Naked Security Naked Security

News in brief: WannaCry knocks out Honda plant; Skype hit by global outage; NSA shares tools on GitHub

Your daily round-up of some of the other stories in the news

Your daily round-up of some of the other stories in the news

WannaCry knocks out Honda plant

WannaCry, the ransomware attack that ricocheted around the world in May, raised its ugly head again earlier this week, causing Honda to halt production at its Sayama plant north of Tokyo.

Honda said that it had taken steps to secure its network back in May when the worm first hit. However, Microsoft has now moved to patch not only the current versions of Windows but also the older versions that are officially out of support time, so it’s somewhat surprising that any organisation is still vulnerable.

And as Honda’s experience shows, it’s not a theoretical threat – ransomware like WannaCry can hit you where it really hurts: in the wallet. The Sayama plant turns out about 1,000 vehicles a day, said Reuters.

Hacker group claims responsibility for Skype outage

Skype, Microsoft’s IM app used by consumers and businesses around the world, has been recovering from an outage that began on Monday. A hacking group calling itself CyberTeam claimed responsibility for the outage, with some observers speculating that Skype had been the victim of a DDoS attack.

Microsoft confirmed that Skype was suffering from issues on its blog on Monday, saying “we are aware of an incident where users will either lose connectivity to the application or may be unable to send or receive messages”, while its Twitter support account confirmed that the outage was a “global incident”. However, DownDetector’s heatmap showed that most of the issues were focused on the UK and Europe.

There’s no confirmation that the group claiming responsibility was actually behind the attack, of course, but in a tweet, the group said next in its sights is Steam, the game distribution platform.

NSA posts tools on GitHub

We’re all more familiar with the NSA’s software than we might want to be, thanks to the WannaCry outbreak in May that built on EternalBlue, a tool developed by the NSA as part of its armoury of weaponised exploits and unleashed on the world via the Shadow Brokers’ dump.

Now the Shadow Brokers – and anyone else interested in the tools the NSA has developed – can go to the agency’s newly created GitHub page, where it’s sharing some of its open-source tools. These include one to identify prohibited or unexpected security certificates on Windows machines, a portable VPN built with Linux and a Raspberry Pi, and an architecture for processing streaming sources.

The GitHub page is part of the agency’s slow move to being more open: it joined Twitter in 2013 – the same year its former employee Edward Snowden revealed the documents he’d stolen from them – and now boasts nearly 357,000 followers.

The aim of joining GitHub is to “work with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace”, says the agency.

Catch up with all of today’s stories on Naked Security