![\"\"](\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/05\/Week-in-Security-News-Logo_RGB-300x300.jpg\"){kind=logo}
<\/p>\n<\/p>\n
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, see how cybercriminals have learned to become more creative with malware through spam campaigns. Also, understand why securing energy and water should remain top priority in integration of the industrial IOT.<\/p>\n
Read on:<\/p>\n
Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments<\/a><\/strong><\/p>\n As cybersecurity defenses continue to improve, cybercriminals have learned to become more creative with malware.\u00a0Trend Micro encountered threats being packaged inside old file types in spam campaigns.<\/em>\u00a0<\/em><\/p>\n Internet freedom continues to decline around the world, a new report says<\/strong><\/a><\/p>\n Digital authoritarianism is on the rise, according to a new report from a group that monitors internet freedoms.\u00a0Freedom House<\/a>, a pro-democracy think tank, said today that governments are seeking more control over users\u2019 data while also using laws nominally intended to address \u201cfake news\u201d to suppress dissent. It marked the eighth consecutive year that Freedom House found a decline in online freedoms around the world.<\/em><\/p>\n<\/div>\n HHS Opens Health Cybersecurity Coordination Center<\/a><\/u><\/strong><\/p>\n The Department of Health and Human Services opened a cybersecurity center designed to support and improve the cyber defense of the U.S. healthcare industry.<\/em>\u00a0<\/strong><\/p>\n Ransomware Threat Continues: How Infections Take Place<\/a><\/strong><\/p>\n According to Trend Micro\u2019s report,\u00a0there has only been a slight increase in ransomware detection so far in 2018. However, this doesn\u2019t make ransomware any less of a threat to enterprise security.<\/em><\/p>\n Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware<\/a><\/strong><\/p>\n Trend Micro recently observed cases of abuse of the systems running misconfigured Docker Engine-Community with Docker application program interface (API) ports exposed.\u00a0<\/em>\u00a0<\/em><\/p>\n Apple\u2019s T2 Security Chip Makes it Harder to Tap MacBook Mics<\/a><\/strong><\/p>\n To defend against eavesdropping malware, Apple\u2019s T2 security chip will now include a mechanism to cut off a laptop\u2019s microphone at a hardware level whenever the lid is closed.<\/em><\/p>\n Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures<\/a><\/strong><\/p>\n As\u00a0vulnerabilities in the systems behind CIs increase, specifically for\u00a0supervisory control and data acquisition human machine interfaces, it\u2019s important to look at what risks these critical sectors face.<\/em><\/p>\n Spam Campaign Targets Japan, Uses Steganography to Deliver the BEBLOH Banking Trojan<\/a><\/strong><\/p>\n This campaign is notable for its use of steganography, which hides malicious code in unexpected mediums (i.e., images) to evade signature-based detection<\/em>.<\/p>\n Critical Infrastructures Exposed and at Risk: Energy and Water Industries<\/a><\/strong><\/p>\n Securing energy and water should remain top priority<\/em> in the continuing integration of the industrial internet of things in these critical sectors.<\/em>\u00a0<\/em><\/p>\n British Airways Says Data Breach Larger Than Estimated<\/a><\/strong><\/p>\n International Consolidated Airlines Group SA said 185,000 more British Airways passenger records were potentially stolen in a recent data breach, on top of the 380,000 credit card records previously reported.<\/em><\/p>\n Network Threats Examined: Clustering Malicious Network Flows with Machine Learning<\/a><\/strong><\/p>\n Cybercriminals are increasingly using\u00a0evasion tactics\u00a0to bypass detection methods, and proactive techniques are needed to discover a malware infection before it leads to a threat.<\/em><\/p>\n Perl-Based Shellbot Looks to Target Organizations via C&C<\/a><\/strong><\/p>\n Trend Micro uncovered an operation of a hacking group, which we\u2019re naming \u201cOutlaw\u201d, involving the use of an IRC bot built with the help of Perl Shellbot.<\/em><\/p>\n Trickbot Shows Off New Trick: Password Grabber Module<\/a><\/strong><\/p>\n Trickbot now has a password grabber module that steals access from several applications and browsers, such as Microsoft Outlook, Google Chrome, Internet Explorer, Microsoft Edge, and more.<\/em>\u00a0<\/em><\/p>\n This is How Hackers Can Take Down our Critical Energy Systems Through the Internet<\/a><\/strong><\/p>\n Researchers from Trend Micro published a report on the ways that Human Interface Systems (HMI), which are found in thousands of utilities worldwide, can be exploited.<\/em>\u00a0<\/em><\/p>\n InfoSec Guide: Remote Desktop Protocol (RDP)<\/strong><\/a><\/p>\n The increasing attack incidences via Remote Desktop Protocol (RDP) have prompted the\u00a0FBI to release an alert<\/a>\u00a0informing businesses to establish preventive measures.<\/em><\/p>\n Do you think it\u2019s important for critical infrastructures to use proactive techniques to secure energy and water sectors? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.<\/a><\/u><\/p>\n\n