Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.
Two security researchers are attempting to crowdfund a recurring subscription fee to Shadow Brokers' monthly exploit dump club in hopes of helping to prevent or blunt future outbreaks of the WannaCry variety. Cue ethical debate.
Leading the latest edition of the ISMG Security Report: Secretary John Kelly's congressional testimony on how DHS led government efforts to mitigate the WannaCry ransomware attacks. Also, reports on ransomware defenses as well as big data and machine learning combining to secure IT.
The identity of the individual or group behind the global WannaCry ransomware campaign remains unclear. But whoever wrote the ransom notes appears to have been fluent in Chinese and pretty good at written English, according to a linguistic analysis from security firm Flashpoint.
In the wake of WannaCry, there's a critical new flaw in Samba, which provides Windows-based file and print services for Unix and Linux systems. Security experts say the flaw is trivial to exploit. US-CERT recommends immediate patching or workarounds.
A number of media reports have recently suggested there's a "link" between WannaCry and the Lazarus hacking group, implying that North Korea authorized the ransomware campaign. But based on the evidence available so far, it's much too early to attribute the attacks to anyone.
The WannaCry ransomware outbreak was a huge "wake-up call" for the global information security community, says Dan Schiappa of Sophos. It's time to patch those legacy systems and prepare for the inevitable next big crimeware scare, he says.
Good news for many victims of WannaCry: Free tools developed by a trio of French security researchers can be used to decrypt some PCs that were forcibly encrypted by the ransomware, if the prime numbers used to build the crypto keys remain in Windows memory.
WannaCry ransomware victims who haven't backed up their files have a tough choice: take a risk paying the ransom or just accept the loss. But there's a slim glimmer of hope: French researchers have figured out a way to decrypt files without paying, although their tools won't work for everyone.
Reports on how the U.S. Congress is taking steps to toughen cybersecurity lead the latest edition of the ISMG Security Report. Also, an analysis of a Government Accountability Office study on the IoT landscape and the security threats facing the internet of things.
A series of email alerts from the Department of Health and Human Services about the WannaCry ransomware campaign - and a number of related daily conference calls with industry stakeholders - appear to be part of a ramped-up push to improve cyber information sharing in the healthcare sector.