Risk Radar Free Cyber Newsletter – Sept 19, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Hackers Inserted Malware into Popular CCleaner App
A popular performance optimization tool (CCleaner) has had malware inserted into it. The malware gives admin type control for the attackers to use the computer for malicious purposes. The article covers what users of CCleaner need to do.
3,000 Orgs Open to Equifax-type Breaches
There are thousands of organizations using the vulnerable versions of Apache Struts2 software. Apache has released patches for this software. The Equifax breach highlights that some are not doing one of the core parts of a security program. Having a robust patching program is a core part of a proper security program.

Cryptocurrency miners increasingly use CPU mining tools
There is an increase in attackers targeting enterprise network pc’s for use in cryptocurrency mining. IBM has found that mining tools are hidden in fake image files. These mining tools are using the CPU and GPUs to get cryptocurrency for the attacker.

Thousands of Elasticsearch Servers Hijacked to Host PoS Malware
Point of Sale (PoS) devices are a target for attackers. The credit card information and other personal information is a tempting target for attackers. Some Elasticsearch Servers that are hosted on the cloud have been compromised and our hosting PoS malware. The Elasticsearch Servers are used with PoS devices, the servers being compromised enables the attacker to get the PoS device data.
Phishing Awareness Improves in 2017
A Study is showing improvement in users recognizing phishing attacks. While there is an overall gain, not all areas in the study showed improvement. There is an issue with mobile device security, confidential payment card data, and healthcare information.
Cybersecurity, AI, IoT All Major Drivers of the Internet’s Future
A report from the Internet Society is bringing up concerns over the future of the internet. The concern is that AI and IoT could be used to create a surveillance society. The report covers how AI and IoT could be used to not create a surveillance society.