Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
There’s been a new exploit kit uncovered in the wild through a malvertising campaign that has been dubbed “ProMediads.” The new exploit kit is called Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel.
A flaw in a widely-used code library known as gSOAP has exposed millions of IoT devices, such as security cameras, to a remote attack. Researchers discovered the Devil’s Ivy flaw, a stack buffer overflow bug, while probing the remote configuration services of the M3004 dome camera from Axis Communications.
The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.
In the first major mainframe announcement by IBM in a decade, the company unveiled its next-generation Z series that supports full-blown encryption for data via applications, cloud, and databases rather than today’s more common practice of pockets of crypto.
A seven-year old vulnerability in Samba was patched last May but continues to be exploited. According to a security advisory, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it.
Ethereum has become a top target for hackers. The promising cryptocurrency that’s also a platform for decentralized applications has skyrocketed in value over the last six months. But hacker attacks and theft of ether have become commonplace, and the last one is one of the worst so far.
The computer virus, called Petya, has sent ripples through health care, among the last industries to make the switch to digital record keeping and one of the most frequently targeted by hackers, said Michael Ebert, a partner with KPMG who advises health and life-science companies on cybersecurity.
Vartanyan helped to develop, improve and maintain Citadel, which was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. Prosecutors estimate the malware infected about 11 million computers worldwide and caused more than $500 million in losses.
The understanding Insurance companies have of cyber liability is under developed compared to other insurance types which could lead to insurance companies underestimating the potential loss a cyberattack could cause on a customer.
At Black Hat 2015, the talk of the gathering of cybersecurity experts was the remote hacking into and subsequent control of a Jeep Cherokee driving 70 mph on a public highway. At the upcoming 20th annual Black Hat Conference, Billy Rios and Jonathan Butts will present “When IoT Attacks.”
If you’re a seasoned managed service provider (MSP), you are already very familiar with the benefits of the pay-as-you-go business model. In fact, it’s most likely how you sell your services to your customers. But, have you ever stopped to consider if all your partners are aligned with your business model?
Talk to the teenage girls studying cybersecurity at New York University this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.