Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Look out for this patch and be diligent in implementing it to the machine. Here is one vulnerability (CVE-2017-8620) that has high potential to be of parallel to the WannaCry and NotPetya vulnerabilities -- it is described as 'The Next WannaCry Vulnerability'. Finally, if patching is planned but delayed, Microsoft's recommended temporary mitigation against CVE-2017-8620 should be deployed: disable the WSearch facility within Windows.

http://www.securityweek.com/patching-against-next-wannacry-vulnerability-cve-2017-8620
0
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

0
 

Expert Comment

by:Pierre Ammoun
Where can I find basic guidelines to "educate the users" on being careful about malware ransomware ?
1
 

Author Comment

by:Alix Postan
Hi Pierre! That's a great question! Here are some links to some articles that I think would help educate users about being careful about malware:

1) 7 Things About Information Security Your Boss Wants to Know: http://www.uzado.com/blog/7-things-about-information-security-your-boss-wants-to-know

2) 7 Tips for Dealing with Internet Security Threats: http://www.uzado.com/blog/7-tips-for-dealing-with-internet-security-threats

3) 5 Best Security Blogs You Should be Reading: http://www.uzado.com/blog/five-best-security-blogs-you-should-be-reading

Hope that helps! Let me know if you need more articles!
0
Petrwrap, specifically, targets the Master File Table (MFT), which is essential for your computer to find files on the computer. By targeting the MFT, the ransomware is able to attack individual files faster than if each file were to be encrypted one-by-one. The good news is… that Petrwrap is detectable by anti-virus tools. Unfortunately, if the anti-virus scanner is delayed in catching it, Petrwrap can easily get a foothold into the computer system and spreads very quickly. Moreover, the encryption is so strong, that it is unlikely to be able to break through the software and recover files.
Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.


http://www.uzado.com/blog/why-vulnerability-assessments-are-insufficient
3
After the WannaCry ransomware attack, we sat down with Thomas Zucker-Scharff to get the inside information on the technology behind the attack and what steps you can take to prevent this in the future. Read more of his advice. Take a step toward your security by enrolling in our free Course of the Month covering ransomware security and prevention written by Thomas.

4
1
The world has now had time to recover and mitigate damage from the widespread WannaCry ransomware attack. We evaluated what it has left in its wake. Tallied damage includes:
 
More than 150 countries.
Currently $111,996.86 has been paid in bitcoin so far to decrypt files.
Around 16 of England’s National Health System organizations affected, with doctors resorting to pen and paper to complete patient records.
Renault, a European auto manufacturer, kept a French plant—that employs 3500 people—closed Monday, May 28th as a “preventative” measure.
 
Learn how to secure your data and prepare against future threats by taking our June Course of the Month covering ransomware prevention and preparation.

 
3
 
LVL 30

Expert Comment

by:masnrock
The sad part is a common failure in projects is failing to ask users for requirements.
1
 
LVL 123

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
The NHS does not consider the opinion of NURSES and DOCTORS worthy!

Very Wrong, and they wonder why, they are all leaving and retiring, now leaving a brain drain in the NHS!
0
5
4
 
LVL 47

Expert Comment

by:Jackie Man
You need to install software like sophos intercept x in computers inside your network to block it.
3
 
LVL 7

Author Comment

by:Brian Matis
Personally, I'm just avoiding opening any Word docs from anyone I don't know... And to some extent, even from people I do know... Most of my document usage these days is with Google Docs, so it's pretty rare that I need a Word doc!
1

Vulnerabilities

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.