Risk Radar Free Cyber Newsletter – Jun 13, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

WannaCry: One month later
A month has passed since WannaCry, what have we learned? Tom Levasseur of CGI gives a nice breakdown of the current knowledge of WannaCry. He (like others have) states it started at a true worm, not from a phishing campaign. It also appears more Windows 7 pcs were infected than Windows XP pcs. The article has a good roundup on what is known right now.
Adobe issues Patch Tuesday fixes
Flash and other Adobe software are getting patches today. Three of the four are rated critical, if you are using Adobe software check for patches. Recent studies have shown that flash is still a common vector for PC exploitation. If you are using Flash on non-Window OS’s you still need to update.
Industroyer Malware Detected, Linked to Kiev Attack
Malware researches at ESET have discover malware capable of taking down the power grid of a city. The attack uses known protocols of the industry, four payloads are used to gain control of switches and circuit breakers at an electrical substation. While this attack has been linked to Keiv it could be used against any electrical grid.
Free Mac-Based Ransomware-as-a-Service MacRansom Surfaces
Researchers have discovered a Mac based ransomware as a service. The attack uses a zip file that requires the user to allow (it is from an unknown developer) it to run. The rest of the attack is described in the article. It seems like this attack will have limited success since the zip file is flagged as being from an unknown developer. It will be interesting to see how these malware/ransomware attacks effect Macs going forward.
Half of Third-Party Software Components Are Outdated
As the OS’s do a better job of security third party applications make an effective target. A study from Synopsys shows that up to half of third party applications are outdated. With WannaCry network admins and security personal are focused on OS patching. It pays to not overlook the third party applications on PCs in your networks
Curiosity Kills Security When it Comes to Phishing
A study in Germany shows why is so hard to get users to stop clicking those phishing links. It basically comes down to curiosity. Our inherent human curiosity is used to trick users into clicking all those phishing links.