This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

Dnsmasq Server Flaws calls for a Reality Check and Remediation Practices** **

Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options.** **

New****Locky Ransomware Variant Uses the Asasin Extension via Broken Spam Campaigns

_A new Locky Ransomware variant was released that now uses the .asasin extension for encrypted files. It is important to note that if you are infected with this ransomware, you are not infected with the Asasin Ransomware. You are instead infected by Locky, which is using the .asasin extension. __ _

Equifax Website Was Caught Serving Malicious Ads to Visitors

It’s been just over a month since Equifax went public with news of a massive server breach. Now, a security researcher has spotted an ad campaign spreading malware from the company’s website. The malicious ads were designed to trick Equifax visitors into installing a fake Adobe Flash update._ _

The Underground Digital Souks of the Middle East

The global cybercriminal underground economy varies by region. The release of Trend Micro’s report “Digital Souks: A glimpse into the Middle Eastern and North African underground” marks the 12th in its Cybercriminal Underground Economy Series (CUES)._ _

The Pirate Bay Was Caught Mining Crypto Coin through Users’ PCs

The Pirate Bay, the Internet’s largest torrent portal, is back at running a cryptocurrency miner after it previously ran a short test in mid-September. Coinhive is a JavaScript library that allows The Pirate Bay’s owners to make money by using the site’s visitor’s computers to mine the cryptocurrency, Monero._ _

New Bill Is Tackling Medical Device Cybersecurity

Last week two Republican lawmakers introduced new legislation – the Internet of Medical Things Resilience Partnership Act – looking to lay out a cybersecurity framework which protects sensitive healthcare information from cyberattacks._ _

Deloitte Hack Hit a Server Containing Emails from across US Government

The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals._ _

Microsoft’s October Patch Tuesday Fixes 62 Vulnerabilities

Microsoft’s Patch Tuesday for October addresses 62 vulnerabilities, 27 of which are critical and 35 important in terms of severity; many of these flaws can lead to remote code execution (RCE). Of note is Microsoft’s fix for CVE-2017-11826, a memory corruption vulnerability in Microsoft Office._ _

Malware Developers Are Cashing in on Ransomware on the Dark Web

The total value of ransomware sales on dark web market places has rocketed from $250,000 to over $6m in just a year, as demand for the file-encrypting malware grows. While small-time scammers do want a piece of the ransomware pie, much of the marketplace is controlled by specialized, organized gangs._ _

Bitcoin Surges above $5,200 in Hopes of Renewed China Trade

Bitcoin set a fresh record above $5,200 as investors bet on China easing trading restrictions and reacted to a prominent hedge fund manager predicting the price of the virtual currency could rise to $10,000 within a year._ _

Cybersecurity in the Workplace is Everybody’s Business

What can individual users do to preserve cybersecurity at work? Effective workplace security does not happen by accident. It requires oversight, guidance and policies. Without the right level of awareness, the right culture, and the right processes to reinforce that culture, no level of investment will succeed._ _

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.