Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 22 Nov 2019 14:05:44 +0000
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend’s new Cloud One platform that provides workload, container, file object storage, serverless and application, and network security. Also, read about the recent Disney+ account hacks, which are likely due to credential stuffing.
Trend Micro has announced a new security services platform aimed at helping customers simplify hybrid and multi-cloud security. The new Cloud One platform includes six services that provide workload, container, file object storage, serverless and application, and network security, which also aim to deliver security posture management capabilities.
Today’s threat landscape is so wide and varied, it requires around-the-clock monitoring, full visibility into IT environments and a multi-layered approach to keep hackers at bay. For MSPs, this creates a sizable opportunity to protect clients with a comprehensive security strategy that goes beyond endpoint detection and response.
Trend Micro announced its 2020 predictions report, which states that organizations will face a growing risk from their cloud and the supply chain. According to Trend Micro’s 2020 predictions, the growing popularity of cloud and DevOps environments will continue to drive business agility while exposing organizations, from enterprises to manufacturers, to third-party risk.
Security predictions aren’t just headline fodder. Successful enterprise security leaders look to the future, as they must, but are highly skeptical of most security predictions. So, what makes for a strong security prediction? Read on for insights from Greg Young, vice president of cybersecurity at Trend Micro.
Trend Micro’s latest research explored threats to 5G connectivity — from SIM jacking, identity fraud, fake news, and poisoning machine learning rules to manipulating business decisions — and found that they can be addressed through an identity-based approach to security.
Email remains the preferred way to communicate online for millions of Americans. Of the 28.6 billion cyber-threats Trend Micro blocked globally in the first half of 2019, more than 24.3 billion were carried by email, and many of these threats were made possible via phishing. Read up on why phishing is so popular and what you can do to protect yourself and your organization.
Just a few days after Disney+ launched, reports surfaced saying thousands of the streaming service accounts were already up for sale on various hacking forums, at bargain prices. What’s happening almost certainly isn’t a ‘hack’ in the way you would normally think of it. Instead, it appears to be a classic and regrettable case of what’s known as credential stuffing.
The official site of Monero was found compromised after the discovery of a coin-stealer in its Linux 64-bit command line (CLI) that account owners can download from the site. The user who discovered the malware noticed that the SHA256 hash of the downloaded CLI wallet did not match the one listed on the site, indicating that the file was tampered with.
Two new unusual ransomware families appeared in the wild this week. The AnteFrigus ransomware, which is delivered via a Hookads malvertising campaign that aims to lure victims to the RIG exploit kit server, and the PureLocker ransomware which has been observed to launch targeted attacks against enterprise production servers.
A new botnet is being spread among Linux-based servers running the system configuration tool Webmin. Dubbed as Roboto by Qihoo 360’s Netlab team, who tracked the botnet over a three-month period, it exploits CVE-2019-15107, a remote code execution vulnerability that could potentially allow an attacker to execute malicious commands with root privileges.
Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Trend Micro detected a new variant of a Mac backdoor, attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a macro-embedded Microsoft Excel spreadsheet.
Ten organizations today announced the creation of the Coalition Against Stalkerware, the first global initiative of its kind, with the sole purpose of fighting against stalkerware. Also known as spouseware, it is a smaller category of the spyware class and refers to apps that abusive partners install on the devices of their loved ones without their knowledge or consent.
Is your company taking steps to face the growing risk in cloud and supply chain environments in 2020? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.