Skip to main content
Welcome to the Community Weekly Highlights! #HappyNewYear!

 

This is a weekly series to highlight the best articles and stories happening all over the web. 

What was your favorite story? What topics would you like to see? Sound off in the comments!

 





The A-Z of 2018 Threatscape Predictions

IT Security Thing has ended up traveling all over the world to listen to what the great and the good of the cybersecurity industry have to say. It’s a tough job, etc etc. If they've learned one thing from our globetrotting adventures then it is there are a hell of a lot of intelligent folk on the right side of the security fence, and when they speak it’s pretty stupid to ignore them. So it is that, as we approach the end of yet another year, it seems pertinent to listen to what the world of cybersecurity professionals are predicting will be facing us in the year to come.

 

Read IT Security Thing's A-Z of 2018 security predictions.

 



Mozilla Patches Critical Bug in Thunderbird

Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low.

 

The most serious of the fixes is a critical buffer overflow bug (CVE-2017-7845) impacting Thunderbird running on the Windows operating system. The bug is present when “drawing and validating elements with angle library using Direct 3D 9,” according to the Mozilla Foundation Security Advisory.

 

Get all the details.

 



FBI Fingerprint Software Contains Russian Code, Whistleblowers Claim

The US government may like to blame Russian software companies for giving backdoor access to the Kremlin, it appears even the country’s security agencies aren’t clean. At least 18,000 US law enforcement agencies and the Federal Bureau of Investigation use a fingerprint software that reportedly includes code written by a Russian firm with close ties to the Kremlin.



 

The revelation comes amid concerns that this code could have given the Russian government backdoor access to information about millions of Americans. The information comes from two whistleblowers who were employees of a French company that had inserted this piece of code into the fingerprint analysis software.

 

Learn more.

 



Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More

Attackers can use sound waves to interfere with a hard drive's normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.

 

Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests. The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.

 

Learn more details of the research.

 



Tastylock Cryptomix Ransomware Variant Released

A new variant of the CryptoMix ransomware has been discovered that appends the .tastylock extension to encrypted files and changes the contact emails used by the ransomware.



 

In the article on BleepingComputer, Lawrence has provided a brief summary of any changes that have occurred in this new variant. 

 

Get the details and how to protect you & your organization.

 

What story from the last week the most important for you? We love hearing your feedback! 

Be the first to reply!

Reply