This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went public with their findings on a zero-day vulnerability impacting the Android mobile operating system. 

Read on:

Finding a Better Route to Router and Home Network Security

New research published reveals that many of the home routers sold in the US today are still missing basic protections. Read on to learn about how your router is exposed to hackers, what attacks are possible and how to protect your router and smart home with Trend Micro’s help.

Hiding in Plain Text: Jenkins Plugin Vulnerabilities

Jenkins, a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably, recently published security advisories that included problems associated with plain-text-stored credentials. Vulnerabilities that affect Jenkins plugins can be exploited to siphon off sensitive user credentials.

Big Tech Companies Meeting with U.S. Officials on 2020 Election Security

Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election.

Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions

Trend Micro recently caught a malvertising attack distributing the malware Glupteba, an older malware that was previously connected to a campaign named Operation Windigo and distributed through exploit kits to Windows users. This blog discusses features of this malware and security recommendations to avoid this kind of attack.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

A Trend Micro honeypot detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers, which then sends an email with an embedded link to a scam site to specific email addresses.

Google, Trend Micro, IBM’s Red Hat ID’d Among Top Container Security Vendors

Container security presents a hot growth opportunity for the channel, with the global market expected to more than quadruple by 2024, reaching nearly $2.2 billion. North America is expected to account for the highest market share through 2024.

IPhone Theft Leads to Stolen Apple Credentials Through Phishing Attack

Of the hundreds who had their cellphones stolen or lost during the Lollapalooza music festival, one woman’s attempt to find her iPhone led her to a phishing scheme that stole her credentials. Like a regular phishing scheme, she received a seemingly legitimate text message with a link to what looked like the Find My iPhone webpage, but realized they were fake after she entered her credentials.

Ransomware Attacks Hit Taiwan Hospitals and Dubai Firm

Two notable ransomware attacks targeted several hospitals in Taiwan and a contracting company in Dubai last week. The ransomware attack in Taiwan prevented several hospitals from accessing their information systems, while the attack in Dubai froze a company’s systems.

Trend Micro, AWS Deliver Transparent, Inline Network Security for Enterprise Clouds

Trend Micro is taking new steps to help enterprises using Amazon Web Services to better deliver network security for cloud and hybrid operations.  IDN looks at Trend Micro Cloud Network Protection, along with the firm’s new XDR solution.

Sextortion Scheme Deployed by ChaosCC Hacker Group Demands US$700 in Bitcoin

A recently discovered email scheme reportedly deployed by a hacking group called ChaosCC claims to have hijacked recipients’ computers and recorded videos of them while watching adult content. This sextortion scheme reportedly attempts to trick recipients into paying US$700 in bitcoin.

Unusual CEO Fraud via Deepfake Audio Steals US$243,000 From U.K. Company

This fraud incident used a deepfake audio, an artificial intelligence (AI)-generated audio, and was reported to have conned US$243,000 from a U.K.-based energy company. According to a report, in March, the fraudsters used a voice-generating AI software to mimic the voice of the chief executive of the company’s Germany-based parent company to facilitate an illegal fund transfer. 

Zero-Day Disclosed in Android OS

Yesterday, Trend Micro researchers went public with their findings on a zero-day vulnerability impacting the Android mobile operating system after Google published the September 2019 Android Security Bulletin, which didn’t include a fix for their bug. The vulnerability resides in how the Video for Linux (V4L2) driver that’s included with the Android OS handles input data.

Container Security in Six Steps

Containers optimize the developer experience. However, as with any technology, there can be tradeoffs in using containers. This blog contains sex steps developers can follow to minimize risks when building in containers.

Are you well-versed on Trend’s suggestions for protecting your router and smart home from hackers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE