Hackers reportedly used a tool developed by the NSA to attack Baltimore’s computer systems

Since May 7th, the Baltimore’s city government has been dealing with a ransomware attack that has shut down everything from its email to the systems that allow residents to pay water bills, purchase homes, and other services. According to a report in The New York Times, the tool that has crippled the city is a National Security Agency creation called EternalBlue, which has been used in other high-profile cyberattacks.

According to security experts, hackers used EternalBlue, which exploits a vulnerability in certain versions of Microsoft’s Windows XP and Vista systems, allowing an external party to execute remote commands on their target. The tool was leaked by hacking group The ShadowBrokers in April 2017, and within a day, Microsoft had released a patch to fix the exploit. But patching a system doesn’t mean that those vulnerabilities are entirely closed: users must first apply the patch. Hackers using EternalBlue have since been responsible for several major cyberattacks, including Wannacry in May 2017, and the NotPetya attacks against Ukranian banks and infrastructure in June 2017.

Global co-operation on cyber security is long overdue

Security researchers recently revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers. This happened through the manipulation of domain name system (DNS) infrastructure. And it followed a US Department of Homeland Security alert disclosing a global campaign, subsequently linked to Iran, to redirect internet traffic and steal sensitive information also by compromising DNS infrastructure.

The DNS is an attractive target because it serves as a global address book, translating internet names we know into IP addresses that computers can recognise. The infrastructure supporting DNS is maintained by a number of core companies that administer internet domains, register new domain names, and host DNS “lookup” services which convert those domain names into IP addresses.

‘Unhackable’ Biometric USB Offers Up Passwords in Plain Text

A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive.

A USB stick dubbed eyeDisk that uses iris recognition to unlock the drive claims to be “unhackable” – only, it isn’t. In fact, a simple Wireshark analysis revealed the device’s password – in plain text.