It’s hard to keep up with the hundreds of security-specific headlines published every week.
So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore FBI warnings, spoofed enterprise apps, and bad passwords. Check back every Friday to learn about the latest in security news.
Ransomware on the rise, notes IC3
In 2015, complaints about ransomware — the concerning malware trend that locks down data and devices, demanding money for its return — doubled, according to a report from the FBI’s Internet Crime Complaint Center. Ransomware has come into the limelight in the past two years, especially in the last few months as attackers have used it against a number of hospitals, shutting down critical systems and demanding Bitcoin in return.
Microsoft bans easy passwords in Azure Active Directory
Microsoft will no longer allow Azure Active Directory users to use passwords that have repeatedly shown up on leaked data breach lists. The company is using information from these data dumps, as well as intel from attempted breaches, to determine a set of passwords that are no longer accepted in AD. “The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess. We help you do this in the Microsoft Account and Azure AD system by dynamically banning commonly used passwords,” wrote Alex Weinert, Group Program Manager of the Azure AD Identity Protection Team.
A warning from the FBI highlights USB keylogger
The FBI recently released a warning about keyloggers, or software that records the keystrokes entered into a computer, that could come disguised as a USB drive. The inspiration for the warning, as noted by the warning’s author, reportedly came from a proof-of-concept device called “KeySweeper” that was able to surveil keystrokes from wireless keyboards and transmit that data over cellular networks, according to Ars Technica.
DNS Provider NS1 suffers DDoS attack
Attackers waged a distributed denial-of-service attack against major domain name system, NS1 last week. The attack occurred for over a week, according to Ars Technica, though the DNS provider has been able to defend itself. DDoS attacks cause systems and websites to overload by sending data packages to the target in rapid succession. The company’s website suffered, but its DNS and traffic-management platform was otherwise unharmed, according to the Ars Technica report.
5 mobile threats that spoof enterprise apps
Lookout researched five different mobile malware families that impersonate popular mobile enterprise applications that you might find on an employee’s device. This includes Cisco’s Business Class Email app, ADP, Dropbox, FedEx, VMWare’s Horizon Client, and more. The intent is to trick an individual into downloading what they think is a benign app they can use for work, but is really a malicious app.