Shadow Brokers Threaten To Reveal Identity Of Ex-NSA Hacker

Group responsible for leaking NSA exploits resurfaces

The mysterious Shadow Brokers hacking group threatened Wednesday to reveal the identity of an alleged former NSA hacker.

In a message posted online, the group – responsible for leaking the NSA exploits which powered the WannaCry and so-called Petya ransomware outbreaks – accused the alleged hacker in broken English of “writing ugly tweet to theshadowbrokers” and of belonging to Equation Group, a highly sophisticated team suspected of being NSA.

…continue reading

NSA Software Behind Latest Global Ransomware Attack

“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki’s cybersecurity firm F-Secure, when discussing today’s latest outbreak of the WannaCry-like ransomeware attack, which as we reported earlier started in Ukraine, and has since spread to corporate systems across the world, affecting Russian state oil giant Rosneft, the international shipping and energy conglomerate Maersk, and the UK public relations company WPP, before jumping across the Atlantic and going global, by infecting the US-based division of global pharma giant Merck, which this morning confirmed it has been hit by the “Petya” attack.

“We confirm our company’s computer network was compromised today as part of global hack,” Merck said in a statement on Tuesday. “Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

…continue reading

 

The NSA Reportedly Believes North Korea Was Responsible For WannaCry Ransomware Attacks

North Korea increasingly appears to have been behind the ransomware attack that infected hundreds of thousands of computers last month and shut down hospitals, businesses, and other systems in the process.

The Washington Post is now reporting that the US National Security Agency believes with “moderate confidence” that the ransomware, called WannaCry, came from hackers sponsored by North Korea’s spy agency. The report isn’t public, but the Post says the assessment has been distributed within the agency.

…continue reading

Hackers Working On A Global ‘ExplodingCan’ Cyber Attack

  • The hack targets computers worldwide running on Microsoft Windows 2003
  • It exploits a known flaw in the servers, triggering a buffer overflow
  • This allows hackers to remotely access the computer, and plant ransomware

Experts have warned that a devastating global cyber attack is imminent.

The hack, called ‘ExplodingCan’, targets computers running on Microsoft Windows 2003, which means that it could be used to attack 375,000 computers worldwide.

This puts it in the same risk category as last month’s WannaCry ransomware attack which caused mayhem around the world, crippling vital servers such as those used by the NHS.

…continue reading

WikiLeaks: CIA ‘Pandemic’ Malware Infected Servers To Spread Virus To Computers

In the most recent installment of WikiLeak’s CIA Vault 7 series, the whistleblowing group has published details on a server virus codenamed “Pandemic.”

In the latest leak, published on Thursday, WikiLeaks outlines the use of the CIA’s “Pandemic” project. This leak is a virus that targets Windows computers, sharing files with remote users in a local network. WikiLeaks described the program on their website writing,

“Today, June 1st 2017, WikiLeaks publishes documents from the ‘Pandemic’ project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. ‘Pandemic’ targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets).”

…continue reading

Ransomware And The NSA

Should the government still be stockpiling software flaws?

The effects of this month’s global ransomware attack seem to be fading, fortunately. But a crucial question the incident raised is only getting more urgent. When it comes to online security, the U.S. government’s priorities — preventing terrorism and protecting cyberspace — are in permanent tension. Is there a way to resolve it?

The National Security Agency routinely seeks out flaws in common software and builds tools, known as exploits, to take advantage of them. Doing so is an essential part of the agency’s mission of spying on terrorists and foreign adversaries, yet it comes with grave risks.

The latest attack — still evolving — is an example. Researchers say it takes advantage of a stolen NSA tool to exploit a flaw in some versions of Windows. Microsoft Corp. has suggested that the NSA knew of the flaw for some time, yet didn’t disclose it until the theft.

…continue reading

 

Hackers Hide Malware and Post Fake Stories; Breach Exposes Concealed Carry Permit Holders’ Info

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches:

Malware Has a New Hiding Place: Subtitles

Hackers could take control of a computer by hiding malware in movie titles, according to a security software firm.

Checkpoint said malware could be embedded into the subtitle files, and most media players—including VLC, Kodi, Popcorn Time and Stremio—would trust the file, a TechCrunch report said. Such subtitles files are often used for pirated movies and TV shows.

“Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files,” a Checkpoint blog post on the discovery said. “This means users, anti-virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.”

Checkpoint said millions of people use media players, and while the four previously mentioned programs have been fixed, there could be security holes in others.

…continue reading

%d bloggers like this: