Huge ransomware outbreak disrupts IT systems worldwide: WannaCryptor to blame
Ransomware called WannaCryptor spread rapidly around the world today, encrypting files in as many as 100 countries by using the leaked NSA eternalblue SMB exploit.
0-day
Are you still vulnerable to Stagefright? Get your Android device checked now
Security researchers found a vulnerability in Android that could allow attackers to steal information from smartphones through remotely executed code via a crafted MMS. According to them up to 950 million devices could be vulnerable.
CVE2012‑1889: MSXML use‑after‑free vulnerability
As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix
Blackhole, CVE‑2012‑0507 and Carberp
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
Infosecurity Conference APTitude Adjustment
If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A (and the other panel sessions from the conference). Register here. Here are the details for that keynote session, chaired by Steve Gold,
Virtualization & Conferencing
David Harley is taking part in the keynote session (11.00-12.00 EST) on "APT: Real Threat or Just Hype" at US Infosecurity's Virtual Conference on November 8th.
Stuxnet and the DHS
In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.
Phishphloods: Not all Phishing is Spear‑Phishing
You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads
The Stuxnet Train Rolls On…
… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today: A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)
Win32/Stuxnet Signed Binaries
On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp". This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp. It is
R.I.P. IE 6
R.I.P. IE6 Targeted and sophisticated attacks against Google, Adobe, and Juniper used an unpatched vulnerability in Internet Explorer to breach computers. These incidents are receiving a lot of attention from the media much due to the size and notability of the companies affected. France, Germany and now Australia have issued guidelines and urged users to
SMB2 0‑Day update
Microsoft’s advisory on the SMB driver issue is now available. As expected, it includes some comments on mitigation, but they’re rather fluffy. It advocates “Firewall best practices and standard default firewall configurations”, which “can help protect networks from attacks that originate outside the enterprise perimeter,” and suggests exposing a “minimal number of ports”. Well, duh… I’d expect any firewall
SMB2 zero‑day
Some traffic has crossed my radar concerning a 0-day exploit that apparently enables a remote attacker to crash a Vista or Windows 7 system with SMB enabled (and according to subsequent reports, Server 2008). The original post and exploit are claimed to demonstrate the possibility of a Blue Screen Of Death (BSOD) and (normally) an automatic reboot when
Top 25 Programming Errors
Not one of our Top X lists, this time, but one featured in an article on the SANS site. SANS have been banging the drum for safer coding for quite a while – in fact, they do quite a few courses on safe coding in various development contexts. Admittedly, that gives them a financial incentive to fly
Self‑Protection Part 8
Don’t expect antivirus alone to protect you from everything. Use additional measures such as a personal firewall, antispam and anti-phishing toolbars, but be aware that there is a lot of fake security software out there. This means that you need to take care to invest in reputable security solutions, not malware which claims to fix
Internet Explorer Problems
It probably isn’t news to you that there’s been an issue with Internet Explorer and a recently-discovered vulnerability that exposes users of the application to a range of attacks. Certainly we’ve been getting lots of enquiries about our ability to detect it, and I suspect other vendors are getting the same barrage of questions. Of