Uncategorized

Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally

NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale, according to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These include heads of state, activists and journalists, including Jamal Khashoggi’s family. More information

Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally Read More »

Major hospital system hit with Ransomware, potentially largest in U.S. history

A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history. Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with

Major hospital system hit with Ransomware, potentially largest in U.S. history Read More »

Ransomware8-How Windows Defender prevents Ransomware

Native Windows Ransomware protection works better than any 3rd party endpoint protection  How Windows Defender Ransomware protection works Step 0 Turn on Windows Defender Ransomware protection(Start   > Settings  > Update & Security > Windows Security > Virus & threat protection> Manage ransomware protection> Controlled folder access. ) Step 1 Windows Defender will identify malicious software/process/access Step 2

Ransomware8-How Windows Defender prevents Ransomware Read More »

Ransomware7-This is a reason why security defense doesn’t work

Microsoft Put Off Fixing Zero Day for 2 Years https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464 https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/ https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd This is fucking bonkers https://t.co/XXiwW2b062 — SwiftOnSecurity (@SwiftOnSecurity) June 13, 2020 What does this matter? 1) Attackers can bypass security features(Any antivirus/security endpoint) and load improperly signed files 2)Windows cannot validate file signatures correctly 3)This was first spotted in attacks used in

Ransomware7-This is a reason why security defense doesn’t work Read More »

Ransomware6-How does WastedLocker work in the real world

Initial spreading Drive-by Compromise https://attack.mitre.org/techniques/T1189/ Fake Google Chrome updates that are delivered to victims via drive-by download attacks when victims browse compromised websites. The initial malware is delivered to victims in the form of a ZIP archive that contains a malicious JavaScript file. Theoretical mitigations: Application Isolation and Sandboxing, Exploit Protection, Restrict Web-Based Content, Update

Ransomware6-How does WastedLocker work in the real world Read More »