This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T03:43:13+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch 2017-06-22T10:00:00+00:00 https://www.darkreading.com/perimeter/wannacry-youre-not-alone-the-5-stages-of-security-grief/a/d-id/1329178?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=377794 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-22T09:32:54+00:00 http://www.itsecurityguru.org/2017/06/22/ransom-aware-carbon-black-survey-finds-7-10-consumers-consider-leaving-business-hit-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=377415 False None Wannacry None InformationSecurityBuzzNews - Site de News Securite Honda Plant Hit By WannaCry Ransomware Attack]]> 2017-06-22T09:00:32+00:00 http://www.informationsecuritybuzz.com/expert-comments/honda-plant-hit-wannacry-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=377405 False None Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-06-22T07:34:56+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/udIMN0ISlgk/honda-wannacry-attack.html www.secnews.physaphae.fr/article.php?IdArticle=377678 False None Wannacry None Bleeping Computer - Magazine Américain 2017-06-22T01:57:35+00:00 https://www.bleepingcomputer.com/news/security/wannacry-ransomware-infects-55-speed-and-red-light-cameras-in-australia/ www.secnews.physaphae.fr/article.php?IdArticle=377336 False None Wannacry None Naked Security - Blog sophos ]]> 2017-06-21T17:50:20+00:00 https://nakedsecurity.sophos.com/2017/06/21/news-in-brief-wannacry-knocks-out-honda-plant-skype-hit-by-global-outage-nsa-shares-tools-on-github/ www.secnews.physaphae.fr/article.php?IdArticle=377052 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-21T17:50:13+00:00 https://threatpost.com/honda-shut-down-plant-impacted-by-wannacry/126429/ www.secnews.physaphae.fr/article.php?IdArticle=377182 False None Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC To carry out attacks, malware and botnets rely on communication with a Command & Control server (C&C or C2) to receive instructions. As a result, today’s security tools have become extremely adept at detecting traffic to and from malicious IP addresses. When a system or device starts talking to a malicious IP or domain, alarms sound and IT security pros roll up their sleeves. In recent years, however, malicious actors have begun to launch attacks from the depths of Twitter, trying to evade detection and prevent their C2 infrastructure from being found and shut down. In 2016, Twitoor—a widespread Android botnet controlled by Twitter—affected millions of Android devices. And, earlier this year, researchers at University College London discovered a Twitter botnet of over 350K bots called the Star Wars Botnet because, oddly enough, the bots tweet partial Star Wars quotes. (Cue Admiral Ackbar.) Attackers are increasingly using legitimate websites and servers as infrastructure in their attacks, knowing that it can be more difficult to detect, especially to the untrained eye. The RAT of Twitter: ROKRAT In April, security researchers at Cisco Talos uncovered a new malware campaign that does just that. Dubbed ROKRAT, this new piece of malware uses multiple anti-detection techniques, including the use of legitimate websites like Twitter, Amazon, and Hulu to hide its malicious activities. Researchers found that ROKRAT uses the public APIs of Twitter along with two other legitimate cloud platforms—Mediafire and Yandex—to get commands and to exfiltrate data. According to researchers, the malware can receive orders by checking the most recent message on the Twitter account’s timeline and can also post tweets. The malware uses the Yandex and Mediafire APIs to download and upload stolen data to the cloud. Going further with its anti-detection tactics, researchers found that ROKRAT has a feature to detect if the victim’s system is running any processes associated with malware detection, debugging tools, or sandbox environments. If detected, the malware will generate dummy HTTP traffic to legitimate websites, including Amazon and Hulu, to mask its malicious activities. To the untrained eye, the victim appears to be watching anime at work. ROKRAT is the latest example of how today’s sophisticated malware and ransomware campaigns layer on a wide breadth of tools, tactics, and procedures (TTPs) to evade detection. Here’s the full rundown of the TTPs discovered in the ROKRAT campaign, as described by the Cisco Talos researchers: A spear-phishing email campaign from a compromised university email account A social engineering tactic, using a conference on unity in Korea as its pretext A malicious Word file attachment (Hangul Word Processor, used mainly in Korea) An embedded EPS object to exploit a well-known vulnerability (CVE-2013-0808) A remote administration tool (RAT) payload disguised a JPG image file The use of Twitter, Yandex, and Mediafire clouds for C2 communication A feature that executes an infinite loop of sleep if the OS detected is Windows XP or Windows Server 2003 A feature that detects the use of debugging or sandbox tools like Wireshark or File Monitor and, if detected, generates “normal-looking” dummy HTTP traffic to legitimate Amazon or Hulu pages A keylogger that also captures the tit]]> 2017-06-21T13:00:00+00:00 http://feeds.feedblitz.com/~/370115302/0/alienvault-blogs~A-RAT-that-Tweets-New-ROKRAT-Malware-Hides-behind-Twitter-Amazon-and-Hulu-Traffic www.secnews.physaphae.fr/article.php?IdArticle=377085 False None Wannacry None Bleeping Computer - Magazine Américain 2017-06-21T12:25:33+00:00 https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/ www.secnews.physaphae.fr/article.php?IdArticle=377135 False None Wannacry None We Live Security - Editeur Logiciel Antivirus ESET 2017-06-21T11:47:47+00:00 http://feedproxy.google.com/~r/eset/blog/~3/JJb8vQVzPr4/ www.secnews.physaphae.fr/article.php?IdArticle=376944 False Medical Wannacry,APT 38 None The State of Security - Magazine Américain Read More ]]> 2017-06-21T11:13:04+00:00 https://www.tripwire.com/state-of-security/latest-security-news/25-companies-affected-fireball-wannacry-may-index-reveals/ www.secnews.physaphae.fr/article.php?IdArticle=376867 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-21T10:35:29+00:00 http://www.itsecurityguru.org/2017/06/21/honda-halts-japan-car-plant-wannacry-virus-hits-computer-network/ www.secnews.physaphae.fr/article.php?IdArticle=377031 False None Wannacry 5.0000000000000000 ComputerWeekly - Computer Magazine 2017-06-21T08:45:15+00:00 http://www.computerweekly.com/news/450421150/Business-urged-to-block-WannaCry-as-Honda-halts-production www.secnews.physaphae.fr/article.php?IdArticle=377124 False None Wannacry None InformationSecurityBuzzNews - Site de News Securite Fireball And WannaCry Impact More Than 1 In 4 Organizations Globally, According To Check Point’s Latest Threat Index]]> 2017-06-20T21:15:16+00:00 http://www.informationsecuritybuzz.com/study-research/fireball-wannacry-impact-1-4-organizations-globally-according-check-points-latest-threat-index/ www.secnews.physaphae.fr/article.php?IdArticle=376678 True None Wannacry None SecurityWeek - Security News 2017-06-20T15:28:47+00:00 http://feedproxy.google.com/~r/Securityweek/~3/lXOmzQeojW4/why-wannacry-was-wake-call-critical-infrastructure-security www.secnews.physaphae.fr/article.php?IdArticle=376561 False None Wannacry None Checkpoint - Fabricant Materiel Securite 2017-06-20T13:00:09+00:00 http://blog.checkpoint.com/2017/06/20/mays-wanted-malware-fireball-wannacry-impact-1-4-organizations-globally/ www.secnews.physaphae.fr/article.php?IdArticle=376555 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-20T12:41:13+00:00 https://threatpost.com/say-goodbye-to-smbv1-in-windows-fall-creators-update/126387/ www.secnews.physaphae.fr/article.php?IdArticle=376489 False None Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-06-20T09:13:54+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/RCXecmWNkbE/windows-10-redstone3-smb.html www.secnews.physaphae.fr/article.php?IdArticle=376512 False None Wannacry None 01net. Actualites - Securite - Magazine Francais ]]> 2017-06-20T06:22:18+00:00 http://www.01net.com/actualites/windows-10-microsoft-veut-supprimer-l-ancien-systeme-de-partage-de-fichiers-1190373.html www.secnews.physaphae.fr/article.php?IdArticle=376643 False None Wannacry 5.0000000000000000 InformationSecurityBuzzNews - Site de News Securite North Korean WannaCry Responsibiltiy]]> 2017-06-19T19:00:58+00:00 http://www.informationsecuritybuzz.com/expert-comments/north-korean-wannacry-responsibiltiy/ www.secnews.physaphae.fr/article.php?IdArticle=376315 False None Wannacry 4.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido 2017-06-19T14:52:10+00:00 http://feedproxy.google.com/~r/LastWatchdog/~3/EimEYh9Le8U/ www.secnews.physaphae.fr/article.php?IdArticle=376322 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-19T09:39:41+00:00 http://www.itsecurityguru.org/2017/06/19/wannacry-return-stealth-mode-endpoints-ready/ www.secnews.physaphae.fr/article.php?IdArticle=376127 False None Wannacry None The State of Security - Magazine Américain Read More ]]> 2017-06-19T03:01:28+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/3-steps-ensure-patient-safety-mitigating-cyber-security-risk/ www.secnews.physaphae.fr/article.php?IdArticle=375516 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-16T17:45:45+00:00 https://threatpost.com/someone-failed-to-contain-wannacry/126335/ www.secnews.physaphae.fr/article.php?IdArticle=375738 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-16T12:08:02+00:00 http://www.itsecurityguru.org/2017/06/16/wannacry-ransomware-north-korea-say-uk-us/ www.secnews.physaphae.fr/article.php?IdArticle=375496 False None Wannacry 3.0000000000000000 The State of Security - Magazine Américain Read More ]]> 2017-06-16T03:00:34+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/survey-99-attachment-based-email-attacks-required-user-clicks-december-2016/ www.secnews.physaphae.fr/article.php?IdArticle=374861 False None Wannacry None SecurityWeek - Security News WannaCry ransomware. ]]> 2017-06-15T16:54:22+00:00 http://feedproxy.google.com/~r/Securityweek/~3/95VM4bZrmj8/uk-center-security-excellence-hit-ransomware www.secnews.physaphae.fr/article.php?IdArticle=374885 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-15T14:34:21+00:00 https://threatpost.com/metadata-analysis-draws-its-own-conclusions-on-wannacry-authors/126287/ www.secnews.physaphae.fr/article.php?IdArticle=375010 False None Wannacry None SecurityWeek - Security News 2017-06-15T13:11:22+00:00 http://feedproxy.google.com/~r/Securityweek/~3/tYcuc9HoFfk/why-wannacry-really-made-me-want-cry www.secnews.physaphae.fr/article.php?IdArticle=374890 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-15T10:47:03+00:00 http://www.itsecurityguru.org/2017/06/15/nsa-linked-wannacry-computer-worm-north-korea/ www.secnews.physaphae.fr/article.php?IdArticle=374818 False None Wannacry 3.0000000000000000 Bleeping Computer - Magazine Américain 2017-06-15T05:28:08+00:00 https://www.bleepingcomputer.com/news/security/nearly-one-million-systems-provide-guest-smb-access-most-are-linux/ www.secnews.physaphae.fr/article.php?IdArticle=374484 False None Wannacry None TrendLabs Security - Editeur Antivirus WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP-an operating system it had stopped supporting in 2014. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Microsoft Patches Windows XP Again As Part of June Patch Tuesday ]]> 2017-06-15T00:10:53+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/W_h8IoUVVBc/ www.secnews.physaphae.fr/article.php?IdArticle=374112 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-14T13:05:23+00:00 https://threatpost.com/post-wannacry-5-5-million-devices-still-expose-smb-port/126249/ www.secnews.physaphae.fr/article.php?IdArticle=374253 False None Wannacry None Fortinet - Fabricant Materiel Securite 2017-06-14T13:02:02+00:00 https://blog.fortinet.com/2017/06/14/evolving-towards-a-homogenous-society-the-risk-of-the-new-digital-economy www.secnews.physaphae.fr/article.php?IdArticle=374118 False None Wannacry None UnderNews - Site de news "pirate" francais Alors que WannaCry a fait du dégât sur les machines Windows, voila que le spécialiste de sécurité informatique Fortinet alerte sur la propagation d’un ransomware comparable, mais cette fois-ci conçu pour les Mac : MacRansom. Les Mac de Apple sont maintenant autant visés par les cybercriminels que les systèmes Windows du fait de leur popularité. […]]]> 2017-06-14T12:49:17+00:00 https://www.undernews.fr/malwares-virus-antivirus/alerte-macransom-le-premier-raas-ciblant-macos.html www.secnews.physaphae.fr/article.php?IdArticle=374012 False None Wannacry None TechRepublic - Security News US 2017-06-14T12:06:00+00:00 http://www.techrepublic.com/article/new-windows-xp-patch-microsoft-issues-extraordinary-fix-to-protect-pcs-against-next-wannacry/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=373976 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-14T09:52:52+00:00 http://www.itsecurityguru.org/2017/06/14/microsoft-disable-smb1-future-windows-versions-post-wannacry-havoc/ www.secnews.physaphae.fr/article.php?IdArticle=374029 False None Wannacry None TechRepublic - Security News US 2017-06-14T04:00:00+00:00 http://www.techrepublic.com/videos/video-north-korean-hacking-group-has-been-hitting-the-us-since-2009/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=374191 False Medical Wannacry,APT 38 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-06-14T02:27:31+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/DU3m0dd2mPQ/important-windows-updates.html www.secnews.physaphae.fr/article.php?IdArticle=373929 False None Wannacry None Bleeping Computer - Magazine Américain 2017-06-13T16:50:14+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-windows-xp-security-updates-for-previously-ignored-nsa-hacking-tools/ www.secnews.physaphae.fr/article.php?IdArticle=373685 False None Wannacry None TechRepublic - Security News US 2017-06-13T13:48:00+00:00 http://www.techrepublic.com/article/swapping-linux-for-windows-in-munich-too-risky-after-wannacry-attacks-warn-greens/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=373630 False None Wannacry None Symantec - Symantec 2017-06-13T13:00:22+00:00 https://www.symantec.com/connect/blogs/latest-intelligence-may-2017 www.secnews.physaphae.fr/article.php?IdArticle=373749 False None Wannacry None IT Security Guru - Blog Sécurité 2017-06-13T10:48:05+00:00 http://www.itsecurityguru.org/2017/06/13/android-ransomware-impersonates-king-glory-game/ www.secnews.physaphae.fr/article.php?IdArticle=373491 False None Wannacry None BBC - BBC News - Technology 2017-06-12T14:31:02+00:00 http://www.bbc.co.uk/news/technology-40249259 www.secnews.physaphae.fr/article.php?IdArticle=373166 False None Wannacry None Security Intelligence - Site de news Américain 2017-06-12T12:01:19+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/xwIbkT5SDAU/ www.secnews.physaphae.fr/article.php?IdArticle=373114 False None Wannacry None The State of Security - Magazine Américain Read More ]]> 2017-06-12T03:01:37+00:00 https://www.tripwire.com/state-of-security/security-data-protection/what-does-the-future-hold-for-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=372845 False None Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-06-11T09:18:18+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/36oAt1YsKAs/wannacry-ransomware-tor-relay.html www.secnews.physaphae.fr/article.php?IdArticle=372866 False None Wannacry None Bleeping Computer - Magazine Américain 2017-06-11T04:40:17+00:00 https://www.bleepingcomputer.com/news/security/french-police-seize-two-tor-relays-in-wannacry-investigation/ www.secnews.physaphae.fr/article.php?IdArticle=372961 False None Wannacry None Tech Worm - Desc 2017-06-10T11:04:33+00:00 https://www.techworm.net/2017/06/wannacry-ransomware-lookalike-targeting-android-smartphones.html www.secnews.physaphae.fr/article.php?IdArticle=372954 False None Wannacry None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC The authors state that they created this malware due to Apple products gaining popularity in the recent years. They also state that during their tenure in the field that they have noticed a lack of "sophisticated malware for Mac users" and they believe that "people were in need of such programs on MacOS". So they created MacSpy. The MacSpy authors claim to have the following features in the free version of their RAT: If you are willing to pay an unknown amount of bitcoins for the advanced version, the malware authors advertise the following features: MacSpy is not as polished as some of the malware-as-a-service providers out there, as there doesn’t seem to be any customer facing automated service of signing up for their service. In order to receive a copy of MacSpy we had to email the author our preferred username and password, in order for them to make us an account. After confirming our details they created an account for us, and delivered a zipped file and the following instructions: Initial Analysis After unzipping the archive we observed it contained the following files: The archive contains four files: Mach-O 64-bit executable called 'updated' Mach-O 64-bit executable called 'webkitproxy' Mach-O 64-bit dynamically linked shared library called 'libevent-2.0.5.dylib' Config file After examining webkitproxy and libevent-2.0.5.dylib, we noted they are signed by Tor, and thus we concluded that they are related to the function of Tor Onion routing. The contents of the config file further convince us of our suspicions are correct: Config Contents SOCKSPort 47905 KeepAliveIsolateSOCKSAuth OnionTrafficOnly DataDirectory proxyData AvoidDiskWrites 1 ControlPort 47906 MaxCircuitDirtiness 7200 EnforceDistinctSubnets 0 HidServAuth .onion The "updated" file, on the other hand is not digitally signed, and it is currently completely undetected by various AV companies on VirusTotal. Anti-Analysis MacSpy has several countermeasures that hamper analysis efforts. To prevent debugging, it calls ptrace() with the PT_DENY_ATTACH option. This is a common anti-debugger check and will prevent debuggers from attaching to the process. If you bypass the ptrace countermeasure, MacSpy has additional code that checks if it is running in a debugger. ]]> 2017-06-10T01:05:00+00:00 http://feeds.feedblitz.com/~/355527506/0/alienvaultotx~MacSpy-OS-X-RAT-as-a-Service www.secnews.physaphae.fr/article.php?IdArticle=372877 False None Wannacry None Naked Security - Blog sophos ]]> 2017-06-09T16:26:06+00:00 https://nakedsecurity.sophos.com/2017/06/09/android-ransomware-hides-in-fake-king-of-glory-game/ www.secnews.physaphae.fr/article.php?IdArticle=372853 False None Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Please note the sentence that I’ve marked with a red box. As you will quickly see, CTF tasks are often based on real world incidents/vulnerabilities that give you a chance to experience how it’s actually done and better prepare you to defend your own systems from these types of attacks. So not only are CTF events fun, they can also be educational and professionally rewarding. CTF Preparedness If you’ve never experienced a CTF event before, don’t get frustrated or give up, because the key to any type of hacking is patience. While this is sometimes a difficult thing to have, the only way to learn is to persist and practice on your own (see this post further down on how to practice) and maybe next time you’ll score first place! One thing you can try to do during your first CTF event, if possible, is find a experienced team that’s willing to let you join them. Make sure you’re clear that this is your first CTF event and you’d really love for them to show you the ropes. In my experience, members of the InfoSec community are usually very willing to share their knowledge with anyone interested in trying to learn and grow in this field. At the same time, however, one common theme you also often hear in the community is that there is a shortage of talent. At times this can be a very real struggle, and many professionals who have worked their way up in the field have spent considerable time to do so, sacrificing much to learn, practice and hone their craft. For this reason, before reaching out for help with basic questions, you should first research the topic and make an effort to figure things out on your own. Within the InfoSec community, trust isn’t something you can place value on. If your job is to hack into a client’s network, they last thing anyone wants is for that sensitive information to be shared with anyone outside of the team. Trust is a critical component of this relationship and I cannot express enough how important it is to remain ethical during competitions as well. Finally, last but certainly not least: when you go to a CTF event, don’t forget to bring a laptop or another computer that has an operating system with various tools already installed (more on this below) as without that you’re going to be off to a rough start. In summary, CTF are a great opportunity to learn, so if you’ve never experienced a CTF event or even a BSides event, I strongly encourage you to jump in and join one as soon as you can! Types of Events There are usually two different types of CTF events. The two most common types are: Red Team/Blue Team In this style of event the red team atte]]> 2017-06-09T13:00:00+00:00 http://feeds.feedblitz.com/~/354735076/0/alienvault-blogs~Capture-The-Flag-CTF-What-Is-It-for-a-Newbie www.secnews.physaphae.fr/article.php?IdArticle=372941 False Guideline Wannacry None Security Intelligence - Site de news Américain 2017-06-09T12:06:14+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/pT9s81ys_PU/ www.secnews.physaphae.fr/article.php?IdArticle=372783 False None Wannacry None Bleeping Computer - Magazine Américain 2017-06-08T16:20:15+00:00 https://www.bleepingcomputer.com/news/security/android-smartphones-targeted-by-wannacry-lookalike/ www.secnews.physaphae.fr/article.php?IdArticle=372553 False None Wannacry 5.0000000000000000 The State of Security - Magazine Américain Read More ]]> 2017-06-08T11:07:30+00:00 https://www.tripwire.com/state-of-security/latest-security-news/wannalocker-wannacry-copycat-targeting-android-users-china/ www.secnews.physaphae.fr/article.php?IdArticle=372312 False None Wannacry None Network World - Magazine Info Cloudbleed, WannaCry, ransomware, hackers. Each and every day, it seems, the tech community wakes up to news of another attack on data security and privacy. As IT professionals, we spend our days working to the best of our knowledge and ability to keep company information secure. Some days, however, when news of new attacks hit, it can feel like we'll never get ahead. As soon as we learn one method of protection, the hackers have invented a new workaround.To read this article in full or to leave a comment, please click here]]> 2017-06-08T08:15:00+00:00 http://www.networkworld.com/article/3199937/security/top-5-infosec-concerns-for-2017.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=372471 False None Wannacry None SecurityWeek - Security News registering a domain name. ]]> 2017-06-07T14:20:19+00:00 http://feedproxy.google.com/~r/Securityweek/~3/8dL43L1pgnU/protecting-against-malware-requires-devops-mindset www.secnews.physaphae.fr/article.php?IdArticle=372061 False None Wannacry None InformationSecurityBuzzNews - Site de News Securite WannaCry: Time To Vaccinate Your Business]]> 2017-06-07T14:15:35+00:00 http://www.informationsecuritybuzz.com/articles/wannacry-time-vaccinate-business/ www.secnews.physaphae.fr/article.php?IdArticle=372179 False None Wannacry None Security Intelligence - Site de news Américain 2017-06-07T12:01:18+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/Kj1sZYbWnlc/ www.secnews.physaphae.fr/article.php?IdArticle=371984 False None Wannacry None Dark Reading - Informationweek Branch 2017-06-07T10:06:00+00:00 https://www.darkreading.com/attacks-breaches/interpol-analyzes-global-response-to-wannacry-attack/d/d-id/1329071?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=372154 False None Wannacry None InformationSecurityBuzzNews - Site de News Securite Why Phishing Still Makes Us WannaCry]]> 2017-06-07T10:00:44+00:00 http://www.informationsecuritybuzz.com/articles/phishing-still-makes-us-wannacry/ www.secnews.physaphae.fr/article.php?IdArticle=371999 False None Wannacry None Naked Security - Blog sophos ]]> 2017-06-07T09:56:10+00:00 https://nakedsecurity.sophos.com/2017/06/07/infosec-2017-how-to-protect-yourself-against-the-next-wannacry/ www.secnews.physaphae.fr/article.php?IdArticle=371881 False None Wannacry None Bleeping Computer - Magazine Américain 2017-06-07T05:55:40+00:00 https://www.bleepingcomputer.com/news/security/researchers-port-nsa-eternalblue-exploit-to-windows-10/ www.secnews.physaphae.fr/article.php?IdArticle=371967 False None Wannacry None ComputerWeekly - Computer Magazine 2017-06-07T05:45:14+00:00 http://www.computerweekly.com/news/450420298/Infosec17-WannaCry-could-be-demise-of-ransomware www.secnews.physaphae.fr/article.php?IdArticle=371953 False Guideline Wannacry None TechRepublic - Security News US 2017-06-06T11:38:00+00:00 http://www.techrepublic.com/article/can-edutainment-videos-prevent-the-next-wannacry/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=371575 False None Wannacry None Tech Worm - Desc 2017-06-06T06:51:17+00:00 https://www.techworm.net/2017/06/fireball-chinese-malware-infects-250-million-computers-around-world.html www.secnews.physaphae.fr/article.php?IdArticle=371482 False None Wannacry None Errata Security - Errata Security This piece by Bruce Schneier needs debunking. I thought I'd list the things wrong with it.The NSA 0day debateSchneier's description of the problem is deceptive:When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice.The government doesn't "discover" vulnerabilities accidentally. Instead, when the NSA has a need for something specific, it acquires the 0day, either through internal research or (more often) buying from independent researchers.The value of something is what you are willing to pay for it. If the NSA comes across a vulnerability accidentally, then the value to them is nearly zero. Obviously such vulns should be disclosed and fixed. Conversely, if the NSA is willing to pay $1 million to acquire a specific vuln for imminent use against a target, the offensive value is much greater than the fix value.What Schneier is doing is deliberately confusing the two, combing the policy for accidentally found vulns with deliberately acquired vulns.The above paragraph should read instead:When the government discovers a vulnerability accidentally, it then decides to alert the software vendor to get it patched. When the government decides it needs as vuln for a specific offensive use, it acquires one that meets its needs, uses it, and keeps it secret. After spending so much money acquiring an offensive vuln, it would obviously be stupid to change this decision and not use it offensively.Hoarding vulnsSchneier also says the NSA is "hoarding" vulns. The word has a couple inaccurate connotations.One connotation is that the NSA is putting them on a heap inside a vault, not using them. The opposite is true: the NSA only acquires vulns it for which it has an active need. It uses pretty much all the vulns it acquires. That can be seen in the ShadowBroker dump, all the vulns listed are extremely useful to attackers, especially ETERNALBLUE. Efficiency is important to the NSA. Your efficiency is your basis for promotion. There are other people who make their careers finding waste in the NSA. If you are hoarding vulns and not using them, you'll quickly get ejected from the NSA.Another connotation is that the NSA is somehow keeping the vulns away from vendors. That's like saying I'm hoarding naked selfies of myself. Yes, technically I'm keeping them away from you, but it's not like they ever belong to you in the first place. The same is true the NSA. Had it never acquired the ETERNALBLUE 0day, it never would've been researched, never found.The VEPSchneier describes the "Vulnerability Equities Process" or "VEP", a process that is supposed to manage the vulnerabilities the government gets.There's no evidence the VEP process has ever been used, at least not with 0days acquired by the NSA. The VEP allows exceptions for important vulns, and all the NSA vulns are important, so all are excepted from the process. Since the NSA is in charge of the VEP, of course, this is at the sole discretion of the NSA. Thus, the entire point of the VEP process goes away.Moreover, it can't work in many cases. The vulns acquired by the NSA often come with clauses that mean they can't be shared.New classes of vulnsOne reason sellers forbid 0days from being shared is because they use new classes of vulnerabilities, such that sha]]> 2017-06-05T16:15:45+00:00 http://blog.erratasec.com/2017/06/some-non-lessons-from-wannacry.html www.secnews.physaphae.fr/article.php?IdArticle=371424 False Guideline Wannacry None SecurityWeek - Security News WannaCry did, appears connected to wider operations, as a recent sample was found to share server space with a refined cybercrime marketplace, Heimdal Security warns. ]]> 2017-06-04T20:28:08+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ngHB0YDaUFw/jaff-ransomware-operation-tied-cybercrime-store www.secnews.physaphae.fr/article.php?IdArticle=370973 False None Wannacry None SecurityWeek - Security News 2017-06-03T12:36:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/FqX5hOR-RmA/tallinn-manual-20-rulebook-cyberwar www.secnews.physaphae.fr/article.php?IdArticle=370974 False None Wannacry None TechRepublic - Security News US 2017-06-02T19:58:00+00:00 http://www.techrepublic.com/article/wannacry-the-smart-persons-guide/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=371016 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-02T18:32:11+00:00 https://threatpost.com/eternalblue-exploit-spreading-gh0st-rat-nitol/126052/ www.secnews.physaphae.fr/article.php?IdArticle=371097 False None Wannacry None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/343903052/0/thesecurityledger -->»Related StoriesFBI: Business Email Compromise is a $5 Billion IndustryAnalysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top TargetsReport: Major Upgrade, Investments Needed to Secure Connected Vehicles, Infrastructure ]]> 2017-06-02T15:15:38+00:00 https://feeds.feedblitz.com/~/343903052/0/thesecurityledger~Financial-Malware-not-Ransomware-drives-most-Cyber-Crime/ www.secnews.physaphae.fr/article.php?IdArticle=371106 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-02T14:30:15+00:00 https://threatpost.com/threatpost-news-wrap-june-2-2017/126043/ www.secnews.physaphae.fr/article.php?IdArticle=371099 False None Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Wake up calls WannaCry hit around 150 countries, unleashing ransomware indiscriminately against hospitals, telecoms providers, and an assortment of companies across all verticals and of all sizes. So, it’s not wrong to suggest, as Microsoft President Brad Smith did, that the governments of the world should treat this attack as a wake up call. However, there’s one snag. As Alina Selyukh states in this article, there have been decades of cyber ‘wake up calls’ with little evidence that anyone has woken up.  The question for the security industry is, whether yelling from the bottom of the stairs like a parent trying to wake up a teenager is the solution, or would they need to resort to more drastic measures? What is consent? Consent is one of those topics that gets a lot of air time for the wrong reasons. Not least of all when it comes to making someone a cup of tea - as in this great video.  But in the realm of security, and more specifically the General Data Protection Regulation (GDPR) there is the issue of consent that is getting a lot of air time. Many are interpreting the regulation to mean that under GDPR consent is a mandatory requirement for all processing of personal data. This well-written article articulates what GDPR does and doesn’t say about consent, and why it’s not always mandatory.  Free course by Troy Hunt: The GDPR Attack Plan  Biker gang hacks Jeeps A biker gang allegedly stole and smuggled to Mexico over 150 Jeep Wranglers. They did this by matching VIN’s with credentials stolen from a Jeep dealer that contained the information needed to cut and program duplicate keys. This serves as another reminder of how connected functionality can be taken advantage of by miscreants. So one has to wonder how much liability should rest with the Jeep for pairing sensitive data with publicly visible VIN. The rise of ‘stalkerware’ While everyone is looking at the theatrics on display - the NSA or other government agencies with a vast array of surveillance tools, it can be easy to overlook the dangerous, and potentially life-threatening rise of stalkerware which enables domestic violence. Online harassment and cyberstalking  This software company may be helping people illegally spy on their spouses  Abusers using spyware apps to monitor partners reaches ‘epidemic proportions’  Economic analysis of ransomware]]> 2017-06-02T13:00:00+00:00 http://feeds.feedblitz.com/~/343771496/0/alienvault-blogs~Week-in-Review-nd-June www.secnews.physaphae.fr/article.php?IdArticle=370991 False None Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-06-02T09:26:30+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/b22x-zKqr4E/wannacry-ransomware-unlock-files.html www.secnews.physaphae.fr/article.php?IdArticle=370953 False None Wannacry None Infosec Island - Security Magazine 2017-06-02T09:18:00+00:00 https://www.infosecisland.com/blogview/24936-WannaCry-and-Jaff-Two-Different-Malware-Attacks-with-A-Common-Goal.html www.secnews.physaphae.fr/article.php?IdArticle=370993 False None Wannacry None TrendLabs Security - Editeur Antivirus WannaCry, the fileless ransomware UIWIX, the Server Message Block (SMB) worm EternalRocks, and the cryptocurrency mining malware Adylkuzz. EternalBlue (patched by Microsoft via MS17-010) is a security flaw related to how a Windows SMB 1.0 (SMBv1) server handles certain requests. If successfully exploited, it can allow attackers to execute arbitrary code in the target system. The severity and complexity of EternalBlue, alongside the other exploits released by hacking group Shadow Brokers, can be considered medium to high. We further delved into EternalBlue's inner workings to better understand how the exploit works and provide technical insight on the exploit that wreaked havoc among organizations across various industries around the world. Post from: Trendlabs Security Intelligence Blog - by Trend Micro MS-17-010: EternalBlue's Large Non-Paged Pool Overflow in SRV Driver ]]> 2017-06-02T08:10:33+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/D_VQ6i4wl5A/ www.secnews.physaphae.fr/article.php?IdArticle=370660 False None Wannacry None Mandiant - Blog Sécu de Mandiant MS017-010 ) a d'abord été utilisépar Wannacry Ransomware et Adylkuzz Cryptocurrency Miner.Maintenant, plus d'acteurs de menaces tirent parti de la vulnérabilité à MicrosoftProtocole de bloc de messages du serveur (SMB) & # 8211;Cette fois pour distribuer Backdoor.Nitol et Trojan Gh0st Rat. Fireeye Dynamic Threat Intelligence (DTI) a historiquement observé des charges utiles similaires livrées via l'exploitation de la vulnérabilité CVE-2014-6332 ainsi que dans certaines campagnes de spam par e-mail en utilisant Commandes de versions .Plus précisément, Backdoor.Nitol a également été lié à des campagnes impliquant une exécution de code distante

---

The “EternalBlue” exploit (MS017-010) was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block (SMB) protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic Threat Intelligence (DTI) has historically observed similar payloads delivered via exploitation of CVE-2014-6332 vulnerability as well as in some email spam campaigns using powershell commands. Specifically, Backdoor.Nitol has also been linked to campaigns involving a remote code execution]]> 2017-06-02T08:00:00+00:00 https://www.mandiant.com/resources/blog/threat-actors-leverage-eternalblue-exploit-deliver-non-wannacry-payloads www.secnews.physaphae.fr/article.php?IdArticle=8377776 False Ransomware,Spam,Vulnerability,Threat Wannacry 4.0000000000000000 ComputerWeekly - Computer Magazine 2017-06-02T04:25:19+00:00 http://www.computerweekly.com/news/450420057/Financial-malware-more-than-twice-as-prevalent-as-ransomware www.secnews.physaphae.fr/article.php?IdArticle=370856 False None Wannacry 5.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Is Crisis Patch Management Making Your Security Teams WannaCry?]]> 2017-06-01T17:39:59+00:00 http://www.informationsecuritybuzz.com/study-research/crisis-patch-management-making-security-teams-wannacry/ www.secnews.physaphae.fr/article.php?IdArticle=370642 False None Wannacry None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-06-01T14:09:04+00:00 https://threatpost.com/wannacry-development-errors-enable-file-recovery/126002/ www.secnews.physaphae.fr/article.php?IdArticle=370612 False None Wannacry None Naked Security - Blog sophos ]]> 2017-06-01T12:00:23+00:00 https://nakedsecurity.sophos.com/2017/06/01/kittens-bears-or-pandas-whos-behind-the-biggest-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=370352 False None Wannacry None InformationSecurityBuzzNews - Site de News Securite Free Anti-Ransomware Tool Achieves Top Marks In Independent Tests – Showing All Businesses Can Safeguard Against WannaCry Style Attacks]]> 2017-06-01T11:30:22+00:00 http://www.informationsecuritybuzz.com/news/free-anti-ransomware-tool-achieves-top-marks-independent-tests-showing-businesses-can-safeguard-wannacry-style-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=370458 False None Wannacry None Graham Cluley - Blog Security Even in the absence of encrypted files, no one wants a Blue Screen of Death. David Bisson reports. ]]> 2017-06-01T08:09:22+00:00 https://www.grahamcluley.com/windows-xp-wannacry/ www.secnews.physaphae.fr/article.php?IdArticle=370300 False None Wannacry None SANS Institute - SANS est un acteur de defense et formation STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]> 2017-05-31T13:06:37+00:00 https://isc.sans.edu/diary.html?storyid=22474&rss www.secnews.physaphae.fr/article.php?IdArticle=370205 True None Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC With the recent WannaCry ransomware attack still top of mind for many IT professionals worldwide, it’s an important reminder to that you should monitor not just your networks and security devices, but also data on your servers and desktops.  In the case of WannaCry, having File Integrity Monitoring (FIM) in place can enable you to detect changes to key data files that WannaCry tries to encrypt and inform you of the threat before the affected asset and its data become unusable and possibly irretrievable. With emerging variants of WannaCry and the continuous onslaught of attacks against your infrastructure, whether you’re looking to protect a key asset like Active Directory, or perform change audit on any of your critical servers, a File Integrity Monitoring solution should be a part of your security defense. With that in mind, it’s important to re-iterate that FIM is not the ‘silver bullet’ of security solutions, but is definitely a powerful and effective defense that you should have in your IT security arsenal. In my previous blogs on FIM, I introduced (part 1) the ‘what’ and the ‘why’ behind FIM as one invaluable approach to monitoring for malicious changes to files.  I then introduced (part 2) some best practices for FIM, including what files to monitor and how to get the best value from your FIM deployment.  This week I’m going to discuss what to look for when selecting a FIM solution, caveats to be aware of, and how our AlienVault Unified Security Management (USM) products – AlienVault USM Anywhere and AlienVault USM Appliance – can help you implement a multi-faceted security program with its several essential security capabilities, including FIM. Selecting a File Integrity Monitoring Solution It can be difficult to find the right solution for your unique environment.  Just a quick search on ‘File Integrity Monitoring’ brings up an overwhelming number of search results.  But, which to look at and what are the differences among the various solutions? Well, let’s start with the following list, which will provide you the key things to look for in your final solution: Agent vs. agentless.  Agent-based FIM solutions leverage software agents installed on target systems. They typically yield the most powerful analyses and can deliver change monitoring at or near real-time.  In contrast, agentless FIM tools get up and running very quickly because no agent is required. However, the feature set and depth of functions of agentless FIM tools is generally reduced, and the analysis isn’t real-time. This leaves potential risk from not being able to monitor change when you need it most. If you require the depth and feature richness of an agent-based system, consider a unified approach that integrates multiple security functions into a single agent for a smaller footprint and less management effort.   Standalone vs. HIDS.  Some FIM solutions integrate with, or are a part of, a host-based intrusion detection system (HIDS).  HIDS capabilities are a superset of FIM capabilities and can detect threats in areas other than files, such as system memory (RAM) or I/O.  Standalone FIM tools generally provides file analysis only.   Performance.  The more people in the organization you tal]]> 2017-05-31T13:00:00+00:00 http://feeds.feedblitz.com/~/340804828/0/alienvault-blogs~File-Integrity-Monitoring-Solutions-%e2%80%93-What-Are-They-and-Why-You-Need-One-Part www.secnews.physaphae.fr/article.php?IdArticle=370151 False None Wannacry None Security Intelligence - Site de news Américain 2017-05-31T12:01:15+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/e_lXcMFpP3k/ www.secnews.physaphae.fr/article.php?IdArticle=370003 False None Wannacry None 01net. Actualites - Securite - Magazine Francais ]]> 2017-05-31T10:23:48+00:00 http://www.01net.com/actualites/shadow-brokers-des-hackers-se-cotisent-pour-recuperer-les-outils-voles-de-la-nsa-1176016.html www.secnews.physaphae.fr/article.php?IdArticle=369980 False None Wannacry None ComputerWeekly - Computer Magazine 2017-05-31T09:46:57+00:00 http://www.computerweekly.com/news/450419870/WannaCry-shows-validity-of-risk-based-security-says-RSA-head www.secnews.physaphae.fr/article.php?IdArticle=370161 False None Wannacry None IT Security Guru - Blog Sécurité 2017-05-31T09:44:46+00:00 http://www.itsecurityguru.org/2017/05/31/shadow-brokers-move-bitcoins-hacking-tool-auction/ www.secnews.physaphae.fr/article.php?IdArticle=370035 False None Wannacry None Fortinet - Fabricant Materiel Securite 2017-05-31T08:48:31+00:00 http://blog.fortinet.com/2017/05/31/byline-wannacry-is-part-of-a-bigger-problem www.secnews.physaphae.fr/article.php?IdArticle=370083 False None Wannacry None SANS Institute - SANS est un acteur de defense et formation previous diary, I did a very brief introduction on what the ACH method is [1], so that now all readers, also those who had never seen it before, can have a common basic understanding of it. One more thing I have not mentioned yet is how the scores are calculated. There are three different algorithms: an Inconsistency Counting algorithm, a Weighted Inconsistency Counting algorithm, and a Normalized algorithm [2]. The Weighted Inconsistency Counting algorithm, the one used in todays examples, builds on the Inconsistency algorithm, but also factors in weights of credibility and relevance values. For each item of evidence, a consistency entry of I width:300px" /> Today, I will apply ACH to a recent quite known case: WCry attribution. There has been lots of analyses and speculations around it, lately several sources in the InfoSec community tied WCry strongly to Lazarus Group [3][4][5][6], while some others provided motivation for being skeptical about such attribution [7]. Therefore, it is a perfect case to show the use of ACH: several different hypotheses, facts, evidences and assumptions. Digital Shadows WCry ACH analysis About two weeks ago, Digital Shadows published a very well done post on ACH applied to WCry attribution [8]. Regarding possible attribution to Lazarus though, as stated on their post, At the time of writing, however, we assessed there to be insufficient evidence to corroborate this claim of attribution to this group, and alternative hypotheses should be considered. Therefore among the hypotheses considered is missing one specifically for Lazarus in place of a more generic nation state or state affiliate actor. The following are the four different hypotheses considered by Digital Shadows: A sophisticated financially-motivated cybercriminal actor - H1 An unsophisticated financially-motivated cybercriminal actor - H2 A nation state or state-affiliated actor conducting a disruptive operation - H3 A nation state or state-affiliated actor aiming to discredit the National Security Agency (NSA) width:600px" /> Given the final scores computed, they have assessed that though by no means definitive, a WannaCry campaign launched by an unsophisticated cybercriminal actor was the most plausible scenario based on the information that is currently available. Just one note on my side, from my calculation seems they have made a mistake, and H2 score should be -2.121 rather than -1.414. This does not change the final result, but brings H2 and H3 way closer. My WCry ACH Analysis Although the Digital Shadows analysis was a very good one, I felt something was missing, both on the hypotheses as well as on the evidences side. Particularly, in my opinion, I would add three more hypotheses. When thinking about NSA being the final target of this, other than A nation state or state-affiliated actor aiming to discredit the NSA, I think that it should be considered also a (generic/unattributed) TA aiming at unveiling/exposing the extent of possible NSA network of compromised machines (H5). This is something one would expect from a hacktivist maybe, although it seems to be way more sophisticated than what hacktivist have got us used to. One difference with the H4 could be on the lack of supporting media narrative. While if one wants to discredit NSA would be ready to have a supporting media narrative, if the goal was simply to unveil and show to everyone the potential extent of NSA infected machines, the infection as it was would have been sufficient, given also the abundant media coverage it got. Although this may still be seen as too close to H4 to be a different hypothesis, I still do see a case for it.]]> 2017-05-31T07:33:02+00:00 https://isc.sans.edu/diary.html?storyid=22470&rss www.secnews.physaphae.fr/article.php?IdArticle=369903 False Medical Wannacry,APT 38 None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2017-05-31T05:26:00+00:00 http://www.networkworld.com/article/3198985/malware-cybercrime/nothing-new-to-wannacry-about.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=369911 False None Wannacry None ComputerWeekly - Computer Magazine 2017-05-31T04:34:28+00:00 http://www.computerweekly.com/news/450419847/Shadow-Brokers-prepares-zero-day-subscription-service www.secnews.physaphae.fr/article.php?IdArticle=370018 False None Wannacry None TechRepublic - Security News US 2017-05-30T17:32:00+00:00 http://www.techrepublic.com/article/dont-be-the-weak-link-that-destroys-us-all-keep-your-os-patched-and-up-to-date/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=369714 False None Wannacry None SecurityWeek - Security News 2017-05-30T16:10:22+00:00 http://feedproxy.google.com/~r/Securityweek/~3/lVRxV9Towek/china-us-most-affected-wannacry-ransomware www.secnews.physaphae.fr/article.php?IdArticle=369681 False None Wannacry 5.0000000000000000 SecurityWeek - Security News WannaCry outbreak is still a mystery. We know what (ransomware), and how (a Windows vulnerability on unsupported or unpatched systems); but we don't know who or why. We're not short of theories: Lazarus, North Korea, some other nation-state actor, Chinese or Russian actors -- but none of these has gained general acceptance. ]]> 2017-05-30T15:55:19+00:00 http://feedproxy.google.com/~r/Securityweek/~3/GMdVuTl-uko/latest-wannacry-theory-currency-manipulation www.secnews.physaphae.fr/article.php?IdArticle=369682 False None Wannacry,APT 38 None Bleeping Computer - Magazine Américain 2017-05-30T07:25:11+00:00 https://www.bleepingcomputer.com/news/security/new-data-shows-most-wannacry-victims-are-from-china-not-russia/ www.secnews.physaphae.fr/article.php?IdArticle=369591 False None Wannacry None InformationSecurityBuzzNews - Site de News Securite Should Google Be Doing More To Check Apps Amid WannaCry]]> 2017-05-29T11:53:24+00:00 http://www.informationsecuritybuzz.com/expert-comments/google-check-apps-amid-wannacry/ www.secnews.physaphae.fr/article.php?IdArticle=369343 False None Wannacry None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-05-29T11:10:00+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/UUyO_atN2_Q/china-wannacry-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=369372 False Medical Wannacry,APT 38 None