Risk Radar Free Cyber Newsletter – Sept 12, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

‘Equifax breach could affect 143 million U.S. consumers
Most people are aware of the Equifax breach. It is a big breach that effects millions of people. This article goes over the currently known facts of the breach.

For a deeper dive on the Equifax breach checkout these three Brian Krebs articles.

Initial article

Equifax Breach response

What you should know now

Apache Struts vulnerability likely behind Equifax breach, Congress launches probes
Some security researchers are attributing a vulnerability in Apache Struts as the main cause of the Equifax breach. We are still in early days of digging into this breach, the Apache Foundation is currently disputing involvement in the Equifax breach. The Apache Foundation has also release a patch for the critical Apache Struts bug. So stay tuned, the data should become clearer as we go forward.

Billions of Bluetooth devices vulnerable to takeovers, MITM attacks; no user action required
There is a very ecumenical Bluetooth vulnerability potentially impacting 5.3 billion devices. These devices cover Android, iOS, Linux, and Windows. The article goes over the specifics of the devices and the current patch status.

Android Users Vulnerable to ‘High-Severity’ Overlay Attacks
There is a vulnerability in Android OS 7.0 and below that android users need to be aware of. Current Android OS 7.0 and below can’t block this attack. Be aware of being asked to enable Android Accessibility Service. When this service is enabled administrator rights are given over the device. It would be advisable to check for security updates on your Android devices.
Ransomware and IOT attacks spell trouble for transportation industry
A study on ransomware and IoT has shown that the transportation industry is open to ransomware and IoT attacks. The lack of proper security procedures in IoT devices opens up the transportation industry to ransomware attacks.  The IT sectors are not far behind in their openness to these attacks.
SANS: Ransomware is Biggest Threat to Data Security
SANS has done a study of 257 IT and Security professionals. The study was done to find a current ranking of Information Security threats. Ransomware is number one, with insider threats and denial of service attacks following.