EternalBlue – Page 10 – WindowsTechs.com

After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox

Posted on May 22, 2017 by Bill Brenner

WannaCry may be behind us, but fears that the crooks might create new malware from the NSA’s stash of exploits seem to be coming true Continue reading After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox→

Windows 7, not XP, was the reason last week’s WCry worm spread so widely

Posted on May 20, 2017 by Dan Goodin

A run-down of recent WCry developments you may have missed. Continue reading Windows 7, not XP, was the reason last week’s WCry worm spread so widely→

Super-stealthy attackers used NSA exploit weeks before WannaCry

Posted on May 19, 2017 by Shaun Waterman

Weeks before the WannaCry ransomware spread like wildfire through unpatched Windows systems, a more sophisticated, stealthier attacker used the same NSA-engineered cyberweapon to infiltrate the IT networks of companies across the world, including at least one publicly traded in the U.S., according to new research. So stealthy was the fileless, in-memory attack, which hides itself inside the activity of a legitimate application, that it evaded five different security products running on the infected system, Gil Barak, CTO of Israeli cybersecurity firm Secdo told CyberScoop. Those products included so-called “next generation” filters that don’t rely on known signatures, he said. “Not only did they not stop the attack, they couldn’t even see it,” he said. Attackers using the technique “can pretty much do what they want, unnoticed — and then vanish.” Barak wrote a blog post on the attack and appeared with noted security researcher Jake Williams on a webcast this week where the two discussed the […]

The post Super-stealthy attackers used NSA exploit weeks before WannaCry appeared first on Cyberscoop.

Continue reading Super-stealthy attackers used NSA exploit weeks before WannaCry→

How did the WannaCry Ransomworm spread?

Posted on May 19, 2017 by Adam McNeil

Security researchers have had a busy week since the WannaCry ransomware outbreak that wreaked havoc on computers worldwide. How did it all happen?
Categories:
Cybercrime
Exploits
Malware
Tags: botnetDoublePulsarEternalBlueexploitJaff ransomwaremalspa… Continue reading How did the WannaCry Ransomworm spread?→

Should the government stockpile zero day software vulnerabilities?

Posted on May 19, 2017 by Shaun Waterman

Storm clouds are rising over the U.S. government’s policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process. Under the VEP, U.S. officials weigh the benefits of disclosing a newly discovered flaw to the manufacturer — which can issue a patch to protect customers — or having the government retain it for spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said. “We disclose something like 90 percent of the vulnerabilities we find,” said Richard Ledgett, who retired April 28 as the NSA’s deputy director. “There’s a narrative out there that we’re sitting on hundreds of zero days and that’s just not the case,” he told Georgetown University Law Center’s annual cybersecurity law institute. […]

The post Should the government stockpile zero day software vulnerabilities? appeared first on Cyberscoop.

Continue reading Should the government stockpile zero day software vulnerabilities?→

Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft

Posted on May 17, 2017 by Dan Goodin

WaPo confirms long-held suspicions as NSA cyberweapons crisis threatens to grow worse. Continue reading Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft→

Next NSA Exploit Payload Could be Much Worse Than WannaCry

Posted on May 17, 2017 by Michael Mimoso

Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware. Continue reading Next NSA Exploit Payload Could be Much Worse Than WannaCry→

WannaCry Shares Code with Lazarus APT Samples

Posted on May 16, 2017 by Michael Mimoso

Experts have confirmed there are similarities between code used by the ransomware WannaCry and the Lazarus APT. Continue reading WannaCry Shares Code with Lazarus APT Samples→

WannaCry Variants Pick Up Where Original Left Off

Posted on May 15, 2017 by Michael Mimoso

Exploits spreading WannaCry ransomware have surfaced after the discovery of a killswitch put a quick halt to the initial global outbreak. Continue reading WannaCry Variants Pick Up Where Original Left Off→

Massive Cyber Attack Cripples UK Hospitals, Spreads Globally

Posted on May 12, 2017 by Jack Laidlaw

A massive ransomware attack is currently under way. It was first widely reported having crippled the UK hospital system, but has since spread to numerous other systems throughout the world including FedEx in the US, the Russian Interior Ministry, and telecommunications firms in Spain and Russia.

The virus is known by names WannaCrypt, WannaCry, and a few other variants. It spreads using the ExternalBlue exploit in unpatched Windows machines older than version 10. The tools used to pull off this attack were likely from an NSA toolset leaked by the Shadow Brokers.

So far the strongest resource for technical information …read more

Continue reading Massive Cyber Attack Cripples UK Hospitals, Spreads Globally→