Linux variant of Winnti malware spotted in wild

Windows 10’s May patches are borking McAfee and Sophos software

Ransomware Cyberattacks Knock Baltimore’s City Services Offline

Transcript:

May 21st Raw.mp3

 It’s Tuesday
May 21st 2019 and this is security on the bayou. Today security news and why it
matters to you. So today’s can be fun day. We’ve got a couple of really good
ones too. Two they’re going to sort of follow ups one that’s pretty technical
but this I’m pretty excited about today it is Tuesday.

All right first one from a SC magazine dot com written by
Robert Abell Linux variant of win NTI malware spotted in wild. So normally I
wouldn’t bring up something so technical but the reason I do here is because of
who found it. This was found by Google’s chronicle security team which we’ve
heard a lot about they had a big sort of deal at RSA about their new sim that
they’re building you know in its Google anything Google touches tends to turn
to gold security touch anything security people touch turn to gold. This is
just a match made in heaven having Google and security so this is one of the
first truly technical things I think I’ve seen from them. I found out today
they have a blog. Of course they is why when they have a blog. But this is
specific to that win A.I. malware malware has been a popular tool used by
Beijing hackers over the last decade or so. Last used on a German
pharmaceutical company in April of 2019. So essentially this this malware which
most malware is written for Windows or Mac is typically the two you see attack
the most more and more over the past four or five years we’ve seen them sort of
take these tools if used in the past and start to adapt them for Linux start
looking around the world. Linux is run everywhere in the U.S. Azure it’s all
based on Linux right. So if you can compromise the big bad servers you have
more power to do things so Chronicle has found how many versions of it where to
go. I want to say there was five different versions that they found of the of
when A.I. ported to Linux.

So next let’s move on. We’re moving to the Inquirer dot net.
This is a update from what we talked about yesterday. So if you remember we’ve
been having all this stuff with evey every vendor. So yesterday we discovered
that Sophos was telling users to roll back their Windows patches because it was
causing boot up issues with machines that were running Sophos. Well today gets
even better from the inquired dot net windows tens may patches are balking.
That’s a great great use of boarding McAfee and Sophos software. This is by
Chris Merriam Mary Merryman at Chris the D.J. on Twitter. He’s got a pretty
cool profile picture on here. Go click this link and read this and look at that
picture. It’s worth it. So not only is Sophos having issues with the May
security patch updates from Microsoft but apparently McAfee is and a vast in a
virus in aka bit. So I mean most people are via and archive but I’ve never
heard of. Well they’re out there they do Avey. You see a lot of virus total but
it’s probably not widely used but a vast for sure. McAfee and so far she kidney
that they’re all over the place. So this is an interesting. This is not near as
bad as Sophos McAfee is having issues with their hips and their virus scan
enterprise slowness on startup or may become unresponsive at restart after
installing the update. McAfee doesn’t say anything about when they’re going to
fix it just like cell phones I’m sure it’s a we’ll fix it soon we’ll get there.
Right. Elise McAfee is not saying to uninstall patches right. I said this I
want to caution people this could very quickly turn in to a blame Microsoft
game. I don’t I don’t necessarily see it that way. So just remember that my
remarks that Microsoft Windows is the underlying operating system here. So
that’s the most important part right. You can get another Avey. You can’t
typically get another operating system there’s only so many options so if you
have McAfee or Sophos or vast or virus or Arca bed or or even we start looking
at Symantec from the previous weeks or trend there’s other ones out there I
highly recommend Malware bytes go grab them if you’d like try other ones there
free ones out there although I don’t always recommend using free Avey for
obvious reasons but in a subscription is fairly cheap in the long run it’s
going to save you a lot of money in time and frustration over the years.

All right next let’s move on to another update. So this one was written by NPR not a typical source for us. The title is ransomware cyberattacks not Baltimore city services offline by Emily Sullivan. So this is we know this right. So first I saw the article was like well why are they sending you to know why are they writing this article on May 21st when this has been going on for two weeks. I didn’t know the title didn’t exactly allude to any new information. Well here we go. I found the new information today this morning the hackers have demanded 13 bitcoins. About one hundred grand. So they went from 72 grand or whatever it was from 16 all the way up to 100k and they still haven’t paid it. The FBI and Secret Service are on this. And at this point you just gotta pay the damn ransom move on right. So you’re going to the there are two or three options here. Here there’s three. Three ways this thing could go one. You had to wipe all your systems and you lose your data too. You pay the ransom they don’t give you the key yet to wipe all your systems and lose your data. Three you pay the ransom. They give you the key you unlock and you get all your data back. So I know two of those involve paying the ransom you tell me. So in here’s where my really form that opinion from. Let me go find this. This quote. Essentially what they said is that all the cryptic cryptographers in the world and the country the smartest MFA is out there have all said that this is an unbreakable algorithm. There is nothing technologically available that can break this algorithm which says to me that you just got to pay the ransom. If the FBI the Secret Service I’m sure everybody’s involved in this on the government side in all these really smart mathematicians and cryptographers are saying this can’t be broken. It’s time you just got to scream uncle and pay the ransom and move on. So it’s been an interesting day. Tuesday what a day to updates Baltimore a city of Baltimore I feel bad. That’s tough. I mean they’re having issues with medical staff processing home loans processing you know title transfers medical records. It’s just essentially everything that you would ever file with the city is just been it’s been encrypted. And then I’m sure the people it sucks right they’re going to pay it’s going to come out of their pocket at the end of the day. But at some point somebody is going to tell you the hard truth of things. You’ve got to pay it and hope it works out for the best. All right folks it is Tuesday May 21st 2019 and the security on the bayou. Thank you for listening. Hope everybody has a wonderful day. It’s almost hump day. We will talk again tomorrow.

The post Tuesday, May 21st, 2019 appeared first on Security On The Bayou.