Two zero-day exploits found fused into one, the latest report from the Anit-Phishing Working Group and hackers are increasingly going after your brand.
We’re bringing you the latest cyber security news. Welcome to Cyber Security Today. It’s Friday May 18th. To hear the podcast, click on the arrow below:
Despite regular headlines about successful cyber attacks, sometimes we get a break. According to a report on Bleeping Computer, it happened in March when researchers at security vendor ESET detected something odd in a PDF file that had been uploaded to a public antivirus scanning engine. The file had been loaded with two new pieces of malware that worked together to exploit holes in Adobe Acrobat Reader and Windows. Presumably, the creator of this piece of mischief was trying to see if their work was good enough to evade detection by the scanning engine. ESET reported the bugs, which were fixed last week by Microsoft and this week by Adobe. We hope for more good news like this.
Unfortunately, it’s still bad news on the phishing front. The Anti-Phishing Working Group, an industry association, said this week it has seen notable increases in campaigns going after webmail providers, banking targets and cloud storage and file-sharing sites.
Phishers also continue to fool Internet users into complacency by using HTTPS on phony web site address. This lulls users into thinking that the sites are run by legitimate businesses and are safe to transact with. Remember, the green lock in the URL section of the browser doesn’t mean a Web site is legitimate and/or safe, only that it uses encryption. But nothing helps if you enter your password on a phony site.
Finally, the data in your organization is the prime target of attackers, but not far behind is something more intangible: Your brand. According to a report this week by solutions integrator Optiv, brand security threats were the second most common source of alerts the company answered from customers in 2017. These alerts related to phony, misleading or malicious Web sites. Phishing attacks were number one, but threats to brands were ahead of typical security concerns such as data leakage and web vulnerabilities. This finding should raise the importance of brand risk among the ranking enterprise security concerns.
You can get the Optiv report here. Registration required.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.