Ransomware may be mostly thought of as a (sometimes costly) nuisance, but when it hinders the ability of doctors and nurses to help people with an emergency medical problems, that qualifies as armed robbery. Read more…
See the article here:
Today’s Massive Ransomware Attack Was Mostly Preventable—Here’s How To Avoid It
A global cybersecurity attack involving WannaCry ransomware crippled Microsoft Windows computers across the globe today. Here are 10 facts to know. The post Biggest Global Cyber Attack Ever? 10 WannaCry Ransomware Facts appeared first on ChannelE2E .
View original post here:
Biggest Global Cyber Attack Ever? 10 WannaCry Ransomware Facts
Enlarge (credit: Health Service Journal) A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago. The company also rolled out a signature that allows its Windows Defender antivirus engine to provide “defese-in-depth” protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as WCry . Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients and telecoms, banks and companies such as FedEx to turn off computers for the weekend. The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.) Friday’s events made it clear that enough unpatched systems exist to cause significant outbreaks that could happen again in the coming days or months. In a blog post published late Friday night , Microsoft officials wrote: Read 9 remaining paragraphs | Comments
Read the original post:
WCry is so mean Microsoft issues patch for 3 unsupported Windows versions
Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.
Read the original:
Google Found Over 1,000 Bugs In 47 Open Source Projects
French auto giant Renault became the first major French company to report being affected by Friday’s ransomware attack that affected tens of thousands of computers in almost 100 countries across the world, reports Automotive News . An English plant of Renault’s alliance partner Nissan was also hit by the attack. Read more…
View original post here:
Renault And Nissan Plants Hit By Massive Ransomware Attack
An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.
View post:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers
Remember that “kill switch” which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. “I can confirm we’ve had versions without the kill switch domain connect since yesterday, ” Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday… Another researcher confirmed they have seen samples of the malware without the killswitch. Read more of this story at Slashdot.
See more here:
Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch
An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission… The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5, 300 employees for creating fake accounts, and their CEO now acknowledges that “we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values.” In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years. Read more of this story at Slashdot.
Bikers interested in going green have reason to rejoice today. Harley-Davidson has already shown off its prototype Livewire electric bike, and it’s promised to offer you a real one in the next five years . Today, the motorcycle manufacturer said it has plans to make 100 new motorcycles over the next 10 years, including an entire range of electric vehicles. Vice president Bill Davidson confirmed that electric bikes are Harley-Davidson’s future to Drive magazine while in Sydney to celebrate the brand’s 100th anniversary in Australia. While an electric Harley won’t have the signature engine boom that its combustion-powered bikes have, Davidson said that the company is working on a sound that he likens to a jet engine. “It is an amazing motorcycle, ” he told Drive . “While it doesn’t have a 45-degree, pushrod twin-cylinder engine it has the performance expected from a Harley Davidson even if it won’t sound the same, ” he said. So far, we’ve only seen the one Livewire concept model with a limited top speed and range, it’s likely thHarleyely-Davidson will create both sport and cruiser-style bikes to appeal to both the speed freaks and the touring bikers. Davidson noted that as automated cars become more ubiquitous, driving enthusiasts may turn to motorcycles to get their manual fix, telling Drive , “I think the more automatic cars [happen], motorcycling will become more appealing. I see it as a huge opportunity.” Via: Autoblog Source: Drive
See the original article here:
Harley-Davidson embraces the potential of electric motorcycles
President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.
See the original post:
Trump Signs Executive Order On Cybersecurity