Search results for: MS17-010


Older vulnerabilities and those with lower severity scores still being exploited by ransomware

Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today, according to RiskSense. The data was gathered from a variety of sources including RiskSense proprietary data, publicly available threat databases, as well as findings from RiskSense threat researchers and penetration testers. … More


Cybercriminals are becoming more methodical and adaptive

Cybercriminals are deviating towards a more focused approach against targets by using better obfuscation techniques and improved social engineering skills as organizations improve in areas such as time to detection and response to threats, according to Trustwave. The 2019 Trustwave Global Security Report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research. Asia … More


Cyber attacks are becoming more organized and structured

Trustwave released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research. Findings depict improvement in areas such as intrusion to detection however, also showed increased sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats. North America and retail … More

Pwn Pulse

Review: Pwnie Express Pulse

Pwnie Express Pulse is a SaaS offering that uses custom hardware sensors to provide continuous network discovery, threat detection, risk assessment, and critical information about all security issues that should be resolved. After seeing Pulse in action, I can say that Pwnie Express came a long way from being a crowd pleaser at security conferences where people were obsessing over PwnPhone or PwnPlug, a penetration testing device that mimicked a surge protector. In case you … More

Eternal Blues

Eternal Blues: A free EternalBlue vulnerability scanner

It is to be hoped that after the WannaCry and NotPetya outbreaks, companies will finally make sure to install – on all their systems – the Windows update that patches SMB vulnerabilities leveraged by the EternalBlue and EternalRomance exploits. These exploits are currently available to practically any hacker who might want to use them, and protecting systems against them should be a must for every organization. But while bigger ones might have an IT department … More


NotPetya outbreak: What we know so far

Tuesday’s ransomware outbreak hit many businesses and government entities around the world, but by far the most numerous victims are located in Ukraine. The infection process The delivered malware was not, as initially believed, the original Petya ransomware or the previously seen variant PetrWrap. NotPetya, as this new threat was dubbed, is definitely made to look like Petya, and uses some of its code, but has its own specific characteristics: According to Kaspersky Lab researchers, … More


Building a strong cybersecurity program for the long haul

Patch Tuesday is approaching and there is a chance it might be a boring one. Hopefully, I didn’t jinx things by saying that, but I think most of what we’ll see is a bit of volume on the third-party side. Before we get into the forecast, though, let’s talk about the recent roller coaster we’ve all been on. WannaCry WannaCry is a name that will hold a place in our minds similar to Heartbleed, Conficker, … More


Who are we kidding? WannaCry is not a first

On Friday, May 12, 2017, the world was alarmed to discover that cybercrime has reached a new record, in a widespread ransomware attack dubbed WannaCry that is believed to have caused the biggest attack of its kind ever recorded. The details of the attack are all being reported as we go, as security teams scramble to recover and law enforcement agencies dig further into the evidence. To say that this is the biggest ransomware attack … More


Massive ransomware campaign spreading around the world like wildfire

Organizations around the world have been hit with the Wana Decrypt0r (aka WannaCry) ransomware, in what seems to be the most massive ransomware delivery campaign to date. Boom, we have insight!#WannaCrypt — MalwareTech (@MalwareTechBlog) May 12, 2017 So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast. — Costin Raiu (@craiu) May 12, 2017 By many accounts, the success of the … More


Tens of thousands Windows systems implanted with NSA’s DoublePulsar

Has your Windows machine been implanted with NSA’s DoublePulsar backdoor? If you haven’t implemented the security updates released by Microsoft in March, chances are good that it has. What is DoublePulsar? DoublePulsar is a backdoor implant that enables the injection and running of DLLs – potentially malicious ones – on Windows computers. It was recently leaked by the Shadow Brokers, and hackers have been using it – in conjunction with the EternalBlue exploit – to … More


Microsoft patched the flaws allowing leaked Windows exploits to work

Microsoft has patched the vulnerabilities that allowed nine of the exploits released by the Shadow Brokers on Friday to work, and said that of the three remaining exploits, none will work on supported platforms (Windows 7 and newer versions of the OS, or Exchange 2010 and newer versions of Exchange). The list of addressed vulnerabilities (and the exploits they allowed) is as follows: Roughly half of these flaws were fixed at one point or another … More