
Security Week 13: Facebook rush, ransomware popularity, Specter patches

Following the hearings in the American congress with the participation of Facebook CEO, the English-speaking Threatpost publishes a detailed description of possible legislative initiatives that aim precisely at more transparency in the collection and transfer of personal data. Moreover, in the same USA there is already a Federal Trade Commission definition that social networks should ask the user's permission if they want to transfer information about him to a third party. So they warn, but who reads these warnings? Conditionally non-working designs include the Do Not Track initiative and the European cookie law.. Obviously, based on the hustle and bustle around Facebook, there will be more initiatives, and perhaps big data operators will become more accommodating. Despite the powerful news background, this problem will be resolved by political methods for a long time, it is always there. Technologies to replace the existing status quo are also not yet in sight, except perhaps some decentralized social Internet with a thick layer of blockchain. Like Diaspora , but better. Much, much better.
On the topic: Why is it “too late to delete Facebook” - the story of the scandal in detail on the blog of LK.
Almost 40% of cyber attacks on businesses accounted for Trojan-cryptographers
News

Some more interesting facts from the study. Email remains the primary mode of entry. Phishing, malware distribution under the guise of financial documents - depending on the method of counting up to 93% of successful attacks, these are the tools. It can be concluded that the malware industry is rapidly monetizing. To develop this criminal business, it is not even necessary to use the latest hacking methods. For example, a Kryptos Logic report says that 2.7 million computers are still infected with WannaCry. This attack was non-standard, but it happened almost a year ago, was immediately stopped and since then, it would seem, it should be stopped without any problems. Despite this, in March, a WannaCry incident occurredon Boeing’s network, and as we can see, millions of computers are still infected with this trojan.
In one line,
AMD is releasing patches to protect against Specter vulnerabilities. The patches are relevant for processors released since 2011, but updating the microcode is not enough: you can completely close the vulnerability only in combination with the latest version of Windows (an update for Windows 10 is also released this week) or with the current Linux kernel, the patch for which is already available for a while.
Microsoft's April patch release addresses 66 vulnerabilities, including 24 critical. Among them is the XSS vulnerability in the Sharepoint server, which allows to slightly increase privileges.
If someone else uses Adobe Flash Player, it alsoclosed a couple of holes .
Schneider Electric has released software patches for industrial systems, including removing a serious vulnerability that allows you to take control remotely. The set of problems is no different from that for a home computer: vulnerability in Samba, SQL injection and the like.
Disclaimer: The digest was prepared with the support of magical fairies, whose opinions do not always coincide with the official position of Kaspersky Lab.