Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Google announced that high-level researchers discovered a serious glibc security vulnerability that opens up Linux servers and other platforms using the GNU C Library to remote code executions. The security flaw (CVE-2015-7547) impacts any platforms leveraging glibc 2.9 or later versions.
Creating a backdoor to the iPhone for the federal government to access encrypted data would create “chilling” implications that could undermine the privacy of all users, according to Apple CEO Tim Cook. In a letter posted online on Tuesday night, Cook responded to a federal order asking for Apple to help the FBI crack into an iPhone belonging to Syed Farook, one of the San Bernardino, California, attackers.
By now, ransomware isn’t anything new – these attacks have been capturing headlines for several years, particularly when high-profile targets including enterprises or law enforcement agencies are victims. However, a ransomware infection poses a unique set of challenges when it takes place within the health care sector.
While takedowns and/or arrests slow down or severely damage cybercriminal operations, they could also pave the way for other threat actors to up their ante when it comes to their nefarious activities and “battle” it out to fill the void left by those who said operations were hampered. This must be the case with QAKBOT, a multi-component, information-stealing threat that has been active since 2007.
According to reports, cybercriminals are stealing user details like Netflix passwords and bank credentials via phishing campaigns and a Trojan malware—potentially for sale on the Deep Web. In this scheme, the Netflix user is tricked into clicking on a malicious link found in an email or a website which leads them to fake login page of the service.
The cyberespionage group Pawn Storm has been using Fysbis malware as a backdoor that allows the group to infect Linux systems. Pawn Storm’s use of Fysbis malware was noted by researchers last April. Our researchers detected a phishing campaign that attempted to install Fysbis onto the systems by sending targets emails with malicious links to webpages that appeared to be legitimate news websites.
President Obama’s budget plan would invest $19 billion in cybersecurity through his Cybersecurity National Action Plan. The plan focuses on modernizing existing systems, developing a cyber workforce, public-private partnerships, and increasing public awareness of cybercriminal activities.
A recent survey of 1,000 business executives by consulting company NTT Com Security said that the only half of the polled respondents had a formal plan in place to protect their data and networks in case of an attack. Additionally, a quarter of these executives “are certain that their company will suffer a security breach in the future,” the report stated.
Barbie is moving into her very own connected smart home in 2016, but with Internet-capable features like voice command, is this toy able to listen in on kids’ conversations and home activities? Following last year’s release of Hello Barbie, a Wi-Fi-enabled version of the doll that relies on the Internet for its Siri-like functions, Mattel, Inc. is completing the connected experience with the Barbie Hello Dream House.
The mobile chat app of choice for 40% of US teenagers (according to the company) contains an entire version of the internet inside its virtual borders, but like those pesky high-frequency ringtones, Kik is largely inscrutable to people born before the turn of the millennium.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.