Articles for June 2017

Ransomware Ransomware Everywhere Not a Single Place to Hide!

But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.

Two massive ransomware attacks — WannaCry and Petya (also known as NotPetya) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations.

Most ransomware in the market, including WannaCry and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats.

But not now!

Read more here.

Just six weeks on from WannaCry, the world has fallen victim to another fast-spreading ransomware in the form of Petya/GoldenEye. Why haven’t lessons been learned?

Source: Petya ransomware attack: What it is, and why this is happening again | ZDNet

Watch out, readers! It is ransomware, another WannaCry, another wide-spread attack.

The WannaCry ransomware is not dead yet and another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies and banks across Russia, Ukraine, India, and Europe and demanding demands $300 in bitcoins.

According to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours.

Read more here.

Imagine that one day you discover that a burglar has broken into your home and attempted to make off with your big-screen TV. Fearing for your safety, you immediately contact local law enforcement, and they promptly apprehend the criminal. But to your horror, as they drag the burglar away in handcuffs, they have an additional shocking revelation: […]

Source: WSO Shell: The Hack Is Coming From Inside The House!

It’s about time!!

The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update.

The SMBv1 is one of the internet’s most ancient networking protocols that allows the operating systems and applications to read and write data to a system and a system to request services from a server.

The WannaCry ransomware, which wreaked havoc last month, was also leveraging an NSA’s Windows SMB exploit, dubbed EternalBlue, leaked by the Shadow Brokers in its April data dump.

Read more here.

Running applications from 2006 will tend to leave you “wide open” to attack…

South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them.

According to a blog post published by NAYANA, the web hosting company, this unfortunate event happened on 10th June when ransomware malware hit its hosting servers and attacker demanded 550 bitcoins (over $1.6 million) to unlock the encrypted files.

However, the company later negotiated with the cyber criminals and agreed to pay 397.6 bitcoins (around $1.01 million) in three installments to get their files decrypted.

Read more here.

I found myself being attacked more and more with this type of RCE vulnerability.  If you are not sure if you are safe, please read on…

On March 6^th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header. Written in Java, Apache Struts 2 is the popular open source web application framework that we’ve blogged about before. This is yet another incident that adds up to a long list of vulnerabilities in this framework.

Source: CVE-2017-5638: New Remote Code Execution (RCE) Vulnerability in Apache Struts 2 – Blog | Imperva

The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation.

The joint report from the FBI and U.S. Department of Homeland Security (DHS) provided details on “DeltaCharlie,” a malware variant used by “Hidden Cobra” hacking group to infect hundreds of thousands of computers globally as part of its DDoS botnet network.

According to the report, the Hidden Cobra group of hackers are believed to be backed by the North Korean government and are known to launch cyber attacks against global institutions, including media organizations, aerospace and financial sectors, and critical infrastructure.

Read more here.

The FBI arrested a 25-year-old NSA contractor on Saturday (3rd June) for leaking classified information to an online news outlet which published its report yesterday (5th June) — meaning the arrest was made two days before the actual disclosure went online.

Reality Leigh Winner, who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, was arrested from her home in Augusta on charges involving the leak of top-secret NSA files to ‘The Intercept,’ an online publication that has been publishing NSA documents leaked by Edward Snowden since 2014.

Read more here.

Yeah… seriously doubt it… yet another “leaked” NSA document condemning Russia.  Like a nation state would leave those kinds of tracks…  #wakeuppeople

A leaked NSA document determining that hackers connected to Russian military intelligence tried to breach US voting systems days before the 2016 election has national security experts and former intelligence officials reeling.

Source: ‘This is huge’: National security experts were floored by the leaked NSA document on Russia’s election hack