Collaborate Disseminate
Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for *nix-based systems – EternalRed (aka SambaCry). On May 30th our honeypots captured the first attack to make use of this particular vulnerability, but the payload in this exploit had nothing in common with the Trojan-Crypt that was EternalBlue and WannaCry. Continue reading SambaCry is coming
Taking design cues from WannaCry, a fake copy of the popular King of Glory game is being used to spread ransomware Continue reading Android ransomware hides in fake King of Glory game
Taking design cues from WannaCry, a fake copy of the popular King of Glory game is being used to spread ransomware Continue reading Android ransomware hides in fake King of Glory game
To defend your infrastructure against future exploits, it’s critical to disable the insecure original version of the SMB protocol.
The post Don’t Wait for the Next WannaCry — Update Your SMB Protocol Before It’s Too Late appeared first on Security Intelligence.
Continue reading Don’t Wait for the Next WannaCry — Update Your SMB Protocol Before It’s Too Late
When the WannaCry computer worms crippled the British National Health Service last month, the response at the U.S. Department of Health and Human Services was led by a new cybersecurity watch center, lawmakers heard Thursday. The Healthcare Cybersecurity and Communications Integration Center, “coordinated the response to WannaCry,” Steve Curren, director of resilience in the HHS Office of Emergency Management, told a House Energy and Commerce subcommittee. When the WannaCry worm struck, crippling dozens of British hospitals, HHS officials “took immediate action to engage [the] broader U.S. health sector and ensure that IT security specialists had the information they needed to protect against, respond to and report intrusions,” Curren said. The HCCIC, (pronounced “aitch-kick”) came online in May is modeled on the Department of Homeland Security’s National Cybersecurity and Communications Integration Center — a 24-hour watch center that pulls in real-time data from vital national industries like banking and telecommunications and distributes warnings and other information. […]
The post WannaCry outbreak was first big test of HHS’s new cybersecurity center for health sector appeared first on Cyberscoop.
Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth nightmares, Attack and Defense, Jay Beale style, Decoding … Continue reading OneLogin Woes, Shadow Brokers Identity, oAuth Nightmares – Paul’s Security Weekly #516
With the right network insights, analysts can deal with existing threats such as WannaCry, and quickly detect and respond to new attacks as they emerge.
The post Using Network Insights to Stay One Step Ahead of Emerging Threats appeared first on Security Intelligence.
Continue reading Using Network Insights to Stay One Step Ahead of Emerging Threats
What made WannaCry different from other ransomware attacks? We explain how it happened – and look at what lessons we’ve learned Continue reading InfoSec 2017: how to protect yourself against the next WannaCry
Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack. Continue reading NSA’s EternalBlue Exploit Ported to Windows 10
Many American hospitals and health care practices are critically vulnerable to cyberattack and lack the resources to protect against rising threats, according to a long-awaited report issued by the U.S. Department of Health and Human Service’s Health Care Industry Cybersecurity Task Force. The starkly negative report points to problems beyond hardware and software. The task force, established a year go, is made up of 21 security experts, health care professionals and government officials. “Many organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty,” the task force reported. “These organizations often lack the infrastructure to identify and track threats, the capacity to analyze and translate the threat data they receive into actionable information, and the capability to act on that information.” The talent shortage that hampers cybersecurity in all sectors hits health care especially hard so that the industry leans especially hard on part-time positions or […]
The post Federal report: Hospital cybersecurity is in ‘critical condition’ appeared first on Cyberscoop.
Continue reading Federal report: Hospital cybersecurity is in ‘critical condition’