This Week in Security News: Latest Cyber Risk Index Shows Elevated Risk of Cyber Attack and IoT Company Wyze Exposes Information of 2.4M Customers

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s Cyber Risk Index (CRI) and its results showing increased cyber risk. Also, read about a data breach from IoT company Wyze that exposed information of 2.4 million customers.

Read on:

The 5 New Year’s Tech Resolutions You Should Make for 2020

Now is the perfect time to reflect on the past and think of all the ways you can make this coming year your best one yet. With technology playing such a central role in our lives, technology resolutions should remain top of mind heading into the new year. In this blog, Trend Micro shares five tech resolutions that will help make your 2020 better and safer.

Security Study: Businesses Remain at Elevated Risk of Cyber Attack

Elevated risk of cyber attack is due to increased concerns over disruption or damages to critical infrastructure, according to the Trend Micro’s latest Cyber Risk Index (CRI) study. The company commissioned Ponemon Institute to survey more than 1,000 organizations in the U.S. to assess business risk based on their current security postures and perceived likelihood of attack.

Parental Controls – Trend Micro Home Network Security Has Got You Covered

In the second blog of a three-part series on security protection for your home and family, Trend Micro discusses the risks associated with children beginning to use the internet for the first time and how parental controls can help protect them.

Cambridge Analytica Scandal: Facebook Hit with $1.6 Million Fine

The Cambridge Analytica scandal continues to haunt Facebook. The company has been receiving fines for its blatant neglect and disregard towards users’ privacy. The latest to join the bandwagon after the US, Italy, and the UK is the Brazilian government.

Why Running a Privileged Container in Docker is a Bad Idea

Privileged containers in Docker are containers that have all the root capabilities of a host machine, allowing the ability to access resources which are not accessible in ordinary containers. In this blog post, Trend Micro explores how running a privileged, yet unsecure, container may allow cybercriminals to gain a backdoor in an organization’s system.

IoT Company Wyze Leaks Emails, Device Data of 2.4M

An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Exposed on Dec. 4 until it was secured on Dec. 26, the database contained customer emails along with camera nicknames, WiFi SSIDs (Service Set Identifiers; or the names of Wi-Fi networks), Wyze device information, and body metrics.

Looking into Attacks and Techniques Used Against WordPress Sites

WordPress is estimated to be used by 35% of all websites today, making it an ideal target for threat actors. In this blog, Trend Micro explores different kinds of attacks against WordPress – by way of payload examples observed in the wild – and how attacks have used hacked admin access and API, Alfa-Shell deployment, and SEO poisoning to take advantage of vulnerable sites.

FPGA Cards Can Be Abused for Faster and More Reliable Rowhammer Attacks

In a new research paper published on the last day of 2019, a team of American and German academics showed that field-programmable gate array (FPGA) cards can be abused to launch better and faster Rowhammer attacks. The new research expands on previous work into an attack vector known as Rowhammer, first detailed in 2014

Emotet Attack Causes Shutdown of Frankfurt’s IT Network

The city of Frankfurt, Germany, became the latest victim of Emotet after an infection forced it to close its IT network. There were also incidents that occurred in the German cities of Gießen, Bad Homburgas and Freiburg.

BeyondProd Lays Out Security Principles for Cloud-Native Applications

BeyondCorp was first to shift security away from the perimeter and onto individual users and devices. Now, it is BeyondProd that protects cloud-native applications that rely on microservices and communicate primarily over APIs, because firewalls are no longer sufficient. Greg Young, vice president of cybersecurity at Trend Micro, discusses BeyondProd’s value in this article.

How MITRE ATT&CK Assists in Threat Investigation

In 2013, the MITRE Corporation, a federally funded not-for-profit company that counts cybersecurity among its key focus area, came up with MITRE ATT&CK™, a curated knowledge base that tracks adversary behavior and tactics. In this analysis, Trend Micro investigates an incident involving the MyKings botnet to show how the MITRE ATT&CK framework helps with threat investigation.

TikTok Banned by U.S. Army Over China Security Concerns

With backlash swelling around TikTok’s relationship with China, the United States Army this week announced that U.S. soldiers can no longer have the social media app on government-owned phones. The United States Army had previously used TikTok as a recruiting tool for reaching younger users,

Mobile Money: How to Secure Banking Applications

Mobile banking applications that help users check account balances, transfer money, or pay bills are quickly becoming standard products provided by established financial institutions. However, as these applications gain ground in the banking landscape, cybercriminals are not far behind.

What security controls do you have in place to protect your home and family from risks associated with children who are new internet users? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE