Download Table of Contents 1. Technology news and Security updates: 1.1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Clusterpoint wikipedia , lookup

Transcript 
Table of Contents
Technology news and Security updates: .............................................................2
1.
1.1
South African government “securing cyberspace” ..........................................2
1.2
New Shadow Brokers Message Teases Data From Nuke Programs,
Windows 10 Exploits ..............................................................................................................2
1.3
Phishing emails may not be the reason for Wannacry global havoc ...........3
1.4
What you need to know about the WannaCry Ransomware ..........................4
1.5
Cyber security standards not doing enough ......................................................4
1.6
Password days are over ...........................................................................................5
1.7
Wannacry shares code with Lazarus APT samples ..........................................6
1.8
Chrome browser hack opens door to credential theft .....................................6
1.9
Apple issues security updates for macOS, iDevices........................................7
Cyber crime and Intelligence in the news: ...........................................................8
2.
3.
2.1
hack
Security researchers link North Korea to massive WannaCry ransomware
8
2.2
Cockpit codes of United Airlines accidentally leaked to public ....................8
2.3
Database with 560 Million Passwords Leaked ...................................................9
Technical Security Alerts:.......................................................................................11
3.1 Vulnerabilities, Malware and exploits .....................................................................11
1. Technology news and Security updates:
1.1 South African government “securing cyberspace”
Government is making inroads in putting in place policy and legislative measures that
will secure South Africa’s cyberspace.
These include the Cybercrime and Cybersecurity Bill, which is currently before
Parliament, after having gone through a process of consultation with the relevant
stakeholders.
The Bill seeks to ensure that the country has the relevant legislative framework in place.
In partnership with institutions of higher learning, government has also launched
capacity building programmes that will bolster the State Security Agency’s capacity to
respond to the problem of cyber insecurity.
Source: https://mybroadband.co.za/news/government/210966-south-african-governmentsecuring-cyberspace.html
1.2 New Shadow Brokers Message Teases Data From Nuke Programs, Windows 10
Exploits
Today, the Shadow Brokers have published a new message teasing new exploits for
people who register for a new membership program the group has announced for next
month, June 2017.
The announcement comes on the heels of a very virulent ransomware outbreak that has
used one of the exploits previously leaked by the group.
That exploit is ETERNALBLUE, a supposed hacking tool developed by the Equation
Group, a codenamed usually given to NSA cyber-operations. The Shadow Brokers
leaked ETERNALBLUE in April 2017, as part of a larger data trove they started
advertising in August 2016.
Shadow Brokers tease new exploits
Trying to capitalize on the success of the WannaCry ransomware, which used
ETERNALBLUE for a self-spreading SMB worm, The Shadow Brokers are now
announcing the "TheShadowBrokers Data Dump of the Month" service, a monthly
subscription plan.
The group claims it will release new exploits through this new monthly membership
program. According to the group, these are the types of exploits we can expect:
o
web browser exploits
o
router exploits
o
mobile handset exploits and tools
o
items from newer Ops Disks
o
exploits for Windows 10
o
compromised network data from more SWIFT providers and central banks
o
compromised network data from Russian, Chinese, Iranian, or North Korean
nukes and missile programs
Source: https://www.bleepingcomputer.com/news/security/new-shadow-brokers-message-teasesdata-from-nuke-programs-windows-10-exploits/
1.3 Phishing emails may not be the reason for Wannacry global havoc
Vladimir Putin has blamed the US for the global cyber attack that has crippled computer
systems around the world since Friday.
Putin said Russia had “nothing to do” with the attack and blamed the US for creating the
hacking software that affects Microsoft computers.
“Malware created by intelligence agencies can backfire on its creators,” said Putin,
speaking to media in Beijing. He added that global leaders needed to discuss cyber
security at a “serious political level” and said the US has backed away from signing a
cyber security agreement with Russia.
Authorities fear a second wave of the “WannaCry” ransomware could hit systems as
people return to work and switch on their computers on Monday morning.
Source: https://latesthackingnews.com/2017/05/16/phishing-emails-may-not-reason-wannacryglobal-havoc/
1.4 What you need to know about the WannaCry Ransomware
ymantec has uncovered two possible links that loosely tie the WannaCry ransomware
attack and the Lazarus group:
o
Co-occurrence of known Lazarus tools and WannaCry ransomware: Symantec
identified the presence of tools exclusively used by Lazarus on machines also
infected with earlier versions of WannaCry. These earlier variants of WannaCry
did not have the ability to spread via SMB. The Lazarus tools could potentially
have been used as method of propagating WannaCry, but this is unconfirmed.
o
Shared code: As tweeted by Google’s Neel Mehta, there is some shared code
between known Lazarus tools and the WannaCry ransomware. Symantec has
determined that this shared code is a form of SSL. This SSL implementation
uses a specific sequence of 75 ciphers which to date have only been seen
across Lazarus tools (including Contopee and Brambul) and WannaCry variants.
While these findings do not indicate a definite link between Lazarus and WannaCry, we
believe that there are sufficient connections to warrant further investigation. We will
continue to share further details of our research as it unfolds.
A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit
hundreds of thousands of computers worldwide since its emergence on Friday, May 12.
WannaCry is far more dangerous than other common ransomware types because of its
ability to spread itself across an organization’s network by exploiting a critical
vulnerability in Windows computers, which was patched by Microsoft in March 2017
(MS17-010). The exploit, known as “Eternal Blue,” was released online in April in the
latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it
had stolen the data from the Equation cyber espionage group.
Source: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacryransomware
1.5 Cyber security standards not doing enough
Cyber security standards are not doing enough to protect organisations from cyber
crime.
That was the word from Manuel Corregedor, chief operations officer at Telspace
Systems, speaking during the ITWeb Security Summit 2017 today.
Corregedor, who joined information Telspace last month, says although organisations
are implementing standards such as ISO/IEC 27001, among others, they are still being
breached.
The main problem with standards, he said, is that they can't keep up with the rapid
changes the technology space is going through. Faced with ever more frameworks,
policies and documents, organisations often adopt a tick box approach to pass an audit,
but lack the knowledge for it to be meaningful.
Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=161788:Cybersecurity-standards-not-doing-enough&catid=234&securityportal=t
1.6 Password days are over
In a world in which the physical and the virtual are increasingly integrated, biometric
digital identities will become critical for safeguarding identities and data, and for policing
and counter- cybercrime initiatives.
Walter Lee, evangelist for global safety solutions at NEC Corporation, told delegates at
day one of the ITWeb Security Summit 2017, that the digital world held the promise of
great strides in convenience, service delivery and safety for everyone. The connected
future vision was making the world a better place to live, he said.
But at the same time, the level of risk was growing. "The World Wide Web has become
the Wild, Wild, Web, and best way to be safe on the Internet is not to be on the Internet,"
he said. "We are seeing the democratisation of threats: now, hackers are as young as 12
and anyone can become a hacker because the Dark Web makes it easy to get any tools
you need to commit cybercrime.
Source:
http://www.itweb.co.za/index.php?option=com_content&view=article&id=161786:Password-daysare-over&catid=234&securityportal=t
1.7 Wannacry shares code with Lazarus APT samples
As the first inkling of attribution emerged in the WannaCry ransomware outbreak,
researchers found another attack using the same leaked NSA attack tools to spread the
Adylkuzz cryptocurrency miner.
Kafeine, a well-known exploit researcher who works for Proofpoint, said Monday that this
attack could be greater in scale than WannaCry, which spread worldwide on Friday
infecting Windows machines still unpatched against the SMBv1 vulnerabilities exploited
by the NSA’s EternalBlue exploit and DoublePulsar rootkit and backdoor. Once Adylkuzz
infects a machine, it mines the open source Monero cryptocurrency, which goes to great
lengths to obfuscate its blockchain information, making it a challenge to trace activity.
Kafeine said the Adylkuzz attacks pre-date WannaCry with the first samples going back
to April 24. More than 20 virtual private servers are scanning the internet for targets
running port 445 exposed, the same port used by SMB traffic when connected to the
internet, and the same port abused by EternalBlue and DoublePulsar..
Source: https://threatpost.com/wannacry-shares-code-with-lazarus-apt-samples/125718/
1.8 Chrome browser hack opens door to credential theft
A vulnerability in Google’s Chrome browser allows hackers to automatically download a
malicious file onto a victim’s PC that could be used to steal credentials and launch SMB
relay attacks.
Bosko Stankovic, information security engineer at DefenseCode, found the flaw in the
default configuration of the latest version of Chrome running on an updated version of
Microsoft’s Windows 10 operating system.
“Currently, the attacker just needs to entice the victim (using fully updated Google
Chrome and Windows) to visit his website to be able to proceed and reuse victim’s
authentication credentials,” he wrote Monday in a description of the vulnerability.
The technique allows an attacker to gain access to a victim’s username and Microsoft
LAN Manager (NTLMv2) password hash. That leaves victims open to a variety of attacks
including a Server Message Block (SMB) relay attack. A SMB relay attack allows an
adversary to use a victim’s credentials to authenticate to a PC or network resource such
as email or remote server.
Attacks could also use this vulnerability to attempt to crack the target’s hashed
password.
Source: https://threatpost.com/chrome-browser-hack-opens-door-to-credential-theft/125686/
1.9 Apple issues security updates for macOS, iDevices
It’s time to patch your Mac, iDevices and software again: Apple has released security
updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, iCloud
for Windows, and Safari.
The iTunes and iCloud for Windows updates fix one vulnerability in WebKit each. But
both of these are critical, as they can be triggered by maliciously crafted web content
and could lead to arbitrary code execution.
One of these flaws also affects Safari, but the Apple security team fixed also a
bucketload of other WebKit memory corruption issues that can be exploited in the same
way and lead to either arbitrary code execution or universal cross site scripting.
The watchOS and the tvOS updates fix pretty much the same vulnerabilities, but Apple
Watch users also get fixes for many of the aforementioned WebKit flaws, and a WebKit
Web Inspector that could allow an application to execute unsigned code.
Source: https://www.helpnetsecurity.com/2017/05/16/apple-issues-security-updates-macosidevices/
2. Cyber crime and Intelligence in the news:
2.1 Security researchers link North Korea to massive WannaCry ransomware hack
Top security researchers believe there’s a connection between North Korean-affiliated
cybercriminals and the global WannaCry ransomware hack.
Google security researcher Neel Mehta pointed out in a Monday afternoon tweet that
code used in WannaCry bore similarities to code used by the Lazarus Group, a cadre of
cybercriminals believed to be responsible for the 2014 Sony hack and a recent $81
million heist of the Bangladeshi central bank.
Hours after Mehta’s tweet, leading cybersecurity firms Kaspersky Lab and Symantec
both confirmed the similarities.
The WannaCry hack, which surfaced on Friday, allows hackers to encrypt the data on
infected machines, which it then holds hostage for about $300 in bitcoin. One researcher
found a “kill switch” for WannaCry over the weekend that has helped control the
damage, but the ransomware creators have already released a new variant without the
fix..
Source: https://news.vice.com/story/security-researchers-link-north-korea-to-massive-wannacryransomware-hack
2.2 Cockpit codes of United Airlines accidentally leaked to public
The confidential codes required to access United Airlines’ cockpits have been
accidentally leaked to the public in what the airline calls a mistake, rather than a data
breach.
On Sunday, the Wall Street Journal reported that the airline sent out a blast alert to
employees over the weekend warning them of the inadvertent code leak, caused by a
flight attendant who posted the information online.
Within the email sent to employees, the airline said that a “corrective action plan” had
been launched, but by following flight deck security procedures already in place the risk
of a breach of the flight deck door is “strongly mitigated.”
The incident has been reported to the Federal Aviation Administration (FAA) as the use
of the cockpit codes could give individuals unauthorized access to pilot compartments,
and in today’s world of terrorism and the risk of planes being attacked or hijacked, such
an information leak could be dangerous to crew and passengers.
Source: https://latesthackingnews.com/2017/05/16/united-airlines-cockpit-codes-accidentallyleaked/
2.3 Database with 560 Million Passwords Leaked
As if we weren't having a bad enough week in terms of digital security with WannaCry
running wild across global computers, it has now been revealed that a new database
containing passwords has been dumped online - all 560 million of them.
Dubbed the "mother of all leaks" by folks over at the security research center
MacKeeper, the database contains more than 560 million passwords. After running the
set against Troy Hunt's Have I Been Pwned platform, it was also discovered that over
243 million unique emails were also in the database, almost every single one appearing
in other breaches.
According to MacKeeper, this seems to be just another giant database containing
passwords collected from a variety of sources, including previous data breaches. It's
what could be known as a "combo list' since it mixes information from multiple sources.
The fact that this data was floating around the Internet somewhere isn't new, but putting
all this together, having it readily available for anyone curious to have a look is
worrisome.
"During our research we were surprised to see as many as 313 large databases, with
size over 1GB, with several terabytes of data, hosted in US, Canada and Australia. The
database in question is hosted on a cloud-based IP, and it is unclear who actually owns
it. We sent notification email to the hosting provider, but usually it is not the quickest way
to shut it down," the researchers explain.
The database has over 75 GB in size and contains data structured in readable json
format. It includes data from at least 10 previous leaks, including LinkedIn, Dropbox,
MySpace, Neopets, RiverCityMedia, Tumblr, MySPace and Lastfm, to name a few.
Source: http://news.softpedia.com/news/database-with-560-million-passwords-leaked515779.shtml
3. Technical Security Alerts:
Technical security alerts are the current security issues, vulnerabilities, malware and exploits provided proactively to provide timely
information about their impact, propagation and remediation. This information is sourced to provide to technical teams to protect their
infrastructure environments.
3.1 Vulnerabilities, Malware and exploits
The table below lists all the recent vulnerabilities, malware and exploits identified by ICT Security Monitoring Services team for today.
Technologies
and
Name
Description
Propagation
Software’s affected
Remedy
Severity
Adobe Flash Player
A vulnerability in Adobe Flash
The vulnerability is due to
Adobe Flash Player 20.0
Adobe has released
High risk
Memory Corruption
Player could allow an
improper memory
(Base, .0.228, .0.235,
software updates at the
Vulnerability
unauthenticated, remote
operations performed by
.0.267, .0.286, .0.306) | 21.0
following links:
attacker to execute arbitrary
the affected software. An
(.0.197, .0.213, .0.226,
code.
attacker could exploit this
.0.242) | 22.0 (.0.192,
Flash Player Desktop
https://tools.cisco.com/securit
vulnerability by persuading
.0.211) | 23.0 (.0, .0.162,
Runtime version
y/center/viewAlert.x?alertId=5
a user to open a web page
.0.185, .0.205, .0.207) | 24.0
25.0.0.171 for Windows
3842
that contains crafted Flash
(.0.0, 0.186, .0.194, .0.221) |
and Macintosh
content. A successful
25.0 (.0, .0.127, 0.148,
Vendor Announcements
exploit could trigger
0.163)
Adobe has released a
memory corruption, which
security bulletin at the
could allow the attacker to
following link: APSB17-15
execute arbitrary code on
Source:
Flash Player version
25.0.0.171 for Linux
Flash Player for Google
the targeted system.
Chrome versions
25.0.0.171 for Windows,
Macintosh, Linux, and
ChromeOS
Flash Player for
Microsoft Edge and
Internet Explorer 11
versions 25.0.0.171 for
Windows 10 and
Windows 8.1
Git git-shell Escape
A vulnerability in the git-
The vulnerability is due to
Git 2.4 (.0, .1, .2, .3, .4, .5,
The vendor has released
Privilege Escalation
shell feature of Git could
insufficient validation of
.6, .7, .8, .9, .10, .11) | 2.5
software updates
Vulnerability
allow an authenticated,
user supplied input. An
(.0, .1, .2, .3, .4, .5) | 2.6 (.0,
available in tarballs at
remote attacker to gain
attacker could exploit this
.1, .2, .3, .4, .5, .6) | 2.7 (.0,
the following link: Index
elevated privileges.
vulnerability by sending a
.1, .2, .3, .4) | 2.8 (.0, .1, .2,
of /pub/software/scm/git
https://tools.cisco.com/securit
repository name that starts
.3, .4) | 2.9 (.0, .1, .2, .3) |
y/center/viewAlert.x?alertId=5
with a dash to a targeted
2.10 (.0, .1, .2) | 2.11 (.0, .1)
3840
system. An exploit could
| 2.12 (.0, .1, .2)
Source:
allow the attacker to break
out of the restricted gitshell and gain elevated
privileges on the system.
High risk
End:
Related documents
Ingram eMail - Ransomware
Ingram eMail - Ransomware
3 primary types of ransomware: The effects of a
3 primary types of ransomware: The effects of a
Ransomware Cyber Attack - Colne Parish Council, Cambridgeshire
Ransomware Cyber Attack - Colne Parish Council, Cambridgeshire
Wannacry Ransomware Alert
Wannacry Ransomware Alert
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
Siemplify, a fast-growing cyber security start
Siemplify, a fast-growing cyber security start
Assessing vulnerability to climate change in South East Europe
Assessing vulnerability to climate change in South East Europe
Artificial Intelligence Engineer
Artificial Intelligence Engineer
Maritime Cyber Vulnerabilities in the Energy Domain
Maritime Cyber Vulnerabilities in the Energy Domain
• Overview of Cyber Security & need of cyber security • Introduction
• Overview of Cyber Security & need of cyber security • Introduction
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
GHG Inventory review - E-Learning Module
GHG Inventory review - E-Learning Module
Climate Change and Health A Framework for Discussion
Climate Change and Health A Framework for Discussion
Acronyms abbreviations
Acronyms abbreviations
The BitcoinHeist: Classifications of Ransomware Crime Families
The BitcoinHeist: Classifications of Ransomware Crime Families
A ransomware attack puts IT in a battle against the malware
A ransomware attack puts IT in a battle against the malware