Yahoo_breach.jpg

This week made breach history with at least 500 million Yahoo users being compromised 2 years ago; Cisco follow-up with the Shadow Broker exploit, only to discover yet another exploit affecting at least 840,000;  and ransomware, dubbed Mamba, was found to encrypt hard drives.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Data Breach

The Yahoo breach is being called the largest infiltration of a company’s data to date, affecting at least half of their users.

why is this signficant?

  • This breach affects at least 500 million Yahoo users.  It isn’t just email accounts and passwords, many users have linked their bank accounts, photo albums and some medical information to their Yahoo accounts.
  • In July, Verizon reported an acquisition of Yahoo for $4.8 billion, the exposure of the breach and lack of cybersecurity could affect the valuation as the stock plummets.
  • Yahoo is claiming this breach as coming from “state-sponsored” threat actors. According to reports, the breach went undetected for 2 years until Yahoo’s security team discovered the possibility of a breach due to Yahoo’s data appearing on underground forums.
  • As the class-action lawsuits start to roll in due to breaches, this detrimental breach could help nudge Congress to lay a foundation for cybersecurity laws

Read the full story on The New York Times

Vulnerabilities

At least, 840,000 Cisco networking devices are vulnerable to an exploit that is similar to the exploit related to the Shadow Brokers.

why is this signficant?

  • The exploit was discovered by Cisco, after they were analyzing their PIX firewall product after the Shadow Brokers exploit was released.
  • “The vulnerability stems from how the OS processes IKEv1 (Internet Key Exchange version 1) requests. This key exchange protocol is used for VPNs (Virtual Private Networks) and other features that are popular in enterprise environments.”
  • These Cisco devices can be found worldwide and a patch is in the works to be implemented. Until then, we recommend implementing security best practices which take into consideration that the organizational environment is already compromised and work towards protecting the data under such a state. 

Read the full story on PC World

Ransomware

Mamba ransomware has been discovered to encrypt the entire hard drive, rather than individual files.

why is this signficant?

  • Researchers discovered Mamba on devices on a customer’s site in Brazil with branches in the U.S. and India within the energy sector.  In the past few months we’ve seen a trend of ransomware taking on more targeted characteristics, i.e. “Targeted Ransomware”, which leech on to a particular organization. The cyber criminals behind Targeted Ransomware know that the particular organization that they are hitting will pay up according to the data they have on hand. The problem will become harsher when Targeted Ransomware and ransomware families such as Mamba pair-up. In these cases, we’ll start seeing an increased cost and operational impact to the organization since ransomware will not be just an issue of some files being accessed and others not, but one where the computer to begin with cannot be accessed.
  • “Mamba encrypts the whole partitions of the disk,” Marinho said. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.”
  • The malware is threatening Windows and is most likely infecting machines by phishing emails.  The malware infects the OS from restarting without a password, asking for the decryption key as a login.

/**enSilo protects against Mamba and other ransomware.  Learn how ransomware prevention is key   **/

Read the full story Threat Post