Subscribe: CircleID: News Briefs
http://www.circleid.com/rss/rss_news/
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
access  attack  bank  circleid twittermore  circleid  infected  mdash  petya ransomware  petya  ransomware  south korean  south 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: News Briefs

CircleID: News Briefs



Latest news postings on CircleID



Updated: 2017-06-27T19:23:00-08:00

 



Petya Ransomware Spreading Rapidly Worldwide, Effecting Banks, Telecom, Businesses, Power Companies

2017-06-27T12:23:00-08:00

Supermarket 'Rost' in Kharkiv, East Ukraine – all the payment terminals appear to have been hit by the Petya ransomeware. (Photo posted on Twitter this morning by Mikhail Golub / @golub) A large scale ransomware attack today is spreading rapidly worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins. Multiple sources are reporting that this variant of Petya ransomeware, also known as Petwrap, is using the WannaCry vulnerability that had infected close to 300,000 systems and servers worldwide last month. Swati Khandelwal reporting in The Hacker News: "Infected users are advised not to pay the ransom because hackers behind Petya ransomware can't get your emails anymore. Posteo, the German email provider, has suspended the email address i.e. wowsmith123456@posteo.net, which was used by the criminals to communicate with victims after getting the ransom to send the decryption keys. At the time of writing, 23 victims have paid in Bitcoin to '1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX' address for decrypting their files infected by Petya, which total roughly $6775." — "Petya ransomware has already infected Russian state-owned oil giant Rosneft, Ukrainian state electricity suppliers, Kyivenergo and Ukrenergo, in the past few hours. ... There are reports from several banks, including National Bank of Ukraine (NBU) and Oschadbank, as well as other companies confirming they have been hit by the Petya ransomware attacks." –The Hacker News — Ukrainian government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network are all struck by the attack which started spreading across Europe earlier today. Tweet from Presidential Administration of Ukraine sent out a few hours ago — Brad Duncan from The Internet Storm Center, Examining the new Petya variant: "Petya is a ransomware family that works by modifying the infected Windows system's Master Boot Record (MBR).  Using rundll32.exe with #1 as the DLL entry point, I was able to infect hosts in my lab with the above two DLL samples.  The reboot didn't occur right away.  However, when it did, my infected host did a CHKDSK after rebooting. After CHKDSK finished, the infected Windows host's modified MBR prevented Windows from loading.  Instead, the infected host displayed a ransom message." — One of the largest health networks in western Pennsylvania, Heritage Valley Health System reports "cyber security incident" has affected all operations at its two hospitals and 18 satellite centers but has not yet confirmed whether the incident is linked to the Petya ransomware. — DLA Piper Victim of Massive Malware Attack: "The global law firm DLA Piper fell victim on Tuesday to a widespread cyber attack, which reportedly disabled networks at dozens of companies. By midday, the firm posted a statement on its website, which remained functional, confirming it suffered a malware attack." Bloomberg Law / 27 Jun 2017, 1:19 PM — "Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now." Brian Krebs writes: "However, there are indications that Petya may have other tricks up its sleeve to spread inside of large networks. Russian security firm Group-IB reports that Petya bundles a tool called 'LSADump,' which can gather passwords and credential data from Windows computers and domain controllers on the network." — A.P. Moller-Maersk, the transport and logistics company, has confirmed that its IT systems are down across multiple sites and business units. This has affected various operations including India's largest container port JNPT. The company has stated that AP Moller-Maersk, one of the affected entities globally, operates the Gateway Terminals India (GTI) at JNPT, which has a capacity to handle 1.8 million standard container units. 27 Jun 2017, 1:40 PM — Hackers behind today's massive ransomwar[...]



South Korean Banks Receive DDoS Threat from Hacker Group, Record Ransomware Payment Demanded

2017-06-27T11:02:00-08:00

Many sources including South Korea's news agency Yonhap are reporting that a hacker group has threatened to launch a DDoS attack against seven South Korean banks unless they pay about 360 million won (US$315,000) in bitcoin. The hacker group, known as Armada Collective, has threatened KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, NH Bank and two other lenders. Zeljka Zorz reporting in Help Net Security writes: "Choi Sang-Myung, a researcher at South Korean's Hauri Labs, noted that these latest threats might have been a consequence of the recent successful extortion attempt of South Korean web hosting provider Nayana. ... The deadline for the announced attacks was this Monday. The websites of the aforementioned banks are online and working, but whether it's because they paid the requested amount or because they managed to twart the DDoS attacks is impossible to tell."

Update: New report from BBC, "Global ransomware attack causes chaos ... Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack. ... Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month. ... Kaspersky Lab reported that it believed the malware was a 'new ransomware that has not been seen before' despite its resemblance to Petya."

Petya is a ransomware with an evil twist: F-Secure: "Instead of encrypting files on disk, it will lock the entire disk, rendering it pretty much useless. Specifically, it will encrypt the filesystem’s master file table (MFT), which means the operating system is not able to locate files. It installs itself to the disk’s master boot record (MBR) like a bootkit. But instead of covert actions, it displays a red screen with instructions on how to restore the system."

"A South Korean hosting firm just paid $1m to get their data back and that's a huge incentive. It's the biggest incentive you could offer to a cyber-criminal." Andrei Barysevich at security firm Recorded Future told BBC

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, DDoS




Cycling Legend Greg LeMond Sues Cybersquatters Upward of $6.6 Million

2017-06-26T10:24:00-08:00

A federal restraining order has been issued against a father and son accused of registering several domain names based on cycling legend Greg LeMond's name and his company. In a story published in the Star Tribune today, Paul Walsh reports: "[LeMond] is alleging that the two are 'cybersquatters,' having taken control of 66 web addresses using the three-time Tour de France champion's trademarked name and business, called Grail [such as lemondgrail.com and grailcarbon.us] ... U.S. District Judge John Tunheim's temporary restraining order bars the Stinchfields, who live in Orono, from registering any additional domain names tied to the 56-year-old LeMond or his business, or transferring or selling the ones they control." Raymond Hackney in a commentary in The Domains blog writes: "Over the years you run into people who don’t care much about trademark infringement… The thought was that if they got a UDRP they would just let the complainant take the domain name, no big whoop. But I would always say to these people, the complainant doesn’t have to go the UDRP route, they can go for damages under the ACPA."

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Intellectual Property, Law




Mozilla, National Science Foundation Offer $2M Prize for a Decentralized Web

2017-06-24T12:01:00-08:00

Mozilla and the National Science Foundation have announced a $2 million prize for ideas that decentralize the web; prizes will be available for both early-stage design concepts and fully-working prototypes. From the announcement: "To connect the unconnected and disconnected across the U.S., Mozilla today is accepting applications for the Wireless Innovation for a Networked Society (WINS) challenges. Sponsored by NSF, a total of $2 million in prize money is available for wireless solutions that get people online after disasters, or that connect communities lacking reliable Internet access."

To prize is available for U.S.-based entrants to one of the following two separate challenges:

Off-the-Grid Internet Challenge: "When disasters like earthquakes and hurricanes strike, communications networks are among the first pieces of critical infrastructure to overload or fail. How can we leverage both the Internet's decentralized design and current wireless technology to keep people connected to each other — and vital messaging and mapping services — in the aftermath of a disaster?"

Smart Community Networks Challenge: "Many communities across the U.S. lack reliable Internet access. Sometimes commercial providers don't supply affordable access; sometimes a particular community is too isolated; sometimes the speed and quality of access is too slow. How can we leverage existing infrastructure — physical or network — to provide high-quality wireless connectivity to communities in need?"

Follow CircleID on Twitter

More under: Access Providers, Networks, Web, Wireless




Cyberattack on UK Parliament Halts Email Access

2017-06-24T11:35:00-08:00

UK parliament has been the target of a "sustained and determined" cyberattack by hackers attempting to gain access to Member of Parliaments' and their staffers' email accounts. The Guardian reports: "Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords. MPs said they were unable to access their emails after the attack began. The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails."

Follow CircleID on Twitter

More under: Cyberattack, Email




Pharmacy Chain Boots Terminates Its New TLD .boots

2017-06-24T10:06:00-08:00

"Boots becomes latest company to terminate new gTLD but other '.brands' go full steam ahead." Trevor Little reporting in World Trademark Review: "Pharmacy chain Boots has become the latest company to signal an intention to terminate a Registry Agreement (RA), this time for the '.boots' TLD. ... Others that have previously decided against proceeding with '.brand' applications including South Korean industrial conglomerate Doosan, publisher Guardian News & Media and cosmetics giant L'Oreal. ... While a negative development for the new gTLD programme, it should not be viewed as an indicator that '.brands' are losing their lustre — on the contrary, the rollout of branded spaces shows no sign of slowing."

Follow CircleID on Twitter

More under: Top-Level Domains




Cisco Introduces Intent-Based Network That Can Learn, Adapt and Mitigate Threats

2017-06-22T12:37:01-08:00

(image)

Cisco has launched an intent-based networking solution designed to be intuitive and adapt; a new approach claimed to be one of the most significant breakthroughs in enterprise networking. "This new network is the result of years of research and development by Cisco to reinvent networking for an age where network engineers managing hundreds of devices today will be expected to manage 1 million by 2020. ... Today companies are managing their networks through traditional IT processes that are not sustainable in this new age. Cisco's approach creates an intuitive system that constantly learns, adapts, automates and protects, to optimize network operations and defend against today's evolving threat landscape."

This approach is believed to change the fundamental blueprint for networking, says Cisco: "The intuitive network is an intelligent, highly secure platform — powered by intent and informed by context."

Intent: "Intent-based networking allows IT to move from tedious traditional processes to automating intent, making it possible to manage millions of devices in minutes — a crucial development to help organizations navigate today's ever expanding technology landscape."

Context: "Interpreting data in context is what enables the network to provide new insights. It's not just the data that's important, it's the context that surrounds it — the who, what, when, where and how. The intuitive network interprets all of this, resulting in better security, more customized experiences and faster operations."

Intuition:” The new network provides machine-learning at scale. Cisco is using the vast data that flows through its networks around the world, with machine learning built in, and unleashing that data to provide actionable, predictive insights."

Follow CircleID on Twitter

More under: Cybersecurity, Networks




Honda Halts Domestic Car Production Plant Due to WannaCry Virus in Computer Network

2017-06-21T09:37:00-08:00

Production at a Honda domestic vehicle plant was halted for a day this week as a result of the discovery of WannaCry ransomware in the computer network, the company reports. Reported today in Reuters: "The automaker shut production on Monday at its Sayama plant, northwest of Tokyo, which produces models including the Accord sedan, Odyssey Minivan and Step Wagon compact multipurpose vehicle and has a daily output of around 1,000 vehicles. Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions ... despite efforts to secure its systems in mid-May."

Follow CircleID on Twitter

More under: Cyberattack




Bloomberg: Pricing of New TLDs Seem "Kind of Random", Sector in "Flux"

2017-06-20T14:15:00-08:00

"What does it mean that a web address ending in .pizza costs more than one ending in .beer? Or that .bar costs more than .academy?" Bloomberg's Economic Editor, Peter Coy, suggests that the new Top-Level Domain pricing seen in the market today appears to represent a big pricing experiment in a sector of the economy "that's in flux". So why the various TLDs vary so much in price? Coy writes: "One reason seems to be that the market is young, and both buyers and sellers are trying to feel their way toward what’s good value for the money. Entrepreneurs that spent a lot of money for top-level domain names may try to price higher to recoup their costs, which can be tricky because customers don’t really care about their suppliers’ costs."

Follow CircleID on Twitter

More under: Domain Names, Top-Level Domains




Data on Nearly 200 Million Potential Voters in U.S. Found Fully Exposed

2017-06-19T12:12:01-08:00

According to reports released today, databases containing information on close to 200 million potential U.S. voters were found unsecured and exposed to the Internet, allowing anyone to download it without a password. The data analytics contractor Deep Root Analytics employed by the Republican National Committee (RNC) has taken full responsibility for the situation. Joe Uchill reporting in The Hill: "The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured. ... 'In terms of the disc space used, this is the biggest exposure I've found. In terms of the scope and depth, this is the biggest one I've found,' said Vickery."

Follow CircleID on Twitter

More under: Cybersecurity




Overview of the Global Domain Market, Afnic Study

2017-06-19T11:31:00-08:00

[...]



Chinese Scientists Have Built First Quantum Network With No Danger of Being Decrypted

2017-06-15T14:07:00-08:00

(image) The 600-kilogram payload now onboard the Chinese satellite that is producing pairs of quantum entangled photons. Image source: Xinhua

A paper published by researchers from the Chinese Academy of Sciences, reports a successful demonstration of satellite-based entanglement distribution to receiver stations separated by more than 1200 km — the results illustrate the possibility of a future global quantum communication network. Ian Sample, Science editor of The Guardian, writes: "Researchers believe that by linking particles together in this way, encrypted information could be sent from place to place across a quantum network with no danger of it being decrypted and read by others, as can be done on the existing internet. ... The work obliterates the previous world record for sending pairs of photons that are connected to one another by a strange rule of quantum physics first spotted by Einstein. Until now, the farthest researchers had ever sent entangled photons stood at a mere 65 miles."

Follow CircleID on Twitter

More under: Broadband, Cybersecurity, Telecom




North Korea's Spy Agency Behind WannaCry

2017-06-15T07:27:00-08:00

According to a report from The Washington Post, the NSA has linked the North Korean government to the creation of the WannaCry ransomeware that resulted in affecting over 300,000 people in almost 150 countries last month. "The assessment [...] is based on an analysis of tactics, techniques and targets that point with 'moderate confidence' to North Korea's spy agency… WannaCry was apparently an attempt to raise revenue for the regime, but analysts said the effort was flawed. Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime




Donuts, Rightside Group Merge in a $213M Acquisition Deal

2017-06-14T05:59:00-08:00

Donuts Inc., a leading domain name registry for new top-level domains and Rightside Group today announced a merger agreement; Donuts has agreed to acquire Rightside for $10.60 per share in an all-cash tender offer, for an aggregate purchase price of approximately $213MM. According to the release, the Merger Agreement was "unanimously approved by Rightside's Board of Directors following a comprehensive review of strategic and financial alternatives that Rightside announced in the first quarter of 2017." Bruce Jaffe, Donuts chief executive officer: "We believe that the combined company will be well positioned to serve our registrar customers and the millions of businesses and individuals who are embracing new ways to brand their online identities."

"The deal will give Donuts an additional 40 top level domain names, Rightside’s technical registry system (that currently powers Donuts’ domains), domain name registrar Name.com, and a portfolio of about 300,000 (mostly .com) domain names." –Andrew Allemann, Domain Name Wire / Jun 14

"There was talk of a split last year, with Donuts apparent endorsement of Google’s Nomulus platform, but the two companies reaffirmed their relationship earlier this year. ... [Rightside] faced criticism from shareholders over the last year or so over their relatively poor performance. Activist investor J Carlo Cannell, who owns almost 9% of Rightside, has been pressuring the company’s board to take radical action for the last 15 months." Kevin Murphy, Domain Incite / Jun 14

Follow CircleID on Twitter

More under: Domain Names, Registry Services, Top-Level Domains




FBI, DHS Release Technical Details on North Korea’s DDoS Botnet Infrastructure

2017-06-13T15:11:00-08:00

U.S. Department of Homeland Security (DHS) and the FBI today released a technical alert based joint-effort analysis of methods behind North Korea’s cyberattacks. From today's release: "This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. ... DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, DDoS, Malware




Microsoft Releases Patches to Fix Close to a Hundred Flaws, Including for Unsupported Windows XP

2017-06-13T14:41:00-08:00

Microsoft has released security updates for close to a hundred security vulnerabilities in a number of Windows operating systems. From Krebs on Security, Brian Krebs writes: "One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. ... 27 of the 94 security holes Microsoft patches with today's release can be exploited remotely by malware or miscreants to seize complete control over vulnerable systems with little or no interaction on the part of the user. ... It is this very 'wormlike' capability — a flaw in Microsoft's SMB service — that was harnessed for spreading by WannaCry, the global ransomware contagion last month that held files for ransom at countless organizations and shut down at least 16 hospitals in the United Kingdom."

Follow CircleID on Twitter

More under: Cybersecurity, Malware




Russian Interference More Vigorous than Assumed, Over 39 States Targeted During Election

2017-06-13T11:40:00-08:00

"Voter databases and software systems in an overwhelming number of states — 39 to be exact — were targeted by Russian cyberattacks over the summer and fall of 2016," Allegra Kirkland reporting today in TPM. "That number, and Bloomberg’s revelation that hackers attempted to delete or alter voter data in Illinois and successfully accessed a campaign finance database in another state, indicates that Russian’s election interference was even more vigorous than has previously been reported. ... Russian meddling involved not only the strategic hacking and distribution of campaign communications, but efforts to interfere with America’s election infrastructure."

Follow CircleID on Twitter

More under: Cyberattack, Cybersquatting




Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware

2017-06-09T07:36:00-08:00

WannaCry's Decryptor interface – Image shows WannaCry providing two methods of communication with the attackers: the “Contact Us” link and the “Check Payment” button on the main decryptor interface (Source: McAfee) An extensive analysis of WannaCry seems to indicate attackers would be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis. In other words, those behind the campaign would not (or could not) decrypt victims’ data once they received payment. The research team from McAfee that conducted the analysis finds the flaw to be somewhat puzzling given the WannaCry campaign's incredibly effective propagation techniques, reasonable key and data management, and a working anonymous communication fabric with Bitcoin payments. — Odd negligence: "The WannaCry authors demonstrated good technical governance, for example, the key handling, buffer sanitization, and private key security on disk using a strongly encrypted format. It is odd that with such good governance, the same group neglected to include something as essential as a unique ID for a user (or instance of attack) because this is mandatory to decrypt a specific user’s files. While much of the initial analysis described the WannaCry campaign as 'shoddy,' the use of good technical governance suggests that there are elements of this campaign that are well implemented." — Shoddy campaign: "This competence raises doubts that the campaign was shoddy. Given the level of capability demonstrated, we would expect the developers would have found and fixed basic errors. Indeed, could the inclusion of these basic errors be an attempt to make the campaign appear amateur? Without apprehending those behind the campaign, it is impossible to know their motivation; yet a thorough analysis of the technical artefacts questions the shoddy theory." Follow CircleID on TwitterMore under: Cyberattack, Cybersecurity, Malware [...]



Canadian Internet Registration Authority Launches Cloud-Based DNS Firewall Service

2017-06-09T06:46:00-08:00

The Canadian Internet Registration Authority (CIRA) has announced the launch of a security service called D-Zone DNS Firewall — a cloud-based cybersecurity solution — to protect Canadian organizations from rasomware and malware. CIRA has partnered with Nominum, provider of recursive DNS technology, to build the first of what it calls a made-in-Canada DNS Firewall solution. "The service operates in Canadian Internet exchange points and functions as a high-performance, policy-enabled recursive DNS service to ensure that organizations using the DNS Firewall maintain or even improve user experience through faster web and application access." The company says its service will help organizations block access to malicious content before it can reach their network and malware is prevented from using its command and control servers for execution.

Follow CircleID on Twitter

More under: Cloud Computing, Cyberattack, Cybercrime, Cybersecurity, DDoS, DNS, Malware




Al Jazeera Under Systematic Cyberattack

2017-06-08T16:42:00-08:00

The websites and digital platforms of Qatar-based Al Jazeera Media Network are undergoing systematic and continual hacking attempts, the news agency reported a few hours ago on its website. "Last month, Qatar's official news agency was hacked and false statements attributed to the country's ruler were posted that helped spark a rift with other Arab Gulf states. Saudi Arabia, Egypt, the United Arab Emirates and several other countries cut their ties with Doha on Monday in part because of the comments briefly posted on the Qatar News Agency." CNN has reported that "US investigators believe Russian hackers breached Qatar's state news agency and planted a fake news report that contributed to a crisis among the US' closest Gulf allies."

Follow CircleID on Twitter

More under: Cyberattack