Press "Enter" to skip to content

Wednesday, May 15th, 2019

Baltimore Ransomware Attack Takes Strange Twist

UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability

Israeli TV’s Eurovision webcast hijacked by hackers. Hamas blamed


Hello friends welcome to security on the bayou It is Wednesday May 15th 20 19 and here’s your security news for the day.

First things first from Sophos The Naked Security blog. You know this is one of my favorites. Title is update now. Critical remote work Mobile Windows vulnerability so normally I would just skip right over Patch Tuesday because it’s everywhere all the time. It’s not even patched choosey anymore what do we even call anymore windows update day. I don’t know. Anyways this is written by Mark starkly. And the reason I’m calling this out today is because there is a vulnerability in the remote desktop services that is warming bill. So the reason this is important is because Whirlpool essentially means that it can spread throughout the network. This is the same type of thing that happened with want to cry that the ransomware. So this is actually a pretty big vulnerability they’re all big right. But this one has a large impact across the environment. This isn’t something that will just cause you’re a single remote code execution in a browser or something like that an isolated incident. This could potentially affect the entire network of your enterprise. So if you haven’t patched yet. Go ahead go through the cycle I know most large enterprises it’s not a day of right you get a good test and it’s going to be a month to a quarter. But this is one of those that you want to put a high priority on and push through change control probably as quick as you can get tested get it get it out in the next week or so protect your network.

All right. Next. This is also once a man ransomware is everywhere. Maybe I’m seeing it maybe I’m obsessed with it. I don’t know. But we’re going to keep talking about it. So if you didn’t hear last week Baltimore the city city of Baltimore had a ransomware attack. And normally I would just gloss over it move on right. Because it’s just another city with another ransomware attack. Well this one gets a little bit more interesting today because on the old tweet box somebody posted a tweet that essentially is dark pictures of documents that would have been from the city so not only is there ransomware here but it appears that there was a fairly large data breach. So this is significant because the hacker is acting asking for about 76000 dollars and they’re saying that after 10 days they will no longer pass them the decryption keys. So after 10 days theoretically all these systems could get wiped out. Which is interesting. So they have 10 days. You know I my guess would be that if they don’t get paid they’re going to wipe all the systems and they’re probably going to dump all these documents. Now if you have nothing to be afraid of. Well that’s not the raw. That’s not the right mentality. This is just not good in general for the city of Baltimore. So one of the things when I was reading this article is like we know where all this is happening. How many other cities or municipalities or counties or whatever. And so actually in this article this person she read my mind Kelly Jackson Higgins. She read my mind and listed all of the other places it happened so I’m one of 22 against state local government entities so far in 2019. So I’ll read them off Washington Pennsylvania Amarillo Texas Cleveland airport Cleveland Ohio I guess the city center Augusta Maine. Stuart Florida Imperial County California. Garfield County Utah. Greenville North Carolina Albany New York. Jackson County Georgia school system of Taos New Mexico. Del Rio Texas Atlanta Georgia in Leominster Massachusetts just to name a few. So it’s happening it’s out there and that’s all just in 2019 and it’s only May. So these are going to keep going up. I imagine that you’ll probably see there’s a lot of cities right. They’re going to keep going after these guys especially if you’re on patched.

All right. Next the from Graham Cooley which is a great blog. Well my favorite probably seen his name wrong. Right. I don’t know if that’s right or not anyway. Israeli TV Eurovision webcasts hijacked by hackers. Hamas is blamed. So I’m not going to dig into this too much I just find it interesting this is like something you’d see on Mr. Robot right there took over the broadcast in Israel and played their own message. What that message is less here. Oh it was essentially a it’s a warning symbol says risk of missile attack. Please take shelter. Israel. Israel is not safe. You will see. So you know taking advantage of the fear in people so interesting that they would do this. I mean that continues to escalate over there with everything going on. Not that it’s ever going to de-escalate anytime soon I’m afraid. All right. So that is Wednesday May 15 20 19 everybody have a good week it is Wednesday we’re almost to the weekend keep pushing forward get those patches out get rid of the ransomware already what are we doing. All right everybody have a good week. We’ll talk tomorrow.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *