Login
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the fourth quarter of 2023 closed with 359.8 million domain name registrations across all top-level domains (TLDs), an increase of 0.6 million domain name registrations, or 0.2%, compared to the third quarter of 2023. Domain name registrations also increased by 8.9 million, or 2.5%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the fourth quarter of 2023, including:
DNIB.com and The Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards and learn about DNIB.com’s statistical methodology, please visit DNIB.com.
The post Domain Name Industry Brief Quarterly Report: DNIB.com Announces 359.8 Million Domain Name Registrations in the Fourth Quarter of 2023 appeared first on Verisign Blog.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the third quarter of 2023 closed with 359.3 million domain name registrations across all top-level domains (TLDs), an increase of 2.7 million domain name registrations, or 0.8%, compared to the second quarter of 2023. Domain name registrations also increased by 8.5 million, or 2.4%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the third quarter of 2023, including:
DNIB.com and The Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards, and learn about DNIB.com’s statistical methodology, please visit DNIB.com.
The post Domain Name Industry Brief Quarterly Report: DNIB.com Announces 359.3 Million Domain Name Registrations in the Third Quarter of 2023 appeared first on Verisign Blog.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the second quarter of 2023 closed with 356.6 million domain name registrations across all top-level domains (TLDs), an increase of 1.7 million domain name registrations, or 0.5%, compared to the first quarter of 2023. Domain name registrations also increased by 4.3 million, or 1.2%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the second quarter of 2023, including:
With the launch of the DNIB.com dashboards, 16 additional TLDs have been included in applicable calculations. The applicable current and historical data presented in this edition of the quarterly report have been adjusted accordingly, and applicable quarterly and year-over-year trends have been calculated using those adjusted figures. More information is available at DNIB.com.
DNIB.com and the Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards, and learn about DNIB.com’s statistical methodology, please visit DNIB.com.
The post Domain Name Industry Brief Quarterly Report: DNIB.com announces 356.6 Million Domain Name Registrations in the Second Quarter of 2023 appeared first on Verisign Blog.
Verisign today announced the launch of DNIB.com, the new Domain Name Industry Brief (DNIB) website.
Sponsored by Verisign, DNIB.com is a source for insights and analysis from subject-matter experts on key topics relevant to the global Domain Name System (DNS). DNIB.com will offer insight on policy, governance, technology, security, and business trends relevant to analysts, entrepreneurs, policymakers, and anyone with an interest in the DNS. The website features a collection of new, searchable, and interactive dashboards tracking relevant DNS data and trends, that is designed to be a valuable day-to-day resource for industry stakeholders, and anyone interested in learning more about global domain name operations.
DNIB.com is also the new home of the DNIB quarterly report, which Verisign has published for more than a decade, providing a trusted and valued resource for stakeholders across the globe seeking to understand the dynamism and trends of the domain name industry.
The report will be published each quarter at DNIB.com, summarizing the state of the domain name industry through a variety of statistical and analytical research. The new and expanded DNIB.com dashboards take that statistical data to the next level, enabling exploration of trend data across the industry, providing additional history and depth, and offering expert insights and commentary.
The post Announcing the Launch of DNIB.com, a New Source for DNS News, Information, Research, and Analysis appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the first quarter of 2023 closed with 354.0 million domain name registrations across all top-level domains (TLDs), an increase of 3.5 million domain name registrations, or 1.0%, compared to the fourth quarter of 2022.1,2 Domain name registrations also increased by 3.5 million, or 1.0%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the first quarter of 2023, including:
This issue of the Domain Name Industry Brief includes a correction to the March 2023 issue, which incorrectly reported the number of domain name registrations in the .eu ccTLD.2 This was the result of a one-time error in the .eu domain name registration data, provided by ZookNIC, which has since been resolved.
To see past issues of The Domain Name Industry Brief, please visit https://verisign.com/dnibarchives.
The post Verisign Domain Name Industry Brief: 354.0 Million Domain Name Registrations in the First Quarter of 2023 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2022 closed with 350.4 million domain name registrations across all top-level domains (TLDs), an increase of 0.5 million domain name registrations, or 0.1%, compared to the third quarter of 2022.1,2 Domain name registrations have increased by 8.7 million, or 2.6%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit https://verisign.com/dnibarchives.
The post Verisign Domain Name Industry Brief: 350.4 Million Domain Name Registrations in the Fourth Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2022 closed with 349.9 million domain name registrations across all top-level domains, a decrease of 1.6 million domain name registrations, or 0.4%, compared to the second quarter of 2022.1,2 Domain name registrations have increased by 11.5 million, or 3.4%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the third quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Domain Name Industry Brief: 349.9 Million Domain Name Registrations in the Third Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the second quarter of 2022 closed with 351.5 million domain name registrations across all top-level domains, an increase of 1.0 million domain name registrations, or 0.3%, compared to the first quarter of 2022.1,2 Domain name registrations have increased by 10.4 million, or 3.0%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the second quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q2 2022 Domain Name Industry Brief: 351.5 Million Domain Name Registrations in the Second Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the first quarter of 2022 closed with 350.5 million domain name registrations across all top-level domains, an increase of 8.8 million domain name registrations, or 2.6%, compared to the fourth quarter of 2021.1,2 Domain name registrations have increased by 13.2 million, or 3.9%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the first quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q1 2022 Domain Name Industry Brief: 350.5 Million Domain Name Registrations in the First Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2021 closed with 341.7 million domain name registrations across all top-level domains, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021.1,2 Domain name registrations have increased by 1.6 million, or 0.5%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2021, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2021 closed with 364.6 million domain name registrations across all top-level domains, a decrease of 2.7 million domain name registrations, or 0.7%, compared to the second quarter of 2021.1,2 Domain name registrations have decreased by 6.1 million, or 1.6%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the third quarter of 2021, including:
The Domain Name Industry Brief this quarter also includes an overview of the ongoing community work to mitigate DNS security threats.
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q3 2021 The Domain Name Industry Brief: 364.6 Million Domain Name Registrations in the Third Quarter of 2021 appeared first on Verisign Blog.
Of all the pastimes that took off during the pandemic, it’s not surprising that online gaming was one of them. After all, gaming offers excitement, new experiences, and social interaction, all from the comfort of home. It’s no wonder then that the gaming industry saw a 20% increase in revenue in 2020, as new and previously-retired gamers returned to this pastime.
But while the gaming industry was finding a lot of new allies, the players themselves faced growing exposure to malware and threats. Our 2020 Mobile Threat Report found that gamers are being targeted with phishing attacks and malicious apps, aimed at stealing usernames and passwords. With this information, hackers could potentially steal hard-earned in-game collectibles, as well as real-world money and personal information. And PC gamers face similar threats, from viruses and spyware to network attacks that could potentially put their personal information and property at risk.
While 75% of gamers surveyed worry about their security while gaming in the future, some worry they’ll have to compromise performance to be protected. That’s why McAfee® Gamer Security offers robust protection to PC gamers with one of the lowest impacts on system performance in the industry.
To protect the growing number of gamers against increasing threats, we are offering one free year of McAfee Gamer Security for one gaming PC to multi-device McAfee ® Total Protection and McAfee® Live Safe users in the U.S. This powerful software was built from the ground up to address the challenges gamers face, with speedy performance, system optimization, uninterrupted gaming, and no pop-up apps.
But don’t just take it from me. This is what one of our users have to say: “I believe [McAfee Gamer Security] had a positive impact … because it increased the speed of my game as well as gave me peace of mind that I was protected during my gameplay.”
We know that gamers are some of the most tech-savvy and connected users out there, so it’s important that we meet them where they are by giving them the performance and security they need to play at full throttle. After all, many users are seeking stress relief through gaming, not the extra worry over their online security.
With McAfee Gamer Security we made security for players more fun, by including a gamer-centric interface that was inspired by familiar apps like game launchers — you can check the current status of your system and key resources that impact in-game performance, like GPU, CPU, and memory, as well as perform real-time optimization. And of course, we’ve also included monitoring for your all-important FPS (frames per second). You can even access past performance data to better understand your game-by-game trends.
Let’s keep the excitement of gaming while adding the extra confidence of knowing that your digital life is protected. Whether you are new to McAfee or already enjoying our personal protection, you can download McAfee Gamer Security for free in under one minute with a qualifying subscription! In our mission to provide users with personal protection, we are welcoming PC gamers with open arms.
The post PC Gamers (and Parents of Gamers) Rejoice! appeared first on McAfee Blogs.
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about a ransomware group that walked away with 2,200 Bitcoin: More than $33 million based on the current Bitcoin exchange rate. Also, read about this month’s Patch Tuesday security updates from Microsoft, including patches for 112 vulnerabilities.
Read on:
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity. In this article, ZDI’s Dustin Childs shares his thoughts on Microsoft’s removal of descriptions from CVE overviews.
An Old Joker’s New Tricks: Using Github to Hide Its Payload
Trend Micro detected a new Joker malware version on a sample on Google Play, which utilizes Github pages and repositories in an attempt to evade detection. The app promised wallpapers in HD and 4K quality and was downloaded over a thousand times before it was removed from the Play Store by Google after being reported as malicious.
NETGEAR Router, WD NAS Device Hacked on First Day of Pwn2Own Tokyo 2020
Due to the coronavirus pandemic, this year’s Pwn2Own Tokyo was turned into a virtual event coordinated by ZDI from Toronto, Canada. On the first day of the event, the NETGEAR Nighthawk R7800 router, Western Digital My Cloud Pro series PR4100 NSA device and Samsung Smart TV were targeted and $50,000 was awarded among teams STARLabs, Trapa Security and Team Flashback.
Developing Story: COVID-19 Used in Malicious Campaigns
As the number of those afflicted with COVID-19 continues to surge by thousands, malicious campaigns that use the disease as a lure likewise increase. In this report, Trend Micro researchers share samples on COVID-19 related malicious campaigns. The report also includes detections from other researchers.
IoT Security is a Mess. These Guidelines Could Help Fix That
The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organizations open to cyberattacks via vulnerabilities they’re not aware of. However, new guidelines from the European Union Agency for Cybersecurity (ENISA) aims to ensure that security forms part of the entire lifespan of IoT product development.
US Department of Energy Launches New Program for Technology Security Managers
The US Department of Energy (DOE) recently launched the Operational Technology (OT) Defender Fellowship. Another milestone from the Department in enhancing the US’s critical infrastructure. In collaboration with DOE’s Idaho National Laboratory (INL) and the Foundation for Defense of Democracies’ (FDD) Center for Cyber and Technology Innovation (CTTI), the OT Defender Fellowship hopes to expand the knowledge of primary US front-line critical infrastructure defenders.
Ransomware Gang is Raking in Tens of Millions of Dollars
A ransomware organization has raked in tens of millions of dollars, according to a new report. The organization, identified as group “One,” walked away with 2,200 Bitcoin, according to a report by Advanced Intelligence. That’s more than $33 million based on the current Bitcoin exchange rate.
CISA Braces for 5G with New Strategy, Initiatives
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released its 5G Strategy, ensuring the federal government and its many states, local, tribal, territorial, and private sector partners are secure as when the 5G technology arrives. The agency’s document hoped to expand on how the US government would secure 5G infrastructure both in the country and abroad.
Hacker-for-Hire Group Targeting South Asian Organizations
There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries globally, according to a BlackBerry research report. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore. Some of its targeting was also located in Africa, the Americas, Australia and Europe.
Defense in Depth, Layered Security in the Cloud
In this blog, Trend Micro’s vice president of cybersecurity, Greg Young, discusses the evolution of network security into how it manifests itself today, how network security has looked up until now, how the future of network security looks and why security teams need layered protection in the cloud.
Surprised by Microsoft’s decision to remove the description section from Patch Tuesday bulletins? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs appeared first on .
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Also, read about how the operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month.
Read on:
Beware a New Google Drive Scam Landing in Inboxes
Scammers just found a new phishing lure to play with: Google Drive. A flaw in Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, could land people on malicious websites. The smartest part of the scam is that the emails and notifications it generates come directly from Google.
What Are the Best Options for Cybersecurity Protection for Small Businesses?
For Workplace IT, providing the best cybersecurity protection for their company’s hundreds of small business clients is critical. Workplace IT relies exclusively on Trend Micro to ensure that its customers have the best cybersecurity protection available. Partnering with one security vendor makes it easy for the company to focus on other issues, knowing that security is handled comprehensively and consistently.
REvil Ransomware Gang ‘Acquires’ KPOT Malware
The operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month. The sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other projects, and was organized as a public auction on a private underground hacking forum for Russian-speaking cyber-criminals.
Encouraging the Next Generation of Cybersecurity Stars to Join the Industry
At its core, Trend Micro has a passion for education and a desire to grow the cybersecurity industry with talented, dedicated professionals. The two are closely linked: If we can introduce cyber skills into schools at an earlier age, then more young people will be encouraged to start a career in cybersecurity. That’s why Trend Micro is running a new virtual event for university students in November, during NIST NICE Cybersecurity Career Awareness Week.
Cybersecurity Threats to Corporate America are Present Now ‘More Than Ever,’ SEC Chair Says
Securities and Exchange Commission (SEC) Chairman Jay Clayton is telling corporate America it needs to be more vigilant on security. In an interview with CNBC, Clayton stressed that significant cybersecurity threats remain, despite the ongoing coronavirus pandemic and election season. In October alone, the Cybersecurity and Infrastructure Security Agency (CISA) put out 30 cyber alerts across various industries and business sizes, as well as consumers.
US Cyber Command Exposes New Russian Malware
US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group).
SaltStack Discloses Critical Vulnerabilities, Urges Patching
SaltStack disclosed three new vulnerabilities, two of which are assessed to be critical, and is urging users to patch immediately. In an advisory, the organization announced it released a security update to address the vulnerabilities. While two vulnerabilities were discovered and submitted by “KPC” of Trend Micro’s Zero Day Initiative (ZDI), the advisory does not say how CVE-2020-25592 was found. Dustin Childs, ZDI communications manager, said they reported it to SaltStack privately in late August.
New Data Shows Just How Badly Home Users Overestimate IoT Security
A new survey from the National Cyber Security Alliance (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes. The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things (IoT) devices they owned were secure.
Over 23,000 Hacked Databases Shared Over Telegram and Discord
It was reported that over 50GB of data from 23,000 hacked databases have been shared by hackers across Telegram channels and two hacking forums. A total of 23,618 databases were able to be downloaded through the Mega file hosting service, amounting to a dataset of around 13 billion personal files. The link was later taken down following abuse reports but there are fears that the data has entered the public domain.
A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database.
Toymaker Mattel Hit by Ransomware Attack
Top toymaker Mattel revealed it was a victim of a ransomware attack that successfully encrypted some data and temporarily crippled a limited number of business functions. The disclosure was part of a U.S. Securities Exchange Commission (SEC) disclosure filed in late October. Mattel reported the attack occurred on July 28, 2020 and that, for the most part, it was mitigated quickly and had a minimal impact on the company.
Spike in Emotet Activity Could Mean Big Payday for Ransomware Gangs
There’s been a massive increase in Emotet attacks and cyber criminals are taking advantage of machines compromised by the malware to launch more malware infections as well as ransomware campaigns. The October 2020 HP-Bromium Threat Insights Report reports a 1,200% increase in Emotet detections from July to September compared to the previous three months.
How do you secure your IoT devices at home? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT Malware appeared first on .
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro researchers uncovered two new espionage backdoors associated with the ‘Operation Earth Kitsune’ campaign. Also, read about how U.S. healthcare providers have been put on high alert over Trickbot malware and ransomware targeting the sector.
Read on:
Operation Earth Kitsune: A Dance of Two New Backdoors
Trend Micro recently published a research paper on Operation Earth Kitsune, a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, Trend Micro researchers also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following the attackers’ three-letter naming scheme.
FBI Warning: Trickbot and Ransomware Attackers Plan Big Hit on U.S. Hospitals
U.S. healthcare providers, already under pressure from the COVID-19 pandemic, are on high alert over Trickbot malware and ransomware targeting the sector. Trickbot is one of the largest botnets in the world, against which Microsoft took U.S. legal action earlier this month in effort to gain control of its servers. Within a day of the seizure, Trickbot C&C servers and domains were replaced with new infrastructure.
Trend Micro HouseCall for Home Networks
While a home network provides numerous benefits, it can also expose its users to safety and privacy risks. Checking for those risks doesn’t need to be costly: Trend Micro’s Housecall for Home Networks (HCHN) solution scans the connected devices in home networks and detects those that pose security risks and is available for free.
Bug-Bounty Awards Spike 26% in 2020
According to a list of top 10 vulnerabilities by HackerOne, cross-site scripting (XSS) remained the most impactful vulnerability and reaped the highest rewards for ethical hackers in 2020 for the second year in a row, earning hackers $4.2 million in total bug-bounty awards in the last year, a 26-percent increase from what was paid out in 2019 for finding XSS flaws. Following XSS on the list: Improper access control, information disclosure, server-side request forgery (SSRF) and more.
Security is an aspect that every enterprise needs to consider as they use and migrate to cloud-based technologies. On top of the list of resources that enterprises need to secure are networks, endpoints, and applications. However, another critical asset that enterprises should give careful security consideration to is their back-end infrastructure which, if compromised, could lead to supply chain attacks.
U.S. Shares Information on North Korean Threat Actor ‘Kimsuky’
An alert released this week by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Cyber Command Cyber National Mission Force (CNMF) provides information on Kimsuky, a threat actor focused on gathering intelligence on “foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions” on behalf of the North Korean government. The advisory says the adversary has been active since 2012, engaging in social engineering, spear-phishing, and watering hole attacks.
76% of Applications Have at Least One Security Flaw
Most applications contain at least one security flaw and fixing those flaws typically takes months, a new Veracode report reveals. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. The report also uncovered some best practices to significantly improve these fix rates.
Apps Infected with Adware Found on Google Play Store
Some 21 malicious Android apps containing intrusive adware were discovered on the Google Play Store, but most have now been removed, according to a report from Avast. These fraudulent mobile applications, disguised as Android gaming apps, had been downloaded more than 8 million times since they were made available in the store.
Patients in Finland Blackmailed After Therapy Records Were Stolen by Hackers
The confidential records of thousands of psychotherapy patients in Finland have been hacked and some are now facing the threat of blackmail. Attackers were able to steal records related to therapy sessions, as well as patients’ personal information including social security numbers and addresses, according to Vastaamo, the country’s largest private psychotherapy center.
Surprised by the Vastaamo hack and subsequent blackmail of patients? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Researcher Uncover Two Espionage Backdoors Associated with Operation Earth Kitsune and Trickbot and Ransomware Attackers Plan Big Hit on U.S. Hospitals appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed ‘Operation Earth Kitsune’ that is spying on users’ systems through compromised websites. Also, read about how APT groups are threatening DDoS attacks against victims if they don’t send them bitcoin.
Read on:
Fancy Bear Imposters Are on a Hacking Extortion Spree
Radware recently published extortion notes that were sent to a variety of companies globally. The senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The notes threaten that if the target doesn’t send bitcoin, powerful distributed denial of service (DDoS) attacks will be launched against the victim. Robert McArdle, Trend Micro’s director of our Forward-Looking Threat Research (FTR) team, comments on DDoS as an extortion method.
A Ride on Taiwan’s Self-Driving Bus
The self-driving bus is now being tested on the streets of downtown Taipei and more autonomous buses are being deployed in other places, including Germany, Japan and Canada. Since connected cars are still a relatively new technology, the dangers of these vehicles are unknown and mostly speculated. In this article, Trend Micro discusses potential security implications of these connected vehicles.
U.S. Charges Russian Intelligence Officers in Major Cyberattacks
This week, the Justice Department unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign that caused mass disruption and cost billions of dollars by attacking targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics.
Operation Earth Kitsune: Tracking SLUB’s Current Operations
A watering hole campaign that Trend Micro has dubbed as Operation Earth Kitsune is spying on users’ systems through compromised websites. Using SLUB and two new malware variants, the attacks exploit vulnerabilities including those of Google Chrome and Internet Explorer.
Cybersecurity Company Finds Hacker Selling Info on 186 Million U.S. Voters
Trustwave says it found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.
In 2012, Trend Micro, the International Cyber Security Protection Alliance (ICSPA) and Europol’s European Cyber Crime Centre (EC3) collaborated on a white paper that imagined the technological advances of the coming 8 years, the societal and behavioral changes they may bring and the opportunities for malfeasance they could present. As we enter the 2020s, we now have the opportunity to objectively review the project against a number of success factors.
WordPress Deploys Forced Security Update for Dangerous Bug in Popular Plugin
WordPress sites running Loginizer, one of today’s most popular WordPress plugins with an install base of over one million sites, were forcibly updated this week to Loginizer version 1.6.4. This version contained a security fix for a dangerous SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.
Just Leave That Docker API on the Front Porch, No One Will Steal It
Recently, a new type of Linux malware named “DOKI” has been discovered exploiting publicly accessible Docker API’s hosted in all major cloud providers. The manner in which threat actors are gaining access to container environments is a previously discovered technique, but the DOKI malware is something that has not been documented until now.
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Two of the issues are out-of-bounds read flaws, (CVE-2020-24409, CVE-2020-24410); one is an out-of-bounds write bug (CVE-2020-24411). Tran Van Khang, working with Trend Micro Zero Day Initiative, is credited for the discoveries.
US Treasury Department Ban on Ransomware Payments Puts Victims in Tough Position
This month, the US Treasury Department’s Office of Foreign Assets Control (OFAC) warned organizations making ransomware payments that they risk violating economic sanctions imposed by the government against cybercriminal groups or state-sponsored hackers. The advisory has the potential to disrupt the ransomware monetization model, but also puts victims, their insurers and incident response providers in a tough situation.
What are your thoughts on the sanctions imposed by the government against cybercriminal groups or state-sponsored hackers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals are passing the time during the COVID-19 pandemic with online poker games, where the prizes include stolen data. Also, read about how VirusTotal now supports Trend Micro ELF Hash (aka telfhash).
Read on:
Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles
Cybercriminals have put their own spin on passing time during the COVID-19 lockdown with online rap battles, poker tournaments, poem contests, and in-person sport tournaments. The twist is that the prize for winning these competitions is sometimes stolen data and tools to make cybercrime easier, according to new research from Trend Micro.
Becoming an Advocate for Gender Diversity: Five Steps that Could Shape Your Journey
Sanjay Mehta, senior vice president at Trend Micro, was recently named a new board member at Girls In Tech—a noted non-profit and Trend Micro partner working tirelessly to enhance the engagement, education, and empowerment of women in technology. In this blog, Sanjay shares five steps that you can use to become an ally for diversity in the workplace.
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
In this month’s Patch Tuesday update, Microsoft pushed out fixes for 87 security vulnerabilities – 11 of them critical – and one of those is potentially wormable. There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
VirusTotal Now Supports Trend Micro ELF Hash
To help IoT and Linux malware researchers investigate attacks containing Executable and Linkable Format (ELF) files, Trend Micro created telfhash, an open-source clustering algorithm that helps cluster Linux IoT malware samples. VirusTotal has always been a valuable tool for threat research and now, with telfhash, users of the VirusTotal Intelligence platform can pivot from one ELF file to others.
New Emotet Attacks Use Fake Windows Update Lures
File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button. According to the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world.
Metasploit Shellcodes Attack Exposed Docker APIs
Trend Micro recently observed an interesting payload deployment using the Metasploit Framework (MSF) against exposed Docker APIs. The attack involves the deployment of Metasploit’s shellcode as a payload, and researchers said this is the first attack they’ve seen using MSF against Docker. It also uses a small, vulnerability-free base image in order for the attack to proceed in a fast and stealthy manner.
Barnes & Noble Warns Customers It Has Been Hacked, Customer Data May Have Been Accessed
American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday, October 10th.
ContentProvider Path Traversal Flaw on ESC App Reveals Info
Trend Micro researchers found ContentProvider path traversal vulnerabilities in three apps on the Google Play store, one of which had more than 5 million installs. The three applications include a keyboard customization app, a shopping app from a popular department store, and the app for the European Society of Cardiology (ESC). Fortunately, the keyboard and department store apps have both been patched by developers. However, as of writing this blog, the ESC app is still active.
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew of three cruise line brands and the casino operations of Carnival Corp. in a ransomware attack the company suffered on Aug. 15, officials have confirmed. Carnival Cruise Line, Holland America Line and Seabourn were the brands affected by the attack, which Carnival said they’re still investigating in an update on the situation this week.
Docker Content Trust: What It Is and How It Secures Container Images
Docker Content Trust allows users to deploy images to a cluster or swarm confidently and verify that they are the images you expect them to be. In this blog from Trend Micro, learn how Docker Content Trust works, how to enable it, steps that can be taken to automate trust validation in the continuous integration and continuous deployment (CI/CD) pipeline and limitations of the system.
Twitter Hackers Posed as IT Workers to Trick Employees, NY Probe Finds
A simple phone scam was the key first step in the Twitter hack that took over dozens of high-profile accounts this summer, New York regulators say. The hackers responsible for the July 15 attack called Twitter employees posing as company IT workers and tricked them into giving up their login credentials for the social network’s internal tools, the state’s Department of Financial Services said.
A distributed denial-of-service (DDoS) attack sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all. DDoS attacks are one of the crudest forms of cyberattacks, but they’re also one of the most powerful and can be difficult to stop.
Cyberattack on London Council Still Having ‘Significant Impact’
Hackney Council in London has said that a cyberattack earlier this week is continuing to have a “significant impact” on its services. Earlier this week, the north London council said it had been the target of a serious cyberattack, which was affecting many of its services and IT systems.
Surprised by the new Emotet attack? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles and VirusTotal Now Supports Trend Micro ELF Hash appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals secure their assets and survive in the business in a new Trend Micro report. Also, read about a how cybercriminals are tapping into Amazon’s Prime Day with phishing and malicious websites that are fraudulently using the Amazon brand.
Read on:
French Companies Under Attack from Clever BEC Scam
Trend Micro researchers observed a new modus operandi involving a clever BEC campaign that uses social engineering to target French companies. Malicious actors impersonated a French company in the metal fabrication industry that provides services to several organizations. They then registered a domain very similar to the legitimate one used by the business and used it to send emails to their targets.
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks
Cybercriminals are tapping into Amazon’s annual Prime Day with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August, the most significant since the COVID-19 pandemic forced people indoors in March.
CSO Insights: DataBank’s Mark Houpt on Looking Beyond Securing Infrastructures in the New Normal
The big move to working remotely wasn’t completely difficult for Mark Houpt, CISO at DataBank. After all, he has been doing so since before COVID-19. However, when the pandemic hit, DataBank, like many other companies across the globe, had to help most of their employees transition securely and smoothly to virtual work. Read up on the several important security considerations this experience highlighted.
240+ Android Apps Caught Showing Out-of-Context Ads
This summer, Google removed more than 240 Android applications from the Play Store for showing out-of-context ads and breaking a newly introduced Google policy against this type of intrusive advertising. Out-of-context ads are mobile ads that are shown outside an app’s normal container and appear as pop-ups or as full-screen ads.
Safe and Smart Connections: Securing IoT Networks for Remote Setups
As a result of our work-from-home (WFH) arrangements, there is an increased demand on networks as remote operations have created greater dependence on the IoT. Subsequently, now is a good time to re-examine the security of your network. Rather than only focusing on securing individual devices that can compromise a network, users should also secure the network to minimize threats across several devices.
Inside the Bulletproof Hosting Business
The use of underground infrastructure is inherent to the modus operandi of a cybercriminal. In Trend Micro’s Underground Hosting series, it differentiates how cybercrime goods are sold in marketplaces and what kinds of services are offered. In this final part of the Underground Hosting report series, Trend Micro explores the methods criminals employ to secure their assets and survive in the business.
Comcast Voice Remote Control Could be Turned into Spying Tool
The Comcast XR11 voice remote controller was recently found to be vulnerable and could be turned into a spying tool that eavesdrops on users. Discovered by researchers at Guardicore, the attack has been named WarezTheRemote and is said to be a very serious threat, considering that the remote is used for over 18 million devices across the U.S.
Transforming IoT Monitoring Data into Threat Defense
In the first half of 2020, there was a 70% increase in inbound attacks on devices and routers compared to the second half of 2019, which included attacks on IoT systems. To protect customers effectively by continuously monitoring trends in IoT attacks, Trend Micro examined Mirai and Bashlite (aka Qbot), two notorious IoT botnet malware types, and shares the figures relating to these botnets’ command and control (C&C) servers, IP addresses, and C&C commands.
Russia’s Fancy Bear Hackers Likely Penetrated a Federal Agency
Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest that it was Fancy Bear, a team of hackers working for Russia’s GRU also known as APT28.
Threat Research & XDR Combine to Stop Cybercrime
Like legitimate businesses across the globe seeking to improve their information security and protect their network infrastructure, cybercriminal businesses take similar precautions. Trend Micro Research released the final report in a series focused on this part of cybercriminal business: Underground hosting providers. Based on the report, it’s clear that understanding both the criminal business and the attacks themselves better prepares defenders and investigators to identify and eliminate threats.
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. According to research by Paul Litvak of Intezer Labs, two security flaws in Microsoft’s Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server.
Cyber Security Awareness: A Critical Checklist
October 2020 marks the 17th year of National Cybersecurity Awareness Month, where users and organizations are encouraged to increase awareness of cybersecurity issues. To help raise awareness, Trend Micro’s Consumer Division breaks down of the security issues you should be aware of and shares tips about how you can protect yourself and your family while working, learning, or gaming at home.
The Basics of Keeping Kubernetes Cluster Secure: Worker Nodes and Related Components
In part one of this blog series, Trend Micro talked about the different ways developers can protect control plane components, including Kube API server configurations, RBAC authorization, and limitations in the communication between pods through network policies. In this second part, Trend Micro focuses on best practices that developers can implement to protect worker nodes and their components.
Are you surprised that Comcast voice activated remote controllers could be turned into a spying tool? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: A Look Inside the Bulletproof Hosting Business and Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how an adware family known primarily for distributing browser hijackers, Linkury, has been caught distributing malware. Also, read about a newly uncovered strain of the Glupteba trojan.
Read on:
Cross-Platform Modular Glupteba Malware Uses ManageX
Trend Micro recently encountered a variant of the Glupteba trojan and reported its attacks on MikroTik routers and updates on its command and control (C&C) servers. The use of ManageX, a type of modular adware that Trend Micro has recently analyzed, is notable in this newly uncovered strain as it aims to emphasize the modularity and the cross-platform features of Glupteba as seen through its code analysis.
Phishing Attack Targets Microsoft 365 Users with Netflix & Amazon Lures
Security researchers have been tracking a phishing campaign that abuses Microsoft Office 365 third-party application access to obtain specific resources from victims’ accounts. The attacker, dubbed TA2552, mostly uses Spanish-language lures and a narrow range of themes and brands. These attacks have targeted organizations with a global presence but seem to choose victims who likely speak Spanish, according to a report from Proofpoint researchers.
New Report Suggests the Bug Bounty Business is Recession-Proof
A new report from HackerOne presents data suggesting that the bug bounty business might be recession-proof, citing increases in hacker registrations, monthly vulnerability disclosures and payouts during a pandemic-induced economic downturn. Brian Gorenc, senior director of vulnerability research and director of Trend Micro’s Zero Day Initiative program, shared that he’s seen bug bounty activity increase with ZDI publishing 1,045 vulnerability advisories in all of 2019 and 1,235 already in 2020.
Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis
We’ve all been spending more time online since the pandemic hit, and as a result we’re sharing more personal and financial information online with each other and with organizations. Unfortunately, as ever, there are bad guys around every digital corner looking for this. Personally identifiable information (PII) is the currency of internet crime, and cyber-criminals will do whatever they can to get it.
Linkury Adware Caught Distributing Full-Blown Malware
An adware family known primarily for distributing browser hijackers has been caught distributing malware, security researchers said at the Virus Bulletin 2020 security conference. Its main method of distribution is the SafeFinder widget, a browser extension ironically advertised as a way to perform safe searches on the internet. K7 researchers say that in recent cases they analyzed, the SafeFinder widget has now also begun installing legitimate malware, such as the Socelars and Kpot infostealer trojans.
Chinese APT Group Targets Media, Finance, and Electronics Sectors
Cybersecurity researchers have uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S. and China. Linking the attacks to Palmerworm (aka BlackTech), likely a China-based advanced persistent threat (APT), the first wave of activity associated with this campaign began last year in August 2019.
InterPlanetary Storm Botnet Infects 13K Mac, Android Devices
A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux, which were targeted by previous variants of the malware). Researchers say the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide – and that number continues to grow.
More Americans Share Social Security, Financial and Medical Information than Before the Pandemic
A new survey has shown that consumer willingness to share more sensitive data – social security numbers, financial information and medical information – is greater in 2020 than in both 2018 and 2019. According to the NYC-based scientific research foundation ARF’s (Advertising Research Foundation) third annual privacy study, contact tracing is considered a key weapon in the fight against COVID-19.
Do you feel like you are more willing to share sensitive information online since the pandemic began? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Linkury Adware Caught Distributing Full-Blown Malware and Cross-Platform Modular Glupteba Malware Uses ManageX appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how threat actors are bundling Windscribe VPN installers with backdoors. Also, read about a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications.
Read on:
Windows Backdoor Masquerading as VPN App Installer
This article discusses findings covered in a recent blog from Trend Micro where company researchers warn that Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor. The trojanized package in this specific case is the Windows installer for Windscribe VPN and contains the Bladabindi backdoor.
The Evolution of Malicious Shell Scripts
The Unix-programming community commonly uses shell scripts as a simple way to execute multiple Linux commands within a single file. Many users do this as part of a regular operational workload manipulating files, executing programs and printing text. However, as a shell interpreter is available in every Unix machine, it is also an interesting and dynamic tool abused by malicious actors.
Microsoft Says It Detected Active Attacks Leveraging Zerologon Vulnerability
Hackers are actively exploiting the Zerologon vulnerability in real-world attacks, Microsoft’s security intelligence team said on Thursday morning. The attacks were expected to happen, according to security industry experts. Multiple versions of weaponized proof-of-concept exploit code have been published online in freely downloadable form since details about the Zerologon vulnerability were revealed on September 14 by Dutch security firm Secura BV.
Stretched and Stressed: Best Practices for Protecting Security Workers’ Mental Health
Security work is stressful under the best of circumstances, but remote work presents its own challenges. In this article, learn how savvy security leaders can best support their teams today — wherever they’re working. Trend Micro’s senior director of HR for the Americas, Bob Kedrosky, weighs in on how Trend Micro is supporting its remote workers.
Exploitable Flaws Found in Facial Recognition Devices
To gain a more nuanced understanding of the security issues present in facial recognition devices, Trend Micro analyzed the security of four different models: ZKTeco FaceDepot-7B, Hikvision DS-K1T606MF, Telpo TPS980 and Megvii Koala. Trend Micro’s case studies show how these devices can be misused by malicious attackers.
New ‘Alien’ Malware Can Steal Passwords from 226 Android Apps
Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications. Named Alien, this new trojan has been active since the start of the year and has been offered as a Malware-as-a-Service (MaaS) offering on underground hacking forums.
Government Software Provider Tyler Technologies Hit by Possible Ransomware Attack
Tyler Technologies, a Texas-based provider of software and services for the U.S. government, started informing customers this week of a security incident that is believed to have involved a piece of ransomware. Tyler’s website is currently unavailable and in emails sent out to customers the company said its internal phone and IT systems were accessed without authorization by an “unknown third party.”
U.S. Justice Department Charges APT41 Hackers Over Global Cyberattacks
On September 16, 2020, the United States Justice Department announced that it was charging five Chinese citizens with hacking crimes committed against over 100 institutions in the United States and abroad. The global hacking campaign went after a diverse range of targets, from video game companies and telecommunications enterprises to universities and non-profit organizations. The five individuals were reportedly connected to the hacking group known as APT41.
Phishers are Targeting Employees with Fake GDPR Compliance Reminders
Phishers are using a bogus GDPR compliance reminder to trick recipients – employees of businesses across several industry verticals – into handing over their email login credentials. In this evolving campaign, the attackers targeted mostly email addresses they could glean from company websites and, to a lesser extent, emails of people who are high in the organization’s hierarchy.
Mispadu Banking Trojan Resurfaces
Recent spam campaigns leading to the URSA/Mispadu banking trojan have been uncovered, as reported by malware analyst Pedro Tavares in a Twitter post and by Seguranca Informatica in a blog post. Mispadu malware steals credentials from users’ systems. This attack targets systems with Spanish and Portuguese as system languages.
A Blind Spot in ICS Security: The Protocol Gateway Part 3: What ICS Security Administrators Can Do
In this blog series, Trend Micro analyzes the impacts of the serious vulnerabilities detected in the protocol gateways that are essential when shifting to smart factories and discusses the security countermeasures that security administrators in those factories must take. In the final part of this series, Trend Micro describes a stealth attack method that abuses a vulnerability as well as informs readers of a vital point of security measures required for the future ICS environment.
Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
Check Point researchers disclosed details about a critical vulnerability in Instagram’s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. The flaw lets attackers perform actions on behalf of the user within the Instagram app, including spying on victim’s private messages and deleting or posting photos from their accounts, as well as execute arbitrary code on the device.
Addressing Threats Like Ryuk via Trend Micro XDR
Ryuk has recently been one of the most noteworthy ransomware families and is perhaps the best representation of the new paradigm in ransomware attacks where malicious actors go for quality over sheer quantity. In 2019, the Trend Micro Managed XDR and Incident Response teams investigated an incident concerning a Trend Micro customer that was infected with the Ryuk ransomware.
What are your thoughts on the Android Instagram app bug that could allow remote access to user’s phones? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New ‘Alien’ Malware can Steal Passwords from 226 Android Apps appeared first on .
When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken advantage of big news to use as lures for socially engineered threats, but these events tend to be fairly short news cycles.
When Covid-19 started making headlines in early 2020, we started seeing new threats using this in the attacks. As you see below, April was the peak month for email-based Covid-19 related threats.
The same was true for phishing URLs related to Covid-19, but for files using Covid-19 in their naming convention, the peak month in the first half was June.
Impact on Cybercrime
The constant 24×7 news around cases, cures and vaccines makes this pandemic unique for cybercriminals. Also, the shift to remote working and the challenges posed to supply chains all gave cybercriminals new content they could use as lures to entice victims into infecting themselves.
As we’ve seen for many years now, email-based threats were the most used threat vector by malicious actors, which makes sense as the number one infection vector to penetrate an organization’s network is to use a socially engineered email against an employee.
We even saw malicious mobile apps being developed using Covid-19 as a lure, as you see below.
In this case it was supporting potential cures for the virus, which many people would have wanted.
Other Highlights in 1H 2020
While Covid-19 dominated the threat landscape in the 1H 2020, it wasn’t the only thing that defined it. Ransomware actors continued their attacks against organizations, but as we’ve been seeing over the past year, they’ve become much more selective in their victims. The spray and pray model using spam has been shifted to a more targeted approach, similar to how nation-state actors and APT groups perform their attacks. Two things showcase this trend:
2. The ransom amounts have increased significantly over the years, showing ransomware actors are selecting their victims around how much they feel they can extort them for and whether they are more likely to pay a ransom.
Home network attacks are another interesting aspect of the threat landscape in the first half of this year. We have millions of home routers around the world that give us threat data on events coming into and out of home networks.
Threat actors are taking advantage of more remote workers by launching more attacks against these home networks. As you see below, the first half of 2020 saw a marked increase in attacks.
Many of these attacks are brute force login attempts as actors try to obtain login credentials for routers and devices within the home network, which can allow them to do further damage.
The above are only a small number of security events and trends we saw in just six months of 2020. Our full roundup of the security landscape so far this year is detailed out in our security roundup report – Securing the Pandemic-Disrupted Workplace. You can read about all we found to help prepare for many of the threats we will continue to see for the rest of the year.
The post 1H 2020 Cyber Security Defined by Covid-19 Pandemic appeared first on .
At Black Hat USA 2020, Trend Micro presented two important talks on vulnerabilities in Industrial IoT (IIoT). The first discussed weaknesses in proprietary languages used by industrial robots, and the second talked about vulnerabilities in protocol gateways. Any organization using robots, and any organization running a multi-vendor OT environment, should be aware of these attack surfaces. Here is a summary of the key points from each talk.
Rogue Automation
Presented at Black Hat, Wednesday, August 5. https://www.blackhat.com/us-20/briefings/schedule/index.html#otrazor-static-code-analysis-for-vulnerability-discovery-in-industrial-automation-scripts-19523 and the corresponding research paper is available at https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming
Industrial robots contain powerful, fully capable computers. Unlike most contemporary computers, though, industrial robots lack basic information security capabilities. First, at the architectural level, they lack any mechanism to isolate certain instructions or memory. That is, any program can alter any piece of storage, or run any instruction. In traditional mainframes, no application could access, change, or run any code in another application or in the operating system. Even smartphone operating systems have privilege separation. An application cannot access a smartphone’s camera, for instance, without being specifically permitted to do so. Industrial robots allow any code to read, access, modify, or run any device connected to the system, including the clock. That eliminates data integrity in industrial robots and invalidates any audit of malfunctions; debugging becomes exceptionally difficult.
Industrial robots do not use conventional programming languages, like C or Python. Instead, each manufacturer provides its own proprietary programming language. That means a specialist using one industrial robot cannot use another vendor’s machine without training. There are no common information security tools for code validation, since vendors do not develop products for fragmented markets. These languages describe programs telling the robot how to move. They also support reading and writing data, analyzing and modifying files, opening and closing input/output devices, getting and sending information over a network, and accessing and changing status indicators on connected sensors. Once a program starts to run on an industrial robot, it can do anything any fully functional computer can do, without any security controls at all. Contemporary industrial robots do not have any countermeasures against this threat.
Most industrial robot owners do not write their own programs. The supply chain for industrial robot programs involves many third-party actors. See Figure 1 below for a simplified diagram. In each community, users of a particular vendor’s languages share code informally, and rely on user’s groups for hints and tips to solve common tasks. These forums rarely discuss security measures. Many organizations hire third-party contractors to implement particular processes, but there are no security certifications relevant to these proprietary languages. Most programmers learned their trade in an air-gapped world, and still rely on a perimeter which separates the safe users and code inside from the untrusted users and code outside. The languages offer no code scanners to identify potential weaknesses, such as not validating inputs, modifying system services, altering device state, or replacing system functions. The machines do not have a software asset management capability, so knowing where the components of a running program originated from is uncertain.
Figure 1: The Supply Chain for Industrial Robot Programming
All is not lost – not quite. In the short term, Trend Micro Research has developed a static code analysis tool called OTRazor, which examines robotic code for unsafe code patterns. This was demonstrated during our session at Black Hat.
Over time, vendors will have to introduce basic security checks, such as authentication, authorization, data integrity, and data confidentiality. The vendors will also have to introduce architectural restrictions – for instance, an application should be able to read the clock but not change it.. Applications should not be able to modify system files, programs, or data, nor should they be able to modify other applications. These changes will take years to arrive in the market, however. Until then, CISOs should audit industrial robot programs for vulnerabilities, and segment networks including industrial robots, and apply baseline security programs, as they do now, for both internally developed and procured software.
Protocol Gateway Vulnerabilities
Presented at Black Hat, Wednesday, August 5, https://www.blackhat.com/us-20/briefings/schedule/index.html#industrial-protocol-gateways-under-analysis-20632, with the corresponding research paper available here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong.
Industry 4.0 leverages the power of automation alongside the rich layer of software process control tools, particularly Enterprise Resource Planning (ERP), and its bigger cousin, Supply Chain Management (SCM). By bringing together dynamic industrial process control with hyper-efficient “just-in-time” resource scheduling, manufacturers can achieve minimum cost, minimum delay, and optimal production. But these integration projects require that IIoT devices speak with other technology, including IIoT from other manufacturers and legacy equipment. Since each equipment or device may have their own communication protocol, Industry 4.0 relies heavily on protocol converters.
Protocol converters are simple, highly efficient, low-cost devices that translate one protocol into another. Protocol converters are ubiquitous, but they lack any basic security capabilities – authentication, authorization, data integrity or data confidentiality – and they sit right in the middle of the OT network. Attackers can subvert protocol converters to hijack the communication or change configuration. An attacker can disable a safety thresholds, generate a denial of service attack, and misdirect an attached piece of equipment.
In the course of this research, we found nine vulnerabilities and are working with vendors to remediate the issues. Through our TXOne subsidiary, we are developing rules and intelligence specifically for IIoT message traffic, which are then embedded in our current network security offerings, providing administrators with better visibility and the ability to enforce security policies in their OT networks.
Protocol converters present a broad attack surface, as they have limited native information security capabilities. They don’t validate senders or receivers, nor do they scan or verify message contents. Due to their crucial position in the middle of the OT network, they are an exceptionally appealing target for malicious actors. Organizations using protocol converters – especially those on the way to Industry 4.0 – must address these weak but critical components of their evolving infrastructure.
What do you think? Let me know in the comments below or @WilliamMalikTM
The post Black Hat Trip Report – Trend Micro appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group of vulnerabilities dubbed Ripple20 that have the potential to critically impact millions of IoT devices across many different industries.
Read on:
The Fear of Vendor Lock-in Leads to Cloud Failures
Vendor lock-in, the fear that by investing too much with one vendor an organization reduces their options in the future, has been an often-quoted risk since the mid-1990s. Organizations continue to walk a fine line with their technology vendors. Ideally, you select a set of technologies that not only meet your current needs but that align with your future vision as well.
How Do I Select a Mobile Security Solution for My Business?
The percentage of companies admitting to suffering a mobile-related compromise has grown, despite a higher percentage of organizations deciding not to sacrifice the security of mobile devices to meet business targets. To make things worse, the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols – despite also being highly targeted by cyberattacks.
Knowing Your Shared Security Responsibility in Microsoft Azure and Avoiding Misconfigurations
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources. As with any launch, there is a lot of new information, so we held a Q&A with one of the founders of Conformity, Mike Rahmati. In the interview, Mike shares how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure.
FBI Warns K-12 Schools of Ransomware Attacks via RDP
The US Federal Bureau of Investigation (FBI) this week sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Trend Micro recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers: XORDDoS malware and Kaiji DDoS malware. Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on cloud systems, while recently discovered Kaiji was first reported to affect internet of things (IoT) devices.
Frost & Sullivan Employee, Customer Data for Sale on Dark Web
A group is hawking records of more than 12,000 Frost & Sullivan employees and customers on a hacker folder. According to Cyble CEO Beenu Arora the breach was a result of a misconfigured backup directory on one of Frost & Sullivan’s public-facing servers. The KelvinSecurity Team said they put the information – which includes names, email addresses, company contacts, login names and hashed passwords – for sale in a hacking forum to sound the “alarm” after Frost & Sullivan didn’t respond to the group’s attempt to alert it to the exposed database.
Millions of IoT Devices Affected by Ripple20 Vulnerabilities
Israeli cybersecurity firm JSOF has released information on a group of vulnerabilities dubbed Ripple20. These vulnerabilities have the potential to critically impact millions of internet of things (IoT) devices across many different industries — crucial machines in the medical, oil and gas, transportation, power, and manufacturing industries can be affected by these bugs.
Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs
Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices.
Cyberattacks from the Frontlines: Incident Response Playbook for Beginners
For enterprises, staying competitive in an ever-changing market involves keeping up with the latest technological trends. However, without the parallel development of security infrastructure and robust response, new technology could be used as a conduit for cyberthreats that result in losses. Organizations should aim to prevent these breaches from happening — but having protocols for reducing a breach lifecycle is an essential and realistic approach for dealing with current threats.
OneClass Unsecured S3 Bucket Exposes PII on More than One Million Students, Instructors
An unsecured database belonging to remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance. Data exposed includes full names, email addresses (some masked), schools and universities attended, phone numbers, school and university course enrollment details and OneClass account details.
During the past decade, various countries and industries have actively developed guidelines and frameworks for OT security. Recently, multiple guidelines have been integrated, and two standards as global standards are IEC62443 and the NIST CSF, SP800 series, from the viewpoint of security in smart factories. In this series, Trend Miro explains the overviews of IEC62443 and NIST CSF, in order to understand their concepts required for security in smart factories.
Many businesses have misperceptions about cloud environments, providers, and how to secure it all. In order to help separate fact from fiction when it comes to your cloud environment, Trend Micro debunks 8 myths to help you confidently take the next steps in the cloud.
Does your organization have an incident response playbook for potential breaches? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: XORDDoS and Kaiji Botnet Malware Variants Target Exposed Docker Servers and Ripple20 Vulnerabilities Could Impact Millions of IoT Devices appeared first on .
“Alexa, turn on the TV.”
”Get it yourself.”
This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT systems and OT systems. Enterprise resource planning (ERP) software has evolved into supply chain management (SCM) systems, reaching across organizational and national boundaries to gather all forms of inputs, parting out subcomponent development and production, and delivering finished products, payments, and capabilities across a global canvas.
Each of these synergies fulfills a rational business goal: optimize scarce resources across diverse sources; minimize manufacturing, shipping, and warehousing expense across regions; preserve continuity of operations by diversifying suppliers; maximize sales among multiple delivery channels. The supply chain includes not only raw materials for manufacturing, but also third party suppliers of components, outsourced staff for non-core business functions, open source software to optimize development costs, and subcontractors to fulfill specialized design, assembly, testing, and distribution tasks. Each element of the supply chain is an attack surface.
Software development has long been a team effort. Not since the 1970s have companies sought out the exceptional talented solo developer whose code was exquisite, flawless, ineffable, undocumented, and impossible to maintain. Now designs must be clear across the team, and testing requires close collaboration between architects, designers, developers, and production. Teams identify business requirements, then compose a solution from components sourced from publically shared libraries. These libraries may contain further dependencies on yet other third-party code of unknown provenance. Simplified testing relies on the quality of the shared libraries, but shared library routines may have latent (or intentionally hidden) defects that do not come to life until in a vulnerable production environment. Who tests GitHub? The scope of these vulnerabilities is daunting. Trend Micro just published a report, “Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis,” that surveys the Industry 4.0 attack surface.
Within the manufacturing operation, the blending of IT and OT exposes additional attack surfaces. Industrial robots provide a clear example. Industrial robots are tireless, precision machines programmed to perform exacting tasks rapidly and flawlessly. What did industry do before robots? Factories either relied on hand-built products or on non-programmable machines that had to be retooled for any change in product specifications. Hand-built technology required highly skilled machinists, who are expensive and require time to deliver. See Figure 1 for an example.
Figure 1: The cost of precision
Non-programmable robots require factory down time for retooling, a process that can take weeks. Before programmable industrial robots, automobile factories would deliver a single body style across multiple years of production. Programmable robots can produce different configurations of materials with no down time. They are used everywhere in manufacturing, warehousing, distribution centers, farming, mining, and soon guiding delivery vehicles. The supply chain is automated.
However, the supply chain is not secure. The protocols industrial robots depend on assumed the environment was isolated. One controller would govern the machines in one location. Since the connection between the controller and the managed robots was hard-wired, there was no need for operator identification or message verification. My controller would never see your robot. My controller would only connect to my robot, so the messages they exchanged needed no authentication. Each device assumed all its connections were externally verified. Even the safety systems assumed the network was untainted and trustworthy. No protocols included any security or privacy controls. Then Industry 4.0 adopted wireless communications.
The move, which saved the cost of laying cable in the factory, opened those networks to eavesdropping and attacks. Every possible attack against industrial robots is happening now. Bad guys are forging commands, altering specifications, changing or suppressing error alerts, modifying output statistics, and rewriting logs. The consequences can be vast yet nearly undetectable. In the current report on Rogue Robots, our Forward-looking Threat Research team, collaborating with the Politecnico di Milano (POLIMI), analyzes the range of specific attacks today’s robots face, and the potential consequences those attacks may have.
Owners and operators of programmable robots should heed the warnings of this research, and consider various suggested remedies. Forewarned is forearmed.
The Rogue Robots research is here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/rogue-robots-testing-industrial-robot-security.
The new report, Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis, is here: https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems.
What do you think? Let me know in the comments below, or @WilliamMalikTM.
The post Securing Smart Manufacturing appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the more than 140 February Patch Tuesday updates from Microsoft and Adobe. Also, read about how an unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 inmate records in several U.S. states.
Read on:
February 2020 Patch Tuesday: Microsoft Fixes 99 Vulnerabilities, Adobe 42
This week, patches from Microsoft and Adobe for February were announced. Microsoft released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild – and Adobe released fixes for 42, most of which are critical, and none actively exploited.
How to Manage Your Privacy On and Off Facebook
Where on Facebook is your privacy most at risk and what can you do to mange these risks? Although Facebook has taken steps to offer users tools to manage their data, such as their recent broad launch of their Off-Facebook Activity tool, they are not always easy to find. This blog from Trend Micro serves as a guide on how to protect your privacy on Facebook.
Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
Emotet, the notorious trojan behind several botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already-infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a “Wi-Fi spreader” module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems
Trend Micro discovered that the hacking group Outlaw has been busy developing their toolkit for illicit income sources. While they had been quiet since Trend Micro’s analysis in June, there was an increase in the group’s activities in December, with updates on the kits’ capabilities reminiscent of their previous attacks.
Irving Security Company Spun Out of Trend Micro Lands $26M in Funding
Cysiv announced this week the close of a $26 million Series A financing led by ForgePoint Capital, a top tier venture capital firm that invests in transformative cybersecurity companies. Trend Forward Capital has been actively backing Cysiv and is also participating in this financing. Proceeds will be used to scale business operations and fuel further platform enhancements.
Trickbot, Emotet Use Text About Trump to Evade Detection
Threat actors have been using text from news articles about U.S. President Donald Trump to make malware undetectable. Trickbot samples employing this technique were recently found, while Trend Micro researchers detected Emotet samples using the same method.
Puerto Rico Gov Hit By $2.6M Phishing Scam
According to reports, an email-based phishing scam hit Puerto Rico’s Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors. The scam email alleged a change to a banking account tied to remittance payments, which is a transfer of money (often by a foreign worker) to an individual in their home country.
Malicious Spam Campaign Targets South Korean Users
The spam campaign, detected by Trend Micro researchers, utilizes attachments compressed through ALZip, an archive and compression tool widely used in South Korea. When decompressed, the attachment is revealed to contain two executable (.EXE) files that carry the information stealer TrojanSpy.
Google Removes 500+ Malicious Chrome Extensions from the Web Store
Google has removed more than 500 malicious Chrome extensions from its official Web Store following a two-month long investigation conducted by security researcher Jamila Kaya and Cisco’s Duo Security team. The removed extensions operated by injecting malicious ads (malvertising) inside users’ browsing sessions.
Dynamic Challenges to Threat Detection and Endpoint Security — and How to Overcome Them
As a result of great technological advancements, our environments are steadily changing. Now more than ever, individuals and organizations rely on technology to make life more dynamic. This reliance on technology and the consequent expanding attack surface are what cybercriminals bank on as they create threats that are meant to trick users and organizations. In this blog, learn how to step up your threat detection and endpoint security.
YouTube, Twitter Hunt Down Deepfakes
YouTube and Twitter have taken measures to clamp down on synthetic and manipulated media, including deepfakes. Deepfakes are media (images, audio, video, etc.) synthetically generated through artificial intelligence and machine learning (AI/ML), which have been exploited in adult videos and propaganda using the faces and voices of unwitting celebrities, politicians, and other well-known figures.
Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records
An unsecured and unencrypted Amazon Simple Storage Service (S3) bucket was found leaking 36,077 records belonging to inmates of correctional facilities in several U.S. states. The leak, which was discovered by vpnMentor, exposed personally identifiable information (PII), prescription records and details of inmates’ daily activities.
An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
CVE-2020-0601 is a vulnerability that was discovered by the National Security Agency (NSA) and affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could create their own cryptographic certificates that appear to originate from a legitimate certificate that is trusted by Windows by default.
In your opinion, what was the most noteworthy patch from this month’s update? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records appeared first on .
Whether you’re trying to inform purchasing decisions or just want to better understand the cybersecurity market and its players, industry analyst reports can be very helpful. Following our recent accolades by Forrester and IDC in their respective cloud security reports, we want to help customers understand how to use this information.
Our VP of cybersecurity, Greg Young, taps into his past experience at Gartner to explain how to discern the most value from industry analyst reports.
The post How To Get The Most Out Of Industry Analyst Reports appeared first on .
FreshRSS 