This Week in Security News: How a GIF Can Hack Your Android and Vulnerabilities That Could Put Hospital Networks at Risk

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how smart home devices can be easily hacked and 11 vulnerabilities that could affect medical devices and hospital networks. Also, read about why AI could be vital to your security future and a massive Zynga breach affecting more than 200 million players.

Read on:

In Identity Theft the Target is You!

The hard truth is that identity data is the new gold—and criminal panhandlers are constantly mining for the sale and distribution of data on the Dark Web. But what can we as digital citizens do to protect ourselves? Trend Micro’s recent blog post describes how to keep yourself and your data safe.

Trend Micro Named a Leader in Endpoint Security

Trend Micro was cited as a leader with the second-highest score in the current offering category in The Forrester Wave: Endpoint Security Suites, Q3 2019 report. Trend received the highest possible score for Corporate Vision and Focus (a criterion under the Strategy category), a recognition of stable leadership, innovative technology and high-quality product management and development.

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

Trend Micro found a new modular fileless botnet malware called Novter that the KovCoreG campaign has been distributing since March. KovCoreG is known for using the Kovter botnet malware through malvertisements and exploit kits to commit click fraud.

Trend Micro: Why AI Could Be Vital to Your Security Future

With businesses of all sizes keen to ensure they don’t become the next big-name security attack victim, the need to stay on top of your data could be central to staying safe from the latest threats. Cybercrime tactics have become more professional and business-like in recent years, keeping them one step ahead of the game.

Hacker Compromised Family’s Wi-Fi, Taunted Family with Thermostat, Camera for 24 Hours

According to a recent report, a hacker was able to hack into a couple’s Nest security system, control their thermostat and talk to them via their camera. According to the report, changing their Wi-Fi password wasn’t enough to keep the hacker away and disturbances only stopped after changing the network ID. Read up on how to protect your smart home and IoT devices in Trend Micro’s analysis.

Securing the Industrial Internet of Things: Addressing IIoT Risks in Healthcare

The industrial internet of things (IIoT) has rapidly transformed the network and data infrastructure in health and medicine. However, rapid adoption of IIoT is not without risks. Healthcare stakeholders must first understand the dangers it brings to the field when haphazardly implemented. Read more about addressing IIoT risks in healthcare in Trend Micro’s blog.

This Huge Android Trojan Malware Campaign Was Discovered After the Gang Behind It Made Basic Security Mistakes

A giant botnet and banking trojan malware operation has infected hundreds of thousands of Android users since at least 2016 – but mistakes by the group have revealed details of the campaign and how they operate.

Permanent Jailbreak on iPhones Possible Using Checkm8 Unpatchable Exploit

Security researcher axi0mX discovered “checkm8,” an exploit that could allow the jailbreak of millions of iOS devices. The exploit lies in the bootrom of the affected devices, which in turn is located on a read-only memory chip. This renders the exploit unpatchable and the resulting jailbreak permanent.

Exim Vulnerability CVE-2019-16928 Could Lead to Denial-of-Service and Remote Code Execution Attacks

A vulnerability involving the message transfer agent Exim — estimated to run roughly 57% of all email servers — has been discovered by security researchers from QAX-A-Team. Exploitation of the bug, assigned CVE-2019-16928, could result in threat actors being able to launch denial-of-service (DoS) or remote code execution (RCE) attacks.

Zynga Data Breach Exposed 200 Million Words with Friends Players

Publisher Zynga announced there was a data breach of account login info for Draw Something and Words with Friends players on Sept. 12.  A hacker that goes by the name of Gnosticplayers said they stole data from over 218 million Words with Friends player accounts.

FDA Warns Against URGENT/11 Vulnerabilities Affecting Medical Devices and Hospital Networks

The Food and Drug Administration (FDA) notified patients, healthcare professionals, and other stakeholders, warning them of a set of 11 vulnerabilities that could put medical devices and hospital networks at risk. The set of vulnerabilities was dubbed “URGENT/11,” and was discovered in a decade-old third-party software component called IPnet.

Who Should the CISO Report To, and Other CloudSec 2019 Takeaways

The second annual CloudSec event hosted by Trend Micro last week yielded valuable insight from industry leaders both on stage and during breakout sessions. Trend’s Mark Nunnikhoven, vice president of cloud research, discusses Canada’s position in the cloud adoption race.

Security 101: Zero-Day Vulnerabilities and Exploits

A zero-day attack exploits an unpatched vulnerability and could significantly affect organizations using vulnerable systems. Trend Micro provides an overview detailing what businesses need to know about zero-day vulnerabilities so they can better mitigate the risks and the threats that exploit them.

Were you aware that smart home devices could be hacked? Will it affect your decision to buy smart home devices in the future? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE