Risk Radar Free Cyber Newsletter – Sept 26, 2017

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Deloitte: ‘Very Few Clients’ Impacted by Cyber Attack
Another high profile company has suffered a cyber-attack. Accounting firm Deloitte has acknowledged the attack, they are also downplaying the attack. An admin account on their global email server was compromised. The article covers some ways the attack could have been prevented with basic security policies.

Verizon data found on open AWS S3 server
Verizon data has been found on an open AWS S3 server. The Verizon data was put on the S3 server by a Verizon employee. The data was not managed by Verizon, but it contained info that could be used to access parts of the Verizon network.

Linux IoT botnet retooled to send spam email
Many IoT devices are small Linux PCs, these IoT Linux PCs are being used as a botnet to send out spam email. Unsecured IoT Linux devices can be very useful to attackers. Just another piece of information that shows IoT device security needs to improve.

Redboot malware leaves researchers wondering if its a ransomware or wiper
A new malware has security researchers wondering what it is. Redboot could be badly written ransomware since the MBR and partition table can’t be restored. Researchers also wonder if it may be designed to wipe the PC.

macOS High Sierra Available—And Vulnerable to Keychain Attack
All OS’s need patched from time to time and Apple’s new OS High Sierra is not exempt. A critical vulnerability in the mac OS keychain has been found. The vulnerability is also found on El Capitan.

Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse
Adobe inadvertently released a public and private key on a blog post. While this is not a good thing there are some other pieces that would have to fall into place to make this a critical issue. Adobe has published a new public and private key to fix the issue.

4D5A Security

From reactive to proactive