SecurityWeek - Stealth Backdoor Abused NSA Exploit Before WannaCrypt

SecurityWeek Briefing: Friday, May 19, 2017
<% sLang = "en"; %>Fileless Ransomware Spreads via EternalBlue Exploit
  Your SecurityWeek Briefing Webcasts
RSS Feed
Click Here

Friday, May 19, 2017

Demystifying the Threat Landscape: eBook

Download this free eBook to understand where your business is most vulnerable today, and learn what you can do to stay ahead of the security game - and out of the news headlines.

Download Now

An Intelligent Approach to Cure Security Fatigue
To harness the power embedded in disparate sources of threat data requires aggregating it and translating it into a uniform format for analysis and action.
Read the Full Column
by Marc Solomon

Leveraging a Secure and Robust Vendor Ecosystem
In a globally interconnected world, knowledge-based economies are shaping our future, and vendor relationships are critical to success.
Read the Full Column
by Ashley Arbuckle

Why Suffer the Stress of Being a Black-Hat Hacker?
But choosing to become a black hat hacker is not without risk. If youíre a budding hacker, consider these downsides...
Read the Full Column
by Travis Greene

Cyber Risk Management: What's Holding Us Back?
Hackers are exploiting known vulnerabilities and are betting on the fact that organizations donít know how to fix what really matters.
Read the Full Column
by Torsten George

Trump's Cybersecurity Executive Order a Positive Step, but Just a Start
President Trump's cybersecurity executive order touches on activities that indirectly but significantly impact government agenciesí cyber risk posture.
Read the Full Column
by Steven Grossman

ICS Environments: Insecure by Design
Itís a generally known fact that most Industrial Control System (ICS) environments were not built with cyber security in mind because they were designed before the cyber threat existed.
Read the Full Column
by Barak Perelman

Sobering Thoughts When a Connected Medical Device Is Connected to You
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Read the Full Column
by Jim Ivers

Wear Camouflage While Hunting Threats
Investigating nefarious actors online can be dangerous, as the places hunters go are likely to be full of malware and people actively monitoring for outsiders.
Read the Full Column
by Lance Cottrell

User Security is a Responsibility, Not an Excuse
Is the appropriate response to blame the victim when increasingly sophisticated attacks and the rise in credential thefts are making any userís goal of protecting themselves much more difficult?
Read the Full Column
by Jack Danahy

Debunking the Deep & Dark Web: Four Myths That Can Inhibit Threat Intelligence Strategy
Safeguarding critical assets, proactively addressing cyber and physical threats, and assessing and mitigating risk accurately and effectively requires comprehensive visibility into both the Deep and the Dark Web.
Read the Full Column
by Josh Lefkowitz

Demystifying the Threat Landscape: eBook

Download this free eBook to understand where your business is most vulnerable today, and learn what you can do to stay ahead of the security game - and out of the news headlines.

Download Now

See All Recent Articles at SecurityWeek.Com

Click Here

Stealth Backdoor Abused NSA Exploit Before WannaCrypt: Security researchers discovered numerous attacks that have been abusing the EternalBlue exploit for malware delivery over the past several weeks. Read More

WannaCry Does Not Fit North Korea's Style, Interests: Experts: Some experts believe that, despite malware code similarities, the WannaCry ransomware is unlikely to be the work of North Korea, as the attack does not fit the countryís style and interests. Read More

Financial Firms Struggle on Compliance for non-Email Communications: The 2017 Electronic Communications Compliance Survey from Smarsh demonstrates continuing financial industry concern over its ability to capture and retain relevant staff communications, especially from mobile devices. Read More

Fileless Ransomware Spreads via EternalBlue Exploit: A newly discovered ransomware family was found to be using the NSA-linked EternalBlue exploit for distribution and is capable of fileless infection, researchers have discovered. Read More

Disney Blackmailed Over Apparent Movie Hack: Reports: Disney chief Bob Iger said Monday hackers claiming to have access to one of the company's unreleased movies were demanding a "huge" ransom, according to US media reports. Read More

Google Launches Security Services for Android: Google this week launched a set of security services designed to bring improved protection and visibility for Android users. Read More

Number of Phishing Sites Using HTTPS Soars: The number of phishing websites using HTTPS increased considerably since Firefox and Chrome introduced warnings for unsafe login pages. Read More

Stegano Exploit Kit Adopts the Diffie-Hellman Algorithm: After receiving multiple updates, the Stegano exploit kit (EK) recently adopted the Diffie-Hellman algorithm to hinder analysis, according to Trend Micro security researchers. Read More

WordPress 4.7.5 Patches Six Vulnerabilities: WordPress 4.7.5 patches six vulnerabilities, including SSRF, XSS and CSRF flaws. Read More

Medical Devices Infected With WannaCry Ransomware: Medical devices also infected with WannaCry ransomware. Several manufacturers release security advisories. Read More

Code Stolen After Developer Installed Trojanized App: Software firm Panic on May 17 announced that it experienced source code theft after a developer unknowingly installed a Trojanized application. Read More

Microsoft Withheld Update That Could Have Slowed WannaCry: Report: Microsoft held back from distributing a free security update that could have protected computers from the WannaCry global cyber attack, the Financial Times reported. Read More

EU Authorities Fight Back Against "Black Box" ATM Attacks: Europol has announced that a total of 27 related arrests have been made since the ATM black box threat first emerged in 2015. Read More

Cyberattacks Prompt Massive Security Spending Surge: The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago. Read More

Expert Earns $5,000 for Google Intranet Vulnerability: Researcher earns $5,000 for information disclosure vulnerability found in Googleís intranet login page. Read More

Hackers Steal 17 Million Users' Data From Indian Restaurant App Zomato: India's largest restaurant and food delivery app Zomato announced Thursday that the data of 17 million users had been stolen from its database, including names, email addresses and protected passwords. Read More

PATCH Act: A New Bill Designed to Prevent Occurrences Like WannaCrypt: The Protecting Our Ability to Counter Hacking Act of 2017 (PATCH Act), aims to find compromise between the moral requirement for the government to disclose vulnerabilities, and the government's political expediency in stockpiling vulnerabilities. Read More

Google Chrome Bug Leads to Windows Credential Theft: An issue with the manner in which Google Chrome and Windows handle specific file types can lead to credential theft even on up-to-date systems, a DefenseCode researcher has discovered. Read More

Researchers Disclose Unpatched WD TV Media Player Flaws: Researchers discovered several serious vulnerabilities in the WD TV Media Player. No patches available. Read More

Cisco Fixes Severe Flaws in Prime Collaboration Product: Cisco patches critical and high severity vulnerabilities in its Prime Collaboration Provisioning software. Read More

Critical SQL Injection Flaw Patched in Joomla: The latest Joomla update patches a critical SQL injection vulnerability that can be easily exploited by remote attackers. Read More

Over 200 Brooks Brothers Stores Hit by Payment Card Breach: More than 200 Brooks Brothers stores hit by payment card breach. Hackers had access to payment processing systems for nearly a year. Read More

To help make sure the SecurityWeek Briefing reaches you, please add to your address book.

The SecurityWeek Briefing is published Twice Weekly.
© 2017 Wired Business Media


Safe Unsubscribe
This email was sent to by

SecurityWeek | 40 Warren Street | Charlestown | MA | 02129

About SecurityWeek

IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information Security Industry Expert insights and analysis from IT security experts around the world.