[From the desk of Paul Davis – his opinions and no-one else’s]<\/p>\n
So onto the news:<\/p>\n
New malware in online banking causes problem in Japan<\/p>\n
TROJ_WERDLOD, a new detected malware, has been causing problems in the country since December 2014. More than 400 systems were affected by the new malware.<\/p>\n
According to Hitomi Kimura, a security specialist at TrendMicro, the malware can change two settings which allow information theft at the network level.<\/p>\n
He wrote that the TROJ_WERDLOD harms users via spam mails with an attached .RTF document. The document said to be an invoice or bill from an online shopping site. If anyone opens the .RTF file, the user gets instruction to double-click the icon in the document in order to execute the TROJ_WERDLOD in the system.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=33f91ec353&e=20056c7556<\/p>\n
Yoran\u2019s list of security truisms touched on the themes of assuming one will be attacked and likely breached, authentication and visibility:<\/p>\n
\u201cAs an industry, we are on a journey that will continue to evolve in the years to come through the efforts of all of us here today,\u201d said RSA President Amit Yoran, speaking during a keynote at the RSA Security (News – Alert) Conference in San Francisco last week. \u201cWe have sailed off the map, my friends. Sitting here and awaiting instructions isn\u2019t an option. And neither is what we\u2019ve been doing \u2013 continuing to sail on with our existing maps, even though the world has changed.\u201d<\/p>\n
Yoran\u2019s list of security truisms touched on the themes of assuming one will be attacked and likely breached, authentication and visibility:<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5e52a2d4e8&e=20056c7556<\/p>\n
China blames foreign malware for Internet outage<\/p>\n
The unusual attack resulted in several users being redirected to one of two websites when browsing online.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=881eb57121&e=20056c7556<\/p>\n
Oracle paltry patch opens MySQL man-in-the-middle diddle<\/p>\n
Adam Goodman of Duo Security has found a vulnerability in the ‘vast majority’ of Oracle MySQL databases that allows SSL to be stripped, exposing sensitive data to man-in-the-middle attackers.<\/p>\n
Goodman says Oracle attempted to sling a patch at the problem last year but did so only for some versions and further borked the effort by turning the SSL requirement off by default.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ea0b053b4f&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f0a314f852)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] So onto the news: New malware in online banking causes problem in Japan TROJ_WERDLOD, a new detected malware, has been causing problems in the country since December 2014. More than 400 systems were affected by the new malware….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1066","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1066"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1066\/revisions"}],"predecessor-version":[{"id":3553,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1066\/revisions\/3553"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}