A fast-moving ransomware outbreak has compromised Spanish telco Telefonica, multiple National Health Service trusts in Britain and other organizations around the world. The attacks have been using the leaked "Equation Group" SMB exploit to penetrate networks.
As organizations worldwide rush to mitigate the outbreak of the WannaCry crypto-locking ransomware, Adam Meyers of CrowdStrike shares insights on what researchers have gleaned from the attacks and how organizations should respond.
To better battle ransomware, we must take a page from the lessons learned by the kidnapping and ransom insurance industry in its battle against piracy in the Indian Ocean, Jeremiah Grossman told the AppSec Europe conference in Belfast, Northern Ireland.
The cybersecurity epitaph of the fired FBI director could read: "He showed courage to take on Apple." Comey publicly battled Apple CEO Tim Cook over unlocking the iPhone of the San Bernardino shooter, becoming the face of the proponents who seek ways to bypass encryption on mobile devices.
Hot sessions at this week's OWASP AppSec Europe 2017 conference in Belfast, Northern Ireland, cover everything from the EU's General Data Protection Regulation and fostering better SecDevOps uptake, to quantum-computing resistant crypto and ransomware economics.
Reporting software vulnerabilities can be legally dicey, particularly if the affected company has not previously had contact with computer security researchers. A Sydney consultant recently experienced both ends of the spectrum while investigating building management software.
The critical Active Management Technology flaw in many Intel chipsets' firmware can be remotely exploited using any password - or even no password at all - to gain full access to a system, security researchers warn. Numerous systems and even ATMs will require forthcoming firmware fixes.
The latest draft version of the Trump administration's cybersecurity executive order is similar to the previous version and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Obama White House.
The Department of Homeland Security is warning IT service providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware on critical systems.
Hackers have reportedly exploited the SS7 mobile telecommunications signaling protocol to drain money from online bank accounts used by O2 mobile phone subscribers. Despite rising security worries relating to SS7, many telcos have yet to explore related fixes.
Organizations have more endpoints today than ever, and securing those endpoints is challenging, because it's rare that any one organization is responsible for all the endpoints that touch its network and servers, says Mike Spanbauer, vice president of research and strategy at NSS Labs.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.