Risk Radar Free Cyber Newsletter – Dec 19, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
Google’s Project Zero has linked exploits together in the latest Windows 10 (fully patched) to execute an untrusted JavaScript attack outside of the sandbox environment.  At the time of this article the vulnerabilities have been patched. Researchers are recommending users disable Web Proxy AutoDiscovery (WPAD) to mitigate future bugs of this type.
Hold North Korea Accountable for WannaCry—And the NSA, Too
The Trump administration has attributed the WannaCry ransomware attack to North Korea. While there is evidence North Korea put the WannaCry attack together some in the cybersecurity community put part of the blame on the U.S. government also. The stockpiling and then losing of stockpiled vulnerabilities made WannaCry possible.
Microsoft Office Docs New Vessel for Loki Malware
Microsoft Office scriptlets are being used to spread Loki malware. The attack is not using the known macros and shellcode methods. Security researchers are still working on mitigating this attack.
User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack
Lexmark printers have been found to be open to the public internet. These printers can be used for multiple malicious activities. Login credentials are not required to control these printers, users should setup a required login and passwords for these printers.
New Database Botnet Leveraged for Bitcoin Mining
As cryptocurrencies become more valuable it is not a surprise that attackers are using other people’s resources to mine for them. Database servers are being attacked and compromised for cryptocurrency mining.
The Creator of Signal Has a Plan to Fix Cryptocurrency
Is cryptocurrency here to stay? We will see what happens going forward. Moxie Marlinspike is working on the of the problems with cryptocurrency, usability. Making cryptocurrency simple to use while secure could be part of cryptocurrency being around in the future.