These findings are significant and quite noteworthy as these compromised credentials continue to be used for spear phishing attacks and other cyber attacks. All businesses should be taking the threat of leaked credentials seriously and should leverage mechanisms to monitor for these types of compromises.
Yet another significant ransomware outbreak hit Russia, eastern Europe, and parts of western Europe today. BadRabbit appears to be a new variant of the Petya/NotPetya variety, and is spreading through local networks attempting to compromise systems using embedded known usernames and notoriously weak passwords. Files are encrypted as well as the master boot record of the infected machine. It appears to present itself as a Flash Player update. This story continues to develop, so beware and monitor your environments closely over the next 24 to 48 hours.
This is a good step in the right direction for Kaspersky and, frankly, a necessary step in this author’s opinion if the company is going to survive in the US market. It is also a great example to set for other security software developers to potentially follow.
This is yet another KRACK vulnerability update. Please review your Cisco wireless deployments and update your devices as patches become available.
This is an excellent step forward in the effort to protect sensitive Google data. U2F is a strong, reliable authentication mechanism and will afford Google more flexibility as this program moves forward. There are certain limitations with mobile devices and third party applications that will need to be navigated, but if someone finds him or her self in a highly sensitive or high-risk situation, then this is the best security option available to date for the Google email ecosystem.
There is a critical Flash update that arrived out-of-band this week. Also, Oracle has released updates addressing 250 known bugs. Please review your environments and patch accordingly.