NHS Lanarkshire Cancels Ops After Weekend Ransomware Blitz

Security found wanting again after WannaCry

NHS Lanarkshire Cancels Ops After Weekend Ransomware Blitz

An NHS Scotland organization has suffered a second major ransomware-related outage, just months after it was struck by the infamous WannaCry attacks of May.

The Bitpaymer variant is said to have struck NHS Lanarkshire on Friday, affecting some key services over the weekend.

According to a spokesperson, the NHS security systems weren’t able to detect the malware as it was a new variant, indicating that they’re still using fairly basic software.

Some operations were cancelled as a result, as IT teams struggled to contain the outbreak, while patients were urged not to visit their local hospitals unless their trip was essential.

NHS Lanarkshire chief executive, Calum Campbell, explained in a statement on Friday that it was “Putting in place a solution from our IT security provider.”

"We have detected some incidences of malware. We took immediate action to prevent this spreading while we carried out further investigations,” he added.

"While the issue is being resolved our staff have been working hard to minimize the impact on patients and we apologize to anyone who has been affected.”

NHS Lanarkshire is said to have been one of the regions worst affected by the WannaCry campaign of mid-May.

It’s unclear how its computers became infected by the new ransomware variant, although phishing emails are the most common attack vector.

On Thursday, security firm Proofpoint revealed a new ransomware strain dubbed “Defray” which is being spread via malicious Word attachments in unsolicited mail.

The threat is primarily targeted at victims in healthcare and education sectors, with the emails crafted to lure recipients into opening the attachment.

One email, for example, purports to be from the director of information management & technology at a hospital.

Ransomware attacks doubled in the first half of the year compared to the same time in 2017, according to stats from Check Point.

It claimed ransomware comprised 48% of the main attack categories globally in 1H 2017, versus 26% in the first six months of 2016.

Source

Advertisements

China Enforces Real-Name Policy to Regulate Online Comments

If you reside in China, your Internet life within the borders will soon be even more challenging.
Last Friday, China’s top Internet regulator announced a new set of rules that would force citizens to post comments using their real-world identities on Internet forums and other web platforms.
Yes, you heard that right. Anonymity is about to die in the country.
The Cyberspace Administration of

Source

More than 1,700 valid Telnet credentials for IoT devices leaked online

Security researchers are warning of the availability online of a list of IoT devices and associated telnet credentials. The list has been available on Pastebin since June, but last week it was also shared via Twitter by the researcher Ankit Anubhav becoming rapidly viral. The original list was posted by someone who has previously published […]

The post More than 1,700 valid Telnet credentials for IoT devices leaked online appeared first on Security Affairs.

Security researchers are warning of the availability online of a list of IoT devices and associated telnet credentials.

The list has been available on Pastebin since June, but last week it was also shared via Twitter by the researcher Ankit Anubhav becoming rapidly viral.

The original list was posted by someone who has previously published a dump of valid log-in credentials and also the source code of a botnet.

It is a gift for hackers, more than 1,700 IoT devices could easily take over and recruit them part of a botnet that could be used to power a DDoS attack.

The list has more than  22,000 views as of Saturday afternoon, while only 1,000 users have seen it since last Thursday.

iot devices credentials

Many IoT devices included in the list have default and well-known credentials (i.e., admin:admin, root:root, or no authentication required).

Top five credentials were:

  • root:[blank]—782
  • admin:admin—634
  • root:root—320
  • admin:default—21
  • default:[blank]—18

The popular researcher Victor Gevers, the founder of the GDI Foundation, analyzed the list and confirmed it is composed of more than 8200 unique IP addresses, about 2.174 are accessible via Telnet with the leaked credentials.

According to the researchers, most of the reachable IPs (61 percent) were located in China.

The list of the 33,000 IP addresses includes many duplicates, it is likely they were already abused by hackers in the wild.

The Pastebin also includes numerous scripts, titled “Easy To Root Kit,” “Mirai Bots,” “Mirai-CrossCompiler,” “Apache Struts 2 RCE Auto-Exploiter v2),” “Slowloris DDoS Attack Script.”

Pierluigi Paganini

(Security Affairs – IoT devices, hacking)

The post More than 1,700 valid Telnet credentials for IoT devices leaked online appeared first on Security Affairs.

Source

Lessons can be learned from HBO’s “Game of Thrones” hack, cyber security prof says – NewsOK.com


NewsOK.com

Lessons can be learned from HBO’s “Game of Thrones” hack, cyber security prof says
NewsOK.com
As viewers await the much anticipated penultimate season finale of “Game of Thrones” this Sunday, HBO officials have been dealing with their share of off-screen drama. Earlier this month, as Westeros braced itself for winter coming onscreen, HBO …
Geelong’s new Game of Thrones-inspired suburb banned from naming a street after Cersei and Jaime LannisterGeelong Advertiser

all 319 news articles »

Source

Cyberattack Leaves Millions Without Mobile Phone Service in Venezuela

A massive cyberattack that took down government websites in Venezuela earlier this week also has left seven million mobile phone users without service, the government said Thursday.

A group that calls itself The Binary Guardians claimed responsibility for attacks that targeted the websites of the government, the supreme court and the National Assembly.

read more

Source

Wikileaks – CIA CouchPotato remote tool can stealthy collect RTSP/H.264 video streams

WikiLeaks has published another Vault 7 leak, revealing the CIA tool CouchPotato that allows operators to remotely spy on video streams in real-time. “Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the […]

The post Wikileaks – CIA CouchPotato remote tool can stealthy collect RTSP/H.264 video streams appeared first on Security Affairs.

WikiLeaks has published another Vault 7 leak, revealing the CIA tool CouchPotato that allows operators to remotely spy on video streams in real-time.

“Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.” states Wikipedia.

The document leaked from the CIA details how the tool could be used by cyber spies to remotely capture RTSP/H.264 video streams.

The Real Time Streaming Protocol ( RTSP), is a network control protocol designed for controlling streaming media servers.

“CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. CouchPotato utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity.” reads the user guide. “In order to minimize size of the DLL binary, many of the audio and video codecs along with other unnecessary features have been removed from the version of ffmpeg that CouchPotato is built with. pHash, an image hashing algorithm, has been incorporated into ffmpeg’s image2 demuxer to provide image change detection capabilities. CouchPotato relies on being launched in an ICE v3 Fire and Collectcompatible loader.” 

CouchPotato

The CouchPotato tool utilizes FFmpeg for video and image encoding and decoding and Real Time Streaming Protocol connectivity.

The CouchPotato tool is hard to detect, it supports the file-less ICE v3 “Fire and Collect” loader, which is an in-memory code execution (ICE) technique.

The documents don’t include details on how the CIA operators compromise the target systems. It is likely the CouchPotato tool needs to be used in conjunction with other hacking tools to penetrate the targeted systems.

Below the list of release published by Wikileaks since March:

Pierluigi Paganini

(Security Affairs –  Wikileaks, CouchPotato tool)

The post Wikileaks – CIA CouchPotato remote tool can stealthy collect RTSP/H.264 video streams appeared first on Security Affairs.

Source

Open Source Threat Intel: GOSINT

It’s our pleasure to announce the public availability of GOSINT – the open source intelligence gathering and processing framework. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you are applying research […]

Source

WannaCry-killer Marcus Hutchins released on bail after Feds accused him of crafting malware

He admitted writing software nasty code, prosecutors claim

Marcus Hutchins, the WannaCry killer and now suspected malware seller, has had his initial court hearing and won’t be getting out of jail free, after a Las Vegas court set his bail at $30,000. Handing $3,000 to a bail bondsman will see him able to leave jail.…

Source