As security researchers investigate last Friday’s massive attack from the WannaCry ransomware, they’ve noticed clues that may link it with a North Korean hacking group that has been blamed for attacking banks across the world.
The evidence is far from a smoking gun, and may prove inconclusive. But security researchers have noticed a similarity between an earlier version of WannaCry and a hacking tool used by the Lazarus Group.
Last Friday’s massive WannaCry ransomware attack means victims around the world are facing a tough question: Should they pay the ransom?
Those who do shouldn't expect a quick response -- or any response at all. Even after payment, the ransomware doesn’t automatically release your computer and decrypt your files, according to security researchers.
Instead, victims have to wait and hope WannaCry’s developers will remotely free the hostage computer over the internet. It's a process that’s entirely manual and contains a serious flaw: The hackers have no way to prove who paid off the ransom.
"The odds of getting back their files decrypted is very small," said Vikram Thakur, technical director at security firm Symantec. "It's better for [the victims] to save their money and rebuild the affected computers."
Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.
In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8 -- all of them operating systems for which it no longer provides mainstream support.
Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.
The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.
Friday’s unprecedented ransomware attack may have stopped spreading to new machines -- at least briefly -- thanks to a "kill switch" that a security researcher has activated.
The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.
The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.
消费者与惠普笔记本电脑,已被意外记录他们的击键可以很容易地从PC机的补丁解决这个问题。
超过24家HP笔记本电脑模型,包括的EliteBook,的ProBook和ZBook,具有在音频驱动器的错误,将作为键盘记录,瑞士安全公司周四表示。受影响的产品列表可以这里找到。
Fortunately, HP began rolling out fixes through its support page, and in a Windows update, starting on Thursday, HP Vice President Mike Nash said.
A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.
The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of their network.
Spain’s computer response team CCN-CERT has also warned of a "massive attack" from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.
Over two dozen HP laptop models have been secretly recording users’ keystrokes, possibly by mistake, according to a Swiss security firm.
The keylogger is found within the PCs' audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post.
The audio driver was designed to identify when a special key on the PC was used. But in reality, the software will capture all the keystrokes and write them in an unencrypted file located on the laptop.
In other cases, the keystrokes will be passed to a Microsoft Windows debugging interface on the PC, and expose them to possible capture, Modzero said.
总裁唐纳德·特朗普终于签署的long-awaited executive order on cybersecurity, and he called for the U.S. government to move more into the cloud and modernize its IT infrastructure.
The order, signed on Thursday, is designed to "centralize risk" and move the government's agencies toward shared IT services, White House homeland security adviser Tom Bossert said in a press briefing
Over 100,000 internet-connected cameras may be falling prey to a new IoT malware that’s spreading through recently disclosed vulnerabilities in the products.
The malware, called Persirai, has been found infecting Chinese-made wireless cameras since last month, security firm Trend Micro said on Tuesday. The malware does so by exploiting flaws in the cameras that a security researcher reported back in March.
The researcher, Pierre Kim, found that the vulnerabilities can allow an attacker to remotely execute code on the cameras, effectively hijacking them.
At least 1,250 camera models produced by a Chinese manufacturer possess the bugs, the researcher went on to claim.
一些德国企业在访问不同的在线服务的单一登录过程中采取了刺。
The companies, which include automaker Daimler, insurance provider Allianz and Deutsche Bank, among others, announced the joint effort on Monday. Their goal: to create a platform that revolves around a “master key” for users that can access sites and services across industries.
The platform will not only make online registration simpler, but also more secure, they said. To do so, the companies will incorporate top standards in data security, and comply with local European Union data protection laws.
另一种政治运动已经通过电子邮件转储命中。这一次,目标是法国总统候选人埃马纽埃尔·万安。
上周五,他的竞选活动表示了大规模的和协调的黑客违反了几个员工的电子邮件收件箱。在此之前的名字命名的“EMLEAKS”神秘的用户显然是经过torrent文件倾倒在文本存储站点引擎收录。
被盗的数据目前还不清楚,如果垃圾堆里的信息是真实的。据称,该转储中包含电子邮件和照片的9GB宝库。The torrent files, which were hosted on Archive.org, are no longer available there.
But Macron’s campaign said the leaked files have been spreading over social media as the country prepares to vote for a new president on Sunday.
下周,PC厂商将开始推出的是修复严重的漏洞在特定的基于英特尔的业务系统,包括笔记本电脑中发现的补丁,使他们更容易破解。
Intel on Friday released a new notice urging clients to take steps to secure their systems.
The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.
In addition, vendors including Fujitsu, HP, and Lenovo have released lists showing which products are affected and when the patches will roll out.
There's a growing threat on the cybersecurity scene that could drain millions from unsuspecting businesses and leave them vulnerable to hacking threats.
It isn’t a new strain of ransomware. It’s the cybersecurity industry itself.
It's ironic, but the products vendors sell, and the marketing they use, sometimes leave buyers misinformed and less secure, according to several business directors who actually buy the tech.
“There’s definitely a lot of vaporware,” said Damian Finol, an IT security manager at a major internet company. “There are definitely products that have really exaggerated claims about what they actually do.”
For some vendors, it's more about the sale than about security, IT executives say. To close a deal, bad vendors tend to overpromise features that they claim will be added down the line but never materialize. That makes a buyer's job harder.
无法找到为贵公司的安全产品?你不是唯一的一个。
今天的市场充满了数以百计的供应商和大量的市场宣传。但是,搞清楚哪些解决方案是值得的可能是一个挑战,特别是对网络安全缺乏经验的企业。
So we asked actual buyers of enterprise security products for tips, and here’s what they said.
Businesses have to do their research. That means looking at customer recommendations instead of relying on what vendors say. Testing the security products in house is also highly advised.
Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.
One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.
“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.
The phishing scheme -- which may have circulated to 1 million Gmail users -- is particularly effective because it fooled users with a dummy app that looked like Google Docs.