Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
WannaCry ransomware’s outbreak during the weekend was mitigated by having its kill switch domain registered. It was only a matter of time, however, for other cybercriminals to follow suit. Case in point: the emergence of UIWIX ransomware (detected by Trend Micro as RANSOM_UIWIX.A) and one notable Trojan our sensors detected.
Security experts are urging Apple users to get patching after the firm released seven updates addressing 66 vulnerabilities in iOS, macOS and other products. Apple famously doesn’t say if any of the bugs it is fixing are being actively exploited in the wild, but “the consequences of not applying these updates could prove costly in the months to come,” according to TippingPoint’s Zero Day Initiative (ZDI), which found a third of the software flaws.
The Hong Kong Securities and Futures Commission’s recent proposals on mitigating hacking risks in the securities industry are aimed at an upswing in cybersecurity incidents in internet trading systems in Hong Kong, technology attorneys told Bloomberg BNA.
Hackers claim to have stolen a Disney movie for a ransom – but the company is refusing to give in, according to CEO Bob Iger. Iger made the comments to ABC employees during a company meeting in New York, according to The Hollywood Reporter. The hackers told the company they will release the first five minutes of the movie and then in 20-minute segments if the media company does not pay the fee via bitcoin.
One of the harshest cybersecurity regulations to hit companies in the US recently went into effect in New York. The state regulator, the New York Department of Financial Services, introduced its Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500), a regulation designed to tighten cybersecurity practices across a wide selection of companies, which became effective on March 1, 2017.
An 11-year-old “cyber ninja” has stunned an audience of security experts by hacking into their Bluetooth devices to manipulate a robotic teddy bear, showing in the process how interconnected smart toys “can be weaponised”. Reuben Paul, who is in sixth grade at school in Austin, Texas, and his teddy bear Bob wowed hundreds at a cyber-security conference in the Netherlands.
The UK government believes collaboration between the public and private sectors is critical to success in cybersecurity. Governments can lead the way, but they cannot deal with cyber threats alone, according to Mark Sayers, deputy director, cyber and government security directive, at the Home Office.
The U.S. Department of Health and Human Services, taking a cue from Congress, has begun developing principles and best practices for cybersecurity in health care, officials said Tuesday.
“We had an information day … and we are kicking off next week,” said Julie Anne Chua, from the office of the department’s chief information officer.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.