed the court appearance of Briton Marcus Hutchins, who is under charges of helping to develop and maintain the password-stealing malware Kronos between July 2014 and July 2015. View Full Story ORIGINAL SOURCE: Computer ... | Wannacry | ★★★ | |
 |
2017-08-08 08:53:32 | Le hacker ayant stoppé WannaCry admet être le créateur du malware Kronos (lien direct) |  Voilà qui est un comble ! Alors que le hacker britannique Marcus Hutchins s'était fait connaître pour son aide apportée pour stopper la propagation du redoutable ransomware WannaCry, voilà qu'il est arrêté par le FBI le 2 août 2017 et accusé d'être l'auteur du trojan bancaire Kronos... |
Wannacry | ||
|
2017-08-07 20:45:14 | Marcus Hutchins\' Only Certainty is Uncertainty (lien direct) | WannaCry hero Marcus Hutchins pleaded not guilty last week could be freed today on $30,000 bond before the case moves to Wisconsin. | Guideline | Wannacry | |
 |
2017-08-05 18:24:17 | Security Researchers Develop New Exploits Based on Leaked NSA Tools (lien direct) | While the WannaCry ransomware wave was sweeping the globe, one of the first stories that emerged alongside it was about the exploit that allowed it to exist: EternalBlue. Exposed as an NSA-discovered vulnerability during leaks by the mysterious Shadow Brokers, it allows malware authors to attack vulnerable Windows machines through a basic protocol for sharing files. Though it turns out that most of the machines WannaCry infected were Windows ... Read more | Wannacry | ||
|
2017-08-05 03:03:32 | Marcus Hutchins (MalwareTech) Gets $30,000 Bail, But Can\'t Leave United States (lien direct) | Marcus Hutchins, the malware analyst who helped stop global Wannacry menace, has reportedly pleaded not guilty to charges of creating and distributing the infamous Kronos banking malware and is set to release on $30,000 bail on Monday.
Hutchins, the 23-year-old who operates under the alias MalwareTech on Twitter, stormed to fame and hailed as a hero over two months ago when he stopped a
|
Guideline | Wannacry | |
 |
2017-08-05 00:06:37 | WannaCry crooks cash out their ransom (lien direct) | Curiouser and curiouser, said Alice |
Wannacry | ||
 |
2017-08-04 23:20:00 | WannaCry researcher denies creating banking malware at court hearing (lien direct) | The security researcher rose to fame for curbing the spread of the WannaCry ransomware in May. | Wannacry | ||
 |
2017-08-04 16:30:16 | Arrest Shines Light on Shadowy Community of Good, Bad Hackers (lien direct) | Two months ago, Marcus Hutchins was an "accidental hero," a young computer whiz living with his parents in Britain who found the "kill switch" to the devastating WannaCry ransomware. | Wannacry | ||
 |
2017-08-04 15:55:29 | Latest Intelligence for July 2017 (lien direct) | Email malware rate continues to increase and WannaCry, Petya inspire other threats to add self-spreading components. | Wannacry | ||
|
2017-08-04 15:45:32 | WannaCry Ransomware Bitcoins Move From Online Wallets (lien direct) | The ISBuzz Post: This Post WannaCry Ransomware Bitcoins Move From Online Wallets | Wannacry | ||
 |
2017-08-04 15:38:42 | WannaCry hero \'Marcus Hutchins\' arrested and charged with malware offences in the U.S (lien direct) | Marcus Hutchins accused of creating Russian banking Trojan 'Kronos' Not so long ago, Marcus Hutchins, a 23-year-old British security researcher with the blog name “MalwareTech†became an 'accidental hero' when he discovered an effective kill switch to stop the biggest unprecedented WannaCry ransomware attack that had crippled thousands of computers. The ransomware spread to more [...] | Wannacry | ||
|
2017-08-04 09:11:32 | NHS cyber-defender Marcus Hutchins to appear in US court (lien direct) | British cyber-security researcher Marcus Hutchins will appear in court in Las Vegas later charged in a US cyber-crime case. The 23-year-old has been accused of involvement with Kronos – a piece of malware used to steal banking logins from victims’ computers. Mr Hutchins, from Ilfracombe in Devon, came to prominence after he stalled the WannaCry ... | Wannacry | ★★ | |
|
2017-08-04 08:40:20 | Why advanced threat protections are the key to outsmarting the next ransomware attack (lien direct) | The most prevalent cybersecurity concern in 2017 is undeniably ransomware, this year has seen it reassert itself into the public eye in a big way. The WannaCry attack in May was one of the largest ransomware attacks ever, affecting more than 300,000 computers running Microsoft Windows worldwide. What's more the attack hit a huge range ... | Wannacry | ||
 |
2017-08-04 08:33:53 | Opération Kronos : le FBI frappe en plein DEF CON en arrêtant un spécialiste des codes malveillants (lien direct) | Marcus Hutchins est un spécialiste des codes malveillants. L’homme de 22 ans, qui a participé à la mort de Wannacry, a été arrêté par le FBI. Il est accusé d’avoir diffusé et utilisé un logiciel d’interception de données bancaires, baptisé Kronos, et d’en avoir tiré profit. V... Cet article Opération Kronos : le FBI frappe en plein DEF CON en arrêtant un spécialiste des codes malveillants est apparu en premier sur ZATAZ. | Wannacry | ||
|
2017-08-04 07:38:50 | Ransomware WannaCry : Les cybercriminels récupèrent 140 000 dollars en bitcoins (lien direct) |  Les auteurs du fameux crypto-ransomware Wannacry /WannaCrypt viennent de vider les trois portefeuilles Bitcoin liés au malware et ayant servi à récupérer les rançons. Le butin s'élève à 140 000 dollars, ce qui est peu pour une opération d'une telle envergure. |
Wannacry | ||
|
2017-08-04 04:30:59 | FBI arrests UK WannaCry hero on malware charges (lien direct) | The Briton credited with stopping the WannaCry global malware attacks in their tracks in May has been arrested in the US on malware charges | Wannacry | ||
|
2017-08-03 23:01:53 | FBI arrests WannaCry\'s \'accidental hero\' in connection with Kronos banking trojan (lien direct) |  Marcus Hutchins, aka MalwareTech, the British security researcher who was credited with stopping the hard-hitting WannaCry ransomware worm that hit the UK's NHS hard earlier this year, has been arrested in Las Vegas.
|
Wannacry | ||
|
2017-08-03 22:55:42 | Hero WannaCry Researcher Charged over Links to Kronos Trojan (lien direct) | In-brief:Â A British researcher who became a hero after he stopped the WannaCry ransomware from spreading globally has been apprehended in Nevada and charged with distributing the Kronos banking trojan in the U.S. between July 2014 and July 2015. A British researcher who became a hero after he stopped the WannaCry ransomware from spreading...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/421293416/0/thesecurityledger -->»Related StoriesFinancial Malware, not Ransomware, drives most Cyber CrimeAt BlackHat: Hell is Other People’s Machine LearningPetya Malware may be an Early Test of Muscular Trump Cyber Doctrine | Wannacry | ||
|
2017-08-03 20:21:45 | UK Security Researcher \'Hero\' Accused of Creating Bank Malware (lien direct) | A British computer security researcher hailed as a hero for thwarting the "WannaCry" ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks. | Wannacry | ★★★★ | |
|
2017-08-03 19:57:30 | WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware (lien direct) | Marcus Hutchins, aka MalwareTech the WannaCry hero, was arrested and charged with another unnamed individual with creating and distributing the Kronos banking malware. | Wannacry | ★★★★ | |
|
2017-08-03 18:18:22 | News in brief: WannaCry \'kill switch\' man detained; Firefox file encryption; DDoS fails to persuade (lien direct) | Your daily round-up of some of the other stories in the news! |
Wannacry | ||
|
2017-08-03 18:04:58 | WannaCry Bitcoin Withdrawn; \'Killswitch\' Researcher Detained in Nevada (lien direct) | The WannaCry story has new life with the attacks having withdrawn the Bitcoin collected as ransom during the attacks, and with the detainment of killswitch researcher Marcus Hutchins in Nevada. | Wannacry | ★★★★★ | |
 |
2017-08-03 17:00:10 | MalwareTech Arrested by the FBI on Charges of Creating Kronos Banking Trojan (lien direct) | MalwareTech — the security researcher who stopped the WannaCry ransomware outbreak — was arrested in Las Vegas on accusations of creating the Kronos banking trojan together with another person. [...] | Wannacry | ★★★ | |
|
2017-08-03 12:21:55 | FBI Arrests Researcher Who Found \'Kill-Switch\' to Stop Wannacry Ransomware (lien direct) | The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware-has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas.
Marcus Hutchins, operates under the alias MalwareTech on Twitter, was detained by the FBI in the state of Nevada, a friend of Hutchins
|
Wannacry | ||
|
2017-08-03 11:34:32 | Cyber criminals make it difficult to follow the money (lien direct) | Following the money is a classic technique used by law enforcement to link criminals to crimes by tracing associated financial exchanges, but that may not be easy in the case of the WannaCry attacks | Wannacry | ★★★★★ | |
|
2017-08-03 07:00:06 | Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets (lien direct) | The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments.
Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of computers in more than 150 countries, encrypting files and then charging victims $300-$600 for the keys
|
Wannacry | ||
 |
2017-08-02 10:14:52 | New WannaCry-Mimicking SLocker Abuses QQ Services (lien direct) | Trend Micro researchers detected a new SLocker variant that mimics the GUI of the WannaCry crypto-ransomware on the Android platform. Detected as ANDROIDOS_SLOCKER.OPSCB, this new SLocker mobile ransomware variant features new routines that utilize features of the Chinese social network QQ, along with persistent screen-locking capabilities. SLocker, an Android file-encrypting ransomware first detected and analyzed in July, was found mimicking WannaCry's GUI. Although Chinese police already arrested the ransomware's alleged creator, other SLocker operators clearly remained unfazed. Post from: Trendlabs Security Intelligence Blog - by Trend Micro New WannaCry-Mimicking SLocker Abuses QQ Services | Wannacry | ||
|
2017-08-02 05:43:58 | WannaCry Inspires Banking Trojan to Add Self-Spreading Ability (lien direct) | Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful.
Security researchers have now discovered at least one group of cyber criminals that are attempting to give its banking Trojan the self-spreading worm-like capabilities that made recent
|
Wannacry | ||
 |
2017-08-01 19:10:43 | TrickBot comes with new tricks – attacking Outlook and browsing data (lien direct) |
TrickBot is still actively maintained and it is not going to leave the landscape any soon. Take a look at its new modules.
Categories:
Malware
Threat analysis
Tags: dyrezaEternalPetyamalwareOutlookransomwaretrickbotWannaCry
(Read more...)
|
Wannacry | ||
|
2017-07-31 23:02:15 | Are You Prepared for the Next Attack? (lien direct) | A WAKE-UP CALL From WannaCry and Petya to the most recent attacks today, #LeakTheAnalyst and HBO-it is now apparent that anyone or any organization is a target for cyber criminals. Attacks continue to grow at an alarming rate – in volume, sophistication and impact. As of May 2017, Check Point products are detecting over 17 million […] | Wannacry | ||
 |
2017-07-30 21:00:00 | NSE Experts Academy CTF (lien direct) | At the end of this past June, Fortinet ran the NSE Experts Academy which featured for the first time a Capture The Flag (CTF) session. We welcomed close to 60 participants, and feedback was extremely positive. We congratulate the top 2 winners, with very close scores, teams YouMayNotWannaCry and ACSN. Our CTF had two specifications: While it included challenges on Fortinet products it was not limited to them - this was not a sales session but a technical one! For instance, while we had challenges on FortiSandbox, FortiCam, and FortiGate,... | Wannacry | ||
 |
2017-07-28 17:30:00 | (Déjà vu) Wannacry Inspires Worm-like Module in Trickbot (lien direct) | The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint. | Wannacry | ||
|
2017-07-28 17:30:00 | (Déjà vu) Wannacry Inpires Worm-like Module in Trickbot (lien direct) | The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint. | Wannacry | ||
|
2017-07-28 10:16:50 | Banking Trojans Add Self-Spreading Worm Components... Because WannaCry (lien direct) | Two banking trojans — Emotet and Trickbot — have added support for a self-spreading component to improve their chances of infecting other victims on the same network. [...] | Wannacry |
To see everything:
Our RSS (filtrered)
