Tag: internet

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.” Read more of this story at Slashdot.

Visit link:
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

Language App Duolingo Finally Added Japanese and It’s Great

Duolingo is one of the best free ways to get started learning a new language, and they’re finally answering the pleas of wannabe polyglots everywhere by adding Japanese to their curriculum. Sugoi! Read more…

Read More:
Language App Duolingo Finally Added Japanese and It’s Great

Over 560 Million Passwords Discovered by Security Researchers in an Anonymous Online Database

A trove of more than 560 million login credentials has been exposed by a leaky database, researchers revealed on Tuesday, including email addresses and passwords stolen from as many as 10 popular online services. Read more…

More:
Over 560 Million Passwords Discovered by Security Researchers in an Anonymous Online Database

The Most Interesting Part of Apple’s New $5 Billion Campus Is a Pizza Box

This morning, Wired magazine published an early look into Apple’s brand new spaceship campus. The giant circle features the kinds of ridiculous details you might expect from Apple, like sliding glass doors that weigh 440, 000 pounds each and 9, 000 trees supposedly durable enough to survive the forthcoming climate… Read more…

Read More:
The Most Interesting Part of Apple’s New $5 Billion Campus Is a Pizza Box

Scientists Finally Know What Makes These Weird Glass Droplets So Incredibly Strong

Something unusual happens when a drop of molten glass falls into water. As it cools, it creates a crystal clear tadpole-like droplet that’s bulletproof on one end, but impossibly fragile on the other. We’ve known about these droplets for 400 years, but scientists have only recently figured out what makes them almost… Read more…

Taken from:
Scientists Finally Know What Makes These Weird Glass Droplets So Incredibly Strong

‘WannaCry’ ransomware attack spreads worldwide (update)

England’s healthcare system came under a withering cyberattack Friday morning, with ” at least 25 ” hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. The UK government now reports that this is not a (relatively) isolated attack but rather a single front in a massive regionwide digital assault. #nhscyberattack pic.twitter.com/SovgQejl3X — gigi.h (@fendifille) May 12, 2017 The attack has impacted hospitals and transportation infrastructure across Europe, Russia and Asia. Organizations in dozens of countries have all been hit with the same ransomware program, a variant of the WannaCry virus, spouting the same ransom note and demanding $300 for the encryption key, with the demand escalating as time passes. The virus’s infection vector appears to through a known vulnerability, originally exploited and developed by the National Security Agency. That information was subsequently leaked by the hacking group known as Shadow Broker which has been dumping its cache of purloined NSA hacking tools onto the internet since last year. The virus appears to have originally spread via email as compressed file attachment so, like last week’s Google Docs issue, make sure you confirm that you email’s attachments are legit before clicking on them. Also, make sure your computers are using software that’s still receiving security updates, and that you’ve installed the latest updates available. Microsoft released a fix for the exploit used as a part of its March “Patch Tuesday” release, but unpatched Windows systems remain vulnerable. Update : Reuters reports a statement from Microsoft indicating that engineers have added detection and protection against the “Ransom:Win32.WannaCrypt” malware, so make sure your Windows Defender or other antivirus is updated before logging on to any corporate networks that may be infected. In a statement, a FedEx representative confirmed its systems are being impacted, saying “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.” Source: New York Times

Originally posted here:
‘WannaCry’ ransomware attack spreads worldwide (update)

Today’s Massive Ransomware Attack Was Mostly Preventable—Here’s How To Avoid It

Ransomware may be mostly thought of as a (sometimes costly) nuisance, but when it hinders the ability of doctors and nurses to help people with an emergency medical problems, that qualifies as armed robbery. Read more…

More here:
Today’s Massive Ransomware Attack Was Mostly Preventable—Here’s How To Avoid It

Renault And Nissan Plants Hit By Massive Ransomware Attack

French auto giant Renault became the first major French company to report being affected by Friday’s ransomware attack that affected tens of thousands of computers in almost 100 countries across the world, reports Automotive News . An English plant of Renault’s alliance partner Nissan was also hit by the attack. Read more…

Original post:
Renault And Nissan Plants Hit By Massive Ransomware Attack

Microsoft Finally Bans SHA-1 Certificates In Its Browsers

An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.

View the original here:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Remember that “kill switch” which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. “I can confirm we’ve had versions without the kill switch domain connect since yesterday, ” Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday… Another researcher confirmed they have seen samples of the malware without the killswitch. Read more of this story at Slashdot.

Originally posted here:
Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch