Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
This quarter saw threats and attacks continuing to broaden in their scope and impact. From security researchers demonstrating potential weaknesses in airplanes to attacks darkening television networks, the impact of attacks and potential attacks continue to move into the daily lives of regular people.
Microsoft has released MS15-093, an out-of-band update for all supported versions of Windows. This bulletin fixes a vulnerability in Internet Explorer (designated as CVE-2015-2502) that allowed an attacker to run arbitrary code on a user’s system if they visited a malicious site.
Earlier this year, we reported that the operators behind Pawn Storm had gone after members of the North Atlantic Treaty Organization (NATO), the White House and the German parliament. Pawn Storm’s targets have mostly been external political entities outside of Russia, but after our analysis we found that a great deal of targets can actually be found within the country’s borders.
The hackers responsible for the Ashley Madison data breach in July have made good on their threat to distribute the personal information of its users. The 9.7 gigabytes of data have been made available on the dark web.
The Pentagon has in mind a three-pronged counterattack against a decades-old form of cyber assault that continues to paralyze government and industry networks, despite its low cost of sometimes $10 a hit. Beginning next spring, military-funded researchers are scheduled to produce new tools that would quickly enable organizations to bounce back from so-called distributed denial-of-service attacks.
Trend Micro researchers discovered yet another Android mediaserver vulnerability, which can be exploited to perform attacks involving arbitrary code execution. With this new vulnerability, an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its normal routines.
Don’t laugh. Names like ‘cyber hygiene’ and ‘cyber palette’ describe some very serious concepts. There is enough new terminology about cybersecurity to be confusing even for the technically proficient. And to be honest, some of the terms sound so silly that it is hard to take them seriously until you understand what they mean.
According to the National Small Business Association’s 2014 Year-End Economic Report, cyberattacks on small businesses now cost more than $20,000. Additionally, 50 percent of all small businesses reported they have been the victim of a cyberattack.
California-based Stanford University has stepped into the arena of cryptocurrecy with its program titled “Crypto Currencies: Bitcoin and Friends (CS251)” to be launched in September 2015. This is a new course that will be taught by Dan Boneh, Professor of Computer Science at the Stanford School of Engineering will be teaching this course under Cyber Security Graduate Certificate program.
Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.