Risk Radar Free Cyber Newsletter – Oct 10, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Microsoft Patches Critical Windows DNS Client Vulnerabilities
There are three critical Windows DNS client vulnerabilities being patched by Microsoft. A man-in-the-middle attack can be used to access these vulnerabilities. The vulnerabilities open the clients to remote code execution. Microsoft recommends users patch immediately.
Latest ATM Malware is Lightweight and Simple
This latest ATM malware can make the picture of an ATM spewing cash a reality. ATMii uses malware that takes advantage of proprietary libraries to take over ATMs. The ATM can be targeted by network or physical USB ports.

Watch Out! Phishing Attack Can Steal Your Apple ID password
There is a very good phishing attack out there that iPhone users need to be aware of. The article shows two pictures of the box asking for the users Apple ID. One is fake, but it is very hard to tell which one is the fake one.  The article covers ways to avoid this attack.

FormBook Malware Targets US Defense Contractors, Aerospace and Manufacturing Sectors
A new malware called FormBook are going after aerospace firms, defense contractors, and some manufacturing organizations.  The attacks are coming through email with malicious files of various types. FormBook is a data stealing malware that is tailored for espionage attacks.
Security Industry Failing to Establish Trust
A keynote at Virus Bulletin 2017 by Brian Honan is calling out the security industry. He call out the mocking reaction to recent security failures by Equifax and Deloitte. The article goes into more detail on Brian’s speech, he brings up some great points.
A simple example of a complex cyberattack
If you have ever been interested in how a complex cyberattack is done check this article out. The article covers a complex attack using simple non-0 day tools.