Risk Radar Free Cyber Newsletter – Oct 31, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager
Oracle has released an emergency patch for Oracle Identity Manager. The attack enables a remote unauthenticated attack that allows full control of the affected system. Patches are available and Oracle recommends users patch ASAP.
Bad Rabbit Ransomware Uses Leaked ‘EternalRomance’ NSA Exploit to Spread
Bad Rabbit is another ransomware worm that is using the ‘EternalRomance’ exploit. The attack is mainly happening in Russia and Ukraine. Researchers suspect the same group behind NotPetya are the authors of Bad Rabbit.

EU to Declare Cyber-Attacks “Act of War”
The EU has drafted a document stating conventional weapons could be used in response to a grave cyber-attack. The fact that definitive attribution is very hard may make this document largely symbolic.

iPhone Apps with Camera Permisons can Secretly take your photo
The way Apple does camera permissions in apps may allow malicious apps to use your iPhone camera without your knowledge. The way the permission system works is not a bug, it works the way Apple set it up. The user has to pay special attention to the permissions they give the apps they install.
Hackers Prepping IOTroop Botnet with Exploits
The Reaper or IOTroop botnet is moving closer to being able to launch a full scale DDoS attack. Researchers have discovered hackers swapping scripts on forums to find vulnerable IoT devices. The IOTroop malware contains multiple vunerabilities that allow it to compromise many more IoT devices.
Why Cybersecurity Awareness Must be a Boardroom issue
How effective is your security program? If your C-Suite is not on board with security you will have an uphill battle on your hands. This article makes the case for why the boardroom needs to understand the need for security.