back to article Merck's $310m NotPetya bill, stolen RDP logins selling for $10 a pop, bug patches, and more

While the security world has been in full Holy Grail mode with BadRabbit, plenty of other stuff has been going on this week. Here's a roundup of everything else you need to know on top of what we've already reported. On the vulnerability front, it was something of a quiet week. Google updated Chrome with a new build (62.0.3202 …

  1. Anonymous Coward
    Anonymous Coward

    And the next time the US trys to blame another country for hacking...

    Remember this...

    "Ultimate Anonymity Services had 35,000 RDP-accessible account usernames and passwords for sale at around $10 a pop, claiming they had been obtained by bruteforce from otherwise legit systems. While these servers were predominantly located in China, Brazil and India, access to more than 300 US-based boxes was also up for grabs."

  2. Amos1

    Don't worry. NIST has them covered. There's no need to regularly change passwords unless you know they've been compromised and those clueless* companies not only did not have low lockout thresholds set or they could not have been brute-force, I'm fairly certain they do not know they've been compromised. Those accounts will be valid for a long time.

    "The opposite of secure is not insecure. The opposite of secure is convenient."

    *The very definition of clueless on the Internet is exposing administration services directly to the entire world.

  3. Anonymous Coward
    Anonymous Coward

    The best action for Kaspersky?

    The best thing for Kaspersky is to keep doing what it is doing. As a non-US resident, I appreciate its ability to expose NSA spyware, which IMHO the whole reason behind their attempts to blackball the company.

    I actually just got an idea. I must call them on Monday..

    1. Throatwobbler Mangrove Silver badge

      Re: The best action for Kaspersky?

      No need to call them, they already know...

    2. JCitizen
      Coffee/keyboard

      Re: The best action for Kaspersky?

      Personally I trust Emisoft before I'd trust Kaspersky - their anti-malware can find even the hidden DRM spies in your PC. Also I like the fact that Emisoft flipped the bird at the German government for asking(demanding) for a back door to their code. Plus they probably have the best darn software firewall ever with Online Armor. I'm an not a shill for Emisoft and I do not sell anybody's stuff any where.

  4. Doctor Syntax Silver badge

    The Merck paragraph misses out in this aspect: https://securityledger.com/2017/10/notpetya-infection-left-merck-short-key-vaccine-gardasil/

    It's more then business's accounts that are affected.

    1. Anonymous Coward
      Anonymous Coward

      It's more than business' accounts that are affected.

      That said, I note with interest that it has been elegantly used in a number of places to explain less that stellar business performance. It seems the boards are paying attention to "cyber"security, just not quite in the way intended :(.

  5. EJ
    Pint

    I'm 100% about this statement: " the effect would cause a 10 per cent in software sales"

  6. sloshnmosh

    And the next time the US trys to blame another country for hacking... Remember this...

    ...Or THIS: https://freedomhacker.net/vault-7-marble-framework-cia-evaded-forensics-5361/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022