Security Roundup - 2016-12-16

End of the year is quickly approaching, and a number of groups are starting predictions for the new year, including:

Rapid 7 has an insightful (to me at least) article on Why Security Assessments are Often not a True Reflection of Reality, and how the scoping of security assessments can lead to a lot of caveats.

Checkpoint Labs put out their November Malware Most Wanted. Locky doesn’t quite top the list, but did manage to be the #1 malware family in 34 countries, while Conficker (still at the top) was only #1 in 28.

NakedSecurity has an end of year article around the number of records lost in breaches, totally 2.14 BILLION records, up from 480m records last year. Unfortunately, these numbers were reported before Yahoo indicated another breach of 1 billion records, a separate incident from the one reported this year.

Poor Yahoo, on top of all the bad news this year, they recently patched an XSS bug which would have allowed attackers the ability to read a user’s email.

BleepingComputer rounds up with Ransomware. Last week included: new variants, a botnet spreading ransomware that had a decryptor released in the summer (oops), a ransomware that will decrypt your files if you infect your friends (social!), and a new open source Ransomware that has already spawned at least 3 variants in the wild.

Written on December 16, 2016