This Week in Security News – October 15, 2021
Actors target Huawei Cloud using upgraded Linux malware, 7-Eleven breached customer privacy by collecting facial imagery without consent and more. Read More HERE…
Trend Micro Research : Exploits&Vulnerabilities
October Patch Tuesday: 3 Critical Bulletins Among 71
The October Patch Tuesday maintains the relatively peaceful streak from previous months with only 3 bulletins rated as Critical among 71 new vulnerabilities. Read More HERE…
Security Risks with Private 5G in Manufacturing Companies Part. 1 Security Evangelist
We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry. The option of Private 5G lets private companies and local governments have their own telecom infrastructures. However, the “democratization of communications” entails its own risks that have not yet been made clear. To identify these risks, Trend Micro performed tests using an environment modeled after a steelworks with 5G equipment. Read More HERE…
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Threat Researcher Sr. Vulnerability Researcher Sr. Threat Researcher Sr. Threat Researcher
Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444. Read More HERE…
CISA Reports Top Vulnerabilities From Remote Work VP, Threat Intelligence
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities. Read More HERE…
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage Threats Analyst Threats Analyst
Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August. Read More HERE…
This Week in Security News – September 17, 2021 VP, Threat Intelligence
2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware Read More HERE…
Midyear 2021 Cybersecurity Landscape Review: Attacks From All Angles Abound
Here is a rundown of data related to the crucial security issues that enterprises faced during this period, as examined in our report, “Attacks From All Angles: 2021 Midyear Cybersecurity Report.” Read More HERE…
September Patch Tuesday: 66 Bulletins, Only 3 Critical
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins. Read More HERE…
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. Read More HERE…