Week in review: WannaCry decryptor available, stealing Windows credentials using Google Chrome

Here’s an overview of some of last week’s most interesting news and articles:

DocuSign breached, stolen info used for targeted phishing campaign
Phishing emails impersonating electronic signature technology provider DocuSign are not an unusual sight, but the latest campaign has the added advantage of specifically targeting registered DocuSign users.

There’s now a WannaCry decryptor tool for most Windows versions
As the criminals behind the WannaCry ransomware are trying to make it work again, security researchers have created tools for decrypting files encrypted by it.

Who’s responsible for fixing SS7 security issues?
It’s easy for outsiders to simply say: “If SS7 is flawed, why don’t providers switch to using another technology?”

After a data breach is disclosed, stock prices fall an average of 5%
What’s more, thirty-one percent of consumers impacted by a breach stated they discontinued their relationship with an organization that experienced a data breach.

Stealing Windows credentials using Google Chrome
This article describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it.

United Airlines cockpit access codes leaked online
A United Airlines flight attendant has inadvertently leaked access codes for the company’s airplanes’ cockpit doors, a safety alert email to United employees has revealed.

HandBrake malware attack led to theft of Panic apps’ source code
Oregon-based software company Panic Inc. has announced that some of the source code for their offerings has been stolen, and they are being blackmailed by the attackers.

A guide on how to prevent ransomware
This article details several recommendations to help you in reducing the likelihood of future infection by ransomware, or indeed any other computer viruses or malware, against systems within your organisation.

WannaCry and IoT: Vendors react
Cisco has started a review of its products, aimed at identifying which of them do not support automated or manual updates of Microsoft patches.

Privacy awareness checklist for GDPR readiness
Here’s a five-step checklist designed to help you tackle the privacy awareness training requirement of the GDPR with ease.

Number of HTTPS phishing sites triples
When, in January 2017, Mozilla and Google made Firefox and Chrome flag HTTP login pages as insecure, the intent was to make phishing pages easier to recognize, as well as push more website owners towards deploying HTTPS. But the move also had one unintended consequence.

Ready, set, race to the IoT hub
Battle lines are being drawn. Armies are being marshaled. Territory is being eyed and strategies drawn up with military precision. But this war is about to be fought in your home and the giants squaring up to fight for supremacy are already household names – Google and Amazon.

Ransomworm: The birth of a monster
You can predict the future – at least in cases relating to cybersecurity – by identifying what modifications would be the most explosive, the most powerful… the most profitable.

WannaCry is a painful reminder of why enterprises must stay current on software updates
WannaCry is a wake-up call for the excessive numbers of companies needlessly dragging their feet over Windows 10 migrations.

ATM Black Box attacks: 27 arrested all over Europe
Black Box is a sort of ATM logical attack through connection of an unauthorised device (usually unknown Box or laptop) which sends dispenses commands directly to the ATM cash dispenser in order to “cash-out” the ATM.

3 in 5 companies expect to be breached in 2017
New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million.

WordPress announces bug bounty program
The scheme was initially run as a private program. But even with that preparation, the public launch was hectic.

Microsoft to governments: Stop hoarding vulnerabilities
Microsoft is full of surprises lately: first they issued patches for unsupported versions of Windows, then they publicly criticized the NSA for hoarding knowledge about critical software vulnerabilities (and exploits for them).

New infosec products of the week​: May 19, 2017
A rundown of infosec products released last week.

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS
More about

Don't miss