Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Cerber has become one of the most notorious and popular ransomware families in 2016. It has used a wide variety of tactics including leveraging cloud platforms and Windows Scripting and adding non-ransomware behavior such as distributed denial-of-service attacks to its arsenal. One reason for this popularity may be because it is frequently bought and sold as a service.
Trend Micro published our mid-year security roundup report where we covered the biggest threat stories and trends we observed in the first half of 2016. Not surprising if you’ve been following the threat landscape that ransomware was by far the biggest story, with many organizations around the world in the news affected by this threat.
The Locky ransomware family has emerged as one of the most prominent ransomware families to date, being sold in the Brazilian underground and spreading via various exploits. Locky has, over time, become known for using a wide variety of tactics to spread–including macros, VBScript, WSF files, and now, DLLs. Recently we encountered a new Locky variant that used old tactics on the surface, but with some key technical changes.
Apple has released a patch for a trio of zero-day exploits that were used to target the iPhone 6 of UAE-based human rights activist Ahmed Mansoor. According to security reports, a text message was sent to Mansoor, baiting him with secrets about detainees being mistreated in UAE jails and urging him to click an included link. Mansoor contacted watchdog group Citizen Lab, who in turn confirmed that it was an attempted cyberattack.
Popular cloud storage firm Dropbox has been hacked, with over 68m users’ email addresses and passwords dumped onto the internet. The attack took place during 2012. At the time Dropbox reported a collection of users’ email addresses had been stolen. It did not report that passwords had been stolen as well.
The FBI warned local election officials across the U.S. to ramp up cybersecurity measures after uncovering evidence that hackers breached two state election networks, Yahoo News reported Monday. The FBI Cyber Division issued an alert earlier this month, titled “Targeting Activity Against State Board of Election Systems,” which was restricted for “need to know recipients.”
Concerns raised by the release of a report last week highlighting supposed security vulnerabilities affecting pacemakers, defibrillators and other medical devices have prompted attorneys to pursue a class-action lawsuit against their manufacturer, St. Jude Medical. Lawyers for defibrillator patient Clinton W. Ross Jr. filed the class-action complaint Friday in Los Angeles federal court.
Illinois State Board of Elections officials said Monday they believe personal information from fewer than 200,000 voters were hacked through a cyberattack of possible foreign origin that began in June and was halted a month later. The general counsel for the elections board said no files of registered voters were erased or modified and that no voting history information or voter signature images were captured.
National cybersecurity agencies of India and the United Kingdom signed a Memorandum of Understanding today for close cooperation to counter cyberattacks faced by both countries. The Memorandum intends to promote exchange of knowledge and experience in detection, resolution and prevention of security related incidents.
A recent report from Cisco reported there was a global skills shortage of more than one million people, as governments and corporations belatedly address the seemingly ubiquitous dangers of cybercrime. Moreover, there are 209,000 U.S. cybersecurity jobs without candidates and jobs are up 74% over the past five years.
Techies are leaving the military for more lucrative opportunities in the private sector, which will leave 2 million cybersecurity jobs unfulfilled by 2019. To help battle the military brain drain, Webster University is expanding its cybersecurity degree programs. University president Beth Stroble says despite the numerous job openings, there is interest the field. The growth from when we first launched is 145 %.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.