Week in review: WannaCry disaster, SharePoint security, the importance of security culture

Here’s an overview of some of last week’s most interesting news and articles:

Massive ransomware campaign spreading around the world like wildfire
Organizations around the world have been hit with the Wana Decrypt0r (aka WannaCry) ransomware, in what seems to be the most massive ransomware delivery campaign to date.

Security awareness is good, but good security culture is better
As an efficient mechanism to influence employee behavior, security culture is one of the most important, yet most overlooked, aspects of organizational security.

SharePoint houses sensitive data, but organizations are not keeping it safe
A new report from The Ponemon Institute is focused on how organizations are keeping sensitive or confidential data safe in collaboration and file sharing environments such as SharePoint, Dropbox, and file sync and share applications.

Analysis of 500 million passwords shows what you should avoid
A dump of over 550 million username and password combinations is currently being sold on underground forums, and eager crooks are paying for the privilege to test them out against many online services.

If you downloaded HandBrake for Mac, you could be infected with Proton RAT
A mirror download server of HandBrake, a popular open source video conversion app for Mac, has been compromised, and the legitimate app .dmg file switched with a Trojanized version containing the Proton RAT.

Defeating Magento security mechanisms: Attacks used in the real world
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches. In light of these findings, this article describes examples of several attacks used in the real world that combine common vulnerabilities with faulty security mechanisms in Magento, leading to an unfavourable outcome.

HP pushes out fix for keylogging audio driver in its laptops
Swiss security consultancy Modzero revealed on Thursday that a number of HP laptops contain an audio driver that logs users’ keystrokes and stores them in an unencrypted file on the local system.

Industry reactions to Trump’s executive order on cybersecurity
On Thursday, President Donald Trump signed a long-awaited executive order on cybersecurity.

US intelligence chiefs don’t trust Kaspersky Lab software
The implication is that the company possibly has close ties with the Russian government.

Google found over 1,000 bugs in 47 open source projects
In the last five months, Google’s OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it’s ready to integrate even more of them.

US to expand carry-on laptop ban to flights from Europe
The Department of Homeland Security is planning to ban US-bound air travelers from Europe and the UK from carrying laptops and other large electronic devices in their hand luggage.

Cisco patches leaked 0-day in 300+ of its switches
Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been available for a month now.

Digital transformation initiatives: What are you doing to get ahead?
Respondents on average reported 29 percent of their IT budget is dedicated to digital transformation projects, but the research reveals these initiatives are more likely to succeed when funded from outside IT.

40 Asus RT routers open to attack through web interface vulnerabilities
If you own an Asus RT wireless router, and you haven’t updated its firmware for a while, now is the time to do it.

Is remote access technology leaving you vulnerable?
Despite rising awareness of the threats posed by users with privileged access permissions, most organizations still allow a myriad of internal and external parties to access their most valuable systems and data.

SOCs are maturing, but need more automation
SOC’s primary strengths are flexibility of response and response time, while their biggest weakness is lack of visibility into events.

Keys to attracting and retaining cybersecurity talent
Federal agencies need to invest strategically and heavily in their benefits strategy if they’re going to successfully compete for cybersecurity talent.

Most companies falsely believe their Active Directory is secure
A survey sheds new light on how organizations are protecting their privileged credentials stored in AD against a backdrop of escalating daily attacks.

In 5 years AI may replace pros in tasks within medicine, law and IT
Many competitive, high-margin industries will become more like utilities as AI turns complex work into a metered service that the enterprise pays for, like electricity.

Microsoft plugs crazy bad bug with emergency patch
Microsoft released a critical out-of-band security update for the Microsoft Malware Protection Engine, to plug an easily exploitable bug that could allow remote attackers to compromise target Windows machines.

What healthcare CISOs should know
“Are we more secure today than yesterday?” is the question every healthcare organization needs to asks itself every day.

Google’s plan to foil screen-hijacking malware in Android O
74% of ransomware, 57% of adware, and 14% of banker malware abuse a specific app permission to target nearly 40 percent of all Android users – by overlaying screens, displaying fraudulent ads and phishing scams over apps.

Rudimentary attacks pose the greatest risk to midsized organizations
Rudimentary attacks pose the greatest risk – cybercriminals are moving away from sophisticated malicious code attacks, with the majority of attackers preferring inexpensive and automated methods of intrusions, exploiting ‘low hanging fruit’ (representing almost 30% of all observed events).

New infosec products of the week​: May 12, 2017
A rundown of infosec products released last week.