by CIRT Team
New iOS bug can crash iPhones and disable access to iMessages [source: theverge]
Apple had a shockingly bad week of software problems just before the end of 2017, and it looks like 2018 isn’t starting so well either. A new bug has been discovered in iOS 11 that lets people send a specific character that will crash an iPhone and block access to the Messages app in iOS and popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail....
Read More
by CIRT Team
Ransomware – Reminder for Healthcare Providers to Lock Down Their Environments [tripwire]
Ransomware attacks against healthcare providers aren’t new. In 2017, two crypto-malware infections affecting medical organizations made The State of Security’s top list of ransomware attacks for the year. The first involved an unknown strain that targeted Arkansas Oral & Facial Surgery Center, an incident which affected X-ray images, documents, and patient data related to recent appointments. The second was the now-infamous outbreak of WannaCry, ransomware which affected 34% of National...
Read More
by CIRT Team
IT Pros: IoT Devices Most Vulnerable to Wi-Fi Attacks [source: infosecurity-magazine]
IoT devices are the most vulnerable to Wi-Fi attacks, according to IT professionals polled in a new Spiceworks survey. The firm quizzed 527 IT pros from North America and Europe to examine how businesses are securing their data and devices on Wi-Fi networks. The research found that 52% of respondents believe workplace IoT devices such as smart lights and thermostats are ‘extremely vulnerable’ to Wi-Fi-based attacks, with...
Read More
by CIRT Team
Microsoft, Adobe February 2018 security updates: An overview [source: helpnetsecurity]
The Microsoft February 2018 security updates are for Internet Explorer, Edge, Windows, Office, Office Services and Web Apps, Adobe Flash, and ChakraCore (the core part of the Chakra Javascript engine that powers Microsoft Edge). Jimmy Graham, director of product management at Qualys, considers the Adobe Flash update and that for StructuredQuery in Windows servers and workstations to be the most critical and best implemented as soon as...
Read More
by CIRT Team
Olympic Destroyer Data-Wiping Malware Is More Complex Than Previously Thought[bleepingcomputer]
The Olympic Destroyer malware that has caused damage to PyeongChang 2018 Winter Olympics computer networks is much more complex than previously thought. Discovered by Cisco Talos researchers, this malware has been deployed before the start of the Olympics and has caused downtime to internal WiFi and television systems, disrupting some operations during the games’ opening ceremony. Cisco published an initial analysis (now updated) of this threat yesterday, revealing...
Read More
by CIRT Team
Security Updates Available for Popular Netgear Routers[source: bleepingcomputer]
Owners of popular Netgear router models should look into installing firmware updates on their devices as Netgear finished deploying patches for a slew of security issues discovered and reported by US cyber-security firm Trustware. Trustwave researchers discovered five issues affected 17 Netgear router models, in total, including the company’s top-seller —the Nighthawk router series. All issues were discovered and privately reported in March 2017 via...
Read More
by CIRT Team
An Analog to Security and Compliance: The Wonder Twins [source: tripwire]
Security and compliance are two sides of the same coin, although they are often seen as adversaries. The truth is, much like the 1980s power siblings, the Wonder Twins (whose powers only functioned when their fingers touched), they work hand-in-hand to shore up your information security better than any other combination. COMPLIANCE IS KEY Regulatory compliance is instantiated as a gateway to security through following relevant...
Read More
by CIRT Team
BEC Attacks Jumped 17% Last Year [source: infosecurity-magazine]
The Business Email Compromise (BEC) epidemic shows no signs of abating, after Proofpointrevealed a 17% increase in attacks last year. The security vendor analyzed over 160 billion emails sent to more than 2400 companies spanning 150 countries to compile its 2017 Email Fraud Threat Report. It revealed that by the fourth quarter, nearly 89% of all organizations were targeted by at least one attack — a major...
Read More
by CIRT Team
Rapid Ransomware Being Spread Using Fake IRS Malspam [source: bleepingcomputer]
A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. First detected by Derek Knight, this campaign is a mixup of countries with the IRS being a U.S. entity, the send being a UK email address, and the spam attachment being in German. This malspam campaign is being sent with emails subjects like “Please Note –...
Read More
by CIRT Team
Telegram 0-Day Used to Spread Monero and Zcash Mining Malware[source: bleepingcomputer]
Malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware, researchers from Kaspersky Lab plan to reveal today. The zero-day has been fixed in the meantime, but Kaspersky researcher Alexey Firsh says crooks appear to have used the flaw for months before he discovered it last October. The ol’ filename fliparoo...
Read More