CSTI
    vulnerabilityThe Commercial Era (2010-2019) Daily Briefing

    February 27, 2018 Cybersecurity Briefing: Cryptojacking and Vulnerabilities Rise

    Tuesday, February 27, 2018

    Today, cybersecurity professionals are on high alert due to a notable surge in cryptojacking incidents. Reports indicate that over 5,000 websites, including multiple UK governmental and council systems, have been compromised through a malicious plugin known as 'BrowseAloud'. This plugin has allowed attackers to secretly mine cryptocurrencies using the processing power of unsuspecting visitors' devices. The rapid escalation of cryptojacking highlights the importance of maintaining robust website security and vigilance against third-party plugins.

    This morning, we also learn about a significant vulnerability in Adobe Flash Player that has been recently exploited by cybercriminals. Following a patch that was released to address a critical flaw, attackers are leveraging unpatched systems to execute widespread spam campaigns. This incident serves as a stark reminder of the risks associated with outdated software and the necessity for organizations to implement timely updates to their systems to mitigate such threats.

    In addition to these incidents, the U.S. Department of Health and Human Services has announced the settlement of its first investigation into a phishing attack that compromised healthcare records. This breach emphasized the critical need for comprehensive employee training on cybersecurity practices and the implementation of stringent email security protocols. The investigation highlights the ongoing vulnerabilities that exist not only in software but also in human behavior, which cybercriminals can exploit.

    These events collectively underscore the pressing need for organizations to bolster their security measures continuously. The rise of cryptojacking, coupled with the exploitation of software vulnerabilities and the impact of human error, reveals a multifaceted threat landscape that demands proactive strategies in cybersecurity management. Organizations must prioritize updates, employee training, and the adoption of advanced security practices to defend against these evolving threats.

    Sources

    cryptojacking Adobe Flash phishing cybersecurity training