Blog

Security Headlines: Hopping Around

Oct 27, 2017

Weekly-Security-Headlines

This week’s National Cybersecurity Awareness campaign focused on feeding the pipeline to narrow the skills gap in the cybersecurity workforce. While StaySafeOnline declared “The Internet Wants You: Consider a Career in Cybersecurity,” Ransomware hopped to the headlines .

 

Rabbit on the run

‘Bad Rabbit’, the third global outbreak of the year with similarities to NotPetya , struck companies throughout Russia and Eastern Europe with file-encrypting malware.

This strand of ransomware metaphorically knocks on the user’s door by way of a malicious pop-up offering a Flash update . Though the outbreak was first reported, it’s suspected that the group behind the attack has been preparing since at least July .

 

Bountiful Rewards

Security researchers got good news at the start of the week when Google announced a new bug bounty program that will pay handsomely for bugs found in 3rd party apps on Google Play. Once the vulnerabilities are identified, reported, and evaluated via the HackerOne platform, the hackers will be awarded $1,000. That’s good news for researchers around the globe .

Addressing the allegedly false allegations that have tarnished the Kaspersky brand, CEO Eugene Kaspersky announced that they will be increasing their bug bounty reward , promising to payout up to $100k per vulnerability discovered in their main products.

The bounty payouts keep growing as more organizations realize the need to address the inevitability of their products having vulnerabilities—especially for those companies, like Coinbase—a bitcoin exchange —that are hot targets.

All the talk about vulnerability disclosure begs the question, what does a company do once the vulnerability is reported? Katie Moussouris, founder and CEO of Luta Security sat down for a Q&A with The Hill to answer some disclosure related questions .

 

Devising a password plan to secure devices

Though there is no new news in the future of passwords, the debate continues over the security of passwords , and whether two-factor authentication, biometrics , or password managers offer the most secure solution.

In the wake of Equifax, followed by the #Krack exploit, organizations and end users in the office and at home are eager to understand how to keep their personal information—particularly their financial accounts —secure online.

Human beings remain the weakest link in security, particularly when it comes to attitudes about mobile security . As individuals and businesses rely more upon their mobile devices—and cloud storage and computing , the devices and the data from them grows more vulnerable. Security experts struggle to help businesses find the right balance that enables productivity without compromising sensitive data.

Even cybersecurity experts are targets of attack, as was reported this week when Group 74, a known threat actor, launched a campaign using a malicious Visual Basic for Applications (VBA) in a document titled, “Cyber Conflict U.S. Conference (CYCON)”.

 

Holding out hope

Despite all the recent attacks, online safety is not an oxymoron, but the skills gap does have the industry buzzing with lots of leaders encouraging people to consider careers in cyber. Everyone from NIST to the National Cyber Security Alliance has posted tweets encouraging followers to take a first step toward being #CyberAware .