Slashdot Mirror
One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (bleepingcomputer.com)
An anonymous reader quotes a report from Bleeping Computer: Exactly one year after the biggest cyber-security incident in history, the exploit at the heart of the WannaCry attack is now more popular than ever, according to telemetry data gathered by Slovak antivirus vendor ESET. Named EternalBlue, the exploit was supposedly developed by the cyber division of the U.S. National Security Agency. EternalBlue was part of a large cache of tools that a hacker group known as The Shadow Brokers stole from NSA servers in 2016 and then leaked online from August 2016 to April 2017. Many suspect the NSA might have notified Microsoft of what the Shadow Brokers stole, because in March 2017, a month before EternalBlue was released, Microsoft released MS17-010, a security bulletin containing patches for the many SMB-targeting exploits included in the Shadow Broker leak.
Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.
Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.
Almost a year after WannaCry and there's still over a million SMB servers without auth exposed to the world. At least it looks like "only" 66k of them are running Windows
Samba is still using SMB v1 by default on many configurations for legacy purpose.
I'll switch to Linux as soon as SolidWorks and Altium release builds. At least AutoCAD has a version for OSX but they didn't do that until recently.
Technically, Altium already has...
https://www.altium.com/solution/linux-pcb-design-software
Maybe not the product you were wishing for, though?
Microsoft doesn't. It's blocked by default. SMBv1 is also disabled by default and has been for quite a while. Unfortunately there are just as many idiots in the Linux admin world as there are in the Windows world, and the vast majority of these are nothing to do with Windows.
The summary tweet in TFA:
"Almost a year after WannaCry and there's still over a million SMB servers without auth exposed to the world. At least it looks like "only" 66k of them are running Windows"