Week in review: Zip Slip, GDPR and the US, why creativity is key to security

SmartNA PortPlus - High Performance Visibility Solutions that scale with your network.

Here’s an overview of some of last week’s most interesting news and articles:

VPNFilter malware targets new devices, can deliver exploits to endpoints
Cisco Talos researchers have news about the VPNFilter malware, and it doesn’t look good.

Why creativity is key to security
Security teams are often viewed as a hindrance to business growth. They are deemed the killjoys of business innovation by imposing restrictions on access, rules and controls, and responding with “no.” Given this perception, security teams are often times not thought of as innovative or creative. Yet that’s precisely what needs to happen.

Zip Slip vulnerability affects thousands of projects
An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems.

Wi-Fi phishing attacks discovered around Atlanta City Hall
As Atlanta continues to fully recover from March’s ransomware attack, new evidence discovered today by Coronet reveals hundreds of active Wi-Fi phishing attacks currently ongoing both inside of and in close proximity to Atlanta City Hall.

Vulnerable ship systems: Many left exposed to hacking
Pen Test Partners’ Ken Munro and his colleagues – some of which are former ship crew members who really understand bridge and propulsion systems – have been probing the security of ships’ IT systems for a while now and the results are depressing: satcom terminals exposed on the Internet, admin interfaces accessible via insecure protocols, no firmware signing, easy-to-guess default credentials, and so on.

Cybersecurity: A core component of digital transformation
In this podcast, Kai Grunwitz, Senior VP EMEA at NTT Security, talks about the NTT Security 2018 Risk:Value Report, and the importance of cybersecurity for a successful digital transformation.

Masterminds behind prolific CEO fraud ring arrested
It took two years and a collaborative effort of French, Belgian, Romanian and Israeli law enforcement agencies to take down an organised crime group that was behind at least 24 cases of CEO fraud across Europe, Europol has announced.

Airports develop digital transformation roadmaps with biometrics and blockchain
Airports are developing their digital transformation roadmap in line with strategic planning activities to address key performance indicators across all areas of the airport operation.

Sophisticated keyloggers target the finance industry
Lastline found three separate strains of keylogger malware that are currently targeting finance.

Cryptomining malware digs into nearly 40% of organizations worldwide
Check Point published its latest Global Threat Index for May 2018, revealing that the Coinhive cryptominer impacted 22% of organizations globally – up from 16% in April, an increase of nearly 50%.

Shape up US businesses: GDPR will be coming stateside
With the EU passing GDPR to address data security, will we see the US implement similar laws to address increased consumer anxiety?

Adobe releases fix for actively exploited Flash Player zero-day
The attacks are “limited, targeted attacks against Windows users,” but updates (v30.0.0.113 for all platforms) are available for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.

Businesses should embrace AI or face stagnation
Recent GlobalData research reveals that incumbents in virtually every industry are facing some kind of game-changing disruption from AI technologies, with some being better prepared than others for the challenges ahead.

Crowdsourced security trends: Payouts to hackers increase
Bugcrowd has released the 2018 Bugcrowd State of Bug Bounty Report, which analyzes proprietary platform data collected from more than 700 crowdsourced security programs managed by the organization.

Facebook gave user data access to Chinese mobile device makers, too
Facebook has established 60 or so user data-sharing partnership with companies such as Apple, Amazon, BlackBerry, Microsoft and Samsung, but also Chinese-based Huawei, Lenovo, Oppo and TCL back in 2009, when getting Facebook onto mobile devices was not as easy as installing an app from (then non-existent) online app markets.

How Mirai spawned the current IoT malware landscape
There are four prominent Mirai variants.

MyHeritage suffers data breach, account details of 92+ million users compromised
Israel-based genealogy and DNA testing company MyHeritage has apparently suffered a data breach that resulted in the compromise of email addresses and hashed passwords of all 92+ million of its users.

Key challenges and frustrations of SOC workers
Technology challenges, hiring and staffing issues, processes and pain points, as well as finance and funding difficulties have the potential to limit the ability of SOCs to tackle ever increasing volumes of security alerts and potential cyber attacks.

New security, privacy features in iOS 12 and macOS Mojave
Apple has announced a slew of new features for iOS 12 and macOS Mojave (10.14), but also some security and privacy improvements that should make privacy-minded users very happy.

How security leaders can be empowered to drive results
Gartner analysts provided guidance to security and risk leaders and practitioners on how to be empowered to adapt their people, processes and technologies to address the old and the new; to transform their approach to risk governance to be more continuous and inclusive; and to scale their security capabilities in other ways than by hiring more people.

New infosec products of the week​: June 8, 2018
A rundown of infosec products released last week.