Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.
Here are the most interesting articles we’ve found this week that could be helpful to you:
Some advice for football teams is also applicable to information security. Good advice for your business.
Don’t skip practice
It goes without saying that a football team that doesn’t practice isn’t going to win anything. But it’s interesting how many security teams only practice on-the-job training for data breaches, highly targeted attacks, insider data leaks, and the like.
Ransomware has taken over the cybercriminal world in the last few years and there’s no end in sight. My favorite excerpt of this article is the extremely awkward advice from the FBI.
Last fall the FBI said that it suggests to consumers or businesses caught with their proverbial pants down to just pay the blackmailers if they want to access their data.
Yet another type of ransomware has been developed. More threats to watch out for.
…the eda2 ransomware kit contains everything a would-be criminal needs in order to create their very own ransomware. This kit includes the code for not only the ransomware executable and the encryption algorithm, but also the PHP web panel that acts as a Command & Control server for storing the encryption keys of victims.
Turns out a hacker grew a conscience. Is this a good Samaritan or a black hatter gone grey? No one knows.
But the recent hack means part of the botnet has been requisitioned to quite different ends. “The content behind the malware download URL has been replaced, it’s now providing an original, up-to-date Avira web installer instead of the usual Dridex loader,” explained Moritz Kroll, a malware expert at Avira.
Got old Java installers in your download folders? Delete them – or risk getting infected. It’s important.
On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later.
If you can’t build your own malware, you can just buy it. Adwind is currently undetectable by anti-virus programs. Network egress policies should catch the outbound traffic but, further research is needed.
Criminals who bought and used Adwind kit targeted private individuals and small and medium businesses from a number of industries, including: manufacturing, finance, engineering, design, retail, government, shipping, telecom and a lot of others.
That’s why we can’t but encourage enterprises to review the purpose of using Java platform and disable it for all unauthorized sources.
Dozens of banks recently lost millions of dollars via so-called APTs. It’s complicated. So here’s a simple “comic” to explain it.
We know that the blogs were a tad long so to summarize we’ve turned it into comic form for your enjoyment.