This Week in Security News: Holiday Cybercriminals & Cryptomining Malware

0

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn the common threats and the best practices for defending against cybercriminals during November’s online shopping season. Also, see the different cryptomining malware affecting Linux systems and learn what security tools are needed to defend against these threats.

Read on:

Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine

The evolving aspect of cryptocurrency mining malware — constantly adding evasion techniques — means that powerful security tools are often needed to defend users from these kinds of threats. 

Researchers Earn Thousands for Exposing Mobile Device Exploits at Pwn2Own

Security researchers competing in the Pwn2Own Tokyo competition earned a collective $325,000 for demonstrating new exploits on devices made by Samsung, Xiaomi and Apple.

Cryptocurrency-mining Malware Targets Linux Systems, Uses Rootkit for Stealth

Trend Micro recently encountered a cryptocurrency-mining malware affecting Linux systems. It is notable for hiding the malicious process’ presence from monitoring tools.  

House Passes Final Version of Bill Creating Cyber Agency at DHS, Sends Measure to President

The U.S. House of Representatives gave unanimous approval to create a stand-alone cybersecurity agency at the Department of Homeland Security, and sent the bill to President Trump for his signature.

When Cybercriminals Hitch On Your Holiday Spending: Online Shopping Trends and Threats

November is expected to see the bulk of 2018 online traffic and spending. Learn the common threats and the best practices for defending against cybercriminals during this online shopping season. 

Russian Hackers Largely Skipped the Midterms, and No One Really Knows Why

After unleashing cyberattacks on the U.S. during the 2016 presidential election, Russia’s hackers mostly appeared to have sat on the sidelines during the campaign ahead of last week’s midterm elections.

Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants

To address the growing number of network threats and keep abreast with the changing sophistication of network intrusion methods, Trend Micro looks into network flow clustering. 

More than 50 Nations, but not U.S., Sign onto Cybersecurity Pact

At the Paris Peace Forum, an international agreement on cybersecurity principles earned signatures from over 50 nations, 130 private sector groups and 90 charitable groups, but not the U.S., Russia or China.

Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos

In late October, security researchers showed from Cymulate showed a PoC exploiting a logic bug that could allow hackers to abuse the online video feature in Microsoft Office to deliver malware.

Firefox Warns if the Website You’re Visiting Suffered a Data Breach

The Firefox Monitor service warns you if your account was among the hundreds of millions affected by data breaches at sites like Yahoo, LinkedIn and Equifax.

The Importance of Employee Cybersecurity Training: Top Strategies and Best Practices

With robust employee user training that helps drive home the importance of a staffer’s role in the overall data protection and cybersecurity landscape, businesses can reduce the risk of a digital attacker.

As cryptomining malware evolves, do you think more users will be prepared to defend against these threats in 2019? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE

0