The NSA’s leaked Windows hack caused more damage than just WannaCry

When the ShadowBrokers first published the code for EternalBlue — an NSA exploit targeting Windows’ file-sharing protocol — researchers knew it was a bad bug. But most had no idea of the scale of the damage that would be caused by the vulnerability. Much of that damage has only become visible in recent days, as a ransomware program dubbed “WannaCry” locked up computers from the UK’s National Health Service to the Russian Ministry of the Interior. Some of the damage caused by EternalBlue was harder to spot, caused by more discreet malware designed to infect and monetize computers without leaving a trace. As researchers look for clues as to WannaCry’s origins, more of those programs are coming to light, and giving us more information about the sheer scale of the damage caused by Eternal Blue. [Read more here...]

Massive database containing over 560 million passwords discovered

Looks like it’s time to change passwords again. Security researchers have discovered a massive database of login credentials — over 560 million emails and passwords — put together by an unknown person. All of the information is insecure. The database was discovered by the Kromtech Security Research Center, who ran the information with Troy Hunt. Most of the information is already on Hunt’s Have I Been Pwned site, which allows users to see if their accounts have been compromised in previous data breaches. [Read more here...]

How to Accidentally Stop a Global Cyber Attacks

So finally I’ve found enough time between emails and Skype calls to write up on the crazy events which occurred over Friday, which was supposed to be part of my week off (I made it a total of 4 days without working, so there’s that). You’ve probably read about the WannaCrypt fiasco on several news sites, but I figured I’d tell my story.

I woke up at around 10 AM and checked onto the UK cyber threat sharing platform where i had been following the spread of the Emotet banking malware, something which seemed incredibly significant until today. There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant…yet. I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing. [Read more here...]

Fake URL gets users to install adware

Next time someone links you to, make sure you take a second look. There’s some adware currently circulating around the web by tricking users to visit a ‘шһатѕарр.com’ domain instead. Yes, those are different URLs – the fake URL uses characters from the Cyrillic alphabet. [Read more here...]

Is Microsoft to blame for the largest ransomware attacks in internet history?

Friday saw the largest global ransomware attack in internet history, and the world did not handle it well. We’re only beginning to calculate the damage inflicted by the WannaCry program — in both dollars and lives lost from hospital downtime — but at the same time, we’re also calculating blame. There’s a long list of parties responsible, including the criminals, the NSA, and the victims themselves — but the most controversial has been Microsoft itself. The attack exploited a Windows networking protocol to spread within networks, and while Microsoft released a patch nearly two months ago, it’s become painfully clear that patch didn’t reach all users. Microsoft was following the best practices for security and still left hundreds of thousands of computers vulnerable, with dire consequences. Was it good enough? [Read more here...]

The WannaCry ransomware has mysterious ties to North Korea

Researchers at Kaspersky Lab have uncovered new evidence linking the WannaCry ransomware code to North Korea. In a post today, the group detailed a segment of code used in both an early WannaCry variant and a February 2015 sample attributed to the Lazarus Group, a Kaspersky-tracked actor tied to the North Korean government. The overlap was first spotted by Google researcher Neal Mehta, and Kaspersky believes the similarity goes far beyond shared code. “We strongly believe the February 2017 sample was compiled by the same people,” Kaspersky writes, “or by people with access to the same source code as the May 2017 WannaCry encryptor used in the May 11th wave of attacks.” [Read more here...]

Renault shut down several French factories after cyberattack

As the massive WannaCry ransomware attack spread to over 100 countries this weekend, French automaker Renault halted production in several of its factories on Saturday, according to a spokesperson

Speaking to Automotive News, the spokesperson confirmed that the company shut down production in its Sandouville factory, saying that “proactive measures have been put in place, including the temporarily suspension of industrial activity at some sites," but declined to provide a full list of affected sites. Renault’s partner company Nissan was also affected: a UK spokesperson confirmed that files at its Sunderland factory were impacted on Friday night, but wouldn’t confirm reports that production was halted. A Renault spokesperson toldReuters that the company expects that “nearly all plants” will reopen on Monday. [Read more here...]