Cyber Attacks, Threats, and Vulnerabilities
Cyber Attack Sweeps Globe, Researchers See 'WannaCry' Link (New York Times) A major global cyber attack on Tuesday disrupted computers at Russia's biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300,000 computers.
Petya-inspired ransomware is déjà vu for still-vulnerable businesses (CSO) It’s déjà vu all over again as the aggressive Petrwrap global ransomware outbreak causes new headaches in Australia and abroad – and the global security community again excoriates businesses for poor patching and remediation strategies that make them sitting ducks for ransomware perpetrators.
A massive new ransomware attack is spreading around the globe (TechCrunch) A month after the WannaCry ransomware attack paralyzed connected systems worldwide, a new threat appears to be spreading quickly. As reports emerge, today's..
Ukraine Hit by Massive Cyberattack (Foreign Policy) It’s unclear who or what is behind it.
Cyber Attack Strikes Banks and Oil Giants in Russia and Ukraine (Fortune) Analysts suggest it could be a coordinated attack.
Neue Cyber-Attacke legt Dutzende Firmen lahm - deutsche Unternehmen betroffen (Tagesspiegel) Erneut hat ein Erpressungstrojaner in großem Stil zugeschlagen. Diesmal traf es viele Firmen in der Ukraine und die Sperrzone in Tschernobyl. Betroffen sind offenbar auch deutsche Firmen.
Everything to Know About The Latest Worldwide Ransomware Attack (Fortune) What it is, how it spreads and how to stay safe
Complex Petya-Like Ransomware Outbreak Worse than WannaCry (Threatpost) Today’s global ransomware attack is spreading via EternalBlue and through local networks using PSEXEC and WMIC.
Petya: The Sophisticated and Multi-Pronged Ransomware Attack (Recorded Future) A new cyber attack that is quickly spreading throughout the world appears to be delivering ransomware and a trojan information stealer. Learn more.
GoldenEye/Petya Ransomware (eSentire) A widespread ransomware outbreak is affecting numerous organizations in Europe, particularly in the Ukraine.
New Ransomworm Follows WannaCry Exploits (Fortinet Blog) We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact...
'NotPetya' ransomware hits '2,000 organisations' in WannaCry-style global outbreak (Computing) Attack uses multiple vectors, including NSA exploit EternalBlue
Ukraine hit first as banks, trains and power firms swamped by computer virus (Times (London)) It began with banks and power companies in Ukraine saying they were under cyberattack. Soon the claims flooded in from every corner of the country. Card payment systems failed on the Kiev Metro...
Ukraine Hit by Massive Cyberattack (Foreign Policy) It’s unclear who or what is behind it.
A Scary New Ransomware Outbreak Uses WannaCry's Old Tricks (WIRED) A type of ransomware researchers have identified as Petya (also called Petrwrap) began spreading internationally on Tuesday.
Explosive global attack delivers destructive Petya ransomware (Help Net Security) A variant of the Petya ransomware dubbed PetrWrap has started hitting companies across Ukraine, Russia and Europe.
Petya ransomworm's rapid spread: What the experts know right now (Security Brief) The Petya ransomware uses the EternalBlue exploit to not only infect files, but an entire system's drive. We get the latest from the experts.
New Ransomware Attack Targets Europe, U.S. Bracing (SIGNAL Magazine) Cyber experts in the United States are bracing for the effects of a massive cyber attack hitting Ukraine, primarily, and other European nations Tuesday.
Beyond WannaCry: The Next Evolution (Jask) Reports earlier today, spread of a widespread infectious Ransomware named Petya, targeting the Ukraine infrastructure (Power, Transportation, Finance) and other big companies around the world. It later came to light, that this attack could possibly…
Cylance Prevents Petya-Like Ransomware (Cylance) While analysis continues to identify the key aspects of this ransomware, know for now that if you use our endpoint protection product CylancePROTECT®, you were already protected from this attack.
‘Petya’ Ransomware Outbreak Goes Global (KrebsOnSecurity) A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More (Dark Reading) With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
Global Petya ransomware attack: Update 2 (SC Media US) Petya ransomware is spreading rapidly across the globe, in an attack that is reminiscent of the May 2017 WannaCry incident, multiple news sources are reporting.
U.S. hospitals have been hit by the global ransomware attack (Recode) The ransomware is linked to a leaked vulnerability originally kept by the National Security Agency.
Cyberattack: Ransomware hits Jawaharlal Nehru port operations in Mumbai (Hindustan Times) AP Moller-Maersk, one of the affected entities globally, operates the Gateway Terminals India at JNPT.
Global cyber attack hits UK firms as WPP reports hack (City A.M.) A massive cyber attack which has hit a number of institutions in Ukraine appears to be spreading across Europe.
Tasmanian Cadbury factory hit by Goldeneye ransomware (CRN Australia) Chocolate factory operations suspended as systems go down.
Global Companies Hit as Ransomware Attack Continues (Infosecurity Magazine) Companies in the UK, USA and across Europe are reported to have been infected with the widely-reported ransomware.
The 'Petya' cyber attack could be worse than the hack that crippled the NHS (The Independent) The ‘Petya’ cyber attack currently spreading around the world could be “bigger” than WannaCry, a cyber security expert says. The ransomware initially hit Ukraine, but the WPP has confirmed that several of its companies have also been affected by it.
#Petya Ransomware Spreading Beyond Ukraine, Expert Claims (Infosecurity Magazine) Attack appears to have spread to Spain, Russia, India and UK
Petya Ransomware Cripples Systems Like WannaCry – Worldwide (BeyondTrust) It is another week, and another widespread report of a significant cyber-attack across Ukraine which is also affecting organizations in Russia and througho
Wide-scale Petya variant ransomware attack noted (SANS Internet Storm Center) Sent from a reader earlier today: Hearing some rumors that the company Merck is having a major virus outbreak with something new and their Europe networks are affected more than their US offices. Have you heard anything on this?
Checking out the new Petya variant (SANS Internet Storm Center) This is a follow-up from our previous diary about today's ransomware attacks using the new Petya variant. So far, we've noted:
Latest Ransomware Hackers Didn't Make WannaCry's Mistakes (WIRED) The latest sweeping ransomware assault bares some similarity to the WannaCry crisis that struck seven weeks ago. Both spread quickly, and both hit high-profile targets like large multinational companies and critical infrastructure providers. But while WannaCry's many design flaws caused it to flame out after a few days, this latest ransomware threat doesn't make the same mistakes.
Today’s huge ransomware attack has only made about $7,500 so far (TechCrunch) Ransomware attacks are bigger than ever, but the payouts appear to be shrinking. While the ransomware suspected to be a variant of Petya makes headlines..
PETYA – Darwinism applied to cyberspace (CSO Online) PETYA ransomware struck on 27 June. The cure was released in April. Why did anyone get infected?
Hacker Behind Massive Ransomware Outbreak Can't Get Emails from Victims Who Paid (Motherboard) A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys.
Who is behind the latest cyber attack? (Financial Times) Ransomware exploiting same vulnerability as WannaCry hits computers around the world
‘Petya’ ransomware attack stems from NSA exploit - Snowden, security experts (RT International) The Petya ransomware that spread across the globe Tuesday was made possible thanks to EternalBlue – a hacking tool used by the NSA to exploit a Windows vulnerability it left open for five years, Edward Snowden and security experts have said.
Search on for source of cyberattack that crippled systems in Europe, U.S. (CBS News) Cybersecurity expert tells CBS News latest attack has "criminal motive" because suspects are asking for money
Policy, conflict, attribution, and preparing for more to come. (The CyberWire) Ukrainian authorities have their suspect, but attribution isn't going to be simple. What's clear, however, is that more such attacks can be expected.
Cylance vs. AES-NI aka SOREBRECT (Cylance) On the heels of WannaCry, or even in parallel, another type of ransomware is making the rounds: AES-NI. Over the past three months, researchers have identified three different versions – or generations – which have been detected in the wild and found at impacted organizations.
Hackers Demand Banks $315k Ransom or Face DDoS Attacks (HackRead) Armada Collective, a group of online attackers, is demanding a ransom payment of $315,000 from South Korean banks - In the case of refusal, the group has t
South Korean banks threatened with DDoS attacks unless they pay $315,000 (Help Net Security) South Korean banks are being threatened with crippling DDoS attacks unless they pay $315,000 in bitcoin to the Armada Collective.
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say (Dark Reading) Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
WannaCry Just Another Day at the Office Confirms Cybersecurity Professionals (GlobeNewswire News Room) 49% have experienced other similar cyberattacks
Cyberattackers Kick Down a Few Parliament Email Doors (TechNewsWorld) The United Kingdom's Parliament on Monday reported a cyberattack on its email system over the weekend, when hackers attempted to access user accounts without authorization.
Tory minister blames 'sloppy passwords' for Westminster cyber attack (Mirror) About 90 Westminster accounts were hacked, with the senior Minister blaming users for failing to beef-up their passwords to deter would-be hackers
Existing security can't handle DNS attacks (Computing.) All businesses agree that DNS protection is important - but few are doing it.
Metropolitan Police STILL using Windows XP on 18,000 PCs (Computing) And just EIGHT Met Police PCs upgraded to Windows 10
Practical ways to misuse a router (PT Security) Wi-Fi and 3G routers are all around us. Yet in just one recent month, approximately 10 root shell and administrator account vulnerabilities...
The Amazon Echo (Horror) Show (Graham Cluley) Well done. You just paid $299 for the benefit of having a Peeping Tom in your kitchen.
I Could Kill You with a Consumer Drone (Defense One) As a former intelligence soldier who now sells drones for a living, I can tell you that this problem is bigger than almost anyone realizes.
Oops: Microsoft's "Super-secure" Windows 10 S Hacked In 3 Hours (Fossbytes) To test the claims, folks at ZDNet hired a security firm. As a result, the hackers were able to breach Windows 10 S within 3 hours by using Microsoft Word's handling of macros.
Security Patches, Mitigations, and Software Updates
Google researcher uncovers another RCE in Microsoft Malware Protection Engine (Help Net Security) Google researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine.
Microsoft plugs another critical hole in Windows Defender (CSO Online) Microsoft patched a critical RCE vulnerability in its Malware Protection Engine that could have been exploited without any user interaction.
Microsoft Quietly Kills Another Gaping Hole in Windows Defender (BleepingComputer) On Friday, Microsoft rolled out an out-of-band security update that patched a major security flaw in the Microsoft Malware Protection Engine (MsMpEng), a core security service part of the Microsoft ecosystem.
Microsoft: We'll beef up security in Windows 10 Creators Edition Fall Update (Register) EMETs? I've had a few
Major Hole Plugged in Secure File Transfer Tool (Threatpost) Biscom recently patched a stored cross-site scripting vulnerability in its secure file transfer product.
This Chrome Extension Scrubs Your Internet of Offensive Material (Motherboard) It's like an extra-effective trigger warning.
Cyber Trends
Criminalization of DNS for phishing continues to advance (Help Net Security) Cybercriminals have been shifting their tactics by registering more and more domain names, rather using web servers and domains they have hacked into.
A Discussion with Jeremy King, Founder & President of Benchmark Executive Search, On Why the Cybersecurity Sector Is Vitally Important to Securing Our Future (Hunt Scanlon) Corporate cybersecurity attacks are growing in magnitude, complexity and frequency, and these massive security lapses left an expanding list of major businesses compromised, including Yahoo Inc., Banner Health, Department of Justice, Snapchat, Democratic National Committee and LinkedIn, to name just a few. Demand for cybersecurity executives to bolster defenses and hold down the corporate fort, it turns out, is picking up.
New Zealanders’ Security Concerns Reach New Peak (Scoop) Identity theft, credit card fraud and natural disasters are top concerns for Kiwis
Marketplace
2017 State of Bug Bounty (Bugcrowd) Top trends in crowdsourced cybersecurity. Download the report to full report to learn the most reported vulnerabilities, average payout amounts, and industry adoption trends.
If you get hacked, your cybersecurity company may compensate you (MIT Technology Review) A small but growing number of cybersecurity companies are introducing warranty programs that can serve as insurance against the cost of a potential data breach.
JASK raises $12M in funding to help security pros prioritize threats with a crowdsourced AI model (GeekWire) Enterprise security is a much more labor-intensive task that a lot of people realize, and a new cybersecurity startup intends to use an artificial intelligence model to help security teams decide…
Sumo Logic Completes $75 Million Funding Round (Marketwired) Total funding approaches a quarter billion dollars; cements company's position as the SaaS machine data analytics solution of choice and category leader for the digital rra
SonicWall thrives after Dell split (CRN Australia) Company says channel strategy key to growth.
3 Reasons Palo Alto Networks Inc. Stock Could Rise (Motley Fool) The data-security provider wowed investors last quarter. What does it need to do to keep the ball rolling?
Trudeau says national security not jeopardized in China takeover of Norsat (The Globe and Mail) Prime Minister attests Canada would not move forward with Norsat deal if security risks were present
Thycotic Listed as One of the World's Hottest and Most Innovative Cybersecurity Companies to Watch in 2017 (PRNewswire) Thycotic, a provider of privileged account management (PAM) solutions for...
Products, Services, and Solutions
Barracuda Sentinel: AI for Real-Time Spearphishing and Cyber Fraud Defense (Barracuda) Barracuda Sentinel’s artificial intelligence engine learns organizations’ unique communications patterns to identify and block real-time spear phishing attempts.
Waratek Introduces New Security Features in June Release (PRNewswire) Waratek, the virtualization-based application security company, has added new critical protection features along with a security feature improvement to its existing solution.
NIKSUN Awarded Three Cryptographic Validations (BusinessWire) National Institute of Standards and Technology issues three cryptographic algorithm certificates to NIKSUN
SafeSwiss' world-leading encrypted messaging app extends support for a further four x Languages (MENAFN) SafeSwiss' world-leading encrypted messaging app extends support for a further four x Languages Fast-growing SafeSwiss™ platform improves support for users in HongKong, Japan,Taiwan, India,...
Technologies, Techniques, and Standards
Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak (BleepingComputer) Cybereason security researcher Amit Serper has found a way to prevent the Petya (NotPetya) ransomware from infecting computers.
WannaCry and the Elephant in the Room (Security Compass) After the recent news of “WannaCry” Ransomware crippling systems worldwide, people have started to opine on the host of reasons this attack…
Why WannaCry Was a Wake Up Call for Critical Infrastructure Security (Security Week) Many OT networks are susceptible to threats like WannaCry
How to secure your CMS without patching (ITworld) In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers. A German project aims to beat the bad guys to it, without a patch.
Organizations are intimidated by global privacy and data security regulations (Help Net Security) While companies are intimidated by global privacy and data security regulations, they fail to understand necessary organizational changes to comply.
Security leaders need to focus on minimum effort, not minimum compliance (CSO Online) Experian's Michael Bruemmer takes a Security Slap Shot on the need to harness regulations to drive better security and not just minimum compliance.
Using Cyber War Games to Improve Incident Response (Security Week) When the financial services industry undertook a cyber attack simulation called Quantum Dawn in 2013, the exercise shined a spotlight on the importance of cyber war games in helping organizations improve incident response.
Cyber threats have been evolving, why hasn’t security education? (TECHSEEN) Parvinder Walia of ESET talks about the concerns of cyber threat in the industry and how it can be countered with security education and training
Research and Development
CipherLoc Patent's New Stealth Key Encryption Technology (Bay Street) CipherLoc Corporation (OTCQB: CLOK), a leading provider of highly secure data protection technology, today announced a set of innovations that could potentially eliminate the need to share cryptographic keys in certain environments.
Academia
Training the cyber Sherlocks (Herald Bulletin) With cyberattacks on the rise, so too is the need for experts to protect companies, government agencies and individuals from those attacks and the damage they can cause.
Students put cybersecurity skills to the test in cybertruck challenge (Detroit Free Press) How do cyber sleuths go about making security systems more secure?
Legislation, Policy, and Regulation
Britain prepared to use air strikes or send in troops as retaliation against future cyber attack (The Telegraph) Britain could launch military retaliation such as air strikes against a future cyber attack, the Defence Secretary has suggested.
Trump, Modi call on Pakistan to stem terrorist attacks (Dawn) The two leaders "called on all nations to resolve territorial and maritime disputes".
US adds emir of Hizbul Mujahideen to list of global terrorists (FDD's Long War Journal) The US Department of State added Syed Salahuddin, leader of the Pakistan-supported Hizbul Mujahideen jihadist group, to its list of Specially Designated Global terrorists. State specifically designated Salahuddin for his activities in Kashmir, however he is part of the jihadist alliance which wages war throughout Afghanistan and India. Salahuddin, who is also known as Mohammad Yusuf Shah, is the emir of Hizbul Mujahideen, a jihadist group with close ties to other Pakistani terror groups that focuses on fighting in Indian Jammu and Kashmir, but also supports al Qaeda and other jihadist groups in Pakistan, Afghanistan, and India.
Pakistan comes out in support of militant designated as global terrorist by US, says he is a freedom fighter (The Straits Times) Pakistan came out in defence of militants fighting Indian security forces in Kashmir on Tuesday (June 27), saying it was a legitimate struggle for freedom, after the United States put the head of one of the groups on its list of global terrorists.. Read more at straitstimes.com.
Russia's Perpetual Geopolitics (Foreign Affairs) For centuries, Russia has been haunted by geopolitical ambitions that exceed its capabilities, and President Vladimir Putin’s recent attempts to secure Moscow a prominent place on the world stage represent a return to this historical pattern. Western leaders should respond to his efforts carefully, holding a firm line when necessary while avoiding unnecessary confrontations.
Opinion | Obama Choked on Russia Long Before the 2016 Election (Bloomberg) It's no wonder Putin thought he could meddle in the U.S. He had gotten away with everything else he tried.
Things to know about Germany's recent surveillance laws (Deutsche Welle) Germany has passed an unprecedented spate of new surveillance and security laws, often with impossibly long and hard to understand names. DW guides you through the most important of them.
Under Fire: Cipher Brief Wargame Shows Difficulty of Deterrence in Cyberspace (The Cipher Brief) It’s Labor Day, September 4, 2017, and the National Security Agency has just intercepted communications between the senior leadership of the Iranian Revolutionary Guard Corps, the militant purveyors of the 1979 Iranian Revolution, and employees of the Iranian companies ITSecTeam and Mersad.
HHS' Cyber Info Sharing Center: Is It Needed? (GovInfo Security) Does the healthcare sector need another cyber threat information sharing center? That’s a question some U.S. senators and others are asking as HHS prepares to
Litigation, Investigation, and Law Enforcement
Ukrainian military intelligence officer killed by car bomb in Kiev (the Guardian) Col Maksim Shapoval, who was head of a special forces unit, killed and passersby injured in terrorist act, government says
Shin Bet Chief: ‘We located over 2,000 potential terrorist threats since 2016’ (JerusalemOnline) Shin Bet Chief Nadav Argaman spoke at the Tel Aviv University Cyber Week conference and addressed how his organization deals with cybersecurity threats.
Gingrich: Congress has 'obligation' to call Obama to testify on Russia (POLITICO) "How can you be told the president of the United States knew last August the Russians were, in fact, involved in this and not ask him and ask him under oath?" he asks.
The ‘international man of mystery’ linked to Flynn’s lobbying deal (POLITICO) David Zaikin made Russian energy deals, advised Eastern European parties, brokered condos at Toronto’s Trump Tower, and teamed up with the man who hired Michael Flynn.
N.S.A. Warrantless Surveillance Aided Turks After Attack, Officials Say (New York Times) The National Security Agency used its warrantless surveillance program to help Turkey find the suspect in a terrorist attack at an Istanbul nightclub on Dec. 31 that killed 39 people and wounded dozens more, including an American who was shot, a senior F.B.I. official said Tuesday.
Guide to Posted Documents Regarding Use of National Security Authorities – as of June 2017 (IC on the Record) Set forth below are links to certain officially released documents related to the use by the Intelligence Community (IC) of national security authorities.
FBI, other agencies will be tapped to help spyware probe (Mexico News Daily) The Attorney General will seek assistance from the FBI and other agencies in its probe of spyware on the phones of lawyers, journalists and activists.
EU hammers Google with record $2.7 billion antitrust fine for illegal search manipulation (AppleInsider) The European Commission has wrapped up its antitrust investigation against Google, and has decreed that it must pay $2.72 billion to settle charges related to it favoring its own products over rivals in search results.