Google is on track to resume the roll-out of stable Chrome releases next week, but says it will skip one version of the browser.
Last week, the Internet search giant said it was pausing upcoming releases of the browser, following an adjusted work schedule due to the COVID-19 (coronavirus) pandemic, and that both Chrome and Chrome OS releases would be affected.
At the time, the company revealed it would focus on the stability and security of releases, and that it would prioritize security updates for Chrome 80.
Now, Google says it is ready to resume pushing releases to the Stable channel as soon as the next week, with security and critical fixes meant for version 80 of the browser.
Moving forth, the company is planning the release of Chrome 81 in early April, but says it would then jump directly to Chrome 83, which is set to arrive in mid-May, thus skipping Chrome 82.
“M83 will be released three weeks earlier than previously planned and will include all M82 work as we cancelled the M82 release (all channels),” Google said.
This week, the company will resume the Canary, Dev and Beta channels, with Chrome 83 moving to Dev.
“We continue to closely monitor that Chrome and Chrome OS are stable, secure, and work reliably. We’ll keep everyone informed of any changes on our schedule,” the Internet giant said.
The company hasn’t shared any details on when Chrome 84 releases would start arriving, but said it would provide the information in a future update.
Following Google’s announcement last week, Microsoft said it would pause stable Edge releases, to align with the Chromium Project. Today, the Redmond-based tech company announced that Edge build 83.0.461.1 was released to the Dev channel.
“As you can see, this is the first update from major version 83. This is a slight deviation from our normal schedule due to current events,” Microsoft says, adding that version 81 is heading for the Stable channel soon.
Related: Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases
Related: Chrome 80 Released With 56 Security Fixes
Related: Chrome Will Block Insecure Downloads on HTTPS Pages
Copyright 2010 Respective Author at Infosec IslandThis week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, and Windows users under attack via two new RCE zero-days! In our second segment, we welcome Sumedh Thakar, Chief Product Officer at Qualys, to talk about Cybersecurity Challenges Created by a Remote Workforce! In our final segment, we welcome Tod Beardsley, Director of Research at Rapid7, to discuss SMB exposures and User Behavior Analytics failures, using findings from Rapid7 Research Labs!
To learn more about Qualys, visit: https://securityweekly.com/qualys
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest and greatest news across all of our shows on the network, as well as all of the hot topics this week! Doug discusses Zoombombing, Russian Hackers, Zuck turns over the controls to the AIs, free cybersecurity products to help out, Chubb hacked, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode22
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Driving digital transformation initiatives while safeguarding the enterprise is a mammoth task. In some aspects, it might even sound counter-intuitive when it comes to opening up IT infrastructure, or converging IT and OT networks to allow external parties such as partners and customers to closely interact with the organization to embrace new business models and collaboration (think cloud applications, APIs, sensors, mobile devices, etc.).
Although new technology is being adopted quickly, especially web frontends, applications and APIs, much of the underlying IT infrastructure as well as the supporting processes and governance models are somewhat legacy, and struggle to keep up.
For its 2020 CISO Benchmark Report, Cisco surveyed some 2,800 CISOs and other IT decision-makers from 13 countries, how they cope with that, and they came up with a number of interesting findings.
Cyber-threats are a global business risk
The World Economic Forum says business leaders view cyber-attacks as the #2 global risk to business in advanced economies, taking a back seat only to financial crises. Not surprisingly,89 percent of the respondents in the Cisco study say their executives still view security as a high priority, but this number is down by 7 percent from previous years.
Nine out of ten respondents felt their company executives had solid measures for gauging the effectiveness of their security programs. This is encouraging, as clear metrics are key to a security framework, and it’s often difficult to get diverse executives and security players to agree on how to measure operational improvement and security results.
Leadership matters
The share of companies that have clarified the security roles and responsibilities on the executive team has risen and fallen in recent years, but it settled at 89 percent in 2020. Given that cyber-security is being taken more seriously and there is a major need for security leaders at top levels, the need to continue clarifying roles and responsibilities will remain critical.
The frequency with which companies are building cyber-risk assessments into their overall risk assessment strategies has shrunk by five percent from last year. Still, 91 percent of the survey respondents reported that they’re doing it. Similarly, 90 percent of executive teams are setting clear metrics to assess the effectiveness of their security programs, although this figure too is down by six percent from last year.
Cloud protection is not solid
It’s almost impossible for a company to go digital without turning to the cloud. The Cisco report found that in 2020, over 83 percent of organizations will be managing (internally or externally) more than 20 percent of their IT infrastructure in the cloud. But protecting off-premises assets remains a challenge.
A hefty 41percent of the surveyed organizations say their data centers are very or extremely difficult to defend from attacks. Thirty-nine percent report that they struggle to keep applications secure. Similarly, private cloud infrastructure is a major security issue for organizations; half of the respondents said it was very or extremely difficult to defend.
The most problematic data of all is data stored in the public cloud. Just over half (52 percent) of the respondents find it very or extremely challenging to secure.Another 41 percent of organizations find network infrastructure very or extremely challenging to defend.
Time-to-remediate scores most important
The Cisco study enquired about the after-effects of breaches using measures such as downtime, records, and finances. How much and how often are companies suffering from downtime? It turns out that organizations across the board issued similar answers. Large enterprises (10,000 or more employees) are more likely to have less downtime (between zero and four hours) because they typically have more technology, money, and people available to help respond and recover from the threats. Small to mid-sized organizations made up most of the five- to 16-hour recovery timespans. Potentially business-killing downtimes of 17-48 hours were infrequent among companies of all sizes.
After a security incident, rapid recovery is critical to keeping disruption and damages to a minimum. As a result, of all the metrics, time-to-remediate (also known as “time-to-mitigate”) scores are the ones most important when reporting to the C-suite or the company’s board of directors, the study concludes.
Automating security is not optional – it’s mandatory
The total number of daily security alerts that organizations are faced with is constantly growing. Three years ago, half of organizations had 5,000 or fewer alerts per day. Today, that number is only 36 percent. The number of companies that receive 100,000 or more alerts per day has risen to 17 percent this year, from 11 percent in 2017. Due to the greater alert volumes and the considerable resources needed to process them, investigation of alerts is at a four-year low: just under 48 percent of companies say they can keep up. That number was 56 percent in 2017, and it’s been shrinking every year since. The rate of legitimate incidents (26 percent) has remained more or less constant, which suggests that a lot of investigations are coming up with false positives.
Perhaps the biggest side-effect of this never-ending alert activity is cyber-security fatigue. Of the companies that report that it exists among their ranks, 93 percent of them receive more than 5,000 security warnings every day.
A sizeable majority (77 percent) of Cisco’s survey respondents expect to implement more automated security solutions to simplify and accelerate their threat response times. No surprise here. These days, they basically have no choice but to automate.
Vigilance pays dividends
Organizations that had 100,000 or more records affected by their worst security incident increased to 19 percent this year, up four percent from 2019. The study also found that a major breach can impact nine critical areas of a company, including operations and brand reputation, finances, intellectual property, and customer retention.
Three years ago, 26 percent of the respondents said their brand reputation had taken a hit from a security incident; this year, 33 percent said the same. This is why, to help minimize damages and recover fast, it’s key to incorporate crisis communications planning into the company’s broader incidence response strategy.
Finally, the share of survey respondents that reported that they voluntarily disclosed a breach last year (61 percent) is the highest in four years.The upshot is that overall, companies are actively reporting breaches. This may be due to new privacy legislation (GDPR and others), or because they want to maintain the trust and confidence of their customers. In all likelihood, it’s both.
In conclusion, the CISO Benchmark report shows a balance of positives and negatives. Organizations are looking to automate security processes to accelerate response times, security leadership is strengthening and setting metrics to improve overall protection, and more breaches are being identified and reported. But there’s still work to be done to embed security into everything organizations do as they evolve their business.
About the author: Marc Wilczek is Chief Operating Officer at Link11, an IT security provider specializing in DDoS protection, and has more than 20 years of experience within the information and communication technology (ICT) space.
Copyright 2010 Respective Author at Infosec IslandWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also, read about how hackers are hijacking routers and changing Domain Name System (DNS) settings in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps.
Read on:
Apple iOS Users Served Mobile Malware in Poisoned News Campaign
Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. This week, Trend Micro researchers said the scheme, dubbed Operation Poisoned News, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories.
The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring
Data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest data breach from convenience store and gas station chain Wawa could be one of the largest ever, affecting 30 million card records from customers.
Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic
As the coronavirus pandemic continues, large numbers of organizations have been forced to implement work from home measures for staff. While working from home, employees are more susceptible to cybersecurity threats, especially with a rise in tailored COVID-19 cyber-scams. In this article, read about how Trend Micro and other information security companies have taken steps to offer free resources and support to organizations and employees at this difficult time.
Nefilim Ransomware Threatens to Expose Stolen Data
A new ransomware named Nefilim has been discovered threatening to release its victims’ data to the public if they fail to pay the ransom. It is most likely distributed through exposed Remote Desktop Protocol (RDP), as shared by SentinelLabs’ Vitali Krimez and ID Ransomware’s Michael Gillespie.
Cryptojacking, the theft of computing power to mine digital currency, has been around at least since 2013 – and has shrunk in use dramatically with the death of Monero-mining service Coinhive. Since Coinhive’s closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada.
Microsoft Alerts Users About Critical Font-Related Remote Code Execution Vulnerability in Windows
Microsoft released a security advisory on a zero-day remote code execution (RCE) vulnerability affecting Windows operating systems. The vulnerability is found in an unpatched library and comprises two RCE flaws found in Adobe Type Manager Library (atmfd.dll), a built-in library for the Adobe Type Manager font management tool in Windows.
Credit Card Skimmer Found on Tupperware Website
Cybercriminals hacked Tupperware.com and planted malicious code designed to steal payment card information, Malwarebytes warned this week. The credit card skimmer was planted on the main website and some of its localized versions. The website has nearly one million visitors every month, indicating that hackers may have obtained a significant number of payment card records.
Researchers observed a number of new developments related to the internet of things (IoT) malware Mirai, which actively searches for vulnerabilities in IoT devices. A new Mirai variant named Mukashi was found attacking network-attached storage (NAS) devices, a new vulnerability in GPON routers was exploited by Mirai, and a UPX-packed Fbot variant was detected by a Trend Micro honeypot.
Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information stealing Oski malware. This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic.
Working from Home? Here’s What You Need for a Secure Setup
In response to the ongoing coronavirus outbreak, many companies have rolled out work-from-home arrangements. As a result, there has been an influx of employees signing in remotely to corporate networks and using cloud-based applications, potentially opening doors to security risks. In this blog, Trend Micro shares how security teams and home office users can mitigate the risks that come with remote-working setups.
Russian Hackers Using Stolen Corporate Email Accounts to Mask their Phishing Attempts
In the last year, Russian military intelligence hackers have used previously hacked email accounts to send a wide array of phishing attempts. Feike Hacquebord, senior threat researcher at Trend Micro, explains new research regarding the group known as Fancy Bear, APT28, or Pawn Storm, and how they used hacked emails of high-profile personnel at defense firms in the Middle East to carry out an attack.
Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape
Trend Micro analyzed 2019’s most notable mobile threats to assess the landscape and help users and enterprises reevaluate their measures and practices to defend against future threats. While there was a decrease in certain threats compared to 2018, in 2019 cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline.
Have you seen any COVID-19 related cyber-scams? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps appeared first on .
The corporate endpoint is a constant battle between cybersecurity white hats and criminal attackers. According to one study from the Ponemon Institute, 68% of organizations were victims of an attack on the endpoint in 2019. The risks and costs associated with undetected threats are immeasurable. Organizations need to detect and respond immediately before any significant damage is done.
In order to do this, CISOs must look beyond the endpoint to also include email, servers, cloud workloads and networks. This is the value of Trend Micro’s XDR platform. We heard feedback on this strategy recently, as Trend Micro was named a Leader in The Forrester Wave: Enterprise Detection and Response, Q1 2020.
Under fire and over-stretched
Enterprise IT security teams are under unparalleled pressure. On one hand, they’re bombarded with cyber-attacks on a massive scale. Trend Micro detected and blocked over 52 billion such threats in 2019 alone. On the other hand, they’re facing a range of continuously evolving black hat tools and techniques including fileless malware, phishing, and supply chain attacks, that could lead to data theft and service outages. The stakes couldn’t be higher, thanks to an ever-tightening regulatory regime. All of this must be done with workforce challenges: the current cyber skills shortage for North American firms stands at nearly 500,000 workers.
These are the kinds of challenges facing Trend Micro customer MedImpact Healthcare Systems, the largest privately held pharmacy benefit manager (PBM) in the US. Processing more than one million healthcare claims daily, MedImpact must protect two primary data centers, three call centers staffed 24/7, and multiple private network routing centers — all to the strict compliance requirements of HIPAA, PCI DSS and other regulations.
As Frank Bunton, VP, CISO for MedImpact knows, effective endpoint detection and response (EDR) is vital to modern organizations. “EDR accelerates the threat analysis process so we can get to the solution faster,” says Bunton. “Speed to resolution is critical because we see attacks every day on just about every network.”
But MedImpact is similar to a lot of other organizations today in that it also appreciates the need to go beyond the endpoint for critical cross-layer detection and response. “XDR gives us the added confidence that our organization is protected on all fronts. If an endpoint detects a problem, it automatically uploads the suspect object to a tool that analyzes that problem and fixes it. By the time we are aware of an issue, the issue is resolved. There is no way we could manage this much information without extended security automation,” says Bunton.
The future is XDR
This is where XDR comes in. It has been designed to look not just at endpoint detection and response, but also to collect and correlate data from across the organization, including: email, endpoint, servers, cloud workloads, and networks. With this enhanced context, and the power of our AI and expert security analytics, the platform is able to identify threats more easily and contain them more effectively.
This matters to organizations like MedImpact, whose key challenge was “finding security solutions that could communicate with each other and share valuable data in real time.” XDR has visibility across the entire IT environment to detect earlier and with more confidence. It provides a single source of the truth and delivers fewer higher-fidelity alerts to enhance protection and maximize limited IT resources.
But don’t just take our word for it. Forrester gave us a perfect score for product vision, security analytics, performance, market presence and much more. “Trend Micro has a forward-thinking approach and is an excellent choice for organizations wanting to centralize reporting and detection with XDR but have less capacity for proactively threat hunting,” the report concluded.
To find out more… check out the Forrester report on leaders in this space.
Learn more from MedImpact’s success story.
The post Riding another wave of success for our multi-layered detection and response approach appeared first on .
This week, we welcome David Walter, Vice President, RSA Archer and RSA Cloud at RSA Security, to discuss Compliance Risk Challenges! In our second segment, we welcome Kevin Haynes, Chief Privacy Officer at Nemours Children's Health System, to talk about Nemours' use of RSA Archer to manage Compliance Risk!
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Show Notes: https://wiki.securityweekly.com/SCWEpisode22
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Costlow, Deputy CISO at ExtraHop, to discuss Protect Your Assets According to Their Value! In the Leadership and Communications segment, Matt, Jason, and Paul discuss Real Leaders: Abraham Lincoln and the Power of Emotional Discipline, Social Distancing: 15 Ideas for How to Stay Sane, Rethink Your Relationship with Your Vendors, and more!
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest news for this week, including Zoombombing, Zero Days at Microsoft, AI Takes charge at Facebook, and COVID-19! In the Expert Commentary, we welcome Daniel Hampton, Sr. Technical Account Manager at Signal Sciences, to talk Working Smarter and Not Harder!
To learn more about Signal Sciences or to request a demo, visit: https://securityweekly.com/signalsciences
Show Notes: https://wiki.securityweekly.com/SWNEpisode21
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We’re all getting a little more worldly wise to the dangers that lurk around every corner of our digital lives. We know that the flipside of being able to shop, chat, bank and share online at the push of a button is the risk of data theft, ransomware and identity fraud. That’s why we protect our families’ PCs and mobile devices with security solutions from proven providers like Trend Micro, and take extra care each time we fire up the internet.
But what about the firms that we entrust to handle our data securely?
Unfortunately, many of these organizations still aren’t doing enough to protect our personal and financial information. It could be data we enter online to pay for an item or open an account. Or it could be payment card details that we’ve used at a local outlet which are subsequently stored online. These companies are big targets for the bad guys, who only have to get lucky once to crack open an Aladdin’s Cave of lucrative customer data.
What does this mean? That data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest affected customers of convenience store and gas station chain Wawa — and it could be one of the biggest ever, affecting 30 million cards.
Let’s take a look at what happened, and what consumers can do to steal a march on the bad guys.
What happened this time?
Wawa first notified its customers of a payment card breach in December 2019. But although the firm discovered malware on its payment processing servers that month, it had actually been sitting there since March, potentially siphoning card data silently from every single Wawa location. That’s more than 850 stores, across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington DC.
The company itself has so far declined to put a number on how many customers have been affected. However, while cardholders were still wondering whether they’ve been impacted or not, something else happened. At the end of January, a hacker began to upload the stolen cards to a notorious dark web marketplace, known as Joker’s Stash.
They are claiming to have 30 million stolen cards in total, which if accurate could make this one of the biggest card breaches of its kind, placing it alongside other incidents at Home Depot (2014) and Target (2013).
How does it affect me?
Once the data goes on sale on a dark web market like this, it is usually bought by scammers, who use it in follow-on identity fraud attacks. In this case, the stolen data includes debit and credit card numbers, expiration dates and cardholder names, but not PINs or CVV records. That means they can’t be used at ATMs and fraudsters will find it hard to use the cards online, as most merchants require the CVV number.
However, if the cards are of the old magstripe type, they could be cloned for use in face-to-face transactions.
Although Wawa said it has informed the relevant card issuers and brands, the cardholders themselves must monitor their cards for unusual transactions and then report to their issuer “in a timely manner” if they want to be reimbursed for any fraudulent usage. This can be a distressing, time-consuming process.
What should I do next?
This is by no means the first and it won’t be the last breach of this kind. In the past, data stolen from customers of Hilton Hotels, supermarket chain Hy-Vee, retailer Bebe Stores, and restaurant chains including Krystal, Moe’s and Schlotzsky’s has turned up for sale on Joker’s Stash. It can be dispiriting for consumers to see their personal data time and again compromised in this way by cyber-criminals.
Too often in the aftermath of such incidents, the customers themselves are left in the dark. There is no information on whether they’ve definitively had their personal or card data stolen, just an ominous sense that something bad may be about to happen. If the company itself doesn’t even know how many cards have been affected, how can you act decisively?
Credit monitoring is often provided by breached firms, but this is a less-than-perfect solution. For one thing, such services only alert the user if a new line of credit is being opened in their name — not if a stolen card is being used. And second, they only raise the alarm after the incident, by which time the fraudsters may already have made a serious dent in your finances.
Monitoring your bank account for fraudulent transactions is arguably more useful in cases like the Wawa breach, but it’s still too reactive. Here’s a handy 2-step plan which could provide better results:
Step 1: Dark web monitoring works
To get more proactive, consumers need Dark Web monitoring. These tools typically scour dark web sites like Joker’s Stash to look for your personal information. The beauty of this approach is that it can raise the alarm after a breach has occurred, when the data is posted to the Dark Web, but before a fraudster has had time to monetize your stolen details. With this information, you can proactively request that your lender block a particular card and issue a new one.
This approach works for all personal data you may want to keep protected, including email addresses, driver’s license, passport numbers and passwords.
Step 2: Password protection
Once you’ve determined that your data has been part of a breach and is being sold on the dark web, one of the most important things you can do is to change your passwords to any stolen accounts, in order to minimize the potential damage that fraudsters can do.
This is where password manager tools can come in very handy. They allow users to store and recall long, strong and unique credentials for each of the websites and apps they use. This means that if one password is compromised, as in a breach scenario, your other accounts will remain secure. It also makes passwords harder for hackers to guess, which they may try to do with automated tools if they already have your email address.
Following a breach, it also makes sense to look out for follow-on phishing attacks which may try to trick you into handing over more information to the fraudsters. Here are a few tips:
|
|
How Trend Micro can help
Fortunately, Trend Micro has several products that can help you, as a potential or actual victim of a data breach, to proactively mitigate the fallout from a serious security incident, or to foil the fraudsters:
Trend Micro ID Security: checks if your personal information has been uploaded to Dark Web sites by hackers. This highly secure service, available in apps for Android and iOS mobile devices, uses data hashing and an encrypted connected to keep your details safe, alerting when it has found a match on the Dark Web so you can take action. Use it to protect your emails, credit card numbers, passwords, bank accounts, passport details and more.
Trend Micro Password Manager: provides a secure place to store, manage and update your passwords. It remembers your log-ins, so you can create secure and unique credentials for each website/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. Password Manager is available for Windows, Mac, iOS, and Android, synchronizing your passwords across all four platforms.
Trend Micro Fraud Buster: is a free online service you can use to check suspicious emails It uses advanced machine learning technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user, because the email (which may be extortionist) reflects the fact that the fraudster probably got your email address from the Dark Web in the first place. Users can then decide to report the scam, get more details, or proceed as before.
Fraud Buster is also now integrated into Trend Micro Security for Windows, protecting Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox. It’s also integrated in Trend Micro Antivirus for Mac, where it does the same for Gmail webmail in Safari, Chrome and Firefox on the Mac.
In the end, only you can guard your identity credentials with vigilance.
The post The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring appeared first on .
This week, we welcome Adam Hughes, Chief Software Architect at Sylabs Inc., to discuss Singularity: A Different Take on Container Security! In the second segment, we welcome Utsav Sanghani, Senior Product Manager at Synopsys, to discuss Why combining SAST and SCA in your IDE produces higher quality, secure software faster!
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Show Notes: https://wiki.securityweekly.com/ASWEpisode101
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Corey Thuen, Founder and CEO of Gravwell, to discuss Zen and The Art of Logs In the Cloud! In our second segment, we welcome back Peter Smith, Founder and CEO of Edgewise, to discuss How remote users and administrators can work securely from home! In the Security News, Authorities Helpless as Crypto-Currency Scams Rock Nigeria, C.S. Lewis on the Coronavirus, Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, DDoS attack on US Health agency part of coordinated campaign, A cyberattack hits the US Department of Health and Human Services, and more!
Show Notes: https://wiki.securityweekly.com/PSWEpisode644
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings to you the Security Weekly News Wrap Up, with the hot topics across all of our shows, including, Pornhub has Italians singing from balconies, The Senate renews surveillance rules, Drobo hacks, Google Cloud bug bounties, all the show wrapups, and COVID-19
Show Notes: https://wiki.securityweekly.com/SWNEpisode20
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about tips you can use to secure your home office. Also, read about how Magecart Group 8 targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers.
Read on:
As COVID-19 continues to impact individuals, families, communities and businesses around the world, Trend Micro has taken action to ensure that the COVID-19 crisis does not impact the customer experience of its products or services. In this blog from Trend Micro’s chief operating officer, Kevin Simzer, learn about the steps that Trend Micro is taking to not only ensure employee safety, but to continue to deliver exceptional customer service.
RDP-Capable TrickBot Targets Telecoms Sectors in U.S. and Hong Kong
A recently discovered TrickBot variant targeting organizations in telecoms, education and financial services in the United States and Hong Kong includes a module for remote desktop protocol (RDP) brute-forcing, Bitdefender reports. The malware has mostly been distributed through spam emails but was also linked to infections with other malware.
How to Stay Safe as Online Coronavirus Scams Spread
Unfortunately, it’s extraordinary global events like COVID-19 that cyber-criminals look for in order to make their schemes more successful. As organizations enforce remote working to reduce the impact of the virus, many will be logging-on from home or mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
DDoS Attack Targets German Food Delivery Service
Cybercriminals have launched a distributed denial-of-service (DDoS) attack against German food delivery service Takeaway.com (Liefrando.de), demanding two bitcoins (about $11,000) to stop the flood of traffic. Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service. The attack has now stopped, according to a report from BleepingComputer.
Suddenly Teleworking, Securely
Telework is not a new idea and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely. This event can’t be treated like a quick rollout of an application: there are business, infrastructure, and customer security impacts. In this blog from Trend Micro’s vice president of cybersecurity, Greg Young, learn how to set yourself up for secure remote work success.
COVID-19: With Everyone Working from Home, VPN Security Has Now Become Paramount
With most employees working from home amid today’s COVID-19 (coronavirus) outbreak, enterprise VPN servers have now become paramount to a company’s backbone, and their security and availability must be the focus going forward for IT teams.
New Ursnif Campaign Targets Users in Japan
Trend Micro researchers recently detected a new Ursnif campaign targeting users in Japan. The malware is distributed through infected Microsoft Word documents coming from spam emails. Ursnif, also known as Gozi, is an information stealer that collects login credentials from browsers and email applications. It has capabilities for monitoring network traffic, screen capturing, and keylogging.
Trend Micro’s David Sancho on Criminals’ Favorite IoT Targets
In this video, Trend Micro Senior Researcher David Sancho speaks with CyberScoop Editor-in-Chief Greg Otto about his 2020 RSA Conference presentation, which looked at where criminals are infecting Internet of Things targets.
New Variant of Paradise Ransomware Spreads Through IQY Files
Internet Query Files (IQY) were used to deliver a new variant of Paradise ransomware, as reported by Last Line. The said file type has not been associated with this ransomware family before. In the past, IQY files were typically used in other malware campaigns, such as the Necurs botnet that distributes IQY files to deliver FlawedAmmy RAT.
Magecart Cyberattack Targets NutriBullet Website
Magecart Group 8 targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a post that a JavaScript web skimmer code was first inserted on the website of the blender retailer on Feb. 20, specifically targeting the website’s checkout page.
The IIoT Threat Landscape: Securing Connected Industries
The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the vast industrial landscape, the scale of threats likewise grows for smart factories, smart cities, connected cars, and other smart environments.
What are you doing to secure your home office devices? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: How to Stay Safe as Online Coronavirus Scams Spread and Magecart Cyberattack Targets NutriBullet Website appeared first on .
This week, we talk Enterprise News, to talk about Fortinet Introducing Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! In our second segment, we air two pre recorded interviews with Mehul Revanker of SaltStack and Utsav Sanghani of Synopsys from RSAC 2020! In our final segment, we air two more pre recorded interviews from the RSAC2020, with Kevin Gallagher of Netsparker and Mark Ralls of Acunetix!
To request a demo with SaltStack, visit: https://securityweekly.com/saltstack
To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys
To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix
To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Stephen Black, InfoSecWorld 2020 Speaker and Visiting Professor of Cyberlaw at the University of Houston, to discuss Where the Law Thinks Your Data Lives! In the Leadership and Communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode166
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Allen from VIAVI Solutions! The SCW crew discusses compliance requirements and SecOps frameworks like NIST - checking boxes rather than a holistic view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA s theme this year: the human factor . Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources.
Show Notes: https://wiki.securityweekly.com/SCWEpisode21
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.
This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.
As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
Here’s a quick guide to the key online threats and security tips:
Phishing for trouble
Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.
Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.
The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.
Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.
Watch out for these scams
The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:
‘Official’ updates
Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.
Coronavirus map
Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.
Corporate updates
Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.
Donations
Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.
Click here for a cure
One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.
Tax refunds
In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.
How to stay safe
The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:
|
|
How Trend Micro can help
Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:
Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.
Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.
To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.
The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .
This week, Doug White talks Plague surveillance coming soon, the US government is worried about cryptocurrency, dbags attack the HHS, and new attacks on Android phones! Jason Wood delivers the Expert Commentary on Coronavirus Phishing Scams!
Show Notes: https://wiki.securityweekly.com/SWNEpisode19
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)!
Show Notes: https://wiki.securityweekly.com/ASWEpisode100
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The recent outbreak of COVID-19 has affected peoples’ lives across the globe and has quickly swept through and impacted individuals, families, communities, and businesses around the world. At Trend Micro, our number one priority is to ensure that our employees and their families are as safe as possible, and our thoughts are with those who have been affected by the virus.
Our team has spent a great deal of time reviewing options to ensure both the continued protection of our customers and partners, as well as the physical safety of our employees. We realize this situation remains very dynamic, as information continues to change day-to-day, and as such we will continue to provide updates as we learn more, but in the meantime we remain committed to providing the superior service and support that our customers, partners and suppliers have come to expect of our company throughout this situation.
We know the critical role that Trend Micro plays in your organization to keep your company and employees protected. We have taken several measures to ensure that the COVID-19 crisis does not impact your experience with Trend Micro products or services.
Listed below are several actions that the team has taken to date to not only ensure that our employees are safe, but to continue to deliver business “as usual” during this time:
Safety of Employees
Our number one priority is the health and safety of our employees around the globe. To that measure, we have:
Continuity of Service
We are committed to ensuring that we continue to support the security needs of your organization, including but not limited to:
As an optimistic organization, we believe that because of this unfortunate situation, new ways to work together and incredible innovation will occur and will make us all stronger in the future.
As always, if you have any questions or concerns, please reach out to your local account representative or Trend Micro authorized support contact. We will continue to watch this situation closely, react accordingly and communicate any substantial changes with our customers and partners.
On behalf of everyone at Trend Micro, thank you for trusting us with your business. We wish health and safety to you and your families, employees, and customers.
Sincerely,
Kevin Simzer
Chief Operating Officer
Trend Micro Incorporated
The post A message from our COO regarding Trend Micro’s Customer commitment during the global Coronavirus Pandemic (COVID-19) appeared first on .
This week, Doug White brings you the Security Weekly News Wrap up, discussing Biting other passengers on EU flights, Everyone is going to telecommute, NSO argues with Facebook in court of phone bugging, the return of FIDO, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode18
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that is in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures!
Show Notes: https://wiki.securityweekly.com/PSWEpisode643
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
So you suddenly have a lot of staff working remotely. Telework is not new and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely.
A Lot of New Teleworkers All At Once
This event can’t be treated like a quick rollout of an application: there are business, infrastructure, and customer security impacts. There will be an increase of work for help desks as new teleworkers wrestle with remote working.
Additionally, don’t compound the problem. There is advice circulating to reset all passwords for remote workers. This opens the door for increased social engineering to attempt to lure overworked help desk staff into doing password resets that don’t comply with policy. Set expectations for staff that policy must be complied with, and to expect some delays while the help desk is overloaded.
Business continuity issues will arise as limited planning for remote workers could max out VPN licenses, firewall capacity, and application timeouts as many people attempt to use the same apps through a narrower network pipe.
Help Staff Make A Secure Home Office
In the best of times, remote workers are often left to their own devices (pun intended) for securing their work at home experience. Home offices are already usually much less secure than corporate offices: weak routers, unmanaged PCs, and multiple users means home offices become an easier attack path into the enterprise.
It doesn’t make sense to have workers operate in a less secure environment in this context. Give them the necessary security tools and operational tools to do their business. Teleworkers, even with a company-issued device, are likely to work on multiple home devices. Make available enterprise licensed storage and sharing tools, so employees don’t have to resort to ‘sketchy’ or weak options when they exceed the limits for free storage on Dropbox or related services.
A Secure Web Gateway as a service is a useful option considering that teleworkers using a VPN will still likely be split tunneling (i.e. not going through corporate security devices when browsing to non-corporate sites, etc.), unlike when they are in the corporate office and all connections are sanitized. That is especially important in cases where a weak home router gets compromised and any exfiltration or other ‘phone home’ traffic from malware needs to be spotted.
A simple way to get this information out to employees is to add remote working security tips to any regularly occurring executive outreach.
Operational Issues
With a large majority of businesses switching to a work-from-home model with less emphasis on in-person meetings, we also anticipate that malicious actors will start to impersonate digital tools, such as ‘free’ remote conferencing services and other cloud computing software.
Having a policy on respecting telework privacy is a good preventative step to minimize the risk of this type of attack being successful. Remote workers may be concerned about their digital privacy when working from home, so any way to inform them about likely attack methods can help.
Any steps to prevent staff trying to evade security measures out of a concern over privacy are likely a good investment.
Crisis Specific Risks
During any major event or crisis, socially engineered attacks and phishing will increase. Human engineering means using any lever to make it a little bit easier for targets to click on a link.
We’re seeing targeted email attacks taking advantage of this. Some will likely use tactics such as attachments named “attached is your Work At Home Allowance Voucher,” spoofed corporate guidelines, or HR documents.
Sadly, we expect hospitals and local governments will see increased targeting by ransomware due the expectation that payouts are likelier during an emergency.
But Hang On – It Is Not All Bad News
The good news is that none of these attacks are new and we already have playbooks to defend against them. Give a reminder to all staff during this period to be more wary of phishing, but don’t overly depend on user education – back it up with security technology measures. Here are a few ways to do that.
|
|
The post Suddenly Teleworking, Securely appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the number of ways Operation Overtrap can infect or trap victims with its payload. Also, read about how to protect your personal identity data and money during tax-filing season.
Read on:
AWS Launches Bottlerocket, a Linux-based OS for Container Hosting
AWS has launched Bottlerocket, its own open-source operating system for running containers on both virtual machines and bare metal hosts. The new OS is a stripped-down Linux distribution that’s akin to projects like CoreOS’s now-defunct Container Linux and Google’s container-optimized OS. The project is launching in cooperation with several partners including Alcide, Armory, CrowdStrike, Datadog, New Relic, Sysdig, Tigera, Trend Micro and Waveworks.
Tax Scams – Everything You Need to Know to Keep Your Money and Data Safe
There are two things that cybercriminals are always on the hunt for: personal identity data and money. During the tax-filing season, both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds. This blog looks at the main threats out there and what you can do to stay safe.
March 2020 Patch Tuesday: Microsoft Fixes 115 Vulnerabilities, Adobe None
This week for March 2020 Patch Tuesday, Microsoft dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. The good news is that none of them are under active attack. Adobe seems to have skipped this Patch Tuesday and there’s no indication whether the customary security updates are just delayed or if there won’t be any in the coming days.
Trend Micro recently discovered a new campaign dubbed “Operation Overtrap” for the number of ways it can infect or trap victims with its payload. The campaign targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on Trend Micro’s telemetry, Operation Overtrap has been active since April 2019.
Hackers Are Working Harder to Make Phishing and Malware Look Legitimate
Even though the overall volume of malware dropped in 2019, phishing and business email compromise (BEC) went up sharply, according to Trend Micro’s 2019 Cloud App Security Roundup. The company blocked nearly 400,000 attempted BEC attacks in 2018, which is 271% more than the previous year and 35% more credential phishing attempts than in 2018.
Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)
Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers investigated its security impact– specifically, its potential use for remote code execution (RCE). Learn more about the Ghostcat vulnerability in this blog analysis.
10 Key Female Cybersecurity Leaders to Know in 2020
In celebration of Women’s History Month, the editors of Solutions Review shared the accomplishments of ten key female cybersecurity leaders in 2020. Trend Micro’s CEO Eva Chen made the list based on her numerous accomplishments in the cybersecurity industry.
Coronavirus Used in Spam, Malware, and Malicious Domains
The coronavirus disease (COVID-19) is being used as bait in email spam attacks on targets across the globe. As the number of cases continues to grow, campaigns using the virus as a lure will likewise increase. This has been observed by multiple entities, and researchers from Trend Micro have also seen a significant spike in the detection of the subject in email spam attacks.
Cookiethief Android Malware Uses Proxies to Hijack Your Facebook Account
A combination of new modifications to Android malware code has given rise to Trojans able to steal browser and app cookies from compromised devices. Researchers from Kaspersky said the new malware families, dubbed Cookiethief, use a combination of exploits to acquire root rights to an Android device and then to steal Facebook cookie data.
Nemty Ransomware Spreads via Love Letter Emails
Threat actors have been found distributing Nemty ransomware through a spam campaign using emails that pose as messages from lovers, according to a report by Malwarebytes and X-Force Iris researchers. Researchers from Trend Micro have also encountered the emails.
WordPress GDPR Plugin Vulnerable to Cross-Site Scripting Attacks
GDPR Cookie Consent, a WordPress plugin, inadvertently exposed websites to cross-site scripting (XSS) attacks through a vulnerability that affects versions 1.8.2 and below of the plugin. As disclosed in a report by NinTechNet, the vulnerability allowed privilege escalation. The plugin had over 700,000 active installations at the time of the exploit.
Analysis: Abuse of .NET Features for Compiling Malicious Programs
While the .NET framework is originally intended to help software engineers, cybercriminals have found a way to abuse its features to compile and execute malware on the fly. Recently, Trend Micro discovered several kinds of malware, such as LokiBot, utilizing this technique.
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.
Are you concerned about the security risks involved with filing your taxes online? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Operation Overtrap Targets Japanese Online Banking Users and Everything You Need to Know About Tax Scams appeared first on .
This week, we talk Enterprise News, to talk about Neustar's enhanced UltraDNS capabilities boast greater capacity, global reach, and security, WatchGuard acquires Panda Security to expand endpoint capabilities, Ping Identity launches two-hybrid IT-focused solution packages, and Fortinet updates FortiOS & launches next-gen firewall product! In our second segment, we welcome back Corey Thuen, Co-Founder and CEO of Gravwell, to discuss Secondary Consequences of Bad Pricing Models! In our final segment, we air two pre-recorded interviews from the RSA conference 2020, with Corey Bodzin of ExtraHop, and Todd Weller of Bandura!
Show Notes: https://wiki.securityweekly.com/ESWEpisode175
To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop
To find out more about Bandura Cyber, please email Todd.Weller@banduracyber.com
To learn more about ExtraHop, visit: https://securityweeky.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!