This Week in Security News

Type trendmicroblog
Reporter Jon Clay
Modified 2017-07-21T13:00:40


Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

_ _

ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer

_There’s been a new exploit kit uncovered in the wild through a malvertising campaign that has been dubbed “ProMediads.” The new exploit kit is called Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel.__ _

Millions of IoT Devices Hit by 'Devil's Ivy' Bug in Open Source Code Library

_A flaw in a widely-used code library known as gSOAP has exposed millions of IoT devices, such as security cameras, to a remote attack. Researchers discovered the Devil's Ivy flaw, a stack buffer overflow bug, while probing the remote configuration services of the M3004 dome camera from Axis Communications. _

Android Backdoor GhostCtrl Can Silently Record Your Audio, Video and More

_The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.__ _

New IBM Mainframe Encrypts All the Things

In the first major mainframe announcement by IBM in a decade, the company unveiled its next-generation Z series that supports full-blown encryption for data via applications, cloud, and databases rather than today's more common practice of pockets of crypto.

Linux Users Urged to Update as a New Threat Exploits SambaCry

A seven-year old vulnerability in Samba was patched last May but continues to be exploited. According to a security advisory, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it.

Hackers Steal $32 Million Worth of Ethereum

Ethereum has become a top target for hackers. The promising cryptocurrency that's also a platform for decentralized applications has skyrocketed in value over the last six months. But hacker attacks and theft of ether have become commonplace, and the last one is one of the worst so far.

Cyberattack on Medical Software Shows Industry Vulnerability

The computer virus, called Petya, has sent ripples through health care, among the last industries to make the switch to digital record keeping and one of the most frequently targeted by hackers, said Michael Ebert, a partner with KPMG who advises health and life-science companies on cybersecurity.

The Man Who Helped Develop Citadel Malware Receives 5 Years Imprisonment

_Vartanyan helped to develop, improve and maintain Citadel, which was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. Prosecutors estimate the malware infected about 11 million computers worldwide and caused more than $500 million in losses.__ _

Major Cloud Service Cyberattack Could Cost Global Economy $53 Billion

The understanding Insurance companies have of cyber liability is under developed compared to other insurance types which could lead to insurance companies underestimating the potential loss a cyberattack could cause on a customer.

Stop Self-Driving Cars from Becoming Cybersecurity Weapons

At Black Hat 2015, the talk of the gathering of cybersecurity experts was the remote hacking into and subsequent control of a Jeep Cherokee driving 70 mph on a public highway. At the upcoming 20__th__ annual Black Hat Conference, Billy Rios and Jonathan Butts will present “When IoT Attacks.”

Picking a Security Vendor for Your Managed Service Business Is about Business Model Alignment

_If you’re a seasoned managed service provider (MSP), you are already very familiar with the benefits of the pay-as-you-go business model. In fact, it’s most likely how you sell your services to your customers. But, have you ever stopped to consider if all your partners are aligned with your business model?__ _

Teen Girls Are Learning about Protecting the Nation at Cybersecurity Camp

_Talk to the teenage girls studying cybersecurity at New York University this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.__ _

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.