This Week in Security News: ZDI Bug Hunters Rake in $1.5M in 2019 and Metamorfo Trojan Malware Campaign Targets Online Banking Users

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro Zero Day Initiative’s $1.5 million in awards and other noteworthy milestones in 2019. Also, learn about a crafty malware that makes you retype your passwords so it can steal them for credit card information and other personal data.

Read on:

Four Reasons Your Cloud Security is Keeping You Up at Night

Organizations are migrating to the cloud for speed, agility, scalability, and cost-efficiency – but they have realized that it demands equally powerful security management. As the cloud continues to attract more businesses, security teams are spending sleepless nights securing the infrastructure. We can reduce the number of security issues affecting cloud infrastructure; however, we must first conquer the possible reasons for security vulnerabilities.

Trend Micro and Baker Hughes Collaborate to Help Deliver Protection for Critical Infrastructure

Trend Micro announced this week that it will collaborate with Baker Hughes’ Nexus Controls operational technology (OT) security experts through a strategic framework agreement, signed in late 2019. Together the companies aim to provide comprehensive, industry leading guidance and support for enterprises running critical OT environments.

Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud

Trend Micro recently discovered several malicious optimizer, booster and utility apps (detected as AndroidOS_BadBooster.HRX) on Google Play. The apps can access remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.

Zero Day Initiative Bug Hunters Rake in $1.5M in 2019

Zero Day Initiative, a division of Trend Micro, awarded more than $1.5 million in cash and prizes to bug-hunters throughout 2019, resulting in 1,035 security vulnerability advisories for the year. Most of those advisories (88 percent) were published in conjunction with a patch from the vendor.

ICS in VUCA: Insights from the World‘s Biggest ICS Security Event – S4

Many sessions at this year’s S4 discussed strengthening leadership. The environment surrounding the ICS community is filled with volatility, uncertainty, complexity and ambiguity (VUCA), and it requires strong leadership to drive changes. In this blog, read about the key takeaways coming out of the world’s leading ICS security event, S4.

This Crafty Malware Makes You Retype Your Passwords So It Can Steal Them

A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details. Detailed by researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in countries around the world including the US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico.

SORA and UNSTABLE: 2 Mirai Variants Target Video Surveillance Storage Systems

Trend Micro researchers encountered two variants of the notorious internet of things (IoT) malware, Mirai, employing a new propagation method. The two variants, namely SORA (detected as IoT.Linux.MIRAI.DLEU) and UNSTABLE (detected as IoT.Linux.MIRAI.DLEV), gain entry through Rasilient PixelStor5000 video surveillance storage systems by exploiting CVE-2020-6756.

Vulnerability in WhatsApp Desktop Exposed User Files

Facebook has patched a vulnerability in WhatsApp Desktop that could allow an attacker to launch cross-site scripting (XSS) attacks and access files from the victim’s system when paired with WhatsApp for iPhone. The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who found he could bypass WhatsApp’s CSP to execute code on a target system using maliciously crafted messages.

Ryuk Ransomware Infects US Government Contractor

The internal system of U.S. government contractor Electronic Warfare Associates (EWA) was infected with Ryuk ransomware last week, ZDNet reported. EWA is a contractor that supplies electronic equipment and services to the Department of Defense (DOD), the Department of Homeland Security (DHS), and the Department of Justice (DOJ).

New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT devices are targets in a new global campaign leveraging the malware variant.

New Extortion Campaign Threatens Victims of the 2015 Ashley Madison Breach

A new extortion campaign is targeting victims of the Ashley Madison data breach that happened five years ago, Vade Secure reports. Avid Life Media — the company behind the site — was hacked in 2015 by a group known as Impact Team. The actors behind this new campaign tell victims that they will publicize proof of their profile as well as other “embarrassing” activities and demand bitcoins as payment. 

Emotet Uses Coronavirus Scare in Latest Campaign, Targets Japan

Threat actors behind the Emotet malware used the novel coronavirus (2019-nCoV) scare as a hook for their spam email campaign against targets in Japan. IBM X-Force reported that the coronavirus spam emails were disguised as official notifications sent by a disability welfare provider and public health centers. The email content warns recipients about the rapid spread of the virus and instructs them to download an attached notice that allegedly contains preventive measures.

Researchers Use Smart Light Bulbs to Infiltrate Networks

Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the Zigbee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices.

What was your biggest takeaway from the S4 ICS security conference this year? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE