Weekly Cyber Security News 30/06/2017

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well, undoubtedly the news of this week is the NotPetya, the initial hit looks concerning yet reminiscent of the WannaCry, however the story seems to keep twisting into evermore bizarre shapes. The latest is that the original author of Petya is trying to distance himself from this one! This particular strain originally looking to be straight ransomware is turning out to be quite a nasty destructive hit. The question is why? I’m sure this story is far from over.

• Ukraine Central Bank Says Cyberattack Hits Lenders

• Bad news: NotPetya may be something far worse than ransomware Jack Morse reports

• Crime Group Behind ‘Petya’ Ransomware Resurfaces to Distance Itself From This Week’s Global Cyberattacks Dell Cameron reports

• Petya Or Not? Global Ransomware Outbreak Hits Europe’s Industrial Sector, Thousands More

• Petya Ransomware Outbreak Hits Organizations Globally

• Researchers Find ‘Vaccine’ for Global Ransomware Attack A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.

• Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye

• Russian Oil Giant Rosneft Says Hit by ‘Powerful’ Cyberattack

Another interesting story that fuelled a Twitter rage was allegedly miss-fired password reset email which, as everyone quite understandably are on alert for breaches now, triggered an assumption that a breach occurred. This then followed with denials from the company concerned, accusations of cover up.

• AA Password Reset Email Causes Data Breach Panic This is almost a comedy of errors;. Phil Muncaster reports

A prime example of why testing your security access from multiple points of entry, and preferably outside any assumed secure locations, you know, like public are important things to do:

• Cloud Security Lessons from the Voter Data Leak A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.

Whatever else happened this week…

• Leak of Windows 10 Source Code Raises Security Concerns Rhett Jones reports

• ‘Shadow Brokers’ Threaten to Dox Former NSA Hacker

• Android Marcher Variant Makes Rounds as Adobe Flash Player Update

• Google Stops Scanning Gmail Content for Ad Targeting

• Irony: When blackhats are our only source of disclosure for some healthcare hacks

• Massive Skype Zero-Day Enables Remote Crashes

• UK Parliament Cuts Email Access After Cyberattack

• UK’s Metropolitan Police Still Using 10,000 Windows XP Computers

• SamSam Increases Ransom Demand to $33,000

• Microsoft Downplays Impact of _Fireball_ Malware

• Windows 10 Source Code Leaked Online

• CVE-2017-9466 The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.