This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On November 30, 2018

Monday 11/26

New Linux crypto-miner steals your root password and disables your antivirus

This rootkit component has even more intrusive features, experts said, such as "the ability to steal user-entered passwords for the su command and to hide files in the file system, network connections, and running processes."

Microsoft: Crash-causing Outlook 2010 security patches are now fixed

Microsoft this week released KB 4461585 for Outlook 2010, which includes patches for the four flaws and shouldn't trigger crashes. Microsoft confirmed it does fix the crash issues caused by KB 4461529.

What to Expect for AI (Artificial Intelligence) in 2019

The introduction of AI specialized hardware by Apple, Google, Tesla and NVIDIA is increasing AI performance by tens to hundreds, and enabling that performance in smaller form factors.

Tuesday 11/27

Cisco to Buy British Networking Software Firm to Beef Up Automation

With the purchase of Ensoft, Cisco looks to further their commitment to simplifying service provider networks through automation and programmability.

This worm spreads a fileless version of the Trojan Bladabindi

The Bladabindi RAT acts as a data-stealing system and backdoor and is capable of keylogging, the theft of credentials during browser sessions, capturing webcam footage, and both the download and execution of files.

Container Orchestration in the Cloud: Exploring the Cisco, AWS Partnership

Cisco is providing Kubernetes — a container orchestration platform — on AWS through its integrated platform. Both Amazon and Cisco say this will help to simplify the process of developing and orchestrating Kubernete clusters across the AWS cloud and private data centers.

Wednesday 11/28

Beyond CASB Power: Check Point Announces General Availability for CloudGuard SaaS

Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects enterprises that use SaaS applications and cloud-based email (including Office 365, GSuite and OneDrive), and prevents targeted attacks intended to steal sensitive data.

Malware Companies are Finding New Ways to Spy on iPhones

Earlier this year, Russian cybersecurity firm Kaspersky Lab found evidence that a small government spyware maker called Negg developed a “custom iOS malware that allows GPS tracking and performs audio surveillance activity,” according to a private report the company sent to subscribers. The discovery of Negg’s iOS malware has never been reported outside of Kaspersky.

I’ve got a bridge to sell you: Why AutoCAD malware keeps chugging on

Criminal hackers continue to exploit a feature in Autodesk’s widely used AutoCAD program in an attempt to steal valuable computer-assisted designs for bridges, factory buildings, and other projects, researchers said Tuesday.

Thursday 11/29

Kaspersky Security Bulletin 2018. Story of the year: miners

Still on the topic of botnets, it is impossible not to mention that in Q3 2018 we registered a decline in the number of DDoS attacks, the most likely reason being, according to our experts, the “reprofiling” of botnets from DDoS attacks to cryptocurrency mining.

Splunk Announces Integrations With New Amazon Web Services Security Hub

Splunk’s support for AWS Security Hub allows customers to take an analytics-driven approach to security, and to scale their security operations through automation and orchestration capabilities.

Citrix Ranked as a Leader in Unified Endpoint Management Solutions

Designed to assess the current state of the market for unified endpoint management solutions, the report evaluated 12 providers using 28 criteria within the categories of current offering, strategy and market presence.

Dunkin’ Donuts warns customers of data breach

"Although Dunkin' did not experience a data security breach involving its internal systems, we've been informed that third-parties obtained usernames and passwords through other companies' security breaches and used this information to log into some Dunkin' DD Perks accounts," said the company in a statement.

Friday 11/30

Atrium Health data breach exposed 2.65 million patient records

Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances. In addition, roughly 700,000 Social Security numbers were exposed.

Marriott reveals data breach of 500 million Starwood guests

For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Sophisticated malware could target your smart home in 2019

As for the smart home, the often wobbly security associated with the many internet-connected gadgets therein is always a worry, and McAfee believes that these will be a focus for attacks in 2019.

KingMiner malware hijacks the full power of Windows Server CPUs

KingMiner generally targets IIS/SQL Microsoft Servers using brute-force attacks in order to gain the credentials necessary to compromise a server. Once access is granted, a .sct Windows Scriptlet file is downloaded and executed on the victim's machine.