Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
The newest surge in ransomware is drawing concern for its ability to encrypt entire hard drives. HDDCryptor, or Mamba, targets network resources such as folders, drives, files, serial ports and printers and then locks down the drive.
Point of Sale malware, designed to lift bank card details (and other information too) from payment terminals around the world, continues to evolve and to propagate. In February of this year our researchers noted the evolution several malware families.
With the recent announcement of more than 500 million accounts impacted by a security breach, many Yahoo users have been changing their passwords. After all, that’s the official guidance. However, as ZDI’s Simon Zuckerbraun points out, a new password isn’t enough.
As early as March 2016, we noticed that Encryptor RaaS’s developer exerted great effort to make it ‘fully undetectable.’ This included signing the ransomware with valid certificates, as well as frequently using counter-AV services and crypters. Four months after, however, the service abruptly closed up shop.
Pagers are still in use today, especially in healthcare. But while it can make sense to still use pagers in healthcare, it is still an older technology. And as is so often the case with older technologies, it can lack the appropriate countermeasures to keep it safe in today’s threat environment.
Last week, French cloud computing company OVH was hit with Distributed Denial of Service attacks that exceeded one terabit per second, the Hacker News reported, which it notes is the “largest DDoS attack ever reported.” The founder of the company, Octave Klaba, tweeted a screenshot of the two simultaneous DDoS attacks, revealing multiple attacks surpassing 100 gigabits per second and one alone hitting 799 gigabits per second.
Credit card accounts probably won’t be affected. But “probably” is not “certainly.” If you tend to reuse passwords across multiple sites, now’s the time to stop, and to change those passwords. And Yahoo is still encouraging people to check their credit reports.
Software house Jive has reset customers’ passwords after the company discovered a data breach. The company said in a notification letter to the state’s attorney general on Friday — released this week — that some email addresses and passwords had been accessed by an outsider.
Yahoo is facing lawsuits from people who fear their accounts have been hacked and claim the company was “grossly negligent,” putting their financial and personal data at risk. Two lawsuits, both filed in California, also allege that Yahoo did not adequately disclose the breach that exposed private information of at least 500 million users.
From smart thermostats to smart door locks, the so-called “internet of things” promises convenience. But security researchers warn that “smart” devices could also be used as cyberweapons. That was illustrated recently when an army of hacked consumer electronics was used in a high-profile cyberattack.
Daniel Kelley, 19, appeared at Westminster magistrates court on Tuesday accused of demanding 465 bitcoins, worth about £216,000, from the company after allegedly carrying out a cyber-attack on its website in October last year.
It was the busiest Microsoft conference yet for us. There was so much buzz around hybrid cloud at the moment, it was the perfect opportunity to show current and prospective customers exactly how our flagship Deep Security platform can help unify security across their multiple platforms.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.