This is not quite as significant a risk as the WannaCry outbreak, but still worth attention. Please review your SAMBA deployments and adjust accordingly.

https://nakedsecurity.sophos.com/2017/05/26/samba-exploit-not-quite-wannacry-for-linux-but-patch-anyway/

Sophos News in Brief

May 25, 2017 / mbenlawson / Leave a comment

https://nakedsecurity.sophos.com/2017/05/24/news-in-brief-drones-could-be-hobbled-cost-of-ransomware-counted-target-agrees-18-5m-deal/

Credential-Stuffing Threat Intensifies Amid Password Reuse

May 24, 2017 / mbenlawson / Leave a comment

Here is some additional motivation to stop the reuse of credentials across multiple services and websites.

https://www.darkreading.com/vulnerabilities—threats/credential-stuffing-threat-intensifies-amid-password-reuse/d/d-id/1328945

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

May 23, 2017 / mbenlawson / Leave a comment

I agree with the message of this article and specifically endorse the truth that real, effective cyber security begins with your employees. That said, the fact cannot be overlooked that good technology is being purchased, but is not being properly or consistently used. Add to this the fact that technologies are being purchased as point solutions for compliance requirements, but not leveraged across all the other valuable data sets within the organization.

http://www.darkreading.com/application-security/with-billions-spent-on-cybersecurity-why-are-problems-getting-worse/a/d-id/1328896

Schneier – The Future of Ransomware

May 23, 2017 / mbenlawson / Leave a comment

This is an interesting essay by Bruce Schneier discussing the future of ransomware in the context of the Internet of Things. Enjoy!

https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html

C-Level Represents Biggest Mobile Security Risk

May 23, 2017May 23, 2017 / mbenlawson / Leave a comment

Near continuous use of mobile devices is certainly a concern for C-level employees, but do not take security awareness for granted. Though individuals in these high ranking positions should be more aware than most of the cyber risks they face, they may not leverage that knowledge and take the right steps to protect themselves. Continue to educate all employees including your C-suite. Use that time honored adage from the back of your shampoo bottle – Train / rinse / repeat!

https://www.infosecurity-magazine.com/news/c-level-provides-biggest-mobile/

(ISC)2 Weekly Security Headlines

May 22, 2017 / mbenlawson / Leave a comment

http://blog.isc2.org/isc2_blog/2017/05/weekly-security-headlines-wannacry-spillover-mickey-mouse-hacked-docusign-phishing-and-560-million-p.html

After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox

May 22, 2017May 22, 2017 / mbenlawson / Leave a comment

Here is some new and even scarier motivation to get your patching up to date. The bad guys are only getting started in their efforts to leverage these exploits.

https://threatpost.com/eternalrocks-worm-spreads-seven-nsa-smb-exploits/125825/

https://nakedsecurity.sophos.com/2017/05/22/after-wannacry-eternalrocks-digs-deeper-into-the-nsas-exploit-toolbox/

Virtual Sweater Vest

The Random Thoughts of a Former Philosopher and Current IT Security Professional

Month: May 2017

Sophos News In Brief

Sophos Weekly Recap

Samba exploit – not quite WannaCry for Linux, but patch anyway!