The WannaCry pandemic closes out its first week, and the consensus is that the ransomware has been a considerable nuisance, but not a catastrophe. Most observers continue to think it was a poorly executed North Korean effort to get badly needed cash, but this preliminary attribution awaits confirmation. Shortly after the ShadowBrokers dumped EternalBlue last month, a number of security companies warned that unpatched and old Windows systems were seriously vulnerable to exploitation, yet a disappointingly small number of enterprises took steps to protect themselves. Some security industry introspection at week's end mulls the possibility that too much crying of "wolf" has numbed users against such warnings.
The EternalBlue exploits used by the unknown actors behind WannaCry do remain a potentially serious risk. Rumors circulate of a related DNS campaign apparently aimed at establishing persistence in its targets: its command-and-control is said to have gone dark when WannaCry went public. Sedco reports early, evasive EternalBlue exploitation that spawns malicious threads inside legitimate applications. Other malware strains related to EternalBlue have successfully mined cryptocurrency (Adylkuzz) and less successfully attempted malicious encryption (Uiwix).
NSA is in bad odor in many places for having evidently held and then lost the EternalBlue exploits. Overhaul of the US Vulnerability Equities Process seems likely.
Avast warns of new vulnerabilities in home IoT.
Twitter has sustained widespread outages due to unknown causes over the past twenty-four hours.
Google says it will patch an Android vulnerability that opens users to ransomware, but not everywhere, and not just yet.