Dive Brief:
-
The U.S. Department of Homeland Security (DHS) on Thursday warned against a new security hole impacting Samba software that could potentially leave computers vulnerable to an attack similar to the WannaCry attack that occurred earlier this month, according to Reuters. DHS urged Samba users to apply a newly-developed patch.
-
The vulnerability had not yet reportedly been exploited, but it took researchers at security firm Rapid7 just 15 minutes to develop malware that made use of the vulnerability.
-
The vulnerability affects versions of Samba dating back to 2010. An estimated 100,000 computers are currently running vulnerable versions of the software, according to Rapid7.
Dive Insight:
Samba is free networking software developed for Linux and Unix computers. As was the case with the Windows 7 software vulnerability that launched WannaCry, the vulnerability has actually existed for several years, though it apparently remained undiscovered until now.
What has security experts concerned is that the vulnerability could potentially be used to create a worm like the one that allowed WannaCry to spread so fast. Fortunately, a patch is now available and users have been urged to install it.
Earlier this month, the WannaCry cyberattack reached 200,000 targets in at least 150 countries and disrupted at least 16 hospitals in England as well as large international companies including FedEx, telecom companies Telefónica of Spain and Megafon of Russia and car maker Nissan.
