Week in review: Bleedingbit, nastiest malware of 2018, Cisco security appliances under attack

Here’s an overview of some of last week’s most interesting news and articles:

New techniques expose your browsing history to attackers
Security researchers at UC San Diego and Stanford have discovered four new ways to expose Internet users’ browsing histories.

Top 10 predictions and key drivers for the IT industry for the next five years
A closer look at IDC’s top ten worldwide IT industry predictions.

How to protect your organization from insider threats, the #1 risk for data loss
Is your security approach exposing your organization to risk? The answer is “yes” if your security strategy focuses exclusively on external threats.

Bleedingbit: Critical vulnerabilities in BLE chips expose millions of access points to attack
Armis announced the discovery of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) and used in Cisco, Meraki and Aruba wireless access points, called Bleedingbit.

Apple releases security updates, says new MacBooks will disconnect microphone when lid is closed
Apple unveiled new Macs and iPads on Tuesday and has pushed out security updates for macOS (Mojave, High Sierra, Sierra), iOS, watchOS, tvOS, Safari, iTunes, and iCloud for Windows.

Safeguarding global critical networks now and in the future
Lior Frenkel, CEO and co-founder of Waterfall Security Solutions, talks about the vulnerability of global critical networks, challenges related to safeguarding such security architectures from zero-day attacks, ICS security in the future, and much more.

Cisco security appliances under attack, still no patch available
A vulnerability (CVE-2018-15454) affecting a slew Cisco security appliances, modules and firewalls is being exploited in the wild to crash and reload the devices, the company has warned on Thursday.

Businesses unprepared for Windows 10 migration, fear vulnerability to cyber threats
A new WinMagic study has found that organisations are largely unprepared for when support of older versions of Microsoft’s Windows OS will be withdrawn in January 2020.

Damaging cyberattacks surge ahead of 2018 U.S. midterm elections
Carbon Black released its Quarterly Incident Response Threat Report (QIRTR) aggregating key findings from IR partner investigations during the last 90 days.

Bring visibility to shadow APIs and ensure that security standards are being met
Last week Data Theorem introduced the industry’s first automated API discovery and security inspection solution aimed at addressing API security threats introduced by today’s enterprise serverless and microservices applications. We took this opportunity to talk about API security as well as the new offering with Doug Dooley, COO at Data Theorem.

Nastiest malware of 2018: Top attack payloads wreaking havoc
Webroot highlights the top cyberattacks of 2018 in its latest nastiest malware list, which showcases the malware and attack payloads that have been most detrimental to organisations and consumers alike.

Word documents seemingly carrying videos can deliver malicious code instead
A feature that allows anyone to embed a video directly in a Word document can be easily misused to trick target users into downloading and running malware, Cymulate researchers have demonstrated.

Windows Defender can now run inside a sandbox
Microsoft has made it possible for Windows Defender Antivirus to be run within a restrictive environment that separates the AV’s processes from those of the underlying Windows OS, thus limiting the actions of malware that can exploit the software’s flaws.

Most impersonated brands in email attacks? Microsoft and Amazon
Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari.

Many water and energy systems vulnerable to significant cyber risk
New Trend Micro research revealed how exposed human machine interface (HMI) systems in thousands of critical water and energy organizations around the world could be exploited, causing significant real-world impacts, such as contaminating the water supply.

Wider breach awareness fosters more security conversations
Focal Point Data Risk released the second annual Cyber Balance Sheet Report, a closely watched research study using in-depth surveys and interviews of corporate board members and CISOs to offer a rare window on the state of cyber risk management in the boardroom.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.