Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
New Bizarro Sundown Exploit Kit Spreads Locky
A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized.
Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched
The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets.
Adobe and Microsoft Make November 2016 Patches
Adobe released two updates this month. The more critical of the two patches addresses nine CVEs in the Flash player. This comes just two weeks after Adobe issued an emergency Flash update to fix an issue currently being exploited.
Adobe Fixes Flaws in Flash Player and Adobe Connect
Adobe Systems has released scheduled security patches for its widely used Flash Player software as well as the Adobe Connect web conferencing platform. The Flash Player security updates fix nine critical vulnerabilities that could be exploited remotely to execute malicious code on computers.
Tesco Bank Says £2.5m Was Stolen from 9,000 Customers in Cyberattack
A total of £2.5 million was stolen from 9,000 Tesco Bank customers in a sophisticated cyberattack last weekend, the bank has confirmed. The bank has also said that all account services have now returned to normal after all online transactions for all of its 136,000 current account holders were frozen.
Cyberspies Ramped Up Attacks After Exposure of Zero-Days
The Russia-linked threat actor known as Pawn Storm ramped up its attacks against governments and embassies after seeing that researchers discovered the Windows and Flash Player zero-day exploits it had been using.
Fake Apps Are Surging Before Holidays
Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks — just in time to deceive holiday shoppers. The counterfeiters have masqueraded as retail chains, big department stores, online product bazaars and luxury-goods makers.
U.S. Nuclear Power Plant Employees Are Using Unprotected Pagers to Communicate
After the attack on several Ukrainian power companies in December 2015, the cybersecurity of sensitive locations and infrastructure has been under the cosh. But is seems as though their lacklustre performance has seen no improvement.
There Is No Silver Bullet in Endpoint Security
We would all love to believe there was a technology sophisticated enough to stop every cyber threat in its tracks, but the ‘silver bullet’ is a myth, plain and simple. However, the lack of a perfect weapon doesn’t negate the possibility of an exemplary system of defense.
China’s New Cybersecurity Law Rattles Foreign Tech Firms
China’s government has approved a broad cybersecurity law aimed at tightening and centralizing state control over information flows and technology equipment, raising concerns among foreign companies operating in the country.
Ransomware is Still a Threat You Should Know About
Ransomware is without doubt one of the biggest threats facing home computer users in years. Unlike many online attacks, it isn’t primarily out to steal your bank details or spy on you. Instead, it wants to scare you into handing over money to the attacker at the other end of the Internet.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.