Cloud Security News: Week in Review is our blog series, grabbing the more interesting cloud security scoops from the web. Sit back, relax, and catch up on all you should know about this week.
Halloween wasn’t the only scary event of the week. It was reported on Wednesday that Wix.com has been exposed to an unpatched vulnerability that could leave millions of sites and users susceptible to cyberattacks. In other news, Halloween phantoms got a run for their money as new ransomware Fantom is out wreaking havoc on Windows users. Last but not least, following up on the DDoS attack on Dyn a few weeks back, turns out it could have been easily prevented and that the attack was likely executed by amateur hackers. Read below for more in-depth recaps of the week.
By Tom Spring (@zpring)
Millions of websites hosted on Wix.com are currently at risk of a cyberattack, leaving an estimated 86 million users exposed to possible DOM-based XXS attacks. Senior Security Research Engineer at Contrast Security, Matt Austin, gives two examples of how easily these attacks could be carried out. Wix users, take note.
By Uzair Amir (@Uzair160)
Another week, another ransomware. Introducing the newest type of malware: “Fantom.” According to sources, Fantom is targeting unsuspecting Windows users by posing as a software update. Once the ransomware has successfully tricked the user and entered their computer system, it works to encrypt users’ data while the disguised Windows update runs unbeknown.
By Taylor Armerding (@tarmerding2)
You all remember the DDoS attack on Dyn that occurred a few weeks ago and disrupted numerous websites across the US east coast. It looks like it could have been avoided. The Online Trust Association (OTA) came out with an “IoT Trust Framework” back in early September, which states that “every vulnerability or privacy issue reported for consumer connected home and wearable technology products since November 2015 could have been easily avoided.” Cue *palm to the face* from Dyn.