This Week in Security: Spooky Cybersecurity Awareness, APTs Gone Wild

Have You Heard About Cyber Security?

October is Cyber Security Awareness Month and that means we can express our anxieties and fears over strange mouse movements on our screen! But in all seriousness, this is a good opportunity for experts to take a step back to evaluate our state of affairs, and figure out the best ways to communicate current issues and remedies to non-experts, whether they are in positions of power or not.

We have leaks of massive databases of sensitive personal data that somehow keep getting worse, malware that is getting nastier every week, and seemingly no major institution is without some kind of breach. We also constantly find more commodities we own and aspects of our lives to digitize, placing networked computers microphones and cameras places they’d never been before, and often shouldn’t be in the first place. We do all of this while repeating the same security mistakes we’ve been making for decades. Quite a spooky problem indeed.

It’s not all bleak, however. There have been significant improvements in the world of cyber security, but the challenges just seem to shapeshift, instead of disappearing – morphing from old problem to new problem.

Now is a great opportunity for us to evaluate our own security postures and ask how we can best improve them. New-fangled technologies like two-factor authentication or our own AI-based solutions can help, but so will basics like log monitoring, system hardening, timely software updates, and user education programs.

Possible APT in CCleaner Attack

Last month, CCleaner, the popular registry cleaning software, was compromised. Attackers inserted malicious code into the CCleaner installer, taking advantage of the legitimate software as a delivery mechanism.

What at first seemed like a benign and untargeted attack quickly became more nefarious, as it was discovered that the malware would (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog