Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Baltimore's Union Memorial is one of the hopitals hit by Samsam, an autonomous ransomware strain spread by exploiting JBoss servers. (credit: MedStar)

Baltimore's Union Memorial Hospital is the epicenter of a malware attack upon its parent organization, MedStar. Data at Union Memorial and other MedStar hospitals in Maryland have been encrypted by ransomware spread across the network, and the operators of the malware are offering a bulk deal: 45 bitcoins (about $18,500) for the keys to unlock all the affected systems.

Reuters reports that the FBI issued a confidential urgent "Flash" message to the industry about the threat of Samsam on March 25, seeking assistance in fighting the ransomware and pleading, "We need your help!" The FBI's cyber center also shared signature data for Samsam activity to help organizations screen for infections. But the number of potential targets remains vast, and the FBI was concerned that entire networks could fall victim to the ransomware.

According to sources who spoke to the Baltimore Sun, the malware involved in MedStar's outages is Samsam, also known as Samas and MSIL. The subject of a recent confidential FBI cyber-alert, Samsam is form of malware that uses well-known exploits in the JBoss application server and other Java-based application platforms. As Ars reported on Monday, Samsam uses exploits published as part of JexBoss, an open-source security and penetration testing tool for checking JBoss servers for misconfiguration.

Read 3 remaining paragraphs | Comments

 

(credit: Ben Salter)

More than ever, websites are blocking users of the anonymizing Tor network or degrading the services they receive. Data published today by Web security company CloudFlare suggests why that is.

In a company blog post entitled "The Trouble with Tor," CloudFlare CEO Matthew Prince says that 94 percent of the requests the company sees coming across the Tor network are "per se malicious." He explains:

That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.

A graph in the blog post shows that nearly 70 percent of Tor exit nodes were listed as "comment spammer" nodes at some point over the last year.

Read 5 remaining paragraphs | Comments

 

SC Magazine

Ransom notes reportedly spotted on MedStar computers
SC Magazine
This news coincides with the conclusion drawn by infosec executives who believe MedStar has been victimized by ransomware. MedStar, which operates 10 hospitals and other outpatient centers in the Maryland-Washington, D.C. area, said its three main ...

and more »
 

SC Magazine

Ransom notes reportedly spotted on MedStar computers
SC Magazine
This news coincides with the conclusion drawn by infosec executives who believe MedStar has been victimized by ransomware. MedStar, which operates 10 hospitals and other outpatient centers in the Maryland-Washington, D.C. area, said its three main ...

and more »
 

Yet another harsh lesson for people who click things they shouldn't.

A new type of malware has been described, one that takes crypto-extortion to a new level. While most cryptographic ransomware variants are selective about what they encrypt—leaving the computer usable to make it easier for the victim to pay—this new entry targets the victim's entire startup drive, encrypting the master file table (MFT).

Called Petya, the new ransomware is just the latest ransomware deliberately tailored for victims within organizations with IT support instead of a broader audience. As BleepingComputer's Lawrence Abrams documented, Petya is currently being delivered via Dropbox links in e-mail messages targeting human resources departments at companies in Germany. The links are purported to be to an application to be installed by the HR employee.

Running the attachment throws up a Windows alert; if the user clicks to continue, Petya is inserted into the master boot record (MBR) of the victim's computer, and the system restarts. On reboot, the malware performs a fake Windows CHKDSK, warning "One of your disks contains errors and needs to be repaired," Petya then flashes up an ASCII skull and crossbones on a red and white screen, announcing "You became victim of the PETYA RANSOMWARE!"

Read 3 remaining paragraphs | Comments

 
[CVE-2016-0784] Apache OpenMeetings ZIP file path traversal
 
Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability
 

Menlo Security to Present at InfoSec World Conference 2016
EIN News (press release)
/EINPresswire.com/ -- Menlo Security, a pioneer of cloud-based isolation that eliminates malware from Web and email, today announced Jason Steer, Menlo Security EMEA solutions architect will present at InfoSec World Conference 2016, an industry leading ...

and more »
 
Multiple Vulnerabilities in CubeCart
 
CVE-2016-2385 Kamailio SEAS module heap buffer overflow
 

Peerlyst Blogger Violet Blue Says California's Definition of "Reasonable Security" Creates More Cybersecurity ...
PR Newswire (press release)
Peerlyst is the place where information security pros go to share knowledge and build their professional reputations. With an audience of more than half a million, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question ...

and more »
 

Security Intelligence (blog)

Ransomware Ramp-Up: Boot Processes, PowerShell Under Attack
Security Intelligence (blog)
A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and innovation. In addition to working for the IBM Midsize... See All Posts. Ransomware is a growing threat for businesses — enough of a ...

and more »
 

Techworm

This Rock Has A Fire-Powered Wi-Fi Router
Techworm
This rock placed strategically in the middle of a park of an outdoor Springhorn Hof museum in Germany, appears like an ordinary boulder at the first glance. A closer look at it, however, shows that this inconspicuous 1.5-ton boulder is actually an art ...

 

iT News

AGL Energy hires global infosec expert as first-ever CISO
iT News
AGL Energy has joined a growing number of utility companies to create a chief information security officer position, with international infosec expert John Taylor taking up the post last month. After spending a decade in the 1990s as a senior detective ...

and more »
 
Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities
 
[SECURITY] [DSA 3535-1] kamailio security update
 
Internet Storm Center Infocon Status