Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer
There’s been a new exploit kit uncovered in the wild through a malvertising campaign that has been dubbed “ProMediads.” The new exploit kit is called Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel.
Millions of IoT Devices Hit by ‘Devil’s Ivy’ Bug in Open Source Code Library
A flaw in a widely-used code library known as gSOAP has exposed millions of IoT devices, such as security cameras, to a remote attack. Researchers discovered the Devil’s Ivy flaw, a stack buffer overflow bug, while probing the remote configuration services of the M3004 dome camera from Axis Communications.
Android Backdoor GhostCtrl Can Silently Record Your Audio, Video and More
The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.
New IBM Mainframe Encrypts All the Things
In the first major mainframe announcement by IBM in a decade, the company unveiled its next-generation Z series that supports full-blown encryption for data via applications, cloud, and databases rather than today’s more common practice of pockets of crypto.
Linux Users Urged to Update as a New Threat Exploits SambaCry
A seven-year old vulnerability in Samba was patched last May but continues to be exploited. According to a security advisory, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it.
Hackers Steal $32 Million Worth of Ethereum
Ethereum has become a top target for hackers. The promising cryptocurrency that’s also a platform for decentralized applications has skyrocketed in value over the last six months. But hacker attacks and theft of ether have become commonplace, and the last one is one of the worst so far.
Cyberattack on Medical Software Shows Industry Vulnerability
The computer virus, called Petya, has sent ripples through health care, among the last industries to make the switch to digital record keeping and one of the most frequently targeted by hackers, said Michael Ebert, a partner with KPMG who advises health and life-science companies on cybersecurity.
The Man Who Helped Develop Citadel Malware Receives 5 Years Imprisonment
Vartanyan helped to develop, improve and maintain Citadel, which was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. Prosecutors estimate the malware infected about 11 million computers worldwide and caused more than $500 million in losses.
Major Cloud Service Cyberattack Could Cost Global Economy $53 Billion
The understanding Insurance companies have of cyber liability is under developed compared to other insurance types which could lead to insurance companies underestimating the potential loss a cyberattack could cause on a customer.
Stop Self-Driving Cars from Becoming Cybersecurity Weapons
At Black Hat 2015, the talk of the gathering of cybersecurity experts was the remote hacking into and subsequent control of a Jeep Cherokee driving 70 mph on a public highway. At the upcoming 20th annual Black Hat Conference, Billy Rios and Jonathan Butts will present “When IoT Attacks.”
Picking a Security Vendor for Your Managed Service Business Is about Business Model Alignment
If you’re a seasoned managed service provider (MSP), you are already very familiar with the benefits of the pay-as-you-go business model. In fact, it’s most likely how you sell your services to your customers. But, have you ever stopped to consider if all your partners are aligned with your business model?
Teen Girls Are Learning about Protecting the Nation at Cybersecurity Camp
Talk to the teenage girls studying cybersecurity at New York University this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.