Top Weekly Cyber News: April 22-27, 2019

Hi folks! You may find below the latest news about global incidents, threats and attacks handpicked by our super XM Cyber team of experts.
SecurityWeek – P2P Flaws Expose Millions of IoT Devices to Remote Attacks
April 26
Vulnerabilities discovered by a researcher in a peer-to-peer (P2P) system named iLnkP2P expose millions of cameras and other Internet of Things (IoT) devices to remote attacks from the Internet, and no patches are available. [More]

ZDNet – Cybersecurity: This free tool lets you test your hacker defences
April 25
NCSC initiative is based off real hacking scenarios and looks to bolster cybersecurity of businesses. [More]

CNET – Microsoft admits expiring-password rules are useless
April 25
Hey, IT staffers, are you listening? Before, it was annoying. Now, it’s useless. Microsoft has admitted that one of the great scourges of our time, the password reset rule, is bunk. [More]

Security Affairs – Stuart City is the new victim of the Ryuk Ransomware
April 24
Another city fell victim of a malware attack, systems at the city of Stuart, Fla., were infected by the Ryuk ransomware on April 13, 2018. [More]

Data Breach Today – ‘Silence’ Cybercrime Gang Targets Banks in More Regions
April 23
Banks in U.K., India and South Korea Among Those Targeted, Researchers Warn. [More]

The Hacker News – Source Code for CARBANAK Banking Malware Found On VirusTotal
April 23
Security researchers have discovered the full source code of the Carbanak malware—yes, this time it’s for real. [More]

Wired – Supply chain hackers snuck malware into videogames
April 23
The security sector is waking up to the insidious threat posed by software supply chain attacks, where hackers don’t attack individual devices or networks directly, but rather the companies that distribute the code used by their targets. [More]

Dark Reading – New Twist in the Stuxnet Story
April 23
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack. [More]

GearBrain – urges password reset
April 22, the internet’s largest online store and forum for fitness and bodybuilding admitted this week it was the victim of a security breach sometime in February 2019. The website, which has over seven million registered users on its forums, and receives over 30 million visitors per month, said it isn’t sure if customer data has been stolen. [More]


Purple is the New Black


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.