Check Point’s mid-year cyber-attack report reveals that 42 percent of organizations globally have been hit by crypto-mining intrusions and that sophisticated attacks on cloud infrastructures are growing.
During the last couple of years, cyber-security has been largely about the huge influx of malware flowing through the veins of the internet. The problem hasn’t gone away by any means, but now in 2018 there’s an even larger threat: crypto-mining-specific malware.
Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.
The crux of the problem is that while most types of customer accounts these days can be managed online, the process of tying one’s account number to a specific email address and/or mobile device typically involves supplying personal data that can easily be found or purchased online — such as Social Security numbers, birthdays and addresses.
Booby-trapped archive files can exploit vulnerabilities in a swath of software to overwrite documents and data elsewhere on a computer’s file system – and potentially execute malicious code.
Specifically, the flaws, dubbed “Zip Slip” by its discoverers at security outfit Snyk, is a path traversal flaw that can potentially be exploited to perform arbitrary code execution attacks. It affects certain tools that handle .zip, .tar, .war, .cpio, and .7z formats.
Since the news of the Meltdown and Spectre attacks earlier this year, Intel has been working to reassure the computer industry that it takes security issues very seriously and that, in spite of the Meltdown issue, the Intel platform is a sound choice for the security conscious.
To that end, the company is announcing some new initiatives that use features specific to the Intel hardware platform to boost security. First up is Intel Threat Detection Technology (TDT), which uses features in silicon to better find malware.
Tenable®, Inc., the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications used in manufacturing, oil and gas, water, automation and wind and solar power facilities. If exploited, the vulnerability could give cybercriminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.