Stealth Backdoor Abused NSA Exploit Before WannaCrypt:
Security researchers discovered numerous attacks that have been abusing the EternalBlue exploit for malware delivery over the past several weeks.
WannaCry Does Not Fit North Korea's Style, Interests: Experts:
Some experts believe that, despite malware code similarities, the WannaCry ransomware is unlikely to be the work of North Korea, as the attack does not fit the countryís style and interests.
Financial Firms Struggle on Compliance for non-Email Communications:
The 2017 Electronic Communications Compliance Survey from Smarsh demonstrates continuing financial industry concern over its ability to capture and retain relevant staff communications, especially from mobile devices.
Fileless Ransomware Spreads via EternalBlue Exploit:
A newly discovered ransomware family was found to be using the NSA-linked EternalBlue exploit for distribution and is capable of fileless infection, researchers have discovered.
Disney Blackmailed Over Apparent Movie Hack: Reports:
Disney chief Bob Iger said Monday hackers claiming to have access to one of the company's unreleased movies were demanding a "huge" ransom, according to US media reports.
Google Launches Security Services for Android:
Google this week launched a set of security services designed to bring improved protection and visibility for Android users.
Number of Phishing Sites Using HTTPS Soars:
The number of phishing websites using HTTPS increased considerably since Firefox and Chrome introduced warnings for unsafe login pages.
Stegano Exploit Kit Adopts the Diffie-Hellman Algorithm:
After receiving multiple updates, the Stegano exploit kit (EK) recently adopted the Diffie-Hellman algorithm to hinder analysis, according to Trend Micro security researchers.
WordPress 4.7.5 Patches Six Vulnerabilities:
WordPress 4.7.5 patches six vulnerabilities, including SSRF, XSS and CSRF flaws.
Medical Devices Infected With WannaCry Ransomware:
Medical devices also infected with WannaCry ransomware. Several manufacturers release security advisories.
Code Stolen After Developer Installed Trojanized App:
Software firm Panic on May 17 announced that it experienced source code theft after a developer unknowingly installed a Trojanized application.
Microsoft Withheld Update That Could Have Slowed WannaCry: Report:
Microsoft held back from distributing a free security update that could have protected computers from the WannaCry global cyber attack, the Financial Times reported.
EU Authorities Fight Back Against "Black Box" ATM Attacks:
Europol has announced that a total of 27 related arrests have been made since the ATM black box threat first emerged in 2015.
Cyberattacks Prompt Massive Security Spending Surge:
The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.
Expert Earns $5,000 for Google Intranet Vulnerability:
Researcher earns $5,000 for information disclosure vulnerability found in Googleís intranet login page.
Hackers Steal 17 Million Users' Data From Indian Restaurant App Zomato:
India's largest restaurant and food delivery app Zomato announced Thursday that the data of 17 million users had been stolen from its database, including names, email addresses and protected passwords.
PATCH Act: A New Bill Designed to Prevent Occurrences Like WannaCrypt:
The Protecting Our Ability to Counter Hacking Act of 2017 (PATCH Act), aims to find compromise between the moral requirement for the government to disclose vulnerabilities, and the government's political expediency in stockpiling vulnerabilities.
Google Chrome Bug Leads to Windows Credential Theft:
An issue with the manner in which Google Chrome and Windows handle specific file types can lead to credential theft even on up-to-date systems, a DefenseCode researcher has discovered.
Researchers Disclose Unpatched WD TV Media Player Flaws:
Researchers discovered several serious vulnerabilities in the WD TV Media Player. No patches available.
Cisco Fixes Severe Flaws in Prime Collaboration Product:
Cisco patches critical and high severity vulnerabilities in its Prime Collaboration Provisioning software.
Critical SQL Injection Flaw Patched in Joomla:
The latest Joomla update patches a critical SQL injection vulnerability that can be easily exploited by remote attackers.
Over 200 Brooks Brothers Stores Hit by Payment Card Breach:
More than 200 Brooks Brothers stores hit by payment card breach. Hackers had access to payment processing systems for nearly a year.
To help make sure the SecurityWeek Briefing reaches you, please add firstname.lastname@example.org to your address book.
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information Security Industry Expert insights and analysis from IT security experts around the world.
Newsletter Sign Up
Be the first to know about new deals! Sign up today and start receiving offers from your favorite stores into your mailbox.