A global cybersecurity attack involving WannaCry ransomware crippled Microsoft Windows computers across the globe today. Here are 10 facts to know. The post Biggest Global Cyber Attack Ever? 10 WannaCry Ransomware Facts appeared first on ChannelE2E .
More:
Biggest Global Cyber Attack Ever? 10 WannaCry Ransomware Facts
Enlarge (credit: Health Service Journal) A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago. The company also rolled out a signature that allows its Windows Defender antivirus engine to provide “defese-in-depth” protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as WCry . Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients and telecoms, banks and companies such as FedEx to turn off computers for the weekend. The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.) Friday’s events made it clear that enough unpatched systems exist to cause significant outbreaks that could happen again in the coming days or months. In a blog post published late Friday night , Microsoft officials wrote: Read 9 remaining paragraphs | Comments
More:
WCry is so mean Microsoft issues patch for 3 unsupported Windows versions
Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.
Visit site:
Google Found Over 1,000 Bugs In 47 Open Source Projects
An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.
See more here:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers
Remember that “kill switch” which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. “I can confirm we’ve had versions without the kill switch domain connect since yesterday, ” Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday… Another researcher confirmed they have seen samples of the malware without the killswitch. Read more of this story at Slashdot.
Continued here:
Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch
A one-of-a-kind Harry Potter prequel has been stolen, and author J.K. Rowling is eager to get it back in the right hands. Read more…
Continued here:
Rare Harry Potter Prequel Stolen, J.K. Rowling Pleads for Return
Something unusual happens when a drop of molten glass falls into water. As it cools, it creates a crystal clear tadpole-like droplet that’s bulletproof on one end, but impossibly fragile on the other. We’ve known about these droplets for 400 years, but scientists have only recently figured out what makes them almost… Read more…
See the original post:
Scientists Finally Know What Makes These Weird Glass Droplets So Incredibly Strong
Enlarge (credit: Health Service Journal) A large number of hospitals, GPs, and walk-in clinics across England have been locked down by a ransomware attack, reports suggest. There are also some reports of a ransomware attack hitting institutions in Portugal and Spain, though it isn’t known if the incidents are connected. NHS England says it is aware of the issue, but hasn’t yet issued an official statement. At this point it isn’t clear whether a central NHS network has been knocked offline by the ransomware, or whether individual computers connected to the network are being locked out. In any case, some hospitals and clinics are reporting that their computer systems are inaccessible and some telephone services are down too. Read 7 remaining paragraphs | Comments
Originally posted here:
Massive ransomware attack hits UK hospitals, Spanish banks
Enlarge / A 2015 Ram 1500, one of the models affected by this recall. (credit: FCA) Dodgy software code controlling side airbags and safety belt pretensioners is responsible for a recall affecting more than a million Ram pickup trucks. On Friday, Fiat Chrysler Automobiles (FCA) announced that it will be recalling Ram 1500 and 2500 trucks (model years 2013 to 2016) and Ram 3500 trucks (model years 2014 to 2016) beginning in June in order to rectify the problem. The software error, which could prevent side airbag deployment and belt pretensioning in cases where a vehicle rolls over following an underbody impact—say, hitting road debris or something when off-roading—has already been implicated in one death. Although the code has not been conclusively fingered as the culprit, FCA says it is issuing the recall proactively. A similar issue forced General Motors to recall more than 4 million vehicles in 2016. Read 1 remaining paragraphs | Comments
View article:
Ram is recalling more than a million trucks for faulty software
An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed “Jaff”. Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky — like Jaff — also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. “This is where the comparison ends, since the code base is different as well as the ransom itself, ” said Jerome Segura, a security researcher at Malwarebytes. “Jaff asks for an astounding 2 BTC, which is about $3, 700 at the time of writing.” Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat. Read more of this story at Slashdot.
Visit site:
New Ransomware ‘Jaff’ Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It