Cyber Security News & Trends

This week, SonicWall CEO Bill Conner is included on a coolest CEO list and we have a special look at what people are saying about the growth of AI in the cybersecurity arena.


SonicWall Spotlight

The 11 Coolest Endpoint Security CEOs of 2019 – Solutions Review

  • SonicWall CEO Bill Conner is named one of Solutions Review’s top 11 coolest Endpoint Security CEOs, recognizing CEOs who bring “their own unique blend of experience and expertise to their endpoint security companies.”

SonicWall on Youtube

  • Did you know that SonicWall has an official channel on YouTube? We update it with all sorts of content, such as technical support videos, SonicWall product news, unboxing videos and more. You can follow us for updates here.

Sonicwall’s Roadshow Guides Customers and Channel Partners Address Network Security Issues – SME Channels (India)

  • SonicWall’s Debasish Mukherjee is quoted talking at the SonicWall roadshow at Mumbai And Delhi.

Cybersecurity News

Why AI is the Future of Cybersecurity – Forbes

  • Forbes digs into the figures available in a new report titled “Reinventing Cybersecurity with Artificial Intelligence” to see who is, and who is not, using AI in cybersecurity research. They conclude that with 69% of enterprises polled believing AI will be necessary to counter cyberattacks AI is going to be the future, one way or another.

AI Has a Bias Problem and That Can Be a Big Challenge in Cybersecurity – CNBC

  • If AI is the future of cybersecurity, then what can be done about its inherent bias problems? CNBC investigates how bias is found in the program, the data and the people who design the AI systems.

Researchers Easily Trick Cylance’s AI-Based Antivirus Into Thinking Malware Is ‘Goodware’ – Motherboard

  • Researchers in Australia say they have found a way of subverting Cylance’s AI-based antivirus into thinking malware, including the high-profile ransomware like Wannacry, is “goodware.” The relatively simple method involves taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign.

Debunking the Myths of AI Cybersecurity – ITProPortal

  • ITProPortal look at four AI cybersecurity myths and explain why they are either incorrect or overblown.

What Kind of Cybersecurity Threats Does 5G Pose? – Silicon Republic

  • Huawei are currently global leaders in 5G infrastructure but with concerns in the USA, now spreading to the UK, over whether or not the company is sufficiently independent from the government of China, could threats in 5G infrastructure be like finding a needle in a haystack?

Cyberattacks Inflict Deep Harm at Technology-Rich Schools – New York Times

  • Schools are becoming ever-more attractive targets for cybercriminals as a school will hold a wealth of personal information on its students and provides critical public services. The Washington Times investigates the increase in cyberattacks on schools and how the FBI can only do so much when an attack is successful.

And finally:

FBI Shares Master Decryption Keys for Prolific GandCrab Ransomware – Washington Times

  • The jig appears to finally be up for the Gandcrab ransomware group after master decryption keys were made public by the FBI. The group appears to have known this was coming and had ended its criminal “affiliate program” after claiming that the program had generated over $2 billion in ransom payments.

In Case You Missed It

Cyber Security News & Trends

This week, Baltimore ransomware woes continue, the story of how the WannaCry cyberattack was stopped, and Magecart groups change tactics.


SonicWall Spotlight

Sonicwall’s Roadshow Helps Customers and Channel Partners Address the Critical Issue of Network Security – CRN

  • SonicWall’s Debasish Mukherjee is on the move with the SonicWall Roadshow across Mumbai and Delhi in India. He talks SonicWall expansion in India and Next-Gen AV – Capture Client with CRN.

Cybersecurity News

Border Officials Not Told of Massive Surveillance Breach Until Three Weeks After Subcontractor Was First Alerted – Washington Post

  • S. Customs and Border Protection was not informed that a hacker had stolen a huge cache of sensitive border-surveillance documents from a subcontractor until nearly three weeks after the cyberattack was first discovered. A huge trove of data, including travelers’ images and license plates, was taken in the attack and has since appeared on the dark web.

The Sinkhole That Saved the Internet – TechCrunch

  • In 2017, as the WannaCry ransomware attack was spreading across the internet, two security researchers were all that stood in its way after they found a kill-switch hidden in the code. Two years later, TechCrunch speaks to the researchers and breaks down the moment by moment saga as it happened.

Baltimore Ransomware Infection Keeping City Employees From Accessing Older Emails: Report – Washington Times

  • Nearly two months after Baltimore was first caught by the Ransomware attack that crippled the cities operations, employees are still incapable of accessing emails older than 90 days.

Here’s How Hackers Are Making Your Tesla, GM and Chrysler Less Vulnerable to Attack – USA Today

  • Since the newest model cars contain a series of connected computers, cyber vulnerabilities are an increasing concern in the automotive industry. To combat this, many car companies have launched bug bounty programs and attend all day hacking events like Pwn2Own with top prizes for hackers who can breach their cybersecurity or find unknown bugs.

U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels – SecurityWeek

  • The U.S. Coast Guard issued a cybersecurity warning for commercial vessels following successful cyberattacks and an increase in phishing attempts in 2019. It says that “It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures.”

Marriott to Contest $124 Million Fine Imposed by UK Data Protection Regulator – SecurityWeek

  • Both Marriott and British Airways will be subject to fines of over a hundred million dollars in the UK under GDPR regulation, both stemming from data breaches in 2018. Marriott International says it will fight the fine.

Anaesthetic Devices ‘Vulnerable to Hackers’ – BBC

  • Security researchers at CyberMDX have found a vulnerability in a brand of widely used anesthetic machines. The Aespire and Aestiva 7100 and 7900 can be hacked and controlled from afar if left accessible on a hospital computer network. The makers of the machine have responded saying that there is “no direct patient risk.”

France Says Ransomware Attacks on Big Companies Are on the Rise – Bloomberg

  • The head of the office charged with fighting cyber threats in France says that large companies are increasingly the target of cyberattacks and ransomware demands but often don’t want to report the attacks for fear of hurting their public image.

And finally:

New Magecart Attacks Leverage Misconfigured S3 Buckets to Infect Over 17K Sites – ZDNet

  • Magecart, the troublemaking credit card skimming gangs behind a number of high-profile breaches like British Airways, has successfully infected over 17,000 domains since April. The shotgun approach being taken leading to such a huge number of infections is a change in tactics to previous methods of highly targeted attacks. This is likely down to both the ease at which the skimming software can be implemented, and poor website security hygiene on the domains’ side.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall data continues to drive innovation in the cybersecurity space, the biggest cybersecurity crises of 2019 so far, and FireEye reconsiders its choice of keynote speaker for this year’s Cyber Defense Summit following online backlash.


SonicWall Spotlight

Three-Tiered Security for the Internet of Things Engineering.com

  • Galvanized by data from the 2019 annual SonicWall Cyber Threat Report, which shows a rapid increase in Internet of Things (IoT) attacks, cybersecurity researchers are doubling down on efforts to improve security in IoT by tackling vulnerabilities in microcontroller units (MCUs). Avnet and Microsoft have partnered in one such effort, designing the infrastructure of hardware along with its software and cloud-ecosystem to deliver Azure Sphere.

SonicWall TZ300P Review: A Multi-Site Marvel – IT Pro

  • IT Pro reviews the SonicWall TZ300P, a versatile and affordable firewall, built with SMBs and remote offices in mind. The commendatory review concludes that the TZ300P delivers a “wealth of security measures at a great price.”

Cybersecurity News

The Biggest Cybersecurity Crises of 2019 So Far – Wired

  • From the Perceptics breach to LockerGoga to supply chain attacks on Microsoft and Asus, Wired provides an overview of the biggest cyberattacks reported in the first half of the year.

Hillary Clinton Withdraws From Cybersecurity Conference Speaking Gig, Citing ‘Unforeseen Circumstance’ – The Epoch Times

  • Following online backlash to a controversial keynote speaker announcement for this year’s FireEye Cyber Defense Summit, FireEye has announced in an email this week that Hillary Clinton will no longer be participating in this year’s conference as the keynote speaker citing “unforeseen circumstance.”

Hackers in Md. Breach Accessed Names, Social Security Numbers of up to 78,000 People – The Washington Post

  • A labor department breach in Maryland has resulted in the exposure of names and Social Security numbers belonging to as many as 78,000 people who received unemployment in 2012 or who sought a general equivalency diploma in recent years.

Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach – Forbes

  • Researchers from vpnMentor have uncovered a database housing more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation. The database, belonging to Chinese company Orvibo, was not password protected.

US Border Agency Cuts Ties with Breached Surveillance Contractor – The Verge

  • US Customs and Border Protection has suspended all federal contracts with Perceptics, a surveillance contractor suspected of suffering a data breach first reported in May.

And finally:

WannaLocker Ransomware Found Combined with RAT and Banking Trojan – SC Magazine

  • Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall is featured on Reuters TV, federal cybersecurity is found to be seriously out of date, and a young hacker is taking down Internet of Things botnets by bricking as many IoT objects as he can.


SonicWall Spotlight

To Pay or Not To Pay: U.S. Cities With Ransomware – Reuters

  • SonicWall’s Dmitriy Ayrapetov is featured demonstrating a ransomware attack in this Reuters video segment investigating the current increase in ransomware attacks on US cities.

HiddenTear Ransomware Variant Encrypts and Gives Files .Poop Extension – SonicAlert

  • The SonicWall Capture Labs Threat Research Team came across some childish ransomware which, after replacing your files with a “.poop” extension, updates your background with a poop emoji. It is, however, real ransomware and should be treated as such; SonicWall protects you from it.

Cyber Security News

U.S. Carried Out Cyberattacks on Iran – New York Times

  • Multiple news outlets report that the United States Cyber Command conducted online attacks against an Iranian intelligence group after physical strikes were called off. Full details on what was attacked are not known and US Cyber Command have not released any information.

Federal Cybersecurity Defenses Are Critical Failures, Senate Report Warns – CNBC

  • After a 10-month review of federal agencies, a damning 99-page report on federal cybersecurity has been released. Details include failures to apply mandatory security patches, ignoring well-known threats and weaknesses for a decade or more, and outdated systems with at least one case of a 50-year-old system still in use in 2019.

NASA Hacked Because of Unauthorized Raspberry Pi Connected to Its Network – ZDNet

  • NASA confirmed that in April 2018 a hacker breached their security using a Raspbery Pi device and accessed around 500 megabytes of data, including information on the ongoing Mars Curiosity Rover mission. The full investigation into what happened is still ongoing.

The Hotel Hackers Are Hiding in the Remote Control Curtains – Bloomberg

  • Bloomberg hitch a ride with some IT consultants who are investigating the rise of cyberattacks on hotels – seen by the hacking community to be both lacking in basic cybersecurity and as a massive database of personal information.

Hackers Strike Another Small Florida City, Demanding Hefty Ransom – Wall Street Journal

  • Lake City officials in Florida agreed to pay 42 bitcoins, around $500,000, in a ransom less than a week after another Florida City, Riviera Beach, paid a similar amount to retrieve their data.

A Firefox Update Fixes yet Another Zero-Day Vulnerability – Engadget

  • Mozilla patched two zero-day vulnerabilities over the past week, with the second coming only 48 hours after the first. Both zero-days used the same attack and they appeared to be targeting Coinbase employees directly.

Riltok Banking Trojan Begins Targeting Europe – SC Magazine

  • The Riltok banking trojan, originally intended to target Russians, has been modified to target the European market. It is spread via a link in a text message that, if clicked, directs the user to a website that prompts them to install a fake update of advertising software.

And finally:

Thousands of IoT Devices Bricked By Silex Malware – Threat Post

  • A 14-year-old hacker has been spreading anti-Internet of Things malware because he wants to stop other hackers using the devices for botnets. At the time of writing at least 4,000 devices have been bricked by his malware.

In Case You Missed It

Cyber Security News & Trends

This week, it’s National Selfie Day, Facebook launches its cryptocurrency, and, as predicted by SonicWall, ransomware is all over the news.


SonicWall Spotlight

National Selfie Day

  • June 21 is National Selfie Day and SonicWall staff around the world are taking part! Can you name all the locations?

Innovation Will Sharpen America’s Tech Edge, Federal Officials Say – NextGov

  • SonicWall CEO Bill Conner appeared at a Chertoff Group Security Series Event this week. Next Gov quotes his insight as they cover the full discussion between him, Christopher Krebs, director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, and Dimitri Kusnezov, Deputy Under Secretary for Artificial Intelligence & Technology, Department of Energy.

Latest Attack From TrickBot Malware Family Identified: SonicWall – CRN (India)

  • CRN follow up on the SonicWall Capture Labs Threat Research Team’s identification of a new variant of Trickbot malware. The modular structure on this malware allows it to freely add new functionalities without modifying the core bot. This story was also covered in Var India, DataQuest, NCN Online, Tech Herald, and CSO Forum.

Cyber Security News

U.S. Lawmaker Calls for Facebook to Pause Cryptocurrency Project – Reuters

  • Amid comments that Facebook is “already too big and too powerful,” House Representative Maxine Waters is calling for Facebook to halt development on the Libra cryptocurrency until Congress and regulators can review the issue.

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers – New York Times

  • The City Council of Riviera Beach unanimously agrees to have its insurance carrier pay 65 Bitcoin, about $592,000, to hackers after the city systems were caught by a ransomware attack three weeks previously.

Is AI Fundamental to the Future of Cybersecurity? – CSO Online

  • While traditional cybersecurity tools require some level of human interaction to keep them running and up-to date, CSO Online investigate the development and advancement of AI which may be able to develop and improve with little to no human involvement. They also predict that passwords will become obsolete if AI proves to be the more secure option.

U.S. Cities Are Under Attack From Ransomware — and It’s Going to Get Much Worse – Vice News

  • With Atlanta, Baltimore, and many smaller cities getting hurt by ransomware, Vice argues that ransomware attacks appear to be spiking right now due to increased focus on government targeting, and just how easy launching an attack has become.

Inside the FBI’s Fight Against Cybercrime – Dark Reading

  • Dark Reading conducts an interview with a member of one of the small FBI teams that are dedicated to fighting cybercrime. The agent discusses the difficulties of being heavily outnumbered by criminal actors, but also the surprisingly high level of successes that they have achieved – including defeating the massive Mirai DDoS-for-hire attacks

Desjardins, Canada’s Largest Credit Union, Announces Security Breach – ZDNet

  • Canada’s largest credit union announces that 2.9 million members had customer data – including names, date of birth, social insurance number, addresses and more – taken from its database by a now ex-employee. The Credit Union is currently working with law enforcement to investigate the breach.

Maryland Governor Signs Order to Boost Cybersecurity After Baltimore Ransomware Attack – The Hill

  • Responding to Baltimore’s recent ransomware woes, Maryland Governor Larry Hogan signs an executive order establishing the “Maryland Cyber Defense Initiative” and creating a Chief Information Security Officer who will be charged with giving cybersecurity recommendations to the governor.

In Case You Missed It

Cyber Security News & Trends

This week, why businesses need layered cybersecurity, the “most dangerous hacking group” are eyeing up the US power grid, and inside the online leak of hours of sought-after Radiohead rehearsals.


SonicWall Spotlight

Technology Enablement Demands Layered Cyber-Security – SC Magazine

  • Writing in SC Magazine, SonicWall CEO Bill Conner explains why organizations need layered cybersecurity to keep up with modern cyberthreats. He warns that businesses cannot take their cyberdefenses for granted when criminals will use every available vector to launch an attack.

SonicWall Identifies TrickBot Malware, That Steals Customer’s Online Banking Information – CRN India

  • The SonicWall Capture Labs Threat Research Team recently released an update detailing a variant of the Trickbot malware family actively spreading across the internet. CRN India investigate the update.

Cyber Security News

This “Most Dangerous” Hacking Group Is Now Probing Power Grids – ZDNet

  • A hacking group described as “the most dangerous threat” to industrial control systems has been has been detected probing US power grid cybersecurity. Known as Xenotime, the hackers previously launched a successful cyberattack on a petrochemical plant in Saudi Arabia.

House Passes Bill to Establish DHS Cyber “First Responder” Teams – The Hill

  • New legislation has been passed in the US that aims to create “cyber incident response teams” – providing fast assistance to public or private organizations suffering from a breach or cyberattack.

Dark Web Becomes a Haven for Targeted Hits – Dark Reading

  • Almost half of Dark Web vendors sell targeted hacking services aimed at FTSE 100 and Fortune 500 businesses. Dark Reading investigates what is available to would-be cybercriminals and finds that access to corporate networks is sold openly and that malware prices range from $150 to $1500 depending on how sophisticated the request.

These are the worst hacks, cyberattacks, and data breaches of 2019 (so far) – ZDNet

  • As we reach the halfway point in the year, ZDNet take a look at what they consider the biggest cybercrime events of the year so far, including multiple medical breaches and a university that had 19 years of data stolen.

Lawmakers Demand Answers on Border Patrol Data Breach – The Hill

  • After hackers broke into a third-party border patrol database, lawmakers have been pushing hard to find out both what happened and how to prevent it from happening again. The breach resulted in the exposure of images of as many as 100,000 people entering and exiting the U.S. over the period of a month and a half.

This data-stealing malware has returned with new attacks and nasty upgraded features – ZDNet

  • The malware known as Scranos has upped its game after operators had their previous plans interrupted. Having updated their methods they have also taken time to add on a trojan and cryptojacker on top of their previous payload.

For Sale: Have I Been Pwned – Gizmodo

  • The owner behind the popular security website that lets people know if their details have been compromised is selling up. In a blog post he explained that the website has gone as far as it possibly can when only run by one person.

Radiohead Fans vs. Black-Market Sellers: The Battle to Leak the OK Computer Tapes – Pitchfork

  • After initial reports that minidiscs were being held to ransom, Pitchfork investigates the full story behind the leak of over 16 hours of rehearsals and demos, going deep into the world of online fandom.

In Case You Missed It

Cyber Security News & Trends

This week, there’s a new cybersecurity power couple as SonicWall and ADT announce a strategic partnership to protect SMBs, U.S. cities face a ransomware pandemic and the ‘invisible web’ is growing rapidly.


SonicWall Spotlight

ADT Selects SonicWall as Exclusive Provider of Managed Cybersecurity Service Offerings for SMBs – SonicWall

  • SonicWall and ADT announce a strategic partnership that provides an exclusive cybersecurity offering to better protect small- and medium-sized businesses (SMB) from the growing volume of cyberattacks.

ADT Teams Up with SonicWall for SMB Security Services – Dark Reading

  • SonicWall CEO Bill Conner explains why SonicWall was the logical choice for a new cybersecurity offering from ADT, a company best known or delivering physical security monitoring. The connection between the two companies dates back to ADT’s acquisition of Secure Designs, Inc (SDI), formerly an MSSP selling SonicWall SMB security products.

Cyber Security News

Hackers Won’t Let Up in Their Attack on U.S. Cities – The Wall Street Journal

  • As Baltimore is still recovering a month after a devastating ransomware attack crippled the city’s infrastructure, the FBI is warning that this is not an isolated incident, calling the growing levels of ransomware attacks a “pandemic in the United States”.

Cyber-Thieves Turn to ‘Invisible Net’ to Set Up Attacks – BBC News

  • Gated chat forums, invitation-only communities and encrypted apps are the new communication channels of choice for cybercriminals to evade law enforcement agencies.

Hackers Steal $9.5 Million from GateHub Cryptocurrency Wallets – ZD Net

  • GateHub has released a preliminary statement confirming a security breach that has resulted in nearly $9.5 million stolen from the users of their cryptocurrency wallet service.

Hacking Diabetes: People Break into Insulin Pumps as an Alternative to Delayed Innovations – USA Today

  • Diabetes patients are jailbreaking their own insulin pumps, using instructions found online, in order to give their pumps the ability to self-adjust and remove the need for constant blood sugar monitoring.

LabCorp Data Breach Exposes Information of 7.7 Million Consumers – USA Today

  • A day after Quest Diagnostics announced 12 million patients were affected by a data breach, another medical testing company says its patients’ data was also compromised.

Hackers Can Now Bypass Two-Factor Authentication With a New Kind of Phishing Scam – Fortune

  • Two-factor authentication, the added security step that requires people enter a code sent to their phone or email, has traditionally worked to keep usernames and passwords safe from phishing attacks.

Baltimore Ransomware Attack: NSA Faces Questions – BBC

  • After a ransomware attack currently estimated to cost at least $18M Baltimore officials are questioning why the hacking vulnerability known as EternalBlue was not disclosed when discovered by the NSA years ago. The NSA are declining to comment on the issue.

New Zealand Budget Leak: ‘Hackers’ Had Simply Searched Treasury Website – The Guardian

  • After the embargoed New Zealand budget was leaked to the opposition National Party days before it was due to be released, officials were quick to call it a hack. However, it has now been found that the documents were searchable on the New Zealand treasury website.

HawkEye Malware Campaign Upticks on Business Users – SC Magazine

  • Hawkeye, a keylogger than has been around for six years, has seen a major increase in a campaign targeting business users worldwide.

Startups: Embrace Cybersecurity Priorities From Day One – Forbes

  • Forbes argues that cybersecurity in startups should not be considered an add-on or a luxury product and provide four cybersecurity priorities that a startup needs to think about from day one.

Emotet Made up 61% of Malicious Payloads in Q1 – Dark Reading

  • A new study has found that 61% of all malware payloads in the first quarter of 2019 contained the Emotet botnet.

Security Expert: Here’s How Driverless Cars Could Be Hacked – Yahoo! Finance

  • As cars modernize and driverless cars are becoming a reality it is fair to say that they are becoming more and more like a series of interconnected computers. Yahoo! Finance looks at where the security weakpoint in these computers might be found, how it could be targeted by hackers, and how the car industry is struggling to keep up with security requirements.

Nation-State Security: Private Sector Necessity – SecurityWeek

  • Attackers with the funding and technical support of nation-states are now targeting commercial entities and the obvious split between commercial and political cyberattacks is disappearing. SecurityWeek examine the current threat landscape, including the increasing number of organizations embracing “Zero Trust” security models where all environments are considered untrusted until proven otherwise. They then offer some advice on how to ensure your organization is ready for cyberattacks.

Microsoft Issues Second Warning About Patching BlueKeep as PoC Code Goes Public – ZDNet

  • Microsoft again warned users to ensure their patches are up to date to protect against the Bluekeep vulnerability – described as similar to the EternalBlue exploit – after a proof-of-concept attack appeared online. SonicWall provides protection against this threat.

In Case You Missed It

Cyber Security News & Trends

This week, Baltimore battles ransomware, IoT attacks are increasing, and the potential vulnerabilities in a driverless car are investigated.


SonicWall Spotlight

5 Steps to Robust Network Security – Business World (India)

  • IT security teams around the world are dealing with an ever-increasing level of complexity in the threat landscape. SonicWall’s Debasish Mukherjee argues that the best way to overcome these challenges is with a comprehensive approach to cybersecurity, he then recommends five steps to take in order to get there.

How to Mitigate the IoT Attacks That Are Increasing at 217.5% – IoT Agenda

  • Internet of Things (IoT) devices are expected to increase in number to 75.44 billion worldwide by 2025. Using the 2019 SonicWall Cyber Threat Report IoT Agenda explains why preventative measures need to be developed sooner rather than later.

Cyber Security News

Baltimore Ransomware Attack: NSA Faces Questions – BBC

  • After a ransomware attack currently estimated to cost at least $18M Baltimore officials are questioning why the hacking vulnerability known as EternalBlue was not disclosed when discovered by the NSA years ago. The NSA are declining to comment on the issue.

New Zealand Budget Leak: ‘Hackers’ Had Simply Searched Treasury Website – The Guardian

  • After the embargoed New Zealand budget was leaked to the opposition National Party days before it was due to be released, officials were quick to call it a hack. However, it has now been found that the documents were searchable on the New Zealand treasury website.

HawkEye Malware Campaign Upticks on Business Users – SC Magazine

  • Hawkeye, a keylogger than has been around for six years, has seen a major increase in a campaign targeting business users worldwide.

Startups: Embrace Cybersecurity Priorities From Day One – Forbes

  • Forbes argues that cybersecurity in startups should not be considered an add-on or a luxury product and provide four cybersecurity priorities that a startup needs to think about from day one.

Emotet Made up 61% of Malicious Payloads in Q1 – Dark Reading

  • A new study has found that 61% of all malware payloads in the first quarter of 2019 contained the Emotet botnet.

Security Expert: Here’s How Driverless Cars Could Be Hacked – Yahoo! Finance

  • As cars modernize and driverless cars are becoming a reality it is fair to say that they are becoming more and more like a series of interconnected computers. Yahoo! Finance looks at where the security weakpoint in these computers might be found, how it could be targeted by hackers, and how the car industry is struggling to keep up with security requirements.

Nation-State Security: Private Sector Necessity – SecurityWeek

  • Attackers with the funding and technical support of nation-states are now targeting commercial entities and the obvious split between commercial and political cyberattacks is disappearing. SecurityWeek examine the current threat landscape, including the increasing number of organizations embracing “Zero Trust” security models where all environments are considered untrusted until proven otherwise. They then offer some advice on how to ensure your organization is ready for cyberattacks.

Microsoft Issues Second Warning About Patching BlueKeep as PoC Code Goes Public – ZDNet

  • Microsoft again warned users to ensure their patches are up to date to protect against the Bluekeep vulnerability – described as similar to the EternalBlue exploit – after a proof-of-concept attack appeared online. SonicWall provides protection against this threat.

In Case You Missed It

Cyber Security News & Trends

This week, the Zombieland vulnerability leads to a patching frenzy, a global cybercrime gang is shutdown, and a GDPR update.


SonicWall Spotlight

Intel MDS ‘Zombieload’ Vulnerability Software Patch List for MSSPs – MSSPAlert

  • “Zombieload” is a recently discovered vulnerability open to side-channel attacks that affects all Intel processors manufactured since 2011. MSSPAlert quote SonicWall CEO Bill Conner on how it could be used to “pick locks” in highly secure data centers. SonicWall RTDMI technology can discover and block side channel attacks in real-time.

Creating a Culture of Resilience – New Statesman (UK)

  • The New Statesman uses the 2019 SonicWall Cyber Threat Report to review the threat landscape and, noting how cybersecurity is often “bolted onto products as an afterthought,” explains how and why a culture of cyber resilience will have to be built.

Cyber Security News

Russian Government Sites Leak Passport and Personal Data for 2.25 Million Users – ZDNet

  • An investigation into Russian government websites and user portals has found that over 2.25 million Russian citizens had their personal information, including insurance and passport details, left easily accessible online.

GDPR: Europe Counts 65,000 Data Breach Notifications so Far – BankInfoSecurity

  • European privacy authorities have received nearly 65,000 data breach notifications since the EU’s new privacy law went into full effect, with over $63 million in fines issued so far.

Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security – Wall Street Journal

  • Nervous U.S. hospitals are pressing medical-device makers to improve the cyberdefenses of internet-connected infusion pumps, biopsy imaging tables and other health-care products after being rattled by a rise in cyberattack reports in other hospitals.

Bluetooth Harvester Signals Hacking Group’s Growing Interest in Mobile – Ars Technica

  • ScarCruft, a Korean-speaking advanced persistent threat group, has launched a malware that steals Bluetooth-device information. It is likely that the malware is targeting intelligence and diplomatic agencies for political purposes.

Microsoft Warns Wormable Windows Bug Could Lead to Another WannaCry – Ars Technica

  • Microsoft is warning that the internet could see another exploit of the magnitude of WannaCry unless a high-severity vulnerability is patched. Such is the level of fear that patches for the no-longer supported Windows 2003 and XP have been issued. The vulnerability has not yet been exploited but, due to its low complexity, once the details are known an attack will likely be developed and launched very quickly.

Global Hackers Are Thwarted by FBI, Europe in $100 Million Heist – Bloomberg

  • U.S. and European law enforcement officials have dismantled a “highly specialized and international criminal network” in an operation that has been ongoing since 2016. The members of the group pooled their technical skills together online to craft and circulate malware that attempted to steal around $100 million from thousands of businesses.

Microsoft Office 365: Change These Settings or Risk Getting Hacked, Warns US Govt – ZDNet

  • The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has posted its advice for organizations using Microsoft Office 365. Its major request is that administrators at organizations turn on the many security features, like multi-factor authentication, that are not automatically enabled by default.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall CEO Bill Conner is interviewed by SC Magazine, a Zero-Day vulnerability travelled around the world without ever being disclosed publicly, and Facebook are working to prevent election meddling in Europe.


SonicWall Spotlight

In Focus: SonicWall CEO Bill Conner – SC Magazine

  • SonicWall CEO Bill Conner joins Illena Armstrong of SC Magazine in an exclusive video interview. They discuss what companies are missing in the global cyber arms race, the non-traditional points of entry where the threats are emerging and what steps an organization can take to secure its infrastructure.

Cyber Security News

The Strange Journey of an NSA Zero-Day into Multiple Enemies’ Hands – Wired

  • Wired tell the story of an NSA-discovered zero-day vulnerability that made its way around the globe over several years; first intercepted by China, then stolen by hackers before being picked up by North Korea and Russia, all without being publicly disclosed.

Facebook Opens a Command Post to Thwart Election Meddling in Europe – New York Times

  • After the harsh criticism it faced following the 2016 US election Facebook has opened a “command post” in Ireland charged with preventing any meddling in the upcoming European election.

Hackers Steal Over $40 Million Worth of Bitcoin From One of the World’s Largest Cryptocurrency Exchanges – CNBC

  • Over $40 million worth of bitcoin has been stolen from Binance, one of the world’s largest cryptocurrency exchanges, in a “large scale security breach.” The well-organized attack managed to bypass the security checks and exited over 7,000 bitcoin, about 2% of total holdings.

Cybersecurity Jobs Abound. No Experience Required. – Wall Street Journal

  • Large tech companies are scrambling to hire hundreds of thousands of corporate hackers to defend their networks and data, pursuing workers without traditional four-year degrees or formal experience.

How to Close the Critical Cybersecurity Talent Gap – Dark Reading

  • “If we don’t change our ways, the gap will keep getting worse.” Dark Reading commentator Thomas Weithman calls for “outside-the-box thinking” to bridge the cybersecurity talent gap, suggesting introducing cybersecurity curriculum in K-12 courses and setting up programs to allow people in a similar industry to retrain.

Russian Cyberspies Are Using One Hell of a Clever Microsoft Exchange Backdoor – ZDNet

  • An email backdoor named LightNeuron that integrates directly with Microsoft Exchange is being called “one of the most complex backdoors ever spotted.” Despite being in use since 2014 it has avoided detection until very recently.

Amazon Hit by Extensive Fraud With Hackers Siphoning Merchant Funds – Bloomberg

  • A court filing has revealed that Amazon believes it was the victim of a “serious” online attack between May and October 2018. Hackers accessed around 100 seller accounts and funneled cash from loans or sales into their own bank accounts.

TRON Critical Security Flaw Could Break the Entire Blockchain – ZDNet

  • A critical vulnerability with a “high” severity rate has been found in the TRON network’s TRX cryptocurrency. If exploited the vulnerability could render the entire network unusable.

Without Strong Cybersecurity, Backdoors Will Remain Open – Silicon Republic

  • Former Europol Executive Director John O’Mahony is warning that not enough companies and individuals have “even adequate cybersecurity” in place to prevent bad actors exploiting backdoors in their networks.

In Case You Missed It