Risk Radar Free Cyber Newsletter – Feb 28, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Publicly Disclosed Windows Vulnerabilities Await Patches
Google has disclosed another Windows vulnerability that effects Windows 10 Edge and IE 11 browsers. This disclosure by Google is based on their policy of releasing the vulnerability 90 days after it is privately disclosed. This policy combined with Microsoft not releasing their February patches has made this possible. There does not appear to be in the wild exploits happening yet, hopefully these vulnerabilities get patched in March.
Database Ransomware Attackers Migrate to MySQL
MySQL databases are being attacked with similar ransomware that targeted MongoDB installations. If infected the MySQL databases are encrypted and then deleted with a ransom note left behind. The article goes through a recommended hardening process when you do a MySQL installation.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

#MWC2017: IoT Adoption Continues to Present Security Challenges
The continued growth of the internet-of-things (IoT) will prove to be a big security challenge in 2017. There is an expectation that many business will move towards mass adoption of IoT devices by 2019. Between now and then the security of IoT devices will need much improvement.

Analysis: Election hackers used many of the same techniques as Carbanak gang
TruSTAR has done a threat intelligence analysis of the U.S. election hacking compared to the Carbanak cybercrime group. The Carbanak group is tied to Russia and is known for hacking financial institutions. The analysis by TruSTAR shows many of the same techniques used by both groups. While the exact relationship between these two groups is not known, it is more information to add to the overall election hacking investigation.
No secret anymore: Russia touts cyber force
Russia is stating what many have already assumed, they have a government Cybersecurity force. The cybersecurity force has been setup within the Russian military. This is the first time Russia has acknowledged that they have a cybersecurity force.
Password Re-use is Rampant Among Millennials 18-30
Millennials are re-using passwords at a very high rate. Password re-use is not good for overall internet security. A stolen password that is used in multiple places by a user can compromise their whole digital life. In today’s connected world it makes sense to have a secure password policy.