Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
6 Things To Know About the Ransomware That Hit Norsk Hydro
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:16:34 PM
consequence
"The consequence is that in many cases, the victim may not even be able to view the ransom note, let alone attempt to comply with any ransom demands," Interesting. What would be the purpose of attach in that case I wonder.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2019 | 2:14:13 PM
Ransomware
Ransomware-related events have declined 91% year over year and the number of new ransomware families in the marketplace has declines 32%, Some good news. May be we are becoming more carefull clicking the links anymore.
sgreene02101
100%
0%
sgreene02101,
User Rank: Apprentice
3/28/2019 | 4:56:38 PM
Re: Pending Review
Second the off-site backup. Datto Box (cloud) might be one place to start. We do a "fire drill" every year - stress test UPS's, Restore servers from the cloud, restore desktops, restore NAS's Kill the power to the building to insure that the on-site generator kicks in and the auto cut-over operates nominally.

Desktops are backed up concurrently with timestamped histories

Same with servers.

It all goes out to the cloud.

We're a tiny little outfit. Others should try and do at least these things. Especially larger organizations.

I hope you all land on your feed at the firm. Good luck.
California4
100%
0%
California4,
User Rank: Apprentice
3/28/2019 | 2:31:10 PM
More Definitive Security Required
Additionally, for critical industrial infrastructure we are finding success with a more effective application process and filesystem monitoring in conjunction with fileless attack protection and a full-scale memory defense.  
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/28/2019 | 9:00:48 AM
Re: Pending Review
Disaster Recovery plan.  Business continuity.  Your six points do not address this one.  After September 11, and I am a survivor of the south tower so I know something of the subject, my manager became a certified expert in this area.  It is crucial that IT departments have a plan, test it and update it every six months.  It is crucial to have offsite, rotating backup media.  It is crucial to consider that at 2:30 am working on a data center restoration is a mental nightmare.  TEST the plan ensures that staff knows what they ARE doing.  Our data tapes for Aon went offsite on September 10 and thus we had our portion of the network up FAR faster than Risk services.  They were months recovering data.  Now the destruct of a data center is AS bad as ransomware if not worse if not addressed.  So once again plans gone bad and rebuild of everything seems the only process known.  I have said this a thousand times here. HAVE A PLAN, TEST AND UPDATE. 
<<   <   Page 2 / 2


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27610
PUBLISHED: 2021-06-16
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious u...
CVE-2021-34801
PUBLISHED: 2021-06-16
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVE-2021-34803
PUBLISHED: 2021-06-16
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.
CVE-2020-8299
PUBLISHED: 2021-06-16
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-o...
CVE-2020-8300
PUBLISHED: 2021-06-16
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must b...