This Week in Security News: Fake Apps on iOS and Google Play and Social Media Security Issues

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the evolution of EDR to XDR (and why your CISO should care), stock trading app attacks and fake gambling apps. Also, read about how Instagram and the Heyyo dating app exposed its users’ data.

Read on:

Why Should CISOs Care About XDR?

Will the evolution of EDR to XDR meet the challenges we are seeing today? In Trend Micro’s latest Simply Security blog, learn how XDR fills the gaps that EDR can’t, including malicious artifacts that are siloed or missed at the network, cloud and gateway – and why your CISO should care.

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website

As the use of stock trading apps continues to rise and gain popularity, cybercriminals continue to create and leverage fake trading apps to steal users’ personal data. Trend Micro found and analyzed a fake stock trading app, which had a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio.

Instagram Data Leak Exposes Account Information Including Full Names and Phone Numbers

Another day, another security issue for the Facebook family of companies. This time out, an Instagram data leak was discovered, exposing hidden contact information including the real names of millions of Instagram users and their phone numbers.

Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play

Trend Micro found hundreds of fake apps on iOS and Google Play stores, many of which posed as seemingly normal gambling games and were controlled to appear innocuous. Leveraging a “switch” feature, threat actors set the apps to either show or hide the app’s actual content.

Chrome Bug, Not Avid Software, Causes Damage to MacOS File Systems

Researchers have tracked a problem that caused corruption to the file systems of macOS users to a bug in a Google Chrome update after users originally feared it was a problem with Avid Media Composer. Users scrambled to find a fix for the problem, and eventually Google took responsibility for the issue.

From Homes to the Office: Revisiting Network Security in the Age of the IoT

As more businesses take advantage of rapidly developing IoT (Internet of Things) technology and begin adoption for their network environments, the underlying concern for network and data security has grown. In this blog, read about the commonly used features and types of home devices currently on the market, their security risks and Trend Micro’s best practices to defend and mitigate against attacks.

Magecart Web Skimming Group Targets Public Hotspots and Mobile Users

One of the web skimming groups that operate under the Magecart umbrella has been testing the injection of payment card stealing code into websites through commercial routers like those used in hotels and airports. The group has also targeted an open-source JavaScript library called Swiper that is used by mobile websites and apps.

Unsecure Pagers in Vancouver Expose Sensitive Patient Data: What This Means for Enterprises

The nonprofit group Open Privacy Research Society publicized in a press release that the confidential medical and personally identifiable information (PII) of patients across Vancouver, Canada, is being leaked through the paging systems of hospitals in the area. In this article, Trend Micro analyzes the security risks of pager technology.

Microsoft Releases Out-of-Band IE, Defender Security Updates

Microsoft released two out-of-band security patches to address critical issues for Internet Explorer (IE) and Microsoft Defender. While no exploit has been reported, Microsoft stated that an IE zero-day scripting engine flaw has been observed in the wild and advised users to manually update their systems immediately.

Heyyo Dating App Leaked Users’ Personal Data, Photos, Location, More

Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users, which is believed to be the app’s entire userbase.

Emotet Disguises as Downloadable File of Edward Snowden’s New Book to Infect Users

Emotet malware expanded its campaign to bank on the popularity of former CIA contractor and NSA whistleblower Edward Snowden’s bestselling memoir. The cybercriminals behind the campaign sent spam emails containing a Microsoft Word document pretending to be a free “Permanent Record” copy, luring victims to open the malicious document containing Emotet.

Social Engineering Explained: How Criminals Exploit Human Behavior

Social engineering has proven to be a successful way for criminals to get inside your organization using the art of exploiting human psychology, rather than technical hacking techniques. This article breaks down various social engineering techniques and discusses five ways to defend your organization against social engineering.

Are you surprised that fake gambling apps are making it past Apple and Google Play app store reviews? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE