Risk Radar Free Cyber Newsletter – Jun 6, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

EternalBlue Exploit Spreading Gh0st RAT, Nitol
EternalBlue is the exploit that keeps giving, make sure you get this known vulnerability patched. The EternalBlue exploit is being used to spread Nitol backdoor and GhOst Rat malware. SMBv1 server is being used to bring in malware to the PCs. It is time to make sure your PCs are fully patched and SMBv1 is disabled.
#INFOSEC17: Ransomware and IoT are Greatest Cyber-Threats of 2017
Infosec professionals are seeing continued ransomware threats in 2017. It is not expect to have the same growth rate. The key will be for victims to stop paying the ransom and do best practices to defend against ransomware. IoT is expected to be a growing concern in 2017. Security needs to be addressed in the development of the IoT device. Fixing non-secure IoT devices in the wild will be very difficult.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.
53 Percent of Enterprise Flash Installs are Outdated
Flash has been a known vulnerability on enterprise networks for years. Outdated flash on network endpoints has continued to increase.  Hospital enterprises continue to be a problem, they still rely on XP systems due to equipment and programs that require XP. The most encouraging news is the increasing adoption of Windows 10 systems in the enterprise environment, it has doubled in 2017 compared to 2016.

Fireball Malware Infects 20% of Corporate Networks Worldwide
A browser hijacker called Fireball is on the rise, it has infected 250 million PCs and 20% of corporate networks. Fireball is mainly focused on adware right now, but it could be used to deliver full blown malware to the PCs. Fireball is being installed as an additional program to a free program that is installed by the user. The good thing is Fireball can be removed in the Programs and Features list.
#INFOSEC17 Machine Learning is Positive, but not a Security Solution
If you watched the recent Apple wwdc you may have heard of machine learning. Machine learning does have some very positive benefits, but it may not be a security solution. The article cover ways machine learning can and can’t be used in security.
Never gonna live this down: Researchers ‘Rickrolled’ by malware
Some malware developers have a good sense of humor. A specific malware was made to get noticed by researchers. Then the joke malware dropped an .avi file that played Rick Astley’s number one hit, “Never Gonna Give You UP”. Well played guys, well played.