This week, the Zombieland vulnerability leads to a patching frenzy, a global cybercrime gang is shutdown, and a GDPR update.
- “Zombieload” is a recently discovered vulnerability open to side-channel attacks that affects all Intel processors manufactured since 2011. MSSPAlert quote SonicWall CEO Bill Conner on how it could be used to “pick locks” in highly secure data centers. SonicWall RTDMI technology can discover and block side channel attacks in real-time.
Creating a Culture of Resilience – New Statesman (UK)
- The New Statesman uses the 2019 SonicWall Cyber Threat Report to review the threat landscape and, noting how cybersecurity is often “bolted onto products as an afterthought,” explains how and why a culture of cyber resilience will have to be built.
Cyber Security News
- An investigation into Russian government websites and user portals has found that over 2.25 million Russian citizens had their personal information, including insurance and passport details, left easily accessible online.
GDPR: Europe Counts 65,000 Data Breach Notifications so Far – BankInfoSecurity
- European privacy authorities have received nearly 65,000 data breach notifications since the EU’s new privacy law went into full effect, with over $63 million in fines issued so far.
Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security – Wall Street Journal
- Nervous U.S. hospitals are pressing medical-device makers to improve the cyberdefenses of internet-connected infusion pumps, biopsy imaging tables and other health-care products after being rattled by a rise in cyberattack reports in other hospitals.
- ScarCruft, a Korean-speaking advanced persistent threat group, has launched a malware that steals Bluetooth-device information. It is likely that the malware is targeting intelligence and diplomatic agencies for political purposes.
- Microsoft is warning that the internet could see another exploit of the magnitude of WannaCry unless a high-severity vulnerability is patched. Such is the level of fear that patches for the no-longer supported Windows 2003 and XP have been issued. The vulnerability has not yet been exploited but, due to its low complexity, once the details are known an attack will likely be developed and launched very quickly.
- U.S. and European law enforcement officials have dismantled a “highly specialized and international criminal network” in an operation that has been ongoing since 2016. The members of the group pooled their technical skills together online to craft and circulate malware that attempted to steal around $100 million from thousands of businesses.
- The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has posted its advice for organizations using Microsoft Office 365. Its major request is that administrators at organizations turn on the many security features, like multi-factor authentication, that are not automatically enabled by default.
In Case You Missed It
- 4 Ways the WhatsApp Exploit Could Use Employees to Infiltrate Your Network – Rob Krug
- Non-Standard Ports Are Under Cyberattack – Brook Chelmo
- Cryptojacking Apocalypse: Defeating the Four Horsemen of Cryptomining – Brook Chelmo
- ‘Federal Tech Talk’ Hosts SonicWall CEO Bill Conner to Examine Cybercriminal Strategies that Threaten Federal Agencies – Geoff Blaine
- Dragonblood Vulnerability: Is your WiFi secure? – Srudi Dineshan
- What to Look for in a CASB Solution – Ganesh Umapathy
- New PDF Fraud Campaign Spotlights Shifting Cybercriminal Phishing Tactics – Dmitriy Ayrapetov