Malware, Routers Injected, Stolen Identities, Just Another Cyberday

A few headlines in a day or 2 – are typical day at the Cybersecurity Office.

 

Verizon Routers command injection flaw could impact millions of routers. High Severity flaw CVE=8.5.

“The vulnerabilities exist in the API backend of the Verizon Fios Quantum Gateway (G1100), which supports the administrative web interface.”

Exodus Spyware attacking Apple iOS. It is interesting what started as an Enterprise tool to do surveillance or some other control of the Apple devices was turned into spyware by the bad guys.

“Several technical details indicated that the software was likely the product of a well­-funded development effort and aimed at the lawful intercept market,” researchers said in an analysis shared with Threatpost

2.4 million Blur password manager users exposed   since a server exposed a file containing sensitive information about Blur users information (name, email, password hints, encrypted Blur password).

The hits just keep on coming. We are bound to have more data breaches this year 2019.

So what does it really mean? Is there a higher threat level today versus yesterday?

Here is the Internet Storm Center Infocon status:
Internet Storm Center Infocon Status
So even with more breaches the Internet still has a Green level…  This is the explanation of ISC:

“The intent of the ‘Infocon’ is to reflect changes in malicious traffic and the possibility of disrupted connectivity. In particular important is the concept of “Change”. Every host connected to the Internet is subject to some amount of traffic caused by worms and viruses. However, once a worm has been identified and the number of infected machines is no longer increasing, this traffic is not likely to cause any disruptions.”

But what does the effect of all of these breaches have?  I can hear the business people talking… None of these companies went out of business so why should I upend my business, spend a lot more money to do things more securely?

Do we always have to do things only to make more money? How about doing what it takes to make sure your customers do not have to spend time fixing their credit lives after a breach?

 

Remember even Windows10 has a lifecycle and will not update patches after a certain date:

Contact Us to discuss how to avoid getting a breach in the first place.

 

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.