Weekly Security Roundup #73: Meet the New Threats, Same as Old Threats
There’s a red line you can use to guide your cyber security efforts
We started the week directly with a security alert about Atmos, a new financial threat.
That’s a polymorphic malware that resurged from ZeuS and Citadel. It has been detected targeting France banks and, on top of that, it’s also delivered with the ransomware Teslacrypt v4.
The problem with Atmos is that it’s hard for users and IT personnel to realize that they are infected with it. In the meantime, the malware continues to steal information about the user.
For extra details and the whole background, you can read our dedicated blog post.
On Tuesday we published a guest post by George Hari Popescu, a Trainee at the Directorate-General for Innovation and Technological Support at the European Parliament, who lives in Brussels. It’s a true story about the time he accidentally found someone else’s travel pass and what insane amount of data he found out about that person.
And now off to the weekly roundup with everything that’s new in the cyber security world:
Security articles of the week
As Apple dropped support for QuickTime on Windows, the US government urges users to uninstall it.
Two security holes were discovered in its code and can be used for malicious attacks. Users who don’t uninstall it risk “loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets.”
In what’s probably one of the worst government data breach ever, the voters in Philippines database was breached. Up to 55 million voters might have been exposed.
On Patch Tuesday, Microsoft released security patches for 31 separate vulnerabilities, including a fix for the Badlock bug.
Didn’t get a chance to update your Chrome? No, not yet? Then do it. Now. Seriously, stop reading this article and type “chrome://help” in the address bar. Follow the instructions until it says there that your Google Chrome is up to date.
Fresh spear-phishing tactic (and a highly successful one as well): cyber attackers use your home address and serve you ransomware.
If own or manage a blog, this guest post on ProBlogger shows you what basic steps you should take to enhance your site’s cybersecurity.
Good news from WordPress.com: the company just announced that they activated free encryption for all the custom domains hosted at them.
Feed your inner paranoic self and cover your laptop’s webcam with tape. The FBI director, James Comey, does it too.
A new study reveals how cyber attackers can exploit the short links that lead to cloud services.
According to a recent global survey commissioned by the Centre for International Governance Innovation (CIGI), half of the content existent on the dark web is legal.
“We believe it is important for the public to gain a better understanding of the contents of the dark web in order for there to be a proper debate about its nature, dangers – and potential benefits. […] Misunderstanding about the dark net is rife, and has been fuelled by often misleading media coverage. This, in turn, has influenced policy debates based on incorrect assumptions and hyperbole.”
Old cyber security threats don’t disappear, they just evolve. They transform into newer, greater threats, but the basic security layers one should enforce remain the same.