This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week! 

 

Black Hat and DEF CON Have Evolved over the Last 20 Years

If you had to select one symbol of cybersecurity industry, you’d be hard pressed to find a better choice than the pair of conferences, Black Hat Briefings (Black Hat) and DEF CON. The duo is known affectionately as Hacker Summer Camp by many conference goers.  

Petya Ransomware Victims Can Now Recover Their Files for Free

Petya is a ransomware program that first appeared in March 2016. Internet users who have fallen victims to the aggressive ransomware attacks over the past year are in luck. There is now a free tool that will allow them to decrypt their files if they hang onto them since then. 

U.S. and Japan Are Ramping up Cybersecurity Coordination

The U.S. and Japan promised to strengthen cybersecurity cooperation and cyberthreat information-sharing in a joint statement issued July 24 at the conclusion of the fifth bilateral meeting on the subject. The two countries pledged to collaborate on critical infrastructure protection and other issues. 

China Arrests Hackers Behind One of the World’s Largest Malware Infections

At least nine of the ring of hackers that developed the “Fireball” malware have been arrested by Chinese authorities, according to state-run news outlets. Fireball’s reach was one of the world’s most extensive. News of it emerged a month ago, and it’s been estimated to have infected 250 million computers. 

Fake News Is Being Utilized in Numerous Circles

Intentionally misleading propaganda materials have been a linchpin of communication for years, particularly during times of political or economic turmoil. And as technology continues to advance, so too do the strategies in which malicious actors utilize to spread this type of misinformation. 

300,000 Records Breached in Ransomware Attack on Pennsylvania Health System

The Women’s Health Care Group of Pennsylvania has notified 300,000 of its patients that a ransomware attack has put their personal health information at risk. The health system discovered a server and workstation at one of its practices was infected by ransomware on May 16. 

Manage Rising Cyber Insurance Rates

When organizations are deciding which mitigation techniques to apply, they look at relative costs. Note that this does not require a detailed risk quantification effort – those tend to go off the rails quickly. For estimates as uncertain as cyber risk, it is prudent to be generally correct than precisely wrong. 

Turkish Android App Store Is Spreading Malware

A Turkish alternative app store, CepKutusu.com, has been spreading malware under the guise of nearly every offered Android app. Victims will download an app from the store only to find the app in no way resembles what the user was expecting, but instead is an app disguised as a Flash Player. 

It’s Time to Plan for Ransomware

There’s no question that ransomware is one of the most formidable threats to a business. With so much riding on digitized data, important applications and other systems, any interruption to access of these crucial assets can quickly spell disaster for an organization. 

Facebook Backs $1 Million Security Prizes and Anti-Election Hacking Group

Alex Stamos, Facebook’s chief security officer, announced Wednesday that the company would bankroll a new anti election-hacking group during a keynote address at the Black Hat hacking conference in Las Vegas.  The project is part of the Belfer Center for Science and International Affairs. 

CopyKittens Exposed by ClearSky and Trend Micro

CopyKittens is a cyberespionage group that ClearSky has been reporting on since 2015, tracking their attacks on government-related bodies around the world. Trend Micro has supported this research at several points, including for their latest report released today on the group’s vast espionage campaigns. 

Microsoft launches Windows bug bounty program with rewards ranging from $500 to $250,000

Microsoft announced the Windows Bounty Program. Rewards starting at a minimum of $500 and can go up to as high as $250,000. The Windows Bounty Program encompasses Windows 10 and even the Windows Insider Preview, the company’s program for testing Windows 10 preview builds.

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.

Leave a Reply