Week in review: CCleaner compromise, Optionsbleed, and Linux devices sending out spam

Here’s an overview of some of last week’s most interesting news and articles:

Hackers behind CCleaner compromise were after Intel, Microsoft, Cisco
There is a new twist in the CCleaner hack saga: the attackers apparently didn’t set out to compromise as many machines as possible, but were after some very specific targets.

Three things to know about the dark web
One of the more curious aspects about the dark web is that it didn’t start out as such a dark place: it began with bulletin boards in the 80s and 90s – the markets of that day – and continued in the early 2000s, when Freenet launched as a private peer-to-peer network for sharing content.

Is your router sending out spam?
A Linux Trojan that has been infecting IoT devices for half a year and made them run a SOCKS proxy server has now acquired spam-sending capabilities.

Optionsbleed bug makes Apache HTTP Server leak data from memory
On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014.

Apple’s Face ID can be quickly disabled in an emergency
A week ago, Apple debuted iPhone X and Face ID, a new biometric security mechanism that replaces Touch ID.

46,000 new phishing sites are created every day
The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.

AI will change the face of security, but is it still the stuff of sci-fi?
The technology industry has always had a big problem with hype, with marketing teams, analysts and the media alike tending to fixate on the next big thing that will revolutionise our lives. Artificial intelligence is the latest technology to be seized by hype, due in part to its role as a staple of science fiction for decades – something which sets it apart from other much-discussed topics such as big data analytics.

Equifax directed consumers to fake phishing site for weeks
You can now add another blunder to the already long list of Equifax’s missteps in the wake of the massive breach it announced earlier this month: the company has been pointing affected customers to a fake phishing site.

Digital future: Are we ready for what’s next?
The Internet Society (ISOC), a global non-profit dedicated to ensuring the open development, evolution and use of the Internet, released “Paths to our Digital Future”, a report aimed at exploring the future of the Internet.

Legacy networks holding back cloud and digital transformation
A new global survey by Riverbed Technology, which includes responses from 1,000 IT decision makers across nine countries, revealed an incredible level of agreement that legacy infrastructures are holding back their cloud and digital strategies.

Spoofed IRS notice delivers RAT through link updating trick
The malware delivery trick involving updating links in Word documents is apparently gaining some traction.

Setting the standard for a blockchain protocol for IoT
A wide range of blockchain technology companies and enterprises like Cisco, Gemalto and Bosch have launched the Trusted IoT Alliance, an initiative that aims to bring companies together to develop and set the standard for an open source blockchain protocol to support IoT technology in major industries worldwide.

The evolving nature of the CISO role
Although CISOs have varying degrees of influence among upper management in their organizations, most CISOs are influential in managing their companies’ cybersecurity risks, and their impact is growing.

The three least effective enterprise security measures
Many security technologies fail to address IT’s largest blind spots – unmanaged devices and anomalous access.

Google Chrome most resilient against attacks, researchers find
Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks.

Infosec weakest links: Negligent employees and poor password policies
Strong passwords and biometrics continue to be an essential part of security defense.

Netdata: Distributed real-time performance and health monitoring
Netdata is a system for distributed real-time performance and health monitoring. It provides real-time insight of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards.

New infosec products of the week​: September 22, 2017
A rundown of infosec products released last week.