Risk Radar Free Cyber Newsletter – Aug 8, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

JS_POWMET malware is 100% fileless, from infection to payload
A new Windows malware uses an end-to-end fileless infection chain. This is accomplished by compromising the autostart registry procedure. This type of malware attack is very hard to detect and analyze. The article goes on to discuss the attack in more detail.
Tech Support Scammers Cast a Wider Net
Tech support scams have been around for a long time. An active phishing campaign with links to real looking websites that use pop ups and fake warnings to get people to call is making the rounds. When people call they are scammed into paying to get their PC fixed.

ICS-CERT alert issued for multiple Siemens medical vulnerabilities
Several Siemens medical systems are vulnerable to low level exploits according to the Department of Homeland Security. Siemens is working on patches for the systems, the article goes over the recommendations from Siemens to put in place until the patches are available.

Email malware, phishing and spam attempts hit new highs for 2017
Email malware attacks have been around for a while. They may be an old technique to spread malware, but it is an attack method that is growing in 2017 to new highs. Malware that has not used email attacks are starting to.
Justice Dept. vulnerability disclosure framework aims to formalize programs
Vulnerability disclosure is important for effected companies and the researchers that discover the vulnerabilities. The Cybersecurity Unit of the Justice Department has created a framework to guide companies in creating a vulnerability disclosure program.
Masses of Common Flaws Crack Open 55% of Corporate Networks
Security audits from Positive Technologies show more than half of corporate networks have common flaws that make them easy targets. If you take care of a corporate network handling the basics of security and having a good risk management plan in place will put you ahead of most other corporate networks.