{"id":16086,"date":"2019-08-16T08:00:15","date_gmt":"2019-08-16T16:00:15","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/08\/16\/news-9829\/"},"modified":"2019-08-16T08:00:15","modified_gmt":"2019-08-16T16:00:15","slug":"news-9829","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/08\/16\/news-9829\/","title":{"rendered":"This Week in Security News: Phishing Campaigns and a Biometric Data Breach"},"content":{"rendered":"

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 16 Aug 2019 14:05:21 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type \u2014 a 59% increase from 1.5 million in the second half of 2018. Also, read millions of sensitive biometric records were found exposed in a massive\u00a0data breach\u00a0involving a major biometric security platform.<\/p>\n

Read on:<\/p>\n

August Patch Tuesday: Update Fixes \u2018Wormable\u2019 Flaws in Remote Desktop Services, VBScript Gets Disabled by Default<\/strong><\/a><\/p>\n

Microsoft released updates to patch 93 CVEs, along with two advisories, in this month\u2019s Patch Tuesday. The bulletin patches issues in Azure DevOps Server, Internet Explorer, Microsoft Office, Microsoft Windows, Visual Studio and more. The patches address 29 vulnerabilities rated Critical and 64 that were rated Important, and a total of 21 CVEs were disclosed through the\u00a0Zero Day Initiative\u00a0(ZDI) program.<\/em><\/p>\n

Over 27.8M Records Exposed in BioStar 2 Data Breach<\/strong><\/a><\/p>\n

About 23 GB worth of data consisting of 27.8 million sensitive biometric records were found exposed in a massive\u00a0data breach\u00a0involving biometric security platform BioStar 2, which provides thousands of companies with biometrics security in order to restrict access to buildings and other private areas.<\/em><\/p>\n

New Tech: Trend Micro Inserts \u2018X\u2019 Factor Into \u2018EDR\u2019 \u2013 Endpoint Detection and Response<\/strong><\/a><\/p>\n

While endpoint detection and response (EDR) is one of the most significant advancements made by endpoint security vendors in the past six years, enterprises need more. Trend\u2019s COO Kevin Simzer discusses these needs and Trend Micro\u2019s new solution to meet them: XDR.<\/em><\/p>\n

Report: Huge Increase in Ransomware Attacks on Businesses<\/strong><\/a><\/p>\n

According to a report by Malwarebytes, there has been a 363% year-over-year increase in the first half of the year. Aside from businesses, there has also been a greater number of ransomware attacks targeting different\u00a0public sectors and\u00a0local governments\u00a0since the start of 2019.<\/em><\/p>\n

Hackers Can Turn Everyday Weapons into Acoustic Cyberweapons<\/strong><\/a><\/p>\n

A researcher found that writing custom malware that can induce embedded speakers to emit inaudible frequencies at high intensity or blast out audible sounds at high volume. Those aural barrages can potentially harm human hearing, cause tinnitus or have psychological effects and highlight the potential for acoustic malware to be distributed and controlled through remote access attacks.<\/em><\/p>\n

Cyberattack Lateral Movement Explained<\/strong><\/a><\/p>\n

Trend Micro\u2019s VP of Cloud Research, Mark Nunnikhoven, explains the concept of lateral movement, which\u00a0<\/em>refers to the techniques cyber attackers use to progressively move through a network post-breach as they search for the key data and assets that are ultimately the target of their attack campaigns.<\/em><\/p>\n

Cloud Atlas Group Updates Infection Chain with Polymorphic Malware to Evade Detection<\/strong><\/a><\/p>\n

Recently observed by security researchers, this malware campaign uses a polymorphic HTML application (HTA) and a polymorphic backdoor to evade detection. As in its previous iteration, the threat routine begins with\u00a0phishing\u00a0emails to high-value targets.<\/em><\/p>\n

BGP Hijackings Take on New Meaning in Cybersecurity Climate<\/strong><\/a><\/p>\n

The Border Gateway Protocol is vulnerable to malicious actors — and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable.\u00a0Trend Micro\u2019s Mark Nunnikhoven, VP of cloud research, discusses BGP\u2019s reliability and threat risk.<\/em><\/p>\n

The Rising Tide of Credential Phishing: 2.4 Million Attacks Blocked by Trend Micro Cloud App Security in 2019 1H<\/strong><\/a><\/p>\n

Credential phishing continues to be a bane for organizations. In the first half of 2019, the Trend Micro\"\u2122\" Cloud App Security\"\u2122\" solution caught 2.4 million attacks of this type \u2014 a 59% increase from 1.5 million in the second half of 2018.<\/em><\/p>\n

Securing the Industrial Internet of Things: Protecting Energy, Water and Oil Infrastructures<\/strong><\/a><\/p>\n

Given the expected expansion of industrial internet of things (IIoT), this guide discusses the possible security risks, threats, and scenarios that cybercriminals can abuse to compromise the energy, water, and oil industries. Also included are recommendations on how to defend against these attacks based on Trend Micro (TM) research.<\/em><\/p>\n

Anatomy of an Attack: How Coinbase was Targeted with Emails Booby-Trapped with Firefox Zero-Days<\/strong><\/a><\/p>\n

Coinbase\u2019s chief information security officer published\u00a0an incident report\u00a0covering\u00a0the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication. The thwarted attack began with email messages on May 30 to more than a dozen Coinbase employees that appeared to be from Gregory Harris, a research grant administrator at the University of Cambridge in the UK.<\/em><\/p>\n

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices<\/strong><\/a><\/p>\n

Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. These malware variants enlist infected routers to botnets that are capable of launching\u00a0distributed denial of service (DDoS)\u00a0attacks.<\/em><\/p>\n

Analysis: New Remcos RAT Arrives Via Phishing Email<\/strong><\/a><\/p>\n

In July, our researchers came across a phishing email purporting to be a new order notification, which contained a malicious attachment that leads to the remote access tool Remcos RAT. This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware.<\/em><\/p>\n

Are you up to speed on our recommendations to avoid possible security risks, threats, and scenarios that cybercriminals can abuse to compromise the energy, water, and oil industries? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.<\/a><\/p>\n

The post This Week in Security News: Phishing Campaigns and a Biometric Data Breach<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 16 Aug 2019 14:05:21 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type \u2014 a 59% increase from 1.5 million in the…<\/p>\n

The post This Week in Security News: Phishing Campaigns and a Biometric Data Breach<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10422,714],"class_list":["post-16086","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-current-news","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16086"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16086\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16086"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}