Sometimes, the most relevant security news is what has already happened. Sometimes it’s what is happening now, or what we anticipate will happen. The GTIC June 2019 Monthly Threat Report is all about timing.

A year ago…

…the General Data Protection Regulation (GDPR) was new, and organizations were really trying to figure out what it would mean for them moving forward. Now, the GDPR has been in effect for just over a year, and some organizations are still trying to figure it out. But, it appears regulators are still trying to figure it out too. Some pending cases will help clarify compliance requirements, but in the meantime, regulators have mostly taken a conservative approach to fines as they try to harmonize their approach on enforcement.

That makes the €50m fine for Google even more surprising. While it looks like an outlier now, everyone should be paying attention to whether fines are going to trend up, or down. At the same time, privacy notices, concerns over the use of information by the AdTech industry, the California Consumer Privacy Act, and other developing events all have the power to influence how the GDPR is viewed. Part of that equation is that organizations can’t forget about development and effective upkeep of their compliance programs. No one wants to be the next BIG fine.

Over the past couple months…

…researchers have observed a new type of malware targeting Linux systems. HiddenWasp appears to be used as part of a second-stage attack against already-compromised systems. While attribution is unclear, the purpose of the malware is not – HiddenWasp provides persistence in a targeted system and allows full control of the victim host.

HiddenWasp also has advanced evasion techniques, giving it a “zero-detection rate” by anti-virus systems. 

In the past month…

…BlueKeep has been big news. CVE-2019-0708 is a serious vulnerability in Microsoft’s Remote Desktop Services, which affects most older versions of Windows. Worse yet, it requires no credentials or user interaction to exploit, which potentially makes it wormable – so malware which leverages BlueKeep can use it to spread from vulnerable system to vulnerable system. Unpatched, it has the potential to be near the scale of WannaCry.

Microsoft, along with the NSA and the Department of Homeland Security in the United States all issued warnings about BlueKeep.

The good news is that Microsoft released patches, even for operating systems which are otherwise out of support. The bad news is that organizations have to go download and install the patch.

Just in June…

…the Exim Mail Transfer Agent has been the subject of a new vulnerability (CVE-2019-10149) which allows remote code execution. This is important since a recent Shodan search showed nearly three million public-facing Exim servers.

Worse yet, attackers have been exploiting this vulnerability since before it was disclosed.

And now…

…you can read more details about these stories in the June 2019 GTIC Monthly Threat Report – available now.