What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-06-21 11:47:47 | WannaCryptor attack \'may have come from Lazarus group\' (lien direct) | Experts in the UK and the US have reportedly claimed that the recent global WannaCryptor ransomware attack was initiated by the North Korean Lazarus Group. | Medical | Wannacry APT 38 | |
 |
2017-06-21 11:13:04 | 25% of Companies Struck by Fireball or WannaCry in May, Index Reveals (lien direct) | A quarter of companies worldwide suffered an infection at the hands of Fireball malware or WannaCry ransomware in May 2017, reveals an ongoing threat index. In its latest Global Threat Impact Index, researchers at Check Point Software Technologies found that Firewall affected one in five organizations globally in May 2017. The creators of this program […]… Read More | Wannacry | ||
 |
2017-06-21 10:35:29 | Honda halts Japan car plant after WannaCry virus hits computer network (lien direct) | Honda Motor Co said on Wednesday it halted production at a domestic vehicle plant for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network. The automaker shut production on Monday at its Sayama plant, northwest of Tokyo, which produces models including the Accord sedan, Odyssey Minivan ... | Wannacry | ★★★★★ | |
 |
2017-06-21 08:45:15 | Business urged to block WannaCry as Honda halts production (lien direct) | Businesses are being urged to ensure that they are not vulnerable to WannaCry ransomware after a vehicle manufacturer discovered an infection on its networks | Wannacry | ||
 |
2017-06-20 21:15:16 | (Déjà vu) Fireball And WannaCry Impact More Than 1 In 4 Organizations Globally, According To Check Point\'s Latest Threat Index (lien direct) | The ISBuzz Post: This Post Fireball And WannaCry Impact More Than 1 In 4 Organizations Globally, According To Check Point’s Latest Threat Index | Wannacry | ||
 |
2017-06-20 15:28:47 | Why WannaCry Was a Wake Up Call for Critical Infrastructure Security (lien direct) | Many OT Networks are Susceptible to Threats Like WannaCry | Wannacry | ||
 |
2017-06-20 13:00:09 | May\'s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally (lien direct) | Check Point's latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May– in the company's latest Global Threat Impact Index. The top three malware families that impacted networks globally were zero-day, previously unseen attacks. Fireball impacted one in five organizations worldwide, […] | Wannacry | ||
 |
2017-06-20 12:41:13 | Say Goodbye to SMBv1 in Windows Fall Creators Update (lien direct) | The SMBv1 file-sharing protocol abused by the NSA's EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3. | Wannacry | ||
 |
2017-06-20 09:13:54 | Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3) (lien direct) | The Server Message Block version 1 (SMBv1) - a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak - will be removed from the upcoming Windows 10 (1709) Redstone 3 Update.
The SMBv1 is one of the internet's most ancient networking protocols that allows the operating systems and applications to read and write data to a system and a system to
|
Wannacry | ||
 |
2017-06-20 06:22:18 | Windows 10: Microsoft veut supprimer l\'ancien système de partage de fichiers (lien direct) | Le système de partage SMBv1 est désormais obsolète et a été récemment utilisé pour des ransomwares tels que WannaCry.  |
Wannacry | ★★★★★ | |
|
2017-06-19 19:00:58 | North Korean WannaCry Responsibiltiy (lien direct) | The ISBuzz Post: This Post North Korean WannaCry Responsibiltiy | Wannacry | ★★★★ | |
 |
2017-06-19 14:52:10 | Why WannaCry signals a coming wave of nation-state cyber weapon hacks (lien direct) | By Byron Acohido Companies would be remiss to downplay the profound implications of last month's headline-grabbing WannaCry ransomware attack. WannaCry was a mere harbinger; the tip of the iceberg. WannaCry happened a few weeks after the Shadow Brokers hacking collective stole dozens of the National Security Agency's ace-in-the-hole hacking tools. Shadow Brokers futilely tried to […] | Wannacry | ||
|
2017-06-19 09:39:41 | WannaCry Could Return in Stealth Mode: Are Your Endpoints Ready? (lien direct) | The security industry was left shaken by the malware outbreak dubbed WannaCry. Starting on May 12, the attack rapidly spread to hundreds of countries, holding hundreds of thousands of computer systems hostage via a ransomware virus. The attack was slowed somewhat accidentally by a cybersecurity researcher who, during the course of his investigation, registered and sinkholed a ... | Wannacry | ||
|
2017-06-19 03:01:28 | 3 Steps to Ensure Patient Safety by Mitigating Cyber Security Risk (lien direct) | Cyberattacks in the healthcare industry have been on the rise, the latest being the WannaCry attack that affected 20% of NHS facilities in the UK. A study (PDF) by the Ponemon Institute in 2016 revealed that healthcare organizations have experienced approximately one cyberattack every month. Healthcare organizations are a lucrative target because patient information (social […]… Read More | Wannacry | ||
|
2017-06-16 17:45:45 | Someone Failed to Contain WannaCry (lien direct) | As reports of the NSA officially connecting WannaCry to North Korea surface, experts are saying developers failed to contain the ransomware before it was ready for deployment. | Wannacry | ||
|
2017-06-16 12:08:02 | WannaCry ransomware \'from North Korea\' say UK and US (lien direct) | The WannaCry ransomware attack that affected more than 150 countries and crippled parts of the NHS came from North Korea, British and US security officials believe. The attack affected more than 60 NHS trusts and an estimated 300,000 people worldwide, by locking data and demanding money to release it again. British cyber experts analysing the ... | Wannacry | ★★★ | |
|
2017-06-16 03:00:34 | Survey: 99% of Attachment-Based Email Attacks Required User Clicks by December 2016 (lien direct) | In May 2017, an updated version of WannaCry ransomware struck a minimum of 200,000 organizations in over 150 countries. It did so by abusing a Windows SMB vulnerability (MS17-010) using exploit code developed by the NSA and leaked online by The Shadow Brokers. As we all know, however, not all attack campaigns automatically exploit vulnerable […]… Read More | Wannacry | ||
|
2017-06-15 16:54:22 | U.K. Center of Security Excellence Hit by Ransomware (lien direct) | One of the world's top ten universities, awarded the status of "centre of excellence in cyber-security research" by the UK's GCHQ, has been hit by a so-far unrecognized strain of ransomware. This comes just one month after many UK health trusts were struck by the global WannaCry ransomware. | Wannacry | ||
|
2017-06-15 14:34:21 | Metadata Analysis Draws its Own Conclusions on WannaCry Authors (lien direct) | Researchers at Telefonica's cybersecurity unit ElevenPaths conducted an analysis of WannaCry metadata. | Wannacry | ||
|
2017-06-15 13:11:22 | Why WannaCry Really Makes Me Want to Cry (lien direct) | Recently, the WannaCry ransomware worm was big news. For security professionals working inside organizations with unpatched systems vulnerable to infection, it was a particularly busy period. Plenty has been written about the malware itself, how it spread, the need to patch, and many other technical topics around the recent outbreak. Much great analysis has been done, and I certainly don't need to rehash that here. I'd like to focus on a different angle ent | Wannacry | ||
|
2017-06-15 10:47:03 | The NSA has linked the WannaCry computer worm to North Korea (lien direct) | The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques ... | Wannacry | ★★★ | |
 |
2017-06-15 05:28:08 | Nearly One Million Systems Provide "Guest" SMB Access, Most Are Linux (lien direct) | There are 2,306,820 devices connected to the Internet at the moment that feature open ports for SMB services, the same protocol that was used to infect hundreds of thousands of computers with the WannaCry ransomworm a month ago. [...] | Wannacry | ||
 |
2017-06-15 00:10:53 | Microsoft Patches Windows XP Again As Part of June Patch Tuesday (lien direct) | Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP-an operating system it had stopped supporting in 2014. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Microsoft Patches Windows XP Again As Part of June Patch Tuesday | Wannacry | ||
|
2017-06-14 13:05:23 | Post-WannaCry, 5.5 Million Devices Still Expose SMB Port (lien direct) | In its annual National Exposure Index report, Rapid7 found 160 million computers, IoT devices and servers with open ports that should not be exposed to the public network. | Wannacry | ||
 |
2017-06-14 13:02:02 | Evolving towards a Homogenous Society: The Risk of the New Digital Economy (lien direct) | The recent WannaCry attack was interesting for a couple of reasons. First, the speed and scale of the attack was impressive. Over the course of a couple of days, hundreds of thousands of systems were affected and disrupted. Second, it also unveiled a disturbing trend. The attack malware exploited a known vulnerability that not only had been revealed through the highly public release of stolen cyber tools, but Microsoft had also released a patch for the targeted vulnerability over two months before. Which means that the scale of the attack was... | Wannacry | ||
 |
2017-06-14 12:49:17 | Alerte – MacRansom, le premier RaaS ciblant MacOS ! (lien direct) |  Alors que WannaCry a fait du dégât sur les machines Windows, voila que le spécialiste de sécurité informatique Fortinet alerte sur la propagation d’un ransomware comparable, mais cette fois-ci conçu pour les Mac : MacRansom. Les Mac de Apple sont maintenant autant visés par les cybercriminels que les systèmes Windows du fait de leur popularité. […] |
Wannacry | ||
 |
2017-06-14 12:06:00 | New Windows XP patch: Microsoft issues extraordinary fix to protect PCs against next WannaCry (lien direct) | To limit the number of machines at risk from self-replicating malware like WannaCry, Microsoft yesterday patched vulnerabilities on Windows XP and other unsupported operating systems. | Wannacry | ||
|
2017-06-14 09:52:52 | Microsoft to disable SMB1 on all future Windows versions post WannaCry havoc (lien direct) | Microsoft has declared that the next major Windows 10 update dubbed Redstone 3, will not have SMB1 protocol. The WannaCry attacks that took down thousands of systems across the world was largely based on SMB1 exploits that were leaked by Shadow Brokers. SMB1 is a file sharing protocol that Microsoft developed in the early 90s which ... | Wannacry | ||
|
2017-06-14 04:00:00 | Video: North Korean hacking group has been hitting the US since 2009 (lien direct) | Hidden Cobra, a North Korean-backed hacking group, may also be responsible for WannaCry and the Sony Pictures hack. | Medical | Wannacry APT 38 | ★★★★ |
|
2017-06-14 02:27:31 | Microsoft Releases Patches for 3 Remaining NSA Windows Exploits (lien direct) | Did you know… last month's widespread WannaCry ransomware attack forced Microsoft to release security updates against EternalBlue SMB exploit for unsupported versions of Windows, but the company left other three Windows zero-day exploits unpatched?
For those unaware, EternalBlue is a Windows SMB flaw that was leaked by the Shadow Brokers in April and then abused by the WannaCry ransomware to
|
Wannacry | ||
|
2017-06-13 16:50:14 | Microsoft Issues Windows XP Security Updates for Previously Ignored NSA Hacking Tools (lien direct) | In two blog posts today, Microsoft announced it issued new security patches for Windows XP users to protect them against "potential nation-state activity" that could cause "destructive cyber attacks" similar to the WannaCry outbreak that hit users last month. [...] | Wannacry | ||
|
2017-06-13 13:48:00 | Swapping Linux for Windows in Munich too risky after WannaCry attacks, warn Greens (lien direct) | Munich's Green Party says the recent WannaCry ransomware attacks on Windows machines worldwide highlight the danger of the city abandoning its Linux-based OS. | Wannacry | ||
 |
2017-06-13 13:00:22 | Latest Intelligence for May 2017 (lien direct) | The WannaCry outbreak dominated the news cycle, while the phishing rate reached a high for 2017. | Wannacry | ||
|
2017-06-13 10:48:05 | Android Ransomware Impersonates \'King Of Glory\' Game (lien direct) | The ransomware encrypts the Android device's files and then displays a ransom message imitating the notorious WannaCry malware. Hackers have begun distributing Android ransomware disguised as copies of the popular multiplayer online battle game King of Glory, which has millions of users, security researchers have warned. The malware has prompted “emergency†warnings to be posted ... | Wannacry | ||
 |
2017-06-12 14:31:02 | NHS ransomware cyber-security hero: I was panicking (lien direct) | The cyber-security expert who defeated the Wannacry attack briefly feared he had helped it spread. | Wannacry | ||
 |
2017-06-12 12:01:19 | 10 Ways to Fight Advanced Malware With Threat Intelligence Sharing (lien direct) | The X-Force Exchange threat intelligence sharing platform brings collaboration to the forefront of the ongoing fight against WannaCry and other malware. | Wannacry | ||
|
2017-06-12 03:01:37 | What Does the Future Hold for Ransomware? (lien direct) | The recent WannaCry ransomware attack left thousands of businesses in more than 150 countries worldwide reeling, with countless Internet users coerced into paying a Bitcoin ransom in the hope they’d regain access to their critical files. For all the advances that have been made by IT security providers to halt such malicious online activity, the […]… Read More | Wannacry | ||
|
2017-06-11 09:18:18 | French Police Seize 6 Tor Relay Servers in WannaCry Investigation (lien direct) | WannaCry, the biggest ransomware attack in the history, gained prominence very rapidly in the media globally after the ransomware infected more than 300,000 computers in over 150 countries within just 72 hours.
Governments, Intelligence agencies and law enforcement around the world have already started their investigations and are working closely with affected companies to track down hackers
|
Wannacry | ||
|
2017-06-11 04:40:17 | French Police Seize Two Tor Relays in WannaCry Investigation (lien direct) | Two days after the WannaCry ransomware outbreak wreaked havoc across the world, French police seized a server running two Tor relays belonging to French activist Aeris, who said the server was confiscated in connection to the WannaCry attacks. [...] | Wannacry | ||
 |
2017-06-10 11:04:33 | WannaCry Ransomware Lookalike Targeting Android Smartphones (lien direct) | WannaCry lookalike encrypts files on Android smartphones' external storage It looks like the WannaCry ransomware has become a source of inspiration for many crooks around the world. We had recently reported how a 14 year-old teenager from Japan impressed by the malware was arrested last week for developing a malware similar to the WannaCry malware. Now, cybercriminals [...] | Wannacry | ||
 |
2017-06-10 01:05:00 | MacSpy: OS X RAT as a Service (lien direct) |
MacSpy is advertised as the "most sophisticated Mac spyware ever”, with the low starting price of free. While the idea of malware-as-a-service (MaaS) isn’t a new one with players such as Tox and Shark the game, it can be said that MacSpy is one of the first seen for the OS X platform.
The authors state that they created this malware due to Apple products gaining popularity in the recent years. They also state that during their tenure in the field that they have noticed a lack of "sophisticated malware for Mac users" and they believe that "people were in need of such programs on MacOS". So they created MacSpy. The MacSpy authors claim to have the following features in the free version of their RAT:
If you are willing to pay an unknown amount of bitcoins for the advanced version, the malware authors advertise the following features:
MacSpy is not as polished as some of the malware-as-a-service providers out there, as there doesn’t seem to be any customer facing automated service of signing up for their service. In order to receive a copy of MacSpy we had to email the author our preferred username and password, in order for them to make us an account. After confirming our details they created an account for us, and delivered a zipped file and the following instructions:
Initial Analysis
After unzipping the archive we observed it contained the following files:
The archive contains four files:
Mach-O 64-bit executable called 'updated'
Mach-O 64-bit executable called 'webkitproxy'
Mach-O 64-bit dynamically linked shared library called 'libevent-2.0.5.dylib'
Config file
After examining webkitproxy and libevent-2.0.5.dylib, we noted they are signed by Tor, and thus we concluded that they are related to the function of Tor Onion routing. The contents of the config file further convince us of our suspicions are correct:
Config Contents
SOCKSPort 47905 KeepAliveIsolateSOCKSAuth OnionTrafficOnly
DataDirectory proxyData
AvoidDiskWrites 1
ControlPort 47906
MaxCircuitDirtiness 7200
EnforceDistinctSubnets 0
HidServAuth .onion
The "updated" file, on the other hand is not digitally signed, and it is currently completely undetected by various AV companies on VirusTotal.
Anti-Analysis
MacSpy has several countermeasures that hamper analysis efforts. To prevent debugging, it calls ptrace() with the PT_DENY_ATTACH option. This is a common anti-debugger check and will prevent debuggers from attaching to the process.
If you bypass the ptrace countermeasure, MacSpy has additional code that checks if it is running in a debugger.
|
Wannacry | ||
 |
2017-06-09 16:26:06 | Android ransomware hides in fake King of Glory game (lien direct) | Taking design cues from WannaCry, a fake copy of the popular King of Glory game is being used to spread ransomware |
Wannacry | ||
|
2017-06-09 13:00:00 | Capture The Flag (CTF): What Is It for a Newbie? (lien direct) |
Introduction
This blog is designed for a person that is brand-new to Capture The Flag (CTF) and explains the basics to give you the courage to enter a CTF and see for yourself what’s it’s like to participate. CTFs are events that are usually hosted at information security conferences, including the various BSides events. These events consist of a series of challenges that vary in their degree of difficulty, and that require participants to exercise different skillsets to solve. Once an individual challenge is solved, a “flag” is given to the player and they submit this flag to the CTF server to earn points. Players can be lone wolves who attempt the various challenges by themselves, or they can work with others to attempt to score the highest number of points as a team.
CTF events are usually timed, and the points are totaled once the time has expired. The winning player / team will be the one that solved the most challenges and thus secured the highest score.
Here is a screen shot of a score board from a recent BSides San Francisco CTF event:
Please note the sentence that I’ve marked with a red box. As you will quickly see, CTF tasks are often based on real world incidents/vulnerabilities that give you a chance to experience how it’s actually done and better prepare you to defend your own systems from these types of attacks. So not only are CTF events fun, they can also be educational and professionally rewarding.
CTF Preparedness
If you’ve never experienced a CTF event before, don’t get frustrated or give up, because the key to any type of hacking is patience. While this is sometimes a difficult thing to have, the only way to learn is to persist and practice on your own (see this post further down on how to practice) and maybe next time you’ll score first place! One thing you can try to do during your first CTF event, if possible, is find a experienced team that’s willing to let you join them. Make sure you’re clear that this is your first CTF event and you’d really love for them to show you the ropes.
In my experience, members of the InfoSec community are usually very willing to share their knowledge with anyone interested in trying to learn and grow in this field. At the same time, however, one common theme you also often hear in the community is that there is a shortage of talent. At times this can be a very real struggle, and many professionals who have worked their way up in the field have spent considerable time to do so, sacrificing much to learn, practice and hone their craft. For this reason, before reaching out for help with basic questions, you should first research the topic and make an effort to figure things out on your own.
Within the InfoSec community, trust isn’t something you can place value on. If your job is to hack into a client’s network, they last thing anyone wants is for that sensitive information to be shared with anyone outside of the team. Trust is a critical component of this relationship and I cannot express enough how important it is to remain ethical during competitions as well. Finally, last but certainly not least: when you go to a CTF event, don’t forget to bring a laptop or another computer that has an operating system with various tools already installed (more on this below) as without that you’re going to be off to a rough start.
In summary, CTF are a great opportunity to learn, so if you’ve never experienced a CTF event or even a BSides event, I strongly encourage you to jump in and join one as soon as you can!
Types of Events
There are usually two different types of CTF events. The two most common types are:
Red Team/Blue Team
In this style of event the red team atte |
Guideline | Wannacry | |
|
2017-06-09 12:06:14 | Don\'t Wait for the Next WannaCry - Update Your SMB Protocol Before It\'s Too Late (lien direct) | To defend your infrastructure against future exploits, it's critical to disable the insecure original version of the SMB protocol. | Wannacry | ||
|
2017-06-08 16:20:15 | Android Smartphones Targeted by WannaCry Lookalike (lien direct) | Crooks in China have developed an Android ransomware that uses similar graphics to the WannaCry ransom note in an attempt to scare and trick users into quickly paying the ransom. [...] | Wannacry | ★★★★★ | |
|
2017-06-08 11:07:30 | WannaLocker – The WannaCry Copycat Targeting Android Users in China (lien direct) | Attackers are using a copycat version of WannaCry ransomware dubbed “WannaLocker” to target Android users living in China. WannaLocker has been targeting Chinese gaming forms disguised as a plugin for King of Glory, a popular Chinese game. Upon installation of this fake add-on, the threat conceals its icon from the Android app drawer and changes […]… Read More | Wannacry | ||
 |
2017-06-08 08:15:00 | IDG Contributor Network: Top 5 InfoSec concerns for 2017 (lien direct) | Cloudbleed, WannaCry, ransomware, hackers. Each and every day, it seems, the tech community wakes up to news of another attack on data security and privacy. As IT professionals, we spend our days working to the best of our knowledge and ability to keep company information secure. Some days, however, when news of new attacks hit, it can feel like we'll never get ahead. As soon as we learn one method of protection, the hackers have invented a new workaround.To read this article in full or to leave a comment, please click here | Wannacry | ||
|
2017-06-07 14:20:19 | Protecting Against Malware Requires a DevOps Mindset (lien direct) | Imagine a world where cyber-criminals include kill switches in all their malware that's as simple to activate as registering a domain name. | Wannacry | ||
|
2017-06-07 14:15:35 | WannaCry: Time To Vaccinate Your Business (lien direct) | The ISBuzz Post: This Post WannaCry: Time To Vaccinate Your Business | Wannacry | ||
|
2017-06-07 12:01:18 | Using Network Insights to Stay One Step Ahead of Emerging Threats (lien direct) | With the right network insights, analysts can deal with existing threats such as WannaCry, and quickly detect and respond to new attacks as they emerge. | Wannacry |
To see everything:
Our RSS (filtrered)
