Ransomware has gained global attention over the course of the last two weeks due to the huge spread of WannaCry. Following the initial attacks, we’ve seen UIWIX, Adylkuzz and now EternalRocks come onto the scene leveraging the same core set of vulnerabilities. The common thread between the three threats is MS17-010 along with other tools…
Read More
Smart systems are under attack, and the organizations that run and support this technology must take the proper steps for protection.
Read More
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for…
Read More
“Are you crying? ARE YOU CRYING? There’s no crying! THERE’S NO CRYING IN BASEBALL!” Those famous words from Jimmy Dugan (portrayed by Tom Hanks) in the 1992 movie A League of their Own, ring true in the world of baseball. Unfortunately, in the cyber security world, there has been some crying this week with the…
Read More
May 12, 2017 saw the world’s first ever worm-based ransomware attack, WannaCry. Typically ransomware spreads via email as spam and phishing attacks, and relies on human intervention to initiate the infection. However, WannaCry is different in that it combines ransomware with a recently published vulnerability that was stolen from the NSA by The Shadow Brokers…
Read More
If the past few days of WannaCry ransomware activity have taught us anything it’s that cybercriminals pose a clear and present danger to organizations and their customers all over the world. But have you ever wondered exactly what the bad guys are after when they launch their online attacks at your own PC or mobile…
Read More
At the Zero Day Initiative (ZDI), we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify the vendor, and finally we publish some details once a patch is released. Those patches represent the best method for preventing cyber attacks. Recently, an issue…
Read More
Last week, The White House released its long awaited Executive Order (EO), Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, ironically enough during the same week we experienced the largest single ransomware attack that, by some estimates, has affected more than 200,000 victims across 150 countries. My intentions were to highlight the EO in…
Read More
[Editors note: For the latest WannaCry information as it relates to Trend Micro products, please read this support article.] The WannaCry ransomware variant of 12-May-2017 has been engineered to take advantage of the most common security challenges facing large organizations today. Starting with one infection system, this variant uses a recent vulnerability (CVE-2017-0144/MS17-010) to spread…
Read More Although I’m still dreaming of the sandy beaches of Cancun, it’s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine (DV) package delivered earlier this week, we also issued an out-of-band DV package to address zero-day vulnerabilities for Intel…
Read More
