Posts

SambaCry, the Seven Year Old Samba Vulnerability, is the Next Big Threat (for now)

The Samba team released a patch on May 24 for a critical remote code execution vulnerability in Samba, the most popular file sharing service for all Linux systems. Samba is commonly included as a basic system service on other Unix-based operating systems as well.
This vulnerability, indexed CVE-2017-7494, enables a malicious attacker with valid write access to a file share to upload and execute an arbitrary binary file which will run with Samba permissions.

Musing on Ransomware and Other Sophisticated Attacks

Everyone has something to write about ransomware. One can not open a mobile device or a news site without getting notification about some new ransomware-related content.  There’s a good reason: The recent events, media attention and to a certain degree, the public’s panic around the WannaCry ransomware attack are driving a lot of interest and even increase the […]

Ransomware Attacks Targeted Hundreds of MySQL Databases

Hundreds of MySQL databases were hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks” in January, there were tens of thousands of MongoDB installs erased and replaced with ransom demands. In the new attacks, targeted MySQL databases are erased and replaced with a ransom demand for 0.2 bitcoin, which is currently equal to about $234.

0.2 BTC Strikes Back, Now Attacking MySQL Databases

Last week we first tweeted that the GuardiCore Global Sensor Network (GGSN) has detected a wide ransomware attack targeting MySQL databases. The attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers. Similarly to the MongoDB attacks, owners are instructed to pay a 0.2 Bitcoin ransom (approx. $200) to regain access to their content. We saw two very similar variations of the attack using two bitcoin wallets. In this post we will describe in detail the attack flow and provide some recommendations on how to protect your databases from similar attacks along with attack IoCs. Read more

GuardiCore Expands Threat Detection and Response Capabilities to Cover More Attack Types Aimed at Data Centers and Clouds

Adds Reputation Services, Ransomware Mitigation and Intuitive Segmentation Policy Creation to Award-Winning GuardiCore Centra™ Security Platform

San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in data center and cloud security, today announced it has expanded the threat detection capabilities of its Centra Security Platform to now include reputation analysis and ransomware mitigation, enabling its customers to more quickly detect active breaches, including ransomware attacks and dormant or hidden threats lurking in modern data centers and clouds.

Read more

Four Good Reasons to Visit GuardiCore at RSA Conference 2017

GuardiCore is changing the way organizations secure their internal data centers and clouds, with cutting edge technology that helps our customers rapidly detect and respond to active breaches. We would love the opportunity to show you how. Yes, we know everyone at RSA is busy. An overwhelming number of vendors. Too many meetings. Late night after-hour parties. But while you are there, we encourage you to take 15 minutes to visit us in booth #N4321. Here are four good reasons why.

Read more

Advanced Data Centre Security the Key for Under Fire Transport Sector

Cyber attacks against the transport sector are nothing new. Those of you with long memories will recall how the SoBig virus caused major disruption to the US rail network all the way back in 2003. But the sheer breadth and persistence of threats facing the industry today is largely unprecedented. Just recently San Francisco’s “Muni” transport agency was on the receiving end of a ransomware infection which  caused Muni to take its payment systems offline for two days, allowing Muni riders to travel for free, costing the transportation system a few days of lost revenue.

It’s yet another reminder that when it comes to transportation, attacks on the data centre must be detected and remediated as quickly as possible to minimise their impact.

Read more

Centra Celebration

East West traffic at a glance

East West traffic at a glance

The first week of July provides a great opportunity to celebrate.

At GuardiCore we like to celebrate, especially with new releases and product achievements. Several weeks ago we started deploying the latest version of our flagship product Centra, with first controlled upgrades taking place for our SaaS customers. The new Centra 2.0 release 16 is loaded with great and many enhancements, including important Reveal features. For those of you who were unable to review the upgrade or read the entire release notes, here’s a very short list:

We introduced major enhancements to Reveal to better handle large data center scale flow analysis and advanced queries (check this cool video here).

Reveal now includes numerous new filtering methods to allow you to quickly get to what matters most: Detect applications, find anomalies or make sure that only allowed connections are made between servers. Reveal data center process level flows can be filtered by applications, asset names, port numbers, ESX folders, inbound and outbound Internet connections, user-defined labels and more.

Read more

Bait, Wait, Beat Ransomware

Attackers will always find a way to penetrate your perimeter defenses. If you are ‘lucky’ they will only steal the organization’s compute resources. In other cases, they will cause real damage, fast. Ransomware is becoming a big issue for too many organizations.

We’ve lately been approached by many of our users, asking how they can leverage the Centra security platform to fight ransomware. In this post we will talk about how our deception technology helps contain ransomware and minimize the inflicted damage.

Ransomware is dynamic in nature and changes frequently, making traditional security tools ineffective. Signature based solutions simply can’t keep track while more sophisticated heuristics based solutions can often be detected by the malware and evaded.

Read more