The Wind control weekly reports the security technologies and events that are worth paying attention to, including but not limited to content security, mobile security, business security and network security, and helps enterprises to be vigilant and avoid these security risks, which are small and large and affect the healthy development of the business.
1 . Central bank: Prohibit unauthorized access to the credit system
With the establishment of a unified market for personal credit, credit information security is on the agenda. In a recent notice issued by the Central bank, the credit operators and access agencies are not authorized to search the credit report, and unauthorized access to the credit system is strictly forbidden. In addition, the need to establish a credit information security work Leadership team, clear leadership in charge of the letter of responsibility for the work of the first person responsible.
2
Recently, researchers have found that the latest variants of Synack ransomware use a variety of novel and complex techniques to evade detection. Typically, in order to be able to exist in an infected system for longer periods of time, attackers often add a variety of defense techniques to identify detection tool reviews. SynAck ransomware deploys "common technologies" and adds processdoppelg?nging code injection technology to new variants. This technology was first seen at Black Hat's European conference, and it was used to attack all Windows platforms, and to attack mainstream security products. With this technology, Synack Ransomware can disguise itself as a legitimate program stored on disk, eventually running malicious code without changing the files that could trigger an alert. In addition, SynAck uses obfuscation techniques, common identification techniques, and even tests the keyboard language settings of the target system to evade detection.
3. Cyber security company discovers new virus "Kitty"
Recently, cyber security company Impervaincapsula found that the xmr of the new virus "Kitty" mining. It is learnt that the virus exploits the Remote Code execution Vulnerability (CVE-2018-7600) in the updated version of Drupal published March 8, 2018. The new virus has been attacked in various forms since it was discovered in early April. If this virus is infected, it will bind to the server and start launching the Salomon mining program called "Kkworker".
4. botnet is still active in the event of device restart
Security researchers found the first IoT zombie virus that stops the system after a device restarts, and it remains on the device after attacking the system. This is a major change in the IoT zombie virus, a virus that has previously been used by device users to remove those viruses simply by restarting the device. The restart operation refreshes the device's flash memory, and all of the device's work data is also kept in RAM, including those viruses. But now, Bitdefender researchers have announced that they have discovered an internet of things malware that in some cases replicates to/etc/init.d/, a path that is used by Linux systems to place daemon scripts, by placing viruses in them, The process by which the device automatically starts the malware after it restarts.
5
The U.S. computer Security Emergency Response Center (hereinafter referred to as CERT) released a recent announcement that Windows, MacOS, Red Hat, Ubuntu, SUSE Linux, FreeBSD, Systems such as VMware and Xen are likely to be affected by a major security vulnerability (CVE-2018-8897), due to the fact that operating system developers misinterpret the debug documentation of both Intel and AMD chip vendors.
6. high-risk vulnerability can be caused to the Sea Conway video camera, DVR and account was remotely hijacked
Hoi Kang Granville and explosion loopholes, this time the vulnerability is hik-connect.com identity authentication security issues. If the vulnerability is exploited, an attacker can access, manipulate, and hijack other users ' devices.
Stykas, the discovery of the vulnerability, found that the Hik-connect cloud service could directly access the camera without the router port forwarding and the cookie value was not validated effectively when the firmware update was made to Conway DVR.
7. Copenhagen's shared bike system Bycyklen hacked
< Span style= "font-size:14px;font-family: ' Microsoft Jacob Black ', Sans-serif;color: #333333; letter-spacing:1px" > Copenhagen entire City 1, 860 bikes cannot be used during the period from Friday to Saturday. It is unclear whether the hacker's identity and which vulnerability is being exploited, but there are indications that the attacker is familiar with the system. Bycyklen said the hackers did not steal data, but the direct attack caused the entire system to crash. Bycyklen had to manually upgrade every bike in the city. Bycyklen also affirms that it does not store user's payment information, and that the user's personal information is encrypted and saved, even if the employee is unable to view it. Still, Bycyklen urged users to change their passwords.
8. mobile apt attack rise
Murray citing the latest Verizon 2018 data leak report, it points out that phishing and SMS scams have become a common means of social engineering attacks-both of which can be done via mobile phones. Murray also pointed out that the two major organizations NSO group and dark Caracal focus on mobile phone apt attack to steal information. Unlike the computer apt attackers, which were not technically mature at first, the mobile apt attacker could quickly become a good attack initiator by accumulating experience from the computer, and the defender needed to deal with the attack faster, Murray said.
May 2nd week business Wind Control Focus | Central bank: Prohibit unauthorized access to the credit system