securityboulevard.com
Cyber Security Roundup for February 2018
February saw over 5,000 websites infected by cryptocurrency mining malware after a popular accessibility plugin called ‘BrowseAloud’ was compromised by hackers. This led to several UK Government and Councils websites going offline, including the Information Commissioner's Office, the Student Loans Company, and Manchester City, Camden and Croydon Council website. Symantec Researchers also announced that 'Crytojacking' attacks had increased 1,200% in the UK. Cryptojacking once involved the installation of cryptocurrency mining malware on users computers, but now it is more frequently used in-browser, by hacking a website and execute a malicious mining JavaScript as the user visits the compromised website, as with the case with the 'BrowseAloud' incident.More than 25% of UK Councils are said to have suffered a breach in the last five years according to the privacy group Big Brother Watch, who said UK Councils are unprepared for Cyber Attacks.There was a fascinating report released about Artificial Intelligence (AI) Threat, written by 26 leading AI experts, the report forecasts the various malicious usages for AI, including with cybercrime, and manipulation of social media and national news media agendas.GDPR preparation or panic, depending on your position, is gaining momentum with less than 100 days before the privacy regulation comes into force in late May. Here are some of the latest GDPR articles of note.Digital Guardian released an interactive article where you can attempt to guess the value of various types of stolen data to cybercriminals -.Digital Guardian: Do you know your data's worth?Bestvpns released a comprehensive infographic covering the 77 Facts About Cyber Crime we should all know about in 2018.On the international front, the Winter Olympic games were subjected to several cyber-attacks kicking websites and other services offline during the games. The UK government blamed Russia for the NotPetya attacks as part of an attack on the Ukraine. North Korea's nation-state allegedly backed APT37 (Reaper) is believed to be expanding its cyber-attack capabilities with an objective of causing disruption according to FireEye. An Open AWS S3 Bucket exposed the private information of thousands of FedEx customers, and Google reported it will longer label all HTTP websites at 'not secure' from July 2018. February was yet another frantic month for security updates, which saw Microsoft release over 50 patches, and there were new critical security updates by Adobe, Apple, Cisco, Dell, and Drupal.NEWSGovernment Websites, including ICO, Infected by Cryptocurrency Mining MalwareUK Councils are 'unprepared' for Cyber Attacks'Cryptojacking' Attacks surge 1,200% in the UKOpen AWS S3 Bucket Exposes Private Information of Thousands of FedEx CustomersUK Government Publicly Blames Russia for NotPetya attacksWinter Olympics hit with ‘Olympic Destroyer’ Malware during Opening CeremonyGoogle will label all HTTP sites 'not secure' starting in July 2018Microsoft releases 50 Patches for IE/Edge, Windows, Office, ChakraCore & FlashAdobe Releases Critical Fixes for Flash PlayerAdobe Releases Critical Security Update for Flash Player, as Exploited by APT 123Apple Release patch for Telugu 'Text Bomb' bug that Causes System CrashesCisco Update eliminates DoS Vulnerability in Aggregation Services Router OSCisco releases a second fix for a Critical Vulnerability in ASADell Storage Platform Security Bugs allows Root AccessDrupal 7 and 8 Patch Multiple Critical VulnerabilitiesAWARENESS, EDUCATION AND THREAT INTELLIGENCEDigital Guardian: Do you know your data's worth?77 Facts About Cyber CrimeGDPR Preparation: Recent Articles of NoteNorth Korea (APT37) expanding Cyber Attack capabilities, Intention is DisruptionColdroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years AgoHackers could Obfuscate Malware through Code Signing and SSL CertificatesTwo New Thefts using SWIFT Network ConfirmedREPORTSThe Malicious Use of Artificial Intelligence: Forecasting, Prevention, and MitigationAvecto Microsoft Vulnerabilities Report 2017The Global Cloud Data Security Study2018 CrowdStrike Global Threat Report: Nation-State Cyber Attacks on the Rise
Dave Whitelegg