Newsletter |
|||||||
May 31st, 2017 | |||||||
WannaCry Ransomware Didn't Start with Phishing Attack |
|||||||
The WannaCry Ransomware campaign that struck users globally early last week has been thought to have started with malware-infected phishing emails, but according to Malwarebytes, that’s not the case. Malwarebytes claims that instead of starting via phishing email, the ransomware campaign was instead initiated by scanning for vulnerable SMB ports exposed to the public internet. Hackers then used the NSA’s EternalBlue exploit to gain access to the target network and deployed the DoublePulsar backdoor to gain persistence, allowing for the installation of additional malware, like WannaCry. |
|||||||
Google Phishing attack targeted permissions & credentialsA brief phishing attack targeting Google Gmail and Google Docs users struck yesterday impacting an unknown number of individuals. The attack was quickly mitigated by Google and lasted for roughly 2 hours, with the meat of it all taking place during a 15 minute period around 3 pm on May 3. Google claims that so far nothing malicious has been done with the stolen credentials, but expect to hear more. |
Derive, report & Track drift from an approved system image baseline using gen7Understanding what the correct baseline configuration is for your IT system components is a keystone of security best practice. Compliance mandates, in particular, NERC CIP, require baselines of installed software, updates, and open ports to be captured and reported against. Functional Requirements (Which applications do this system support? Which software packages does it need? What does the filesystem structure look like? What are the configuration settings needed for it to deliver its services?) and it's: Security Posture (What is the hardened build for this system? What are the minimum services, ports, and functions required, and what can we disable as a result? What are the configuration settings needed to mitigate vulnerabilities known to affect this device?) Continue reading this Top Tip & Trick Hackers expose 17 million zomato user credentials on the Dark webAround 17 million users of the popular restaurant search platform Zomato have had their login credentials stolen by hackers and put on the dark web to be sold to criminals. Zomato’s CTO, Gunjan Patidar, claims that User IDS, Names, Usernames, Email Addresses, and Password hashes with salt are among the information stolen in the breach. All passwords were reset and users were required to log back into the platform following the event. |
Quarterly Update: F.A.S.T Cloud Integration from NNT CEO & CTOFile Integrity Monitoring is essential to ensure the integrity of your security IT systems. Reporting these changes can be a headache though- how do you differentiate between 'good', planned changes, and 'bad', possibly malicious activity? The solution is to leverage Cloud-Based Threat Intelligence and automatically authorize file changes as they are detected using the world’s largest authoritative file whitelist. And now you can do just that, using the NNT FAST Cloud (File Approved-Safe Technology). Payment service provider passes PCI audit with Gen7As a Payment Service Provider, Unified Payments must adhere to the PCI DSS, the multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, and is intended to help organizations proactively protect customer data. |
|||||
Implementing layered security to protect against modern malwareThreats to theft of Intellectual Property, financial data, Cardholder Data, PII (Personally Identifiable Information) are more diverse and increasingly difficult to defend against. The traditional ‘internet vandalism’ from viruses is still an issue but the ‘threatscape’ in 2017 is far more diverse and dangerous than ever before. |
|||||||
|