What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-08-01 12:25:17 | US Pharma Giant "Not yet Producing Bulk Product" Because of NotPetya Outbreak (lien direct) | US pharmaceutics giant Merck was severely affected by the NotPetya ransomware outbreak that took place at the end of June, and the company is still struggling to restore all systems and resume normal operations, according to an 8-K report filed with the US Securities and Exchange Commission (SEC). [...] | NotPetya | ||
 |
2017-07-22 21:47:54 | WannaCry & NotPetya Ransomware Attack Advice From Blancco Technology Group (lien direct) | The ISBuzz Post: This Post WannaCry & NotPetya Ransomware Attack Advice From Blancco Technology Group | NotPetya Wannacry | ||
 |
2017-07-20 13:54:09 | FedEx May Have Permanently Lost Data Encrypted by NotPetya (lien direct) | FedEx-owned international delivery services company TNT Express is still working on restoring systems hit last month by the destructive NotPetya malware attack, but some business data may never be recovered, FedEx said in a Securities and Exchange Commission (SEC) filing this week. | FedEx NotPetya | ||
 |
2017-07-19 11:10:28 | Monitor Your Network for NotPetya in Real Time (lien direct) | With the QRadar NotPetya Content Pack, security analysts can monitor their networks for indicators of NotPetya ransomware in real time. | NotPetya | ||
|
2017-07-18 06:35:10 | FedEx Says Some Damage From NotPetya Ransomware May Be Permanent (lien direct) | US-based and international courier delivery service FedEx admitted on Monday that some of its systems were significantly affected by the NotPetya ransomware, and some of the damage may be permanent. [...] | FedEx NotPetya | ||
 |
2017-07-14 16:29:04 | Keeping up with the Petyas: Demystifying the malware family (lien direct) |
Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family.
Categories:
Cybercrime
Malware
Tags: Anti-RansomwareEternalPetyaGoldeneye ransomwaregreen petyajanusMischa ransomwareNotPetyaPetrwrappetya originsPetya ransomwareransomwarered petya
(Read more...)
|
NotPetya Wannacry | ||
 |
2017-07-12 07:48:00 | NotPetya - \'Ransomware\' That Spreads like a Worm (lien direct) | NotPetya techniques led researchers to believe the true goals of the attack was disruption rather than monetary gain. | NotPetya | ||
 |
2017-07-10 08:06:37 | Petya ransomware developer releases master decryption key, giving hope for victims (lien direct) |  The original developer of the Petya ransomware has released a master decryption key that works for all prevision versions of its enciphering creation.
But before you get too excited, it doesn't work for NotPetya...
David Bisson reports.
|
NotPetya | ||
 |
2017-07-09 16:05:00 | Key Differences Between Petya and NotPetya (lien direct) | There have already been a lot of write-ups for the NotPetya malware. This article is just a supplement for what is already out there. Our focus is to highlight some key differences between a previous strain of the Petya ransomware and the malware that scared everyone a few weeks ago, which is now sometimes being referred to as NotPetya. I posted a blog post a couple of months ago about the MBR (Master Boot Record) infected by Petya. I explained how the ransomware infected the boot process and how it executed its own kernel code. In this post,... | NotPetya | ||
|
2017-07-09 16:00:00 | Petya\'s Master Boot Record Infection (lien direct) | Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.†In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:\Windows\Petya). If it exists, it terminates by calling ExitProcess. If it doesn't exist, it creates a file with the attribute DELETE_ON_CLOSE. This seems to imply that instead of a killswitch, this file is meant to be a marker to check and see if the system has already been infected. After... | NotPetya | ||
 |
2017-07-07 13:00:00 | Week in Review 7th July 2017 (lien direct) |
How to not handle a data breach
Car breakdown service provider the AA apparently suffered an issue whereby it was publicly disclosing customer data. Except it wasn’t. But it was.
Short version is that AA published 13GB worth of customer data to the internet, including partial credit card details.
However, in a masterclass on how not to handle a data breach, the AA proceeded to deny any such leak had occurred, despite there being clear evidence to the contrary. Then, when Graham Cluley pointed out that the AA may be fibbing, he was warned (threatened?) of being in breach of the computer misuse act. Note, that this is for posting a redacted screenshot of leaked data, that apparently didn’t occur in the first place.
Troy Hunt breaks down the five stages of data breach grief
The AA Exposed Emails, Credit Card Data, and Didn’t Inform Customers
AA Shop investigating 13 gigabyte data breach
On the flip side, DaFont had a pretty reasonable response to being breached.
A self-destructing PC
I remember watching the Mission Impossible TV series where at the end of the mission briefing, the director would say, “This message will self destruct in 30 seconds” and always found it to be so cool.
When my first MP3 player was stolen; I sorely wished that it had a similar functionality whereby I could remotely ‘detonate’ it so that the internals would go up in a puff of smoke.
It appears as if such a device is no longer in the realm of fantasy, as Orwl takes physical security to the next level. Not only do you need a password and wireless fob to turn it on, if the fob moves out of range, the processes goes to sleep and the USB and HDMI ports shut off.
If an attacker is persistent, the device will wipe data on the encrypted drive.
This $1,699 "secure PC" will self-destruct if tampered with
It will be interesting to see how law enforcement view this, and if such devices become favoured by those looking to do no good, if a master fob is requested.
Certificate revocation is broken
A nice piece by Scott Helme (why does autocorrect insist on referring to him as Helmet?) in which he illustrates the challenges that as more and more sites are using certificates, there isn’t a good way to revoke them if someone obtains our private key.
Kaspersky agrees to turn over source code to US government
In a story that will likely continue to take twists and turns along the way, Kaspersky has worryingly agreed to share its source code with the US government in order to continue conducting business with them.
CEO Eugene Kaspersky has stated that h |
Guideline | NotPetya | |
 |
2017-07-07 12:50:00 | NotPetya: How to Prep and Respond if You\'re Hit (lien direct) | Security pros share practices to prepare and handle advanced malware attacks like NotPetya. | NotPetya | ||
|
2017-07-07 11:01:09 | The Week in Ransomware - July 7th 2017 - Decryptors, NotPetya, and Petya (lien direct) | Been a great week for victims, with decryptors coming out for BTCWare, Cryptomix, Executioner, and the release of the original Petya key. Otherwise, it has been a lot of NotPetya news and numerous smaller variants being released. [...] | NotPetya | ||
 |
2017-07-07 10:53:03 | Massive cyber-attack could cost Nurofen and Durex maker £100m (lien direct) | Some of the world's biggest companies are counting the cost of lost business following last week's “NotPetya†ransomware cyber-attack, with Nurofen maker Reckitt Benckiser taking an estimated £100m hit in revenue. View Full Story ORIGINAL SOURCE: The Guardian | NotPetya | ★★★★★ | |
 |
2017-07-07 10:40:43 | Private Decryption Key For Original Petya Ransomware Released (lien direct) | Rejoice Petya-infected victims!
The master key for the original version of the Petya ransomware has been released by its creator, allowing Petya-infected victims to recover their encrypted files without paying any ransom money.
But wait, Petya is not NotPetya.
Do not confuse Petya ransomware with the latest destructive NotPetya ransomware (also known as ExPetr and Eternal Petya) attacks
|
NotPetya | ||
|
2017-07-06 19:06:53 | Report: Second quarter dominated by ransomware outbreaks (lien direct) |
The second quarter of 2017 left the security world wondering, “What the hell happened?†With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.
Categories:
Malwarebytes news
Tags: ad fraudadam kujawaAdam McNeiladwareAmazon PhishingArmando Orozcoastrumboaxxeebreachbreachescerbercybercrime tactics & techniquescybercrime tactics and techniquesdokDoublePulsarEKEternalBlueEternalPetyaexploit kitFindzipfireballhandbrakeJaffJean-Philippe TaggartJerome SegurakovterLockyMagnitudeMalwarebytesmalwarebytes labsMarcelo RiveroNathan CollierNotPetyaNSAnymain |
NotPetya Wannacry | ||
|
2017-07-06 18:15:09 | All this EternalPetya stuff makes me WannaCry (lien direct) |
Get more background on the EternalPetya ransomware. Learn about its origin, attribution, decryption, and the methods of infection and propagation.
Categories:
Cybercrime
Malware
Tags: attributiondecryptionDoublePulsarEternalBlueEternalPetyaEternalRomancehasherazadem.e.docNotPetyaNSApetyaPetya ransomwareShadowBrokersWannaCryWannaCryptWannaCryptor
(Read more...)
|
NotPetya Wannacry | ||
|
2017-07-06 17:06:15 | The key to old Petya versions has been published by the malware author (lien direct) |
As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. As a result of the recent events, Janus released his private key, allowing all the victims of the previous Petya attacks, to get their files back.
Categories:
Cybercrime
Malware
Tags: ChimeraChimera ransomwareEternalPetyaGoldeneye ransomwarejanusNotPetyapetyaPetya ransomwareransomwareteslacrypt
(Read more...)
|
NotPetya Tesla | ||
|
2017-07-06 15:43:15 | NotPetya Operators Accessed M.E.Doc Server Using Stolen Credentials: Cisco (lien direct) | The group behind last week's destructive NotPetya attack was able to access M.E.Doc's update server and use it for their nefarious purposes courtesy of stolen credentials, Cisco has discovered. | NotPetya | ||
|
2017-07-06 15:26:48 | NotPetya Decryption Key Sale - Genuine or Curveball Charade? (lien direct) | Confusion over the source and motive behind the NotPetya ransomware outbreak was given an extra stir with the offer for sale of a private decryption key. Posts appeared Tuesday on both Pastebin and DeepPaste: "Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks)." | NotPetya | ||
 |
2017-07-05 21:48:52 | Backdoor built in to widely used tax app seeded last week\'s NotPetya outbreak (lien direct) | Operation that hit thousands was “thoroughly well-planned and well-executed.†| NotPetya | ||
|
2017-07-05 16:41:06 | Fake WannaCry Ransomware Uses NotPetya\'s Distribution System (lien direct) | The NotPetya wiper wasn't the only piece of malware distributed last week using the compromised M.E.Doc update mechanism: a fake WannaCry ransomware variant was delivered using the same channel, Kaspersky Lab reports. | NotPetya Wannacry | ||
 |
2017-07-05 15:37:00 | Despite hype, ransomware accounted for only 1% of malicious programs in 2016, according to report (lien direct) | A new report from AV-Test showed that ransomware attacks on Windows in 2016 were low. Still, attacks like WannaCry and NotPetya caused a significant amount of damage. | NotPetya Wannacry | ||
|
2017-07-05 13:06:00 | Researchers Dissect Stealthy Backdoor Used by NotPetya Operators (lien direct) | ESET security researchers have performed a detailed analysis of a stealthy backdoor used by the group behind the NotPetya destructive wiper and injected into the legitimate resources of tax accounting software M.E.Doc earlier this year. | NotPetya | ||
|
2017-07-05 12:40:17 | [Video] Ukrainian Police Seize Servers of Software Firm Linked to NotPetya Cyberattack (lien direct) | Ukrainian National Police has released a video showing officers raiding company of M.E.Doc accounting software makers, whose systems have been linked to outbreak of Petya (NotPetya) ransomware that recently infected computers of several major companies worldwide.
On 4th July, masked police officers from Ukrainian anti-cybercrime unit - carrying shotguns and assault rifles - raided the
|
NotPetya | ||
|
2017-07-05 09:17:48 | Hackers Connected to NotPetya Ransomware Surface Online, Empty Bitcoin Wallet (lien direct) | Whoever is in control of the NotPetya bitcoin wallet has moved around $10,000 of funds, and a mysterious group has offered to unlock all of the ransomed files. Read Full Story ORIGINAL SOURCE: Motherboard | NotPetya | ★★★ | |
|
2017-07-05 07:03:53 | NotPetya Group Moves All Their Bitcoin, Posts Proposition on the Dark Web (lien direct) | The person or group behind the NotPetya ransomware has made its first move since the outbreak that took place eight days ago. [...] | NotPetya | ||
 |
2017-07-05 03:57:46 | NotPetya : les pirates ramassent le maigre butin de leur retentissante cyberattaque (lien direct) | Le portefeuille bitcoin qui servait de réceptacle aux rançons a été vidé. Parallèlement, des hackers qui affirment être derrière NotPetya ont posté un nouveau message dans lequel ils réclament 100 bitcoins, soit 224.000 euros.  |
NotPetya | ★★★★ | |
|
2017-07-04 14:40:36 | Ukrainian Police Seize Servers From Where NotPetya Outbreak First Spread (lien direct) | Ukrainian Police announced today it seized the servers from where the NotPetya ransomware outbreak first started to spread. [...] | NotPetya | ||
|
2017-07-04 09:35:10 | Advice From A Tech Giant: PCM Details Handling Petya/NotPetya (lien direct) | The ISBuzz Post: This Post Advice From A Tech Giant: PCM Details Handling Petya/NotPetya | NotPetya | ||
|
2017-07-03 12:38:14 | NotPetya Connected to BlackEnergy/KillDisk: Researchers (lien direct) | Last week's devastating NotPetya attack might have been launched by the same threat group that previously used the Russia-linked BlackEnergy malware family in attacks against Ukraine, security researchers reveal. | NotPetya | ||
|
2017-07-03 10:36:16 | NotPetya Ransomware Frequently Ask Questions (FAQ) (lien direct) | What has happened? A new outbreak of ransomware, a form of malware which encrypts your files and demands a ransom payment to recover them, has hit organisations globally. It appears to be a derivative of the previously seen Petya ransomware, but with some differences. Many researchers have cast doubt on whether this really is a ... | NotPetya | ||
|
2017-07-03 10:20:22 | NATO attributed the massive NotPetya attack to a \'state actor\' and call for a joint investigation (lien direct) | According to NATO, the recent massive attack based on NotPetya ransomware was powered by a “state actor.†The malware infected over 12,000 devices in around 65 countries, the malicious code hit major industries and critical infrastructure. View Full Story ORIGINAL SOURCE: Security Affairs | NotPetya | ||
 |
2017-07-02 16:09:42 | Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue), (Sat, Jul 1st) (lien direct) | With both WannaCry and NotPetya using MS17-010 for propagation it is important to be able to detect servers which are vulnerable. Even if you have comprehensive vulnerability management and patching programs there are almost certainly servers that have been missed, whether because they are vendor supported or part of your companyscottage IT. It is important to be able to find those servers and either remediate them or put additonal controls in place to protect them. | NotPetya Wannacry | ||
|
2017-07-01 14:05:24 | Security Firms Find Thin Lines Connecting NotPetya to Ukraine Power Grid Attacks (lien direct) | On Friday, three cyber-security firms have come forward with reports or statements that link the NotPetya ransomware outbreak to a cyber-espionage group known for a large number of past cyber-attacks, such as the one on Ukraine's power grid in December 2015. [...] | NotPetya | ||
|
2017-06-30 19:43:37 | Microsoft Tackles Ransomware with Controlled Folder Access (lien direct) | In the wake of global malicious attacks such as WannaCry and NotPetya, Microsoft this week announced a new feature meant to keep users' data safe from ransomware and other type of malware. | NotPetya Wannacry | ||
|
2017-06-30 18:38:02 | The Week in Ransomware - June 30th 2017 - NotPetya (lien direct) | It has been another crazy week when it comes to ransomware due to the NotPetya outbreak. This ransomware/destructive malware played havok all over the world, but especially the Ukraine, when it was unleashed on Tuesday. Other than that, the rest of the ransomware news was basically small variants being developed or released. [...] | NotPetya | ||
|
2017-06-30 16:53:36 | EternalPetya – yet another stolen piece in the package? (lien direct) |
Since 27th June we've been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since the day one, various contradicting theories started popping up. Some believed, that it is a rip-off the original Petya, others - that it is another step in its evolution. However, so far, those were just different opinions, and none of them was backed up with enough evidence. In this post, we will try to fill this gap, by making a step-by-step comparison of the current kernel and the one on which it is based (Goldeneye Petya).
Categories:
Malware
Threat analysis
Tags: attributionEternalPetyahasherezadehexeditjanusMalwarebytesNotPetyaNSApetyapsexecransomware
(Read more...)
|
NotPetya Wannacry | ||
 |
2017-06-30 16:07:28 | Eternal Blues – Un scanner pour débusquer les machines vulnérables à la faille SMBv1 utilisée par Wannacry et notPetya / Petwrap (lien direct) | Petya, notpetya, petwrap, Expetr, GoldenEye et j'en passe, profite de la faille SMBv1 que Microsoft a patchée en mars 2017 et qui a leakée des mains de la NSA il y a peu sous le nom EternalBlue et EternalRomance. Je ne vais pas revenir sur le problème, car j'ai exprimé le fond de ma pensée > Lire la suite Cet article merveilleux et sans aucun égal intitulé : Eternal Blues – Un scanner pour débusquer les machines vulnérables à la faille SMBv1 utilisée par Wannacry et notPetya / Petwrap ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. | NotPetya Wannacry | ||
|
2017-06-30 14:30:46 | Industry Reactions to Destructive NotPetya Attacks: Feedback Friday (lien direct) | A wiper malware disguised as ransomware wreaked havoc this week, infecting the systems of numerous organizations across more than 60 countries. | NotPetya | ||
|
2017-06-30 14:13:24 | NotPetya developers may have obtained NSA exploits weeks before their public leak [Updated] (lien direct) | Clues may tie people behind massive malware attack to mysterious Shadow Brokers group. | NotPetya | ||
 |
2017-06-30 13:30:18 | TeleBots are back: Supply-chain attacks against Ukraine (lien direct) | This blogpost reveals many details about the Diskcoder.C (aka ExPetr or NotPetya) outbreak and related information about previously unpublished attacks. | NotPetya | ||
|
2017-06-30 13:00:00 | Week in Review 30th June 2017 (lien direct) | New Petya Variant Unless you’ve been away for the week on a deserted location with no access to the internet, radio, or television, you’ve likely been bombarded with news of the Petya ransomware variant that took offline most of the Ukraine as well as spreading around to other countries. It echoes the disastrous impact WannaCry had just a few short weeks ago. Our own AlienVault labs team broke down what they saw Microsoft has a nice technical post on how the attack works Lesley Carhart has written a very accessible post explaining the attack and the surrounding issues. Perhaps the biggest victim this time round was Cadbury’s, as it had to shut down its famous chocolate factory in Hobart. How I obtained direct publish access to 13% of npm packages This is a great post on how ChALkeR was able to obtain direct publish access to 13% of npm packages – with an estimated reach of up to 52% once you factor in dependency chains. It’s interesting because it’s relatively straightforward using three basic techniques of bruteforcing, reusing passwords from leaks, and npm credentials on GitHub. The issue has been addressed in an npm blog post. Just in case you need to check your credentials You are not Google Neither are you Amazon, or LinkedIn, or Facebook, or Netflix etc. A great post especially for engineers. This line of thinking can be expanded into security too. Just because a large, well-funded, and highly targeted company is using the latest bleeding edge next generation security products and tools, it doesn’t mean every company needs to adopt the same toolset. Rather, it’s about looking at what matters most, and getting security controls that are appropriate. I really need to find better ways of explaining my thoughts, the paragraph I just wrote throws me back to days of being a consultant. Legal boundaries and privacy The long-running case between the US Department of Justice and Microsoft has taken another turn as the DoJ has petitioned the US supreme court to get involved in allowing the US government access to Microsoft emails stored at its Dublin data centre. As Microsoft president and chief counsel Brad Smith argued in a blog post, if the US government has the right to directly seize internationally-held data, then other countries will of course expect the same right. This in effect would allow international digital raids for American or other nations’ data, in the US or around the worl | Guideline | NotPetya Wannacry | |
|
2017-06-30 05:46:16 | Ransomware ou wiper ? F-Secure tente de déchiffrer le mystère qui entoure NotPetya (lien direct) | Le virus qui a causé tant de dégâts il y a quelques jours est-il un ransomware ou un programme uniquement destructeur ? Les avis sont partagés.  |
NotPetya | ★★★ | |
|
2017-06-30 05:17:18 | More Security Firms Confirm NotPetya Shoddy Code Is Making Recovery Impossible (lien direct) | The bandwagon of cyber-security firms claiming that NotPetya was meant for destructive purposes is getting more crowded by the day, with three new additions from Cisco Talos, F-Secure, and Malwarebytes. [...] | NotPetya | ||
|
2017-06-30 03:38:12 | Windows 10 to Get Built-in Protection Against Most Ransomware Attacks (lien direct) | Ransomware Ransomware Everywhere Not a Single Place to Hide!
But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.
Two massive ransomware attacks - WannaCry and Petya (also known as NotPetya) - in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car
|
NotPetya Wannacry | ||
|
2017-06-29 19:23:00 | Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye (lien direct) | Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers. | NotPetya | ||
|
2017-06-29 19:05:17 | Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone (lien direct) | A fourth ransomware campaign focused on Ukraine has surfaced today, following some of the patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya. [...] | NotPetya Wannacry | ||
|
2017-06-29 14:15:37 | Top 10 Things You Need To Know About NotPetya (Note: Don\'t Pay The Ransom) (lien direct) | The ISBuzz Post: This Post Top 10 Things You Need To Know About NotPetya (Note: Don't Pay The Ransom) | NotPetya | ||
|
2017-06-29 12:42:39 | NotPetya - Destructive Wiper Disguised as Ransomware (lien direct) | NotPetya/GoldenEye Malware Overwrites Master Boot Record | NotPetya |
To see everything:
Our RSS (filtrered)
