Ransomware attacks created havoc worldwide last week. It is still a sample of much nastier things that are just waiting to unfold. There are already reports of new attacks from variants of the Ransomware tools, which believed to have infected more than 150,000 machines around the globe. The hacker group, ShadowBrokers, which leaked NSA tools that facilitated ransomware attacks, is threatening to release new bugs and exploits every month.
Reversing the trend of past several months, it is now the United States being accused of the source of state-sponsored cyber attacks. Private corporations like Microsoft and Google, etc., are also accused of being cohorts in American intelligence operations to compromise systems worldwide. The tools used in ransomware attacks were those stolen from NSA, which has long been using them in its intelligence operations. Russian President Putin stated that launching cyber-viruses is like “lifting a lid” that “could backfire on those who developed and created them,” including intelligence agencies. China also said that the US should take part of the blame for the attacks. The UK, Russia and China are said to be worst affected in the attacks. The impact on India appears to be relatively low.
Although monetary benefit seemed to be the motivation behind ransomware attacks, current investigations are pointing fingers toward North Korean hackers, linked to the government, as responsible for these attacks. They seem to be spread over China and some Southeast Asian countries and launching coordinated attacks. Whoever maybe they are, it may almost be impossible to identify and bring them to justice as they hide behind multiple layers of anonymous networks.
It is high time international community take charge at the highest political levels and draw rules and regulations for cyber operations. It is so far, the US which has been dominating the field and hence reluctant to be drawn into any regulations. Russia and China are catching up, while several smaller countries like Iran, Vietnam, North Korea, etc., are fast developing cyber capabilities as they offer cheaper and deniable means to engage larger targets.
Meanwhile, Hyderabad police in India scored commendable success in nabbing gangs involved in sophisticated cyber theft of Indian blockbuster high-definition movies and extortion of money.
`RANSOMWARE’ VARIANTS – MORE ATTACKS FEARED
New Threats Fuel Fears of Another Global Cyberattack
https://www.wsj.com/articles/new-threats-fuel-fears-of-another-global-cyberattack-1495042636 A new fast-spreading computer attack and a hacking group’s threat to release a fresh trove of stolen cyberweapons are fueling fears among businesses and security experts of another global technology assault. The new attack, called Adylkuzz, follows last week’s WannaCry outbreak, which crippled computers in more than 100 countries over the weekend. Unlike its predecessor, Adylkuzz doesn’t lock up computer screens; it slows down systems as it quietly steals processing power to generate a little-known digital currency called Monero. Adylkuzz began spreading about two weeks ago and by May 17 had infected more than 150,000 machines around the globe, according to Ryan Kalember, senior vice president with the security intelligence firm Proofpoint Inc. The news comes a day after a hacking group called the Shadow Brokers separately posted an internet message saying it would release a new trove of cyberattack tools next month.
Related: Shadowbrokers Planning Monthly Exploit, Data Dump Service https://threatpost.com/shadowbrokers-planning-monthly-exploit-data-dump-service/125710/ ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before starting in June a subscription service for new exploits and stolen data akin to a wine of the month club. In what’s become a signature periodic rant from the unknowns behind the leak of offensive NSA hacking tools, the ShadowBrokers today expressed their dismay that neither the U.S. government nor technology companies bit at their August 2016 auction of Equation Group hacking tools. The consequences, they said, were April’s massive leak of Windows attack tools, some of which have been co-opted by those behind the WannaCry attacks.
The hacking group that leaked NSA secrets claims it has data on foreign nuclear programs
https://www.washingtonpost.com/news/the-switch/wp/2017/05/16/the-hacking-group-that-leaked-the-nsas-secrets-claims-it-has-data-on-foreign-nuclear-programs/?tid=hybrid_collaborative_1_na&utm_term=.5a4ec7eda7d9 The hacking group that leaked the bugs that enabled last week’s global ransomware attack is threatening to make public even more computer vulnerabilities in the coming weeks — potentially including “compromised network data” pertaining to the nuclear or missile programs of China, Iran, North Korea and Russia, as well as vulnerabilities affecting Windows 10, which is run by millions of computers worldwide. A spokesperson for the group, which calls itself the Shadow Brokers, claimed in a blog post Tuesday that some of those computer bugs may be released on a monthly basis as part of a new subscription-based business model that attempts to mimic what has proved successful for companies such as Spotify, Netflix, Blue Apron and many more.
Wannacry Variants Pick Up Where Original Left Off
https://threatpost.com/wannacry-variants-pick-up-where-original-left-off/125681/ The inevitable wave of WannaCry ransomware variants began in earnest over the weekend after bit of sleuthing from a U.K. researcher slowed down the initial global outbreak. At least five new takes on the first attack, all still leveraging the NSA’s EternalBlue exploit and DoublePulsar rootkit, are spreading WannaCry. “One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible,” MalwareTech wrote in a blog published Saturday.
China warns of new ransomware-like virus UIWIX
http://economictimes.indiatimes.comhttp://economictimes.indiatimes.com/tech/internet/china-warns-of-new-ransomware-like-virus-uiwix/printarticle/58731724.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst Chinese authorities warned computer users of the risk of a new cyber attack by a virus similar to WannaCry ransomware. The National Computer Virus Emergency Response Centre (CVERC) and software company AsiaInfo on Wednesday detected the “UIWIX” virus, which is spreading in a similar way like the “WannaCry” ransomware, Xinhua news agency reported. Both viruses use security holes in the Microsoft Windows operating systems to rename files and encrypt them in order to limit users from accessing the computer or files unless they pay a ransom, CVERC deputy head Chen Jianmin said. Meanwhile, Windows released a security update to protect computers against the virus.
`RANSOMWARE ATTACKS : IMPACT
Hacking Attack has Security Experts Scrambling to Contain Fallout
https://www.nytimes.com/2017/05/13/world/asia/cyberattacks-online-security-.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region®ion=top-news&WT.nav=top-news&_r=0 Governments, companies and security experts from China to Britain on Saturday raced to contain the fallout from an audacious global cyberattack amid fears that if they do not succeed, companies will lose their data unless they meet ransom demands. The global efforts come less than a day after malicious software, transmitted via email and stolen from the National Security Agency, exposed vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record. The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service.
Ransomware attack should be wake-up call for govts: Microsoft
http://www.thehindu.com/news/international/ransomware-attack-should-be-wake-up-call-for-govts-microsoft/article18456160.ece Brad Smith, Microsoft’s president and chief legal officer, said that his company, its customers and the government all share the blame, the report said. “The governments of the world should treat this attack as a wake-up call,” Smith wrote while also noting how “cybersecurity has become a shared responsibility between tech companies and customers.” But he also blamed the governments.
Ransomware cyber-attack threat escalating – Europol
http://www.bbc.com/news/technology-39913630 Friday’s cyber-attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says. He told the BBC the act was “unprecedented in its scale” and warned more people could find themselves affected on Monday morning. The virus took control of users’ files, demanding payments; Russia and the UK were among the worst-hit countries. Mr Wainwright said that the ransomware was being combined with a worm application allowing the “infection of one computer to quickly spread across the networks”. What occurred was an “indiscriminate attack across the world on multiple industries and services”, Mr Wainwright said, including Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia’s interior ministry.
NSA officials worried about the day its potent hacking tool would get loose. Then it did.
https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html?utm_term=.9333a2121d30 When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose. Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue. But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.
Cybersecurity researcher finds kill switch to stop spread of ransomware cyber-attack
http://indianexpress.com/article/technology/tech-news-technology/cybersecurity-researcher-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack/ All thanks to a U.K-based cybersecurity researcher by the name of Malware Tech, who discovered a “kill switch” that eventually helped to curtail the spread of the ransomware. The researcher reportedly registered a web domain used the attackers, and took control of the domain. The trick worked, and the researcher was able to track the ransomware’s spread. Later Cisco’s Talos security group confirmed WannaCry had stopped spreading.
Six NHS Trusts Still Dealing with Cyber Attack that Hit One in Five Across England, says Home Secretary
http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-ransomware-trusts-home-secretary-amber-rudd-cobra-a7734436.html Six NHS trusts in England are still being affected by the ransomware cyber attack, Home Secretary Amber Rudd has said following a meeting of the Government’s emergency Cobra committee. Ms Rudd said 48 of the 248 trusts in England were hit by the program but the other 42 had managed to recover control of their systems. The problems forced hospitals to cancel appointments and delay treatment as medical files could not be immediately accessed and have affected thousands of companies and government departments in some 100 countries around the world, including the US and Russia.
Renault stops production at some sites after cyber attack
http://www.thehindu.com/business/renault-stops-production-at-some-sites-after-cyber-attack/article18446622.ece?homepage=true French carmaker Renault stopped production at several sites on Saturday to prevent the spread of a global cyber attack that hit its computer systems, a spokesman said. “Proactive measures have been put in place, including the temporarily suspension of industrial activity at some sites,” the spokesman said. The manufacturer is the first major French company to report being affected by the ransomware cyber attack that has infected tens of thousands of computers in nearly 100 countries.
Indian-origin researcher links ransomware attack to North Korea
http://timesofindia.indiatimes.com/nri/other-news/indian-origin-researcher-links-ransomware-attack-to-north-korea/articleshow/58698338.cms As the world struggles to identify the cybercriminals behind the global ransomware attack that hit 150 countries, an Indian-origin security researcher working with Google has claimed that the hackers may have links to North Korea. According to Neel Mehta’s discovery, the “Lazarus Group” that works on behalf of North Koreans may be behind the attack as in the past, it has used the same coding and tools as those used in “WannaCrypt” – the software used in the current hacking into the Microsoft operating software, BBC reported on Tuesday. “Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCrypt,” the report quoted Moscow-based cyber security firm Kaspersky Lab as saying. “Lazarus Group”, that according to Mehta is based in China, was responsible for a major hack on Sony Pictures in 2014 and another on a Bangladeshi bank in 2016.
Wannacry aftershocks: Ransomware attack has traces of N Korean hack
http://www.business-standard.com/article/international/wannacry-aftershocks-ransomware-attack-has-traces-of-n-korean-hack-117051700061_1.html A researcher from South Korea’s Hauri Labs said on Tuesday their own findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programmes used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation. An official at South Korea’s Korea Internet & Security Agency, however, said on Tuesday the agency was not in position to investigate the source of the attack.
Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack
https://www.nytimes.com/2017/05/16/world/asia/north-korea-cyber-sleeper-cells-ransomware.html?hpw&rref=technology&action=click&pgtype=Homepage&module=well-region®ion=bottom-well&WT.nav=bottom-well&_r=0 They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection. In more recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.
China Is Reluctant to Blame North Korea, Its Ally, for Cyberattack
https://www.nytimes.com/2017/05/17/world/asia/china-north-korea-ransomware.html?hpw&rref=technology&action=click&pgtype=Homepage&module=well-region®ion=bottom-well&WT.nav=bottom-well&_r=0 As evidence mounts that North Korea may have links to a ransomware attack, China’s response has been muted. China analysts say Beijing will hesitate before directly casting blame on North Korea even if evidence, still inconclusive, directly ties the North to the attack. Beijing is more likely to single out other actors, particularly the United States, experts say. China’s influence over North Korea’s hacking efforts has been significant. Security analysts say North Korean hackers operate out of hotels, restaurants and internet cafes in northeastern Chinese cities like Shenyang and Dandong.
Microsoft faulted over cyberattack
http://www.business-standard.com/article/international/microsoft-faulted-over-cyberattack-117051700062_1.html There’s a blame game brewing over who’s responsible for the massive cyberattack that infected hundreds of thousands of computers. Microsoft is pointing its finger at the US government, while some experts say the software giant is accountable too. As for Microsoft, some intelligence agency experts questioned its NSA criticism, saying it’s unreasonable for the company to ask governments to stop using its products as a way to attack and monitor enemies.
Putin: Malware created by intelligence services can backfire on its creators
www.rt.com The ransomware that hit computers across the world could backfire on its creators, Russian President Vladimir Putin said in Beijing. The ransomware was apparently developed in the US, Putin said. “Microsoft’s management has made it clear that the virus originated from US intelligence services,” the Russian president stressed. Putin added that launching cyber-viruses is “lifting a lid” that “could backfire on those who developed and created them,” including intelligence agencies. The ransomware attack that affected thousands of computers all across the globe should encourage the international community to tackle cybersecurity on “the highest political level,” he added. Last year, Moscow proposed discussing cybersecurity threats with Washington with the aim of drafting a bilateral agreement, but to no effect. “Unfortunately, they refused our proposal,” Putin said.
We’ve Just Seen the Biggest Cyber Attack Ever and Russia Wasn’t to Blame. How Come?
www.russia-insider.com After all the ‘Russia hacking’ accusations, the biggest cyber attack ever was carried out with code which originated with the NSA. This event, among the worst global cyberattacks in history, also sheds considerable light on issues that have dominated the political life of the United States for the past 10 months, since WikiLeaks began its release of documents obtained from the hacked accounts of the Democratic National Committee and John Podesta, the chairman of Hillary Clinton’s presidential campaign.
Chinese state media says U.S. should take some blame for cyber attack
http://www.reuters.com/article/us-cyber-attack-china-idUSKCN18D0G5 Chinese state media on Wednesday criticized the United States for hindering efforts to stop global cyber threats in the wake of the WannaCry “ransomware” attack that has infected more than 300,000 computers worldwide in recent days. The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft Corp (MSFT.O) systems and has infected some 30,000 Chinese organizations as of Saturday, the China Daily said.
China, Addicted to Bootleg Software, Reels From Ransomware Attack
https://www.nytimes.com/2017/05/15/business/china-ransomware-wannacry-hacking.html?cmpid=BBD051717_TECH&utm_medium=email&utm_source=newsletter&utm_term=170517&utm_campaign=tech As China scrambles to recover from a global hacking assault that hit its companies, government agencies and universities especially hard, the risks of its dependence on pirated software are becoming clear. Researchers believe large numbers of computers running unlicensed versions of Windows probably contributed to the reach of the so-called ransomware attack, according to the Finnish cybersecurity company F-Secure. Electronic payment systems at gas stations run by the state oil giant PetroChina were cut off for much of the weekend. Over all, according to the official state television broadcaster, about 40,000 institutions were hit. Separately, the Chinese security company Qihoo 360 reported that computers at more than 29,000 organizations had been infected. At China Telecom, one of the country’s three main state-run telecommunications providers, a similar scramble occurred over the weekend.
WannaCry: India least prepared due to low awareness level, says IT security official
http://indianexpress.com/article/technology/tech-news-technology/wannacry-india-least-prepared-due-to-low-awareness-level-says-it-security-official-4661585/ “Most Indian homes are vulnerable to Wannacry because of the pirated softwares they use,” the expert said. “Most Indian homes are vulnerable to Wannacry because of the pirated softwares they use,” the expert said. He was critical about the casual approach adopted by government sectors where old machines were still in use with almost zero backup and no patches were ever applied making them open to such cyber threats.
WannaCry ransomware: 48k cyber attack instances in India, says Quick Heal
http://www.business-standard.com/article/companies/wannacry-ransomware-48k-cyber-attack-instances-in-india-says-quick-heal-117051600886_1.html Security software maker Quick Heal said on Tuesday it had detected over 48,000 instances of the WannaCry ransomware attack in India, targeting both enterprises as well as individuals using systems running Microsoft’s Windows OS. “In the last few days, we have received distressed calls from customers belonging to verticals like education, banking, financial, manufacturing, healthcare and even from a few services sectors,” said Sanjay Katkar, managing director and chief technology officer of Quick Heal. Kolkata saw the most attacks, followed by Delhi, Bhubaneshwar, Pune and Mumbai.
Ransomware attack intensifies in Gujarat
http://www.thehindu.com/news/national/ransomware-attack-intensifies-in-gujarat/article18472604.ece?homepage=true As ransomware cyber attack continues, more networks of Gujarat government came under attack on the second day with virus spreading in many districts where government office computers were infected with virus. On Tuesday, computers in government offices in Bharuch, Amreli, Patan, Ahmedabad and Anand were found infected with ransonware, forcing the state authorities to start upgrading their systems and networks by installing anti virus softwares. Those affected by the virus include the police stations, anti-corruption bureau network, collector offices, registrar offices, regional transport offices and civil hospitals in Gandhinagar and Godhara.
Hackers Just Stole $66,000 in Bitcoin. Now What?
https://www.wsj.com/articles/hackers-just-stole-66-000-in-bitcoin-now-what-1494937394?tesla=y The hackers behind the massive WannaCry cyberattack have succeeded in extracting some ransom payments from people locked out of their computers. But they don’t yet have dollars to show for it. The cyberthieves took payment for their so-called ransomware in bitcoin, the digital currency that has become a popular tool for moving money across borders quietly—about $66,000 worth. Now comes the hard part: converting that bitcoin into cash with the whole world watching their every move.
Hackers mint crypto-currency with technique in global ‘ransomware’ attack
http://www.reuters.com/article/us-cyber-attack-cryptocurrency-idUSKCN18D00W Researchers at security firm Proofpoint said the related attack, which installs a currency “miner” that generates digital cash, began infecting machines in late April or early May but had not been previously discovered because it allows computers to operate while creating the digital cash in the background. Proofpoint executive Ryan Kalember said the authors may have earned more than $1 million, far more than has been generated by the WannaCry attack. Like WannaCry, the program attacks via a flaw in Microsoft Corp’s Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.
OTHER CYBERCRIME ACTIVITIES
Zomato reports massive data breach, 17 million accounts affected
http://indianexpress.com/article/technology/tech-news-technology/zomato-reports-massive-data-breach-17-million-accounts-affected-4661791/ About 17 million user records from Zomato’s database were stolen, the company said in a blog post. Zomato’s Gunjan Patidar has reassured users that no payment information or credit card data has been leaked. The food ordering service, which is used by over 120 million users, has reset passwords of all affected users and logged them out as a precaution. The stolen information includes user’s email addresses as well as hashed passwords. Patidar has recommended users to change passwords in case they’re using the same for other accounts as well. Further, Zomato will be adding an extra layer of security for internal teams to avoid such a breach in the future.
Hyderabad Police bust gang that tried to extort money from Bahubali makers
http://www.thehindu.com/news/cities/Hyderabad/gang-tries-to-extort-money-from-bahubali-makers/article18472562.ece?homepage=true Two days after the release of blockbuster film, Bahubali-The Conclusion, its Hyderabad-based production team -Arka Media Works Entertainment Limited- received a call from a self-styled film anti-piracy activist. “We have a high- definition pirated copy of your blockbuster. Pay us ₹ 15 lakh a day, otherwise the movie would be uploaded on Internet,” the caller was quoted as saying. While the gang managed to secure a copy of the movie from a theatre in filmi style breaching satellite technology security, Hyderabad police caught six of its members from Delhi and Patna in an equally dramatic fashion.
Decoded: Delhi gang’s new method of copying films
The gang’s kingpin was a multi-national company’s mid-level software professional. They tried to turn film piracy into an organised crime, and to some extent succeeded. Members of the Delhi-based gang arrested by the Hyderabad police on Tuesday not only secured pirated copies of the two Bahubali films but allegedly made money by copying many Bollywood movies earlier, say the investigators.
France fines Facebook $166,000 for ‘unfairly tracking’ personal data of 33 mn users
http://economictimes.indiatimes.comhttp://economictimes.indiatimes.com/magazines/panache/france-fines-facebook-166000-for-unfairly-tracking-personal-data-of-33-mn-users/printarticle/58709819.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst France’s independent privacy watchdog fined Facebook on Tuesday for breaching French privacy laws by tracking and using the personal data of 33 million users, as well as nonusers who browse the internet. The National Commission on Informatics and Liberties imposed sanctions of 150,000 euros ($166,000) on the social networking company for failing to comply with French data protection laws after a formal warning last year.
UK : Election candidates warned about phishing attempts
http://www.bbc.com/news/technology-39947628?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story Candidates in the general election have been asked to look through their emails for signs that they have been targeted by a phishing attack. The list of potential targets includes recent MPs. The National Cyber Security Centre (NCSC), which is part of GCHQ, disclosed the request in a document released early on 16 May. The BBC understands that the number of victims is currently understood to be in single figures and that so far victims’ personal emails have been affected but no successful phishing attempts have been made via parliamentary email addresses. A report in the Financial Times said it was “likely” that the phishing campaign had been orchestrated by a state.
Wikileaks Reveals Two CIA Malware Frameworks
https://threatpost.com/wikileaks-reveals-two-cia-malware-frameworks/125701/ WikiLeaks released details on what it claims are two frameworks for malware samples dubbed AfterMindnight and Assassin, both allegedly developed by the U.S. Central Intelligence Agency. The revelations come amid worldwide efforts to squelch variants of the WannaCry ransomware, an offensive hacking tool allegedly developed by the National Security Agency.
Small Countries’ New Weapon Against Goliaths: Hacking
https://www.nytimes.com/2017/05/14/business/vietnam-hackers-foreign-companies.html?rref=collection%2Fsectioncollection%2Fasia&_r=0 Hackers in Vietnam have been attacking foreign companies and other targets for years, seeking information and using tactics that suggest links to the Vietnamese government, a cybersecurity company said Monday. The findings, laid out in a report released by the company, FireEye, come as companies and experts look beyond traditional sources of attacks like China and Russia to deal with new or rising threats. Smaller countries are now trying their hand at hacking, experts say, as they seek to follow dissidents, undermine enemies or comb corporate files for trade secrets. FireEye, a company based in California that deals with large network breaches, said it had watched a Vietnamese group known as OceanLotus target foreign companies in the manufacturing, hospitality and consumer products sectors since at least 2014.
Trump Orders Preparation for Electric Grid Cyber Attacks
http://freebeacon.com/national-security/trump-orders-preparation-electric-grid-cyber-attacks/?utm_source=Freedom+Mail&utm_campaign=acde226908-EMAIL_CAMPAIGN_2017_05_12&utm_medium=email&utm_term=0_b5e6e0e9ea-acde226908-38360125 President Trump ordered the federal government to prepare for a devastating cyber attack against America’s electric grid amid growing fears foreign states are set to carry out attacks aimed at plunging the nation into darkness. A presidential order signed May 11 directed key federal agencies to assess preparations for a prolonged power outage resulting from cyber attacks designed to disrupt the power grid. An assessment of the danger must be carried out by the Energy Department, Homeland Security, DNI and state and local governments to examine the readiness of the United State to manage a shutdown of the power grid. The assessment will also identify gaps and shortcomings in efforts that would be used restore power.
VULNERABILITIES / PATCHES
Apple Patches PWN2OWN Vulnerabilities in Safari, Macos, IOS
https://threatpost.com/apple-patches-pwn2own-vulnerabilities-in-safari-macos-ios/125725/ Apple fixed 66 vulnerabilities across seven product lines, including Safari, iTunes, macOS, and iOS, on Monday. Many of the fixes – especially in macOS and Safari – resolve vulnerabilities uncovered at Pwn2Own, the hacking contest held at CanSecWest each year. Contestants collectively earned $143,000 for poking holes in Apple products when the competition was held in March.
Chrome Browser Hack Opens Door to Credential Theft
https://threatpost.com/chrome-browser-hack-opens-door-to-credential-theft/125686/ A vulnerability in Google’s Chrome browser allows hackers to automatically download a malicious file onto a victim’s PC that could be used to steal credentials and launch SMB relay attacks. Bosko Stankovic, information security engineer at DefenseCode, found the flaw in the default configuration of the latest version of Chrome running on an updated version of Microsoft’s Windows 10 operating system. “Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his website to be able to proceed and reuse victim’s authentication credentials,” he wrote Monday in a description of the vulnerability. To protect against the attack in Google Chrome, DefenseCode recommends visiting Settings> Show advanced settings> and Check the “Ask where to save each file before downloading” option.
WhatsApp suffers global outage, back online after a few hours
http://indianexpress.com/article/technology/tech-news-technology/whatsapp-suffers-global-outage-back-online-after-a-few-hours-4661555/ WhatsApp suffered a global outage on Wednesday, with users reporting problems accessing the app. According to The Independent, the outage lasted for several hours before being resolved. Users from from Malaysia to Spain, Germany and some other European countries faced issues with the service. People faced problems while sending and receiving messages as well as logging in. Facebook-owned WhatsApp acknowledged the problem, and in a statement to The The Independent said, “Earlier today, WhatsApp users in all parts of the world were unable to access WhatsApp for a few hours. We have now fixed the issue and apologize for the inconvenience.” This is the second time in the last two weeks that WhatsApp faced a global outage.