This Week in Security News: Spam Campaigns and Mobile Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a mobile malware that infects Android devices by exploiting the vulnerabilities found within the operating system. Also, read about a recent spam campaign that targets entities using a disposable email address service for its command and control server.

Read on:

iOS URL Scheme Susceptible to Hijacking

Abuse of Apple’s URL Scheme, a feature that allows developers to launch apps on an iOS device through URLs, can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads and more.

Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

Trend Micro observed a recent spam campaign that targets Colombian entities using YOPmail, a disposable email address service, for its command and control server (C&C). The payload, written in Visual Basic 6, is a customized version of a remote access tool called “Proyecto RAT.”

 Trend Micro’s Deep Security as a Service Now Available on the Microsoft Azure Marketplace

Trend Micro announced the availability of its cloud solution Deep Security as a Service on the Microsoft Azure Marketplace, enabling organizations to combine the benefits of security software-as-a-service with the convenience of consolidated cloud billing and usage-based, metered pricing.

SLUB Gets Rid of GitHub, Intensifies Slack Use

Trend Micro discovered a new version of the SLUB malware that has stopped using GitHub to communicate, heavily using Slack instead via two free workspaces that Slack has since shut down.

Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks

Trend Micro observed that a Jenkins user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e. the main Jenkins server), a setup enabled by default.

 FTC Approves Roughly $5 Billion Facebook Settlement

The Federal Trade Commission has endorsed a roughly $5 billion settlement with Facebook over a long-running probe into the tech giant’s privacy violations such as the Cambridge Analytica scandal, causing immediate concern from some politicians.

 GandCrab Threat Actors Possibly Behind Sodinokibi Ransomware

Various security researchers reported that the ransomware-as-a-service (RaaS) threat actors behind GandCrab might be responsible for releasing a more advanced ransomware variant called Sodinokibi.

Agent Smith Malware Infecting Android Apps, Devices for Adware

Agent Smith, a new kind of mobile malware, has been found infecting Android devices by exploiting the vulnerabilities found within the operating system (OS) to replace installed apps with malicious versions without the user knowing.

 Sprint Says Hackers Breached Customer Accounts Via Samsung Website

US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the “add a line” website, giving them access to personal information such as phone numbers, account numbers, billing addresses and more.

Report: Average BEC Attacks Per Month Increased by 120% from 2016 to 2018

According to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the total amount that cybercriminals attempted to steal via business email compromise (BEC) scams rose to an average of $301 million per month — a substantial increase from the $110 million monthly average in 2016.

U.S. Mayors Take Stand Against Ransomware Payments

As ransomware becomes an increasing problem for local governments with 22 attacks in 2019 alone, U.S. mayors took a firm stand against paying ransom to hackers in their resolutions at the U.S. Conference of Mayors.

 Another 2.2 Million Patients Affected by AMCA Data Breach

Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, and other personal information stolen because of the AMCA data breach.

Fake Invoices Used by BEC Scammers to Defraud Griffin City, Georgia of Over US$800,000

The government of the City of Griffin, Georgia lost over $800,000 to a business email compromise (BEC) scam when BEC operators posed as its vendor P.F. Moon to reroute funds in two separate transactions to a fraudulent bank account.

Cloud-Based IoT Solutions: Responding to Traditional Limits and Security Concerns

In the face of challenges brought about by the expansion of the Internet of Things (IoT) – a trend that is expected to be amplified in the 5G era – many organizations have turned to cloud-based IoT solutions that can respond to organizations’ needs when it comes to integration, processing, scalability and security.

Were you surprised by the increase in business email compromise attempts from 2016 to 2018? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE