Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options.
A new Locky Ransomware variant was released that now uses the .asasin extension for encrypted files. It is important to note that if you are infected with this ransomware, you are not infected with the Asasin Ransomware. You are instead infected by Locky, which is using the .asasin extension.
It’s been just over a month since Equifax went public with news of a massive server breach. Now, a security researcher has spotted an ad campaign spreading malware from the company’s website. The malicious ads were designed to trick Equifax visitors into installing a fake Adobe Flash update.
The global cybercriminal underground economy varies by region. The release of Trend Micro’s report “Digital Souks: A glimpse into the Middle Eastern and North African underground” marks the 12th in its Cybercriminal Underground Economy Series (CUES).
Last week two Republican lawmakers introduced new legislation – the Internet of Medical Things Resilience Partnership Act – looking to lay out a cybersecurity framework which protects sensitive healthcare information from cyberattacks.
The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals.
Microsoft’s Patch Tuesday for October addresses 62 vulnerabilities, 27 of which are critical and 35 important in terms of severity; many of these flaws can lead to remote code execution (RCE). Of note is Microsoft’s fix for CVE-2017-11826, a memory corruption vulnerability in Microsoft Office.
The total value of ransomware sales on dark web market places has rocketed from $250,000 to over $6m in just a year, as demand for the file-encrypting malware grows. While small-time scammers do want a piece of the ransomware pie, much of the marketplace is controlled by specialized, organized gangs.
Bitcoin set a fresh record above $5,200 as investors bet on China easing trading restrictions and reacted to a prominent hedge fund manager predicting the price of the virtual currency could rise to $10,000 within a year.
What can individual users do to preserve cybersecurity at work? Effective workplace security does not happen by accident. It requires oversight, guidance and policies. Without the right level of awareness, the right culture, and the right processes to reinforce that culture, no level of investment will succeed.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.