Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.

As we approach the first anniversary of the ShadowBrokers, their true identity and source of their stolen NSA exploits remains a mystery.

Data collected from the freely available scanner called EternalBlues shows that tens of thousands of computers remain vulnerable to the SMBv1 vulnerability that spawned WannaCry and ExPetr.

Researchers at Kaspersky Lab have discovered an error in the ExPetr ransomware code that prevents recovery of lost data.

The SMBv1 file-sharing protocol abused by the NSA’s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3.

Kaspersky Lab said it has seen some of the first exploits targeting a patched Samba vulnerability, and those are being used to mine Monero cryptocurrency.

Now that researchers have built a port of EternalBlue to Windows 10, they’ve probably only now caught up to what the NSA has had for a long while.

Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack.

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

Pandemic is a Windows implant built by the CIA that turns file servers into Patient Zero on a local network, infecting machines requesting files with Trojanized replacements.