Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new Internet of Things malware that’s bricked thousands of devices. Also, read about a ransomware family that’s using malvertising to direct victims to a RIG exploit kit.
After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit, which has been spotted targeting global victims after primarily operating in Asia.
A new Internet of Things malware called Silex only operated for about a day, though it has already managed to quickly spread and wipe devices’ firmware, bricking thousands of IoT devices.
Steven Schmidt’s keynote address at AWS re:Inforce touched on the current state of cloud security, building a security culture, tactical security tips and a road map of where the industry and technology are headed.
Mark Nunnikhoven gives key predictions and insights into trends at AWS re:Inforce, security in the top three major public cloud providers and the evolution of the cloud industry as a whole.
Dell released a security advisory that implored customers to update the vulnerable SupportAssist application in both business and home machines. The privilege escalation vulnerability can give hackers access to sensitive information and control over millions of Dell computers running Windows.
According to the Q1 2019 report from the Anti-Phishing Working Group (APWG), the Hypertext Transfer Protocol Secure (HTTPS) protocol tactic has been on the rise in phishing attacks, now used in 58% of phishing websites.
A 10-month review of 10 years of inspector general reports revealed that several Federal agencies responsible for safeguarding millions of Americans’ security, public safety and personal data have failed to apply even basic defenses to cyberattacks.
Kubernetes announced the discovery of a high-severity vulnerability that, if exploited, could lead to a directory traversal that allows an attacker to use a malicious container to create or replace files in a user’s workstation.
Many manufacturing factories and energy plants have hundreds of IIoT devices that help streamline operations, but those facilities now also have to defend against new threats that take advantage of attack vectors and weaknesses in the technology.
Facebook has failed in its attempt to prevent a lawsuit over a data breach impacting close to 30 million users from going to trial. A federal appeals court in San Francisco rejected the social media giant’s request to dismiss the court case out of hand.
Attackers behind a ransomware family called Sodinokibi have used a variety of delivery vectors since April: malicious spam, vulnerable servers, managed server providers (MSPs) and now malvertising. The malicious advertisements were on the PopCash ad network, and certain conditions would redirect users to the RIG exploit kit.
Trend Micro discovered and disclosed a double free vulnerability in macOS that, if successfully exploited, can allow an attacker to implement privilege escalation and execute malicious code on the system with root privileges.
Trend Micro took a closer look at Oracle’s recent vulnerability CVE-2019-2729 to see how this class of vulnerability has been remediated — particularly via blacklisting or whitelisting — and why it has become a recurring security issue.
The personal data of roughly 95,000 Delawareans may have been compromised in a nine-year security breach at Dominion National, a large vision and dental insurer, according to Delaware’s Department of Insurance.
Do you feel that the IoT devices in your home are well-protected against cyberattacks? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.