In this week’s news Google researchers update Linux users with a warning that could have catastrophic effects if not patched.  Ransomware is making headlines this week hitting the Hollywood Hospital shutting down computers for nearly a week before paying the $17,000 ransomware request, not to mention that healthcare records are a huge commodity in the “dark web” increasing by 11,000% just last year.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Vulnerability

Researchers discovered a buffer-overflow vulnerability in the glibc library. An attacker exploiting this flaw can ultimately take complete control of Linux machines communicating outbound, typically routers and Internet-of-things devices, leaving most Linux machines vulnerable.

why is this signficant?

  • This vulnerability affects the core of most Linux machines giving the reigns to the attacker in domain name look-ups, allowing the attacker the ability to respond to the vulnerable device with a malicious code.
  • Already as early as 2008, this vulnerability was introduced to the GNU, and many core and common applications relying on the library, such as secure shell and sudo are thus affected by this vulnerability.
  • The maintainers of the glibc uploaded an update that patches it and recommend that anyone working with Linux –based software/hardware performing such domain name look-ups to patch it ASAP. Servers running apps relying on the vulnerable library will have to wait for a fix from their vendors.

 

Read the fully story on ArsTechnica

Ransomware

Hollywood Presbyterian Medical Center paid a $17,000 ransomware request by threat actors that froze their PC’s for nearly a week.  Originally, the ransomware request was $3.6 million.

why is this signficant?

  • According to a recent study, nearly 1/2 of ransomware victims are willing to pay the monetary ransom request to unlock their data from the threat actors that hold their data for ransom. The F.B.I.’s Joseph Bonavolonta said at 2015’s Cyber Security Summit 2015 “To be honest, we often advise people just to pay the ransom.”  Bonavolonta stresses that ransomware is that good.  
  • Recent research estimated that criminals that had built a certain infrastructure for ransomware infections earned about $30M USD annually & ransomware is supposed to increase in 2016.
  • While victims are paying up, it’s important to understand that a successful ransomware attack represents a security vulnerability that needs to be effectively remediated; paying is only a short-term solution that doesn’t address the root of the problem.

    Read the fully story on The Register

    **enSilo protects against the tampering of data performed by ransomware. See how**

The State of Healthcare Security

Healthcare record hacking is climbing to astronomical numbers, hitting an 11,000% increase, just last year with 100 million records being stolen.

why is this signficant?

  • Nearly 1 out of 3 Americans had their healthcare records breached and most victims are not aware of it.
  • Healthcare records are not like other personal information that is compromised, due to its everlasting effect.  Once in attackers’ hands, this type of data cannot be “expired” even when reported as stolen, such as in the case of a credit card, and can even be re-sold to multiple interested parties. Due to this data’s intrinsic value, hackers sell it at a premium on the black market.
  • Cyber criminals have made healthcare records a commodity in the “dark web” selling stolen: credit cards for $1-$3 each, Social Security numbers for $15 and complete healthcare records go for $60 each.

Read the fully story on NBCNews