This Week in Security News: Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware and New Phishing Campaign Targeting Office 365 Exploits Brand Names

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how the next generation of Intel mobile processors will include malware protection built into the chip. Also, read about a new phishing campaign that uses brand names to bypass security filters and trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks.

Read on:

Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware

Announced this week, the next generation of Intel mobile processors will include malware protection built into the chip. The protection, provided by Intel’s Control-Flow Enforcement Technology (CET), will first be available in the company’s “Tiger Lake” mobile processors. In this article, Greg Young, vice president of cybersecurity at Trend Micro, shares his thoughts.

Forward-Looking Security Analysis of Smart Factories Part 4: MES Database Compromises

In this five-part blog series, Trend Micro looks at the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios and recommended defense strategies. Part four describes how the Manufacturing Engineering System (MES) plays an important role in the manufacturing process and how cyberattacks on the MES can affect production activities.

Elite CIA Unit that Developed Hacking Tools Failed to Secure its Own Systems, Allowing Massive Leak, an Internal Report Found

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report. The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks in March 2017.

Unpatched Vulnerability Identified in 79 NETGEAR Router Models

A whopping 79 NETGEAR router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. According to researchers, the vulnerability impacts 758 different firmware versions that have been used on 79 NETGEAR routers across the years, with some firmware versions being first deployed on devices released as far back as 2007.

Massive IBM Cloud Outage Caused by BGP Hijacking

IBM has provided new information about the large-scale outage that occurred this week, affecting many IBM Cloud customers. The outage, which knocked a whole host of sites offline, was the result of BGP hijacking, said the firm.

Hackers Posing as LinkedIn Recruiters to Scam Military, Aerospace Firms

A new, highly sophisticated espionage campaign targeting military and aerospace organizations across Europe and the Middle East has been discovered by cybersecurity firm ESET. The campaigners attempt to lure company employees to extract money and/or sensitive documents. Dubbed Operation In(ter)caption; the campaign was active from September to December 2019, and espionage is declared the primary objective behind this campaign.

Phishing Campaign Targeting Office 365, Exploits Brand Names

Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters and to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A report from Check Point Software first observed the attacks—the majority of which targeted European companies, with others seen in Asia and the Middle East.

Foodora Data Breach Impacts Customers in 14 Countries

Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. The cybersecurity incident has exposed the account details of 727,000 customers in 14 different countries. Information exposed in the incident included names, addresses, phone numbers, and hashed passwords. While no financial data was leaked, customers’ geolocation data, accurate to within a couple of inches, was breached.

Cisco Adds New Security Features to Webex, Patches Serious Vulnerabilities

At its Cisco Live 2020 event, the networking giant informed customers that it has extended its data loss prevention (DLP) retention, Legal Hold and eDiscovery features to Webex Meetings. The company has also published several security advisories this week for Webex vulnerabilities, including three that have been classified as high severity and one rated medium severity.

Vulnerable Platform Used in Power Plants Enables Attackers to Run Malicious Code on User Browsers

Otorio’s incident response team identified a high-score vulnerability in OSIsoft’s PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01). Installed in some of the world’s largest critical infrastructure facilities, OSIsoft Software’s PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves.

What other sophisticated phishing campaigns have you seen during the pandemic? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE