2017 Newsletter: 32/69 — PreviousNext — (Attach.)

Sydney Harbour
WEEKLY NEWSLETTER 22 - 27 MAY 2017

Hello and Welcome,

SIG Presentations

See attached four-page PDF file (579 KB) from Tim Kelly's presentation at the Tuesday Forum of 16th May.

Meetings for This Week:

Main Meeting - Tuesday 23rd May - 5:30 am - 8:00 pm

Note, our new Meetup page.

May Main Meeting - special guest: Armourcard + Q&A, raffle, news & plenty more!

In May, we'll hear from the Australian founder of Armourcard, the maker of a credit card-sized device that protects your RFID devices such as credit cards, debit cards, passports and more from snooping and information theft.

ArmourCard have developed a new device to protect the NFC chips in your smartphones and tablets, and we'll get a special presentation on this new technology.

We'll also have our regular segments including general business, consumer reports, latest tech news, interesting web sites, Q&A (where your tech questions are answered), our monthly raffle to win interesting tech prizes and more!

We're the Sydney PC & Technology User Group, and we've been around since 1984, with members helping members and plenty of amazing meetings where we've learned about incredible technologies.

The website is www.sydneypc.com where you can see write-ups of previous meetings, attended by a range of top tech companies you'll easily recognise.

If you want to learn about new technologies, about PCs, Macs, iPhones, iPads, Androids, gadgets, websites, tech news and more, then please come along to our next main meeting!

Cheers

Alex

Digital Photography - Friday 26th May - 9:30 am - 12 noon

David Wastie will be showing how to edit movies at the Digital Photography SIG, Friday 26th May.

He will bring all his own gear and as well as editing, show you some of the tricks that are used in the films.

See you there,

David

Meetings Next Week:

Penrith Group - Saturday 3rd June - 2:00 pm - 5.00 pm

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ASCCA News:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Tech Tips:

What you need to know about the WannaCry Ransomware

The WannaCry ransomware struck across the globe in May 2017. Learn how this ransomware attack spread and how to protect your network from similar attacks.

By: Symantec Security Response

Created 15 May 2017

UPDATE: May 15, 2017 23:24:21 GMT:

Symantec has uncovered two possible links that loosely tie the WannaCry ransomware attack and the Lazarus group:

  • Co-occurrence of known Lazarus tools and WannaCry ransomware: Symantec identified the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry. These earlier variants of WannaCry did not have the ability to spread via SMB. The Lazarus tools could potentially have been used as a method of propagating WannaCry, but this is unconfirmed.

  • Shared code: As tweeted by Google's Neel Mehta, there is some shared code between known Lazarus tools and the WannaCry ransomware. Symantec has determined that this shared code is a form of SSL. This SSL implementation uses a specific sequence of 75 ciphers which to date have only been seen across Lazarus tools (including Contopee and Brambul) and WannaCry variants.

While these findings do not indicate a definite link between Lazarus and WannaCry, we believe that there are sufficient connections to warrant further investigation. We will continue to share further details of our research as it unfolds.

A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization's network by exploiting a critical vulnerability in Windows computers, which was patched by Microsoft in March 2017 (MS17-010). The exploit, known as "Eternal Blue," was released online in April in the latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it had stolen the data from the Equation cyber espionage group.

Read the full article online.

The Symantec Blog

[Ed:] The ransomware is using a known, publicly disclosed exploit in SMBv1 (Server Message Block Version 1). It is an application level protocol used for sharing files and printers in a networked environment.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless specifically stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE newsletter — SubscribeUn-subscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Changing your e-mail address? Please e-mail your new address to — newsletter@sydneypc.com
DISCLAIMER: This Newsletter is provided "As Is" without warranty of any kind.
Each user or reader of this Newsletter assumes complete risk as to the accuracy and subsequent use of its contents.