Risk Radar Free Cyber Newsletter – Apr 11, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Researchers Warn of New Microsoft Zero-Day
There is a zero-day exploit in Microsoft Word since January 2017, this exploit has been found in the wild. It is expected that this zero-day will be patched in the April patch Tuesday. Users are encouraged to be cautious opening word files. You can turn on Office Protected View, which seems to block this attack.
Schneider ignores researchers’ warnings about hard-coded passwords
Schneider Electric is making SCADA equipment with hard-coded passwords. This goes against recent security researcher recommendations.  Schneider Electric is aware of this issue and are looking into it. These are the type of security issues that SCADA and IoT device makers are working through.

Germany Considers First-Strike Cyber-Attacks
The German government is considering allowing its cyber-forces to initiate first strike attacks on foreign hackers. This is taking a much more aggressive response than the counter attack after a cyber-attack. Germany is looking at the need for international rules to determine how first strike attacks would happen.

Twitter Wins Free Speech Battle After DHS Backs Down
Department of Homeland Security (DHS) was trying to get user information from Twitter for a parody account criticizing Donald Trump. Twitter denied this request and filed a counter lawsuit in response. Since DHS has withdrawn the request Twitter has dropped its own counter lawsuit.
Breaking Signal: A Six-Month Journey
The secure messaging app Signal protocol is used by other messaging apps. It is used in WhatsApp, Facebook Messenger, and Google’s Allo messaging service. Security researchers have been looking into the open source Signal protocol for security bugs. Signal and the security researchers have been working on which bugs to fix and not fix in the Signal protocol.
Hackers Count on Password Reuse in Amazon Third-Party Seller Campaign
Password re-use is a key part of the attack against third-party sellers in Amazon. The attackers are using stolen credentials from other breaches to get into the third-party seller accounts.  A good password policy combined with a password manager can provide many security benefits to individual users and enterprises.