WannaCry, Mike Honcho and a Microsoft Security update
Once again it’s been a busy week on the cyber security front. That’s why we like to pick a sampling of the most interesting stories of the week. And today’s roundup is no different. We’ve got some gross overreach on the part of the DOJ. We’ve got gross negligence on the part of the English DHS. There’s plenty to parse.
Let’s hash it out.
England’s National Health Service could have prevented WannaCry Ransomware
England’s National Health Service was just one of many organizations that was hit hard by the WannaCry Ransomware attack back in May. And while the NHS says that no patient information was compromised and seems to have avoided paying the ransom, that doesn’t mean that the organization was doing a good job with its security implementations. A pre-attack assessment of 88 of the NHS’ 236 trusts found that not a single one passed the required cyber security standards. Further, the NHS was warned by two different government bodies back in 2014 about a potential vulnerability that needed to be patched. It never was. Thus, breached.
Was North Korea Behind the WannaCry attacks?
A British government security official has stated that the UK is all but certain that North Korea was behind the WannaCry Ransomware attack that affected the NHS. “This attack, we believe quite strongly that this came from a foreign state,” Ben Wallace said. Adding that the state involved was “North Korea”, he said: “We can be as sure as possible. I obviously can’t go into the detail of intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role.” North Korea has proven an extremely capable actor in cyberspace. The country boasts powerful tools and can take the battle digital with ease. Maybe security experts believe the US doesn’t respect North Korean cyber capabilities enough.
US Department of Justice subpoenas Twitter for five users’ records over an emoji tweet
This one wins for the weirdest story of the week. Maybe of the year. And it’s a perfect example of overreach. I’m not going to give names – except for Mike Honcho, one of the Twitter users who’s information was subpoenaed – but it starts a year ago with a security researcher that found a database of dental records exposed online. He notified the company, which promptly accused him of breaking the law, which led to the FBI raiding the researcher’s house. So the researched doxxed the FBI agent behind it. This pissed off the FBI who began building a cyber stalking case against the researcher. So where do the five Twitter users come in? They were having a completely separate discussion, to which the researcher replied with just a single smiley face. And that simple smiley face was all the DOJ needed to subpoena Twitter for user records. There’s a lot going on there, I know. I recommend reading the full story below.
Any iPhone App with camera permissions can spy
A Google engineer has created a proof of concept that shows any Appl iPhone app with camera permissions is capable of spying. It is possible for any app to photograph and record without the user’s consent. It can then upload those photos to its servers. It can even broadcast live from the phone itself. According to the engineer, the only surefire way to protect yourself is with a camera cover.
[Source: Apple Insider]
Microsoft Windows 10 adds anti-ransomware feature in Fall update
Controlled Folder Access is one of the features hidden away in Microsoft’s Fall update. Don’t overlook it though, it could be what saves you from Ransomware. That’s because Ransomware tends to go after your most valuable files, old photos, documents, etc. Controlled Folder Access limits how much apps can access, what folders. If an app doesn’t need to access a part of your system, it shouldn’t be able. Microsoft is ensuring that doesn’t happen.