shadowbrokers
Latest
NSA sent coded messages through Twitter
Spy agencies have a long history of using public outlets to deliver secret messages, such as numbers stations or cryptic classified ads. Now, however, they've adapted to the internet era. Both the New York Times and the Intercept have learned that the National Security Agency used Twitter to send "nearly a dozen" coded messages to a Russian contact claiming to have agency data stolen by the Shadow Brokers. Reportedly, the NSA would tell the Russian to expect public tweets in advance, either to signal an intent to make contact or to prove that it was involved and was open to further chats.
'Basic IT security' could have prevented UK NHS WannaCry attack
England's National Health Service (NHS) could have avoided the ransomware hack that crippled its systems in May, according to a government report. "Basic IT security" was all that was required to prevent the "unsophisticated" WannaCry attack, which affected more than a third of NHS organizations, said the National Audit Office (NAO). The full scale of the incident saw over 19,000 medical appointments canceled, and computers at 600 surgeries locked down.
Kaspersky in the crosshairs
Kaspersky is in what you might call "a bit of a pickle." The Russian cybersecurity firm, famous for its antivirus products and research reports on active threat groups is facing mounting accusations of working with, or for, the Russian government.
Recommended Reading: The bright future of free over-the-air TV
Free Over-the-Air TV Is Going to Get Better James K. Willcox, Consumer Reports Thanks to a new standard known as ATSC 3.0, over-the-air TV broadcasts will include all the newfangled tech like 4K and HDR. Consumer Reports has the run down on what that means for OTA, including whether or not you may have to pay for it.
'Shadow Brokers' threaten to release more hacking tools in June
An exploit that the "WannaCry" malware used to encrypt computers worldwide first appeared in a leak from "The Shadow Brokers," a group that claims to have stolen a number of tools from the NSA. Now the Shadow Brokers are back with a new blog post threatening more leaks. Through an intentionally sloppy writing style, the group taunts not only TheEquationGroup (read: NSA), but also Microsoft and its blog post blaming spy agencies, claiming that Microsoft is simply upset the NSA didn't pay to hold its vulnerability.
The 'WannaCry' ransomware is a stark reminder of a broken system
In April, a hacking group called The Shadow Brokers dumped a cache of Windows' exploits it pilfered from the NSA. The group had decided to start leaking exploits it stole from the agency after it was unable to find a buyer for the government's hacking tools. Inside that April drop was a remote code execution vulnerability called "EternalBlue" (aka MS17-010). Fortunately, Microsoft issued a security patch that fixed EternalBlue in March. What's not so fortunate is that not everyone had applied it to their machines.
Microsoft patches Windows XP to fight 'WannaCrypt' attacks (updated)
Microsoft officially ended its support for most Windows XP computers back in 2014, but today it's delivering one more public patch for the 16-year-old OS. As described in a post on its Windows Security blog, it's taking this "highly unusual" step after customers worldwide including England's National Health Service suffered a hit from "WannaCrypt" ransomware. Microsoft patched all of its currently supported systems to fix the flaw back in March, but now there's an update available for unsupported systems too, including Windows XP, Windows 8 and Windows Server 2003, which you can grab here (note: if that link isn't working then there are direct download links available in the Security blog post). Of course, for home users, if you're still running one of those old operating systems then yes, you should patch immediately -- and follow up with an upgrade to something current. If you're running a vulnerable system and can't install the patch for some reason, Microsoft has two pieces of advice: Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously. Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445 Update: Microsoft legal chief Brad Smith has written a blog post that both calls for more help from customers (read: update more often) and chastises intelligence agencies for hoarding security exploits. They don't understand the risk to the public if the exploits leak, Smith says -- it's as if someone stole a batch of Tomahawk missiles. We wouldn't count on the NSA or other agencies heeding the call, but Microsoft clearly wants to make its frustrations heard.
'WannaCry' ransomware attack spreads worldwide (update)
England's healthcare system came under a withering cyberattack Friday morning, with "at least 25" hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. It's now clear that this is not a (relatively) isolated attack but rather a single front in a massive digital assault. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
NHS hospitals in England hit by a widespread cyberattack (updated)
Various NHS Trusts are currently battling with what appears to be a large-scale cyberattack affecting IT systems across the country. According to reports, hospitals and GP surgeries are falling victim to a widespread ransomware attack, causing them to shut down their computer networks. The East and North Hertfordshire NHS Trust was one of the first to acknowledge the problem and switch off its systems, warning locals that they will have trouble getting through on the phone and asking them not to visit accident and emergency unless absolutely necessary. Update: The attack has continued to spread and is now affecting systems around the world. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
'Shadow Brokers' give away more NSA hacking tools
The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.
'Guccifer 2.0' DNC leaker returns, as 'Shadow Brokers' exit
Throughout the presidential campaign last year, a hacker calling themselves "Guccifer 2.0" leaked DNC documents, before going dark just before the actual election. Now, after being tagged as a front for Russian government-directed hacking, the identity has returned, writing in much clearer English and taunting US intelligence. In a blog post, Guccifer 2.0 claims again to have no connection to Russia, and refutes assertions made by the DHS and FBI to the contrary.
NSA operative might have accidentally leaked its hacking tools
American authorities are still digging into how a set of NSA's hacking tools landed in the hands of a group called Shadow Brokers who then leaked them online. According to Reuters, they're now focusing their investigation on a theory that one NSA operative used the tools on a remote computer three years ago. They believe the operative left them there exposed, and that's where Russian hackers got a hold of them. The exploits allow users to take advantage of security systems' software flaws. They can target a number of companies' products in particular, including Cisco's firewalls and routers, putting their customers at risk.
Edward Snowden suspects NSA hack was a Russian warning
The National Security Agency (and the US itself) may have just received a shot across the bow. Hackers identifying as the Shadow Brokers claim to have breached the Equation Group, a hacking outfit widely linked to NSA activities, and the data they've posted leads Edward Snowden to suspect that it might have been a state-sponsored Russian operation. If the intruders really did publish the spoils of a NSA cyberweapon staging server as they say, it'd suggest that someone wanted to show that they can prove US involvement in any attacks that came from the server.
