WannaCry and IoT: Vendors react
Written by net-security.org   
Wednesday, 17 May 2017 10:28

Among the organizations most gravely affected by the WannaCry ransomware[1] was the UK National Health Service.

According to The Sunday Times[2], 48 NHS organisations were hit, including about 30 hospital trusts, and as many as many as 70,000 NHS devices including computers, magnetic resonance imaging (MRI) scanners, blood-storage fridges, and theatre equipment may have been affected.

WannaCry IoT

This situation perfectly shows how, along with the security of “traditional” computers, we must also think and do more about the security of so-called Internet of Things (IoT) devices. If that wasn’t clear after the Mirai-fueled DDoS attack on Dyn[3], it’s definitely clear now.

“IoT is facing more and more vulnerabilities as new devices are introduced,” says Xu Zou, CEO of IoT security solution provider ZingBox.

“We’ve found that approximately 11% of all medical devices are Windows-based devices. Upon further examination, almost all of them (99.8%) are based on legacy OS susceptible to WannaCry. This emphasizes our understanding that current recommendations of downloading the latest patch from Microsoft does not always apply to Internet of Things (IoT) devices.”

In the wake of the attack, ICS-CERT has also noted that some ICS and medical device vendors have reported that they support products that use Microsoft Windows and have proactively issued customer notifications with recommendations and patches for users.

These include Rockwell Automation, Schneider Electric, Siemens, ABB, and Becton, Dickinson and Company. The ICS-CERT[4] alert includes links to those notifications.

Some devices can’t be updated

Finally, and unfortunately, some devices can’t get patched, and in this day and age such a thing is (or should be) unacceptable.

The good news is that the WannaCry epidemic spurred some vendors to do something about that particular problem.

For example, Cisco has announced[5] on Monday that its Product Security Incident Response Team (PSIRT) has started a review of the companies’ products, aimed at identifying which of them do not support automated or manual updates of Microsoft patches.

The effort will likely take a while, but a final list should help users to decide if they want to implement mitigations but continue using these products and risk compromise, or switch to a product that can be patched.

In the meantime, the company provided several Snort rules and a Cisco IPS signature pack to cover the WannaCry ransomware attack.


  1. ^ WannaCry ransomware (www.helpnetsecurity.com)
  2. ^ The Sunday Times (www.thetimes.co.uk)
  3. ^ Mirai-fueled DDoS attack on Dyn (www.helpnetsecurity.com)
  4. ^ ICS-CERT (ics-cert.us-cert.gov)
  5. ^ announced (tools.cisco.com)
Joomla! Releases Security Update for CMS
Written by us-cert.gov   
Wednesday, 17 May 2017 09:48
[unable to retrieve full-text content]Original release date: May 17, 2017

Joomla! has released version 3.7.1 of its Content Management System (CMS) software to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the Joomla! Security Release and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

<< Start < Prev 11 12 13 14 15 16 17 18 19 20 Next > End >>

Page 19 of 20