{"id":16247,"date":"2019-09-06T06:00:14","date_gmt":"2019-09-06T14:00:14","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/09\/06\/news-9989\/"},"modified":"2019-09-06T06:00:14","modified_gmt":"2019-09-06T14:00:14","slug":"news-9989","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/09\/06\/news-9989\/","title":{"rendered":"This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams"},"content":{"rendered":"

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 06 Sep 2019 13:05:31 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went public\u00a0with their findings on a zero-day vulnerability impacting the Android mobile operating system.\u00a0<\/em><\/p>\n

Read on:<\/p>\n

Finding a Better Route to Router and Home Network Security<\/strong><\/a><\/p>\n

New research published reveals that many of the home routers sold in the US today are still missing basic protections. Read on to learn about how your router is exposed to hackers, what attacks are possible and how to protect your router and smart home with Trend Micro\u2019s help.<\/em><\/p>\n

Hiding in Plain Text: Jenkins Plugin Vulnerabilities<\/strong><\/a><\/p>\n

Jenkins, a widely used open-source automation server that allows\u00a0DevOps\u00a0developers to build, test, and deploy software efficiently and reliably, recently published security advisories that included problems associated with plain-text-stored credentials. Vulnerabilities that affect Jenkins plugins can be exploited to siphon off sensitive user credentials.<\/em><\/p>\n

Big Tech Companies Meeting with U.S. Officials on 2020 Election Security<\/strong><\/a><\/p>\n

Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election.<\/em><\/p>\n

Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions<\/strong><\/a><\/p>\n

Trend Micro recently caught a malvertising attack distributing the\u00a0malware Glupteba, an older malware that was previously connected to a campaign named\u00a0Operation Windigo\u00a0and distributed through exploit kits to Windows users. This blog discusses features of this malware and security recommendations to avoid this kind of attack.<\/em><\/p>\n

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion<\/strong><\/a><\/p>\n

A Trend Micro honeypot detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers, which then sends an email with an embedded link to a scam site to specific email addresses.<\/em><\/p>\n

Google, Trend Micro, IBM\u2019s Red Hat ID\u2019d Among Top Container Security Vendors<\/strong><\/a><\/p>\n

Container security\u00a0presents a hot growth opportunity for the channel, with the global market expected to more than quadruple by 2024, reaching nearly $2.2 billion. North America is expected to account for the highest market share through 2024.<\/em><\/p>\n

IPhone Theft Leads to Stolen Apple Credentials Through Phishing Attack<\/strong><\/a><\/p>\n

Of the hundreds who had their cellphones stolen or lost during the Lollapalooza music festival, one woman\u2019s attempt to find her iPhone led her to a phishing scheme that stole her credentials. Like a regular phishing scheme, she received a seemingly legitimate text message with a link to what looked like the Find My iPhone webpage, but realized they were fake after she entered her credentials.<\/em><\/p>\n

Ransomware Attacks Hit Taiwan Hospitals and Dubai Firm<\/strong><\/a><\/p>\n

Two notable\u00a0ransomware\u00a0attacks targeted several hospitals in Taiwan and a contracting company in Dubai last week. The ransomware attack in Taiwan prevented several hospitals from accessing their information systems, while the attack in Dubai froze a company’s systems.<\/em><\/p>\n

Trend Micro, AWS Deliver Transparent, Inline Network Security for Enterprise Clouds<\/strong><\/a><\/p>\n

Trend Micro is taking new steps to help enterprises using Amazon Web Services to better deliver network security for cloud and hybrid operations.\u00a0 IDN looks at Trend Micro Cloud Network Protection, along with the firm’s new XDR solution.<\/em><\/p>\n

Sextortion Scheme Deployed by ChaosCC Hacker Group Demands US$700 in Bitcoin<\/strong><\/a><\/p>\n

A recently discovered email scheme reportedly deployed by a hacking group called ChaosCC claims to have hijacked recipients\u2019 computers and recorded videos of them while watching adult content. This sextortion scheme reportedly attempts to trick recipients into paying US$700 in bitcoin.<\/em><\/p>\n

Unusual CEO Fraud via Deepfake Audio Steals US$243,000 From U.K. Company<\/strong><\/a><\/p>\n

This fraud incident used a deepfake audio, an artificial intelligence (AI)-generated audio, and was\u00a0reported\u00a0to have conned US$243,000 from a U.K.-based energy company. According to a report, in March, the fraudsters used a voice-generating AI software to mimic the voice of the chief executive of the company\u2019s Germany-based parent company to facilitate an illegal fund transfer.\u00a0<\/em><\/p>\n

Zero-Day Disclosed in Android OS<\/strong><\/a><\/p>\n

Yesterday,\u00a0Trend Micro researchers went public\u00a0with their findings on a zero-day vulnerability impacting the Android mobile operating system\u00a0after Google published\u00a0the September 2019 Android Security Bulletin, which didn’t include a fix for their bug. The vulnerability resides in how the\u00a0Video for Linux (V4L2) driver\u00a0that’s included with the Android OS handles input data.<\/em><\/p>\n

Container Security in Six Steps<\/strong><\/a><\/p>\n

Containers optimize the developer experience. However, as with any technology, there can be tradeoffs in using containers. This blog contains sex steps developers can follow to minimize risks when building in containers.<\/em><\/p>\n

Are you well-versed on Trend\u2019s suggestions for protecting your router and smart home from hackers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.<\/a><\/p>\n

The post This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 06 Sep 2019 13:05:31 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went…<\/p>\n

The post This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10422,714],"class_list":["post-16247","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-current-news","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16247"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16247\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16247"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}