Loading...

Follow Trend Micro Simply Security on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware.

Read on:

Is Your Baby Monitor Susceptible to Hacking?

In a number of high-profile cases, home surveillance cameras have been easily compromised and disturbing reports of hacked baby monitors are in the news. 

Global Governments Demonstrate Rising Commitment to Cybersecurity

According to the International Telecommunications Union’s (ITU) 2018 Global Cybersecurity Index, only half of countries around the globe had a government cybersecurity strategy in 2017, which rose to 58 percent in 2018.

What Did We Learn from the Global GPS Collapse?

The problem highlights the pervasive disconnect between the worlds of IT and OT.

Malware Creates Cryptominer Botnet Using EternalBlue and Mimikatz

A malware campaign is actively attacking Asian targets using the EternalBlue exploit and taking advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines.

Medical Format Flaw Can Let Attackers Hide Malware in Medical Images

Research into DICOM has revealed that the medical file format in medical images has a flaw that can give threat actors a new way to spread malicious code through these images.

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

A hacker or group of hackers broke into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

New Business Email Compromise Scheme Reroutes Paycheck by Direct Deposit

A new business email compromise (BEC) scheme, where the attacker tricks the recipients into rerouting paychecks by direct deposit, has emerged.

Leadership Turnover at DHS and Secret Service Could Hurt US Cybersecurity Plans

Departures of top officials at the Secret Service and Department of Homeland Security (DHS) will add to an already difficult public-private disconnect on cybersecurity, especially since Kirstjen Nielsen has a rare set of cybersecurity skills that helped the DHS protect companies in critical industries.

Microsoft Disclosed Security Breach From Compromised Support Agent’s Credentials

Microsoft has notified affected Outlook users of a security breach that allowed hackers access to email accounts from January 1 to March 28, 2019.

Do you think the leadership turnover at DHS and the Secret Service will hurt US cybersecurity plans? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Medical Malware and Monitor Hacks appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Trend Micro Simply Security by William "bill" Malik (cisa Vp Infra.. - 6d ago

On April 6, 2019, a ten-bit counter rolled over. The counter, a component of many older satellites, marks the weeks since Jan 1, 1980. It rolled over once before, in the fall of 1999. That event was inconsequential because few complex systems relied on GPS. Now, more systems rely on accurate time and position data: automated container loading and unloading systems at ports, for example. The issue was not with the satellites or with the cranes.

The problem highlights the pervasive disconnect between the worlds of IT and OT. Satellites are a form of industrial control system. Engineers follow the same set of principles designing satellites as they do designing any other complex programmable machine. Safety first, service availability next.

In the 1990s satellites suffered a series of failures, prompting the US General Accounting Office (GAO) to review satellite security. The report (at https://www.gao.gov/products/GAO-02-781) identifies two classes of problems that might befall satellites, shown in these two figures.

Figure 1: Unintentional Threats to Satellites

Figure 2: Intentional Threats to Satellites

This analysis is incomplete. It omits an entire class of problems: software design defects and code bugs. The decision to use a 10-bit counter to track the passing weeks is a design defect. The useful life of a satellite can be 40 years or more. A 10-bit counter runs from 0 to 1,023, then rolls over to zero. Since the are 52 weeks in a year, the counter does not quite make it to 20 years. This design specification was dramatically under-sized. More recent designs use a 13-bit counter, which will not roll over for almost 160 years. That provides an adequate margin.

As for code bugs, satellites suffer them just like any other programmable system. The Socrates network tracks satellites to project potential collisions. In 2009, Socrates predicted that two satellites, a defunct Soviet-era communications satellite and the Iridium constellation satellite #33, were projected to pass 564 meters apart. In reality, they collided, creating over 2,000 pieces of debris larger than 1 cm in size. Whether the defect arose from buggy code or inadequate precision in observations, the satellites collided. Either way, there is a software defect here. The question is, is the software inaccurate, or is it creating precision that does not exist? If the instruments doing the measurement have a margin of error, the report should include that data. By stating that the satellites will pass 564 meters apart, the value implies a precision of ½ meter either way – between 563.5 meters and 564.5 meters. If the precision is within half a kilometer, the software should state that specifically – “Possible collision – distance between objects under 1 KM.” If the input data is precise, then the code is calculating the trajectories incorrectly. Either is a code bug.

These two types of defects are neither unintentional (code and designs do not degrade over time) nor intentional (no saboteur planted the defect). The third class of defect results from inconsistent design specifications (the satellite can live for 40 years but the counter rolls over in 20) or poor coding practices (creating a level of precision unsupported by the measurements, or calculating the trajectories incorrectly). These are software defects.

As we all know, there was no failure in the GPS system. I made a passing comment during a talk on satellite security at the RSA 2019 conference. A reporter from Tom’s Guide was there, and he wrote an excellent article on the problem: https://www.tomsguide.com/us/gps-mini-y2k-rsa2019,news-29583.html.

The failure is not including software issues among the risks to a programmable device.

What do you think? Let me know below or @WilliamMalikTM.

The post What Did We Learn from the Global GPS Collapse? appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the Internet of Things (IoT), new and unsuspected threats are just around the corner—or are already here. 

One of the most alarming threats to emerge is the breach of privacy. In a number of high-profile cases, home surveillance cameras have been easily compromised and disturbing reports of hacked baby monitors are in the news.

For example, in early January of this year, a Western Australian mother voiced her worries when she discovered that the baby monitor she recently purchased was compromised. The monitor allowed her to log in with a QR code and a generic password in order to watch her child through a camera. Though she followed the instructions for installation, upon opening the monitoring website she was greatly alarmed to see a vision of a stranger’s bedroom, rather than her child’s.

This type of case isn’t isolated, as another report surfaced last year when a stranger allegedly hacked a baby monitor camera to watch a mother breastfeed. In yet another case, a Texas couple, whose devices were hacked, said they heard a man’s voice coming from their baby monitor threatening to kidnap their child. It doesn’t get much scarier than that.

Though you might not have prepared for it, it’s increasingly clear you need to take steps to protect yourself, your children, your privacy, and your new smart devices from these kinds of emerging privacy threats, as well as others. As a first precaution, you should always remember to change the default passwords on all your networked devices, starting with your router, creating strong new ones and securing them safely whenever possible with a password manager. You should then pick the best endpoint and network security solutions you can find to protect all the networked devices in your home.

Trend Micro Password Manager provides a password manager that lets you generate and sync strong passwords across your PCs, Macs, Android, and iOS devices.

In addition, Trend Micro Security provides the best endpoint security for PCs, Macs, Android and iOS—a key part of any home security strategy. Trend Micro Maximum Security includes Trend Micro Mobile Security as part of its subscription, so you can protect up to 10 devices.

Finally, Trend Micro Home Network Security is specifically designed to protect all your new “smart” connected devices in the home. It filters incoming and outgoing traffic to provide an extra layer of protection against intrusions or hacking of the home network. It protects your router and a wide range of smart devices, including security cameras, child monitoring devices, smart TVs, refrigerators, smart speakers, and even smart doorbells and thermostats, from emerging IoT threats—and the list goes on.

With our endpoint and network security solutions, we’ve got you covered! Click the links above for more details on our solutions.

The post Is Your Baby Monitor Susceptible to Hacking? appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Trend Micro Simply Security by Jon Clay (global Threat Communicati.. - 1w ago

Anyone who has been in cybersecurity for any length of time knows, the threat landscape is constantly changing and requires regularly monitoring of news, blogs, podcasts, and other ways to ensure you know what is happening today. I have tried to bring this information to the public since starting my monthly threat webinar series in July of 2015. Over the years, I’ve been able to share information about the different aspects of the threat landscape from advanced persistent threats (APT) to zero-day exploits and everything in-between. My focus with these webinars is to share information about how these threats work and the technologies available to defend against them. I regularly have experts join me on these webinars too, so you don’t have to just listen to me all the time.

However, my main goal is to help you better understand what you are up against in your fight against threat actors and their ways of attacking you, your employees, systems and networks. I also ask for requests on topics you want me to cover in the future using a survey option within our webinar platform we use. Each of the webinars is live and allows you to ask questions to be answered either during the live event or afterwards via an email. We also record each of these webinars and you can watch them on-demand, as we know your time is valuable and sometimes you cannot attend it live or you want to share with your colleagues. Note – if you sign up for any of the on-demand webinars, you will receive an email with the upcoming month’s webinar topic. The April 2019 webinar will cover Bug Bounties and How They Help and you can sign up to attend here.

Webinars are one way we can help you stay educated and up-to-date about the industry and what’s happening today, as well as what we expect to happen next. You can also follow our other blogs, like Security Intelligence or Security News, for the latest from Trend Micro Research. We also have great explanatory videos on our Trend Micro YouTube channel.

Feel free to leave a comment below if there are any topics you’d like me to cover in upcoming months or if you simply want to say hello. I look forward to seeing you on one of my next webinars.

The post Continuing Education On Cyber Threats And Defenses appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Recently, Google Play Store and Microsoft Store both deleted multiple applications from their online stores, because the apps were malicious. Google deleted a total of 29 beauty camera apps from its Play Store, most of which show users pornographic contents or send them to phishing websites. The malicious beauty camera apps, discovered by Trend Micro, looked legitimate, but once installed did their dirty work and were difficult to uninstall.

Meanwhile, Microsoft Store also deleted eight cryptojacking apps, which included Fast-search Lite, FastTube, and Clean Master, among others. When downloaded and installed, the apps activated the Google Tag Manager in their domain servers, which then triggered the cryptomining scripts. Cryptojacking is a type of malicious activity that uses someone else’s device for illegally mining cryptocurrency—in this case, your device, if you installed one or more of these apps.

With reports like these of malicious and fraudulent apps being posted on different online stores, users need to make sure their Android and Windows devices are secured from such threats. While Google and Microsoft do their best to guard against such apps, users shouldn’t take for granted that even official stores are completely clean of them.

The solution is to install app protection on your devices. Trend Micro Mobile Security for Android  is a leading security product that protects your mobile device against loss, data theft, and viruses. It proactively scans apps you wish to install from the Google Play Store and tells you if they’re safe. You can also manually scan apps already installed and delete them if they’re found to be malicious.

Similarly, Trend Micro Security (TMS) will protect you from malicious or infected apps on Windows machines. Apps downloaded from Microsoft Store are scanned by TMS on disk for malicious code or infections, during the installation process, and upon execution. Any malicious files in such apps are deleted from your device.

Go to Trend Micro Security for Home for more information on our endpoint security solutions, or to buy Trend Micro Security products for your desktop and mobile devices.

The post Google Play and Microsoft Stores Delete Suspected Compromised Apps appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about cybersecurity and data concerns in 5G. Also, learn about cybercriminal threats during tax season.

Read on:

Securing Enterprises for 5G Connectivity

For the advantages of 5G to be unlocked, ample preparation and planning are necessary. Looking at the changes 5G networks might bring about on an enterprise and its security is a good place to start. 

Trend Micro Extends Security Offerings

Trend Micro has announced enhancements to its Deep Security and Cloud App Security products designed to extend protection to virtual machines on the Google Cloud Platform, Kubernetes platform protection, container image scanning integration with the Google Kubernetes Engine (GKE) and Gmail on the G Suite.

What You Need To Know About Tax Scams

While many taxpayers are rushing to file their returns, cybercriminals use the tax season to deceive people into unwittingly handing out credentials, money, and personally identifiable information. 

Hackers Go For Smaller Amounts Three Years After $100 Million Heist

In 2018, attempted fraudulent transactions ranged from $250,000 and $2 million, down from tens of millions of dollars in the previous two years, interbank messaging system Swift said in a report.

Mirai Variant Spotted Using Multiple Exploits, Targets Various Routers

Trend Micro researchers uncovered a new variant of the notorious Mirai malware that uses multiple exploits to target various routers and internet-of-things devices. 

Yahoo Tries to Settle 3-Billion-Account Data Breach with $118 Million Payout

Yahoo and plaintiffs, in a case over a data breach affecting three billion user accounts, have agreed to and filed a settlement that would require Yahoo to pay $117.5 million.

Ransomware Attack Hinders Michigan County Operations

On April 2, Michigan County reported a ransomware attack on their network, which was more severe than originally thought. The county has not been able to resume normal operations due to the attack. 

‘MuddyWater’ APT Spotted Attacking Android

A cyber espionage group believed to be out of Iran and known for targeting telecommunications providers and government bodies in the Middle East has added to its arsenal malware for targeting Android devices. 

Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages

Phishing is a permanent staple of a cybercrime due to its effectiveness. The concept behind phishing itself is simple but the strategies used by cybercriminals have become increasingly sophisticated.  

Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player

During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.

What security techniques or technologies is your enterprise using to prepare for new advancements like 5G? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: 5G Security and Tax Scams appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Trend Micro Simply Security by Jon Clay (global Threat Communicati.. - 1w ago

Trend Micro and the Ponemon Institute teamed up to produce a new Cyber Risk Index (CRI), which will be updated every six months. Today I want to dive a bit deeper into the results found in the inaugural survey that went out to more than 1,000 IT professionals and executives within organizations based in the USA. I also want to identify some differences between the responses given by the different sized organizations, broken out by small, medium, and enterprise.

The CRI

Before we go into these details, I want to simply explain how the CRI was calculated. The CRI is made up of two components, the Cyber Preparedness Index (how prepared are you to combat threats) and the Cyber Threat Index (your experience dealing with threats). The formula is as follows:

CRI = CPI – CTI

The CRI is on a -10 to +10 scale with -10 being the highest risk. Below are the results based on organization size.

The results seem to line up with what most would expect – small businesses have the highest cyber risk, medium businesses with less cyber risk and enterprises having the least cyber risk based on the factors that make up the index. Let’s now look at some of the more detailed results from the survey.

Key Survey Results

The top risk reported for cyber preparedness was interesting, as small business and enterprise respondents face the same primary concern:

Small business & Enterprise: My organization’s IT security function has the ability to know the physical location of business-critical data assets and applications.

Medium business: My organization’s enabling security technologies are sufficient to protect data assets and IT infrastructure.

To some extent, this primary risk may not be surprising. In a small business, there isn’t usually a lot of IT function and in an enterprise, the network tends to be very big and broad so knowing where these assets are physically located can be a difficult task. On the other hand, the medium-sized businesses may not have sufficient budget to allow them to afford some of the key components that make up a very secure environment.

On the other end of the CRI – the Cyber Threat Index – we reaffirm that threats are universal. Businesses of all sizes are dealing with cyber threats every day. Here are some of the most interesting takeaways from the survey:

  • Small business respondents stated:
    • 26% had 3-6 separate cyberattacks that infiltrated their organization in the past 12 months, while 11% have had 7-10 and 6% reported more than 10 such instances in the past year.
    • 34% said it’s very likely they will experience a cyber-attack that will infiltrate their organizations in the next 12 months.
  • Medium business respondents stated:
    • 19% had 3-6 separate cyberattacks that infiltrated their organization in the past 12 months. 14% reported 7-10 such incidents, and 8% have faced more than 10
    • 35% said it’s very likely they will experience a cyber-attack that will infiltrate their organizations in the next 12 months.
  • Enterprise respondents stated:
    • 19% had 3-6 separate cyberattacks that infiltrated their organization in the past 12 months. Another 15% have had 7-10, but only 3% said they’ve had more than 10.
    • 39% said it’s likely they will experience a cyber-attack that will infiltrate their organizations in the next 12 months – only 29% said very likely

As you see above, it is almost inevitable that an attack will occur in the next 12 months and that it will be successful. These responses show why all organizations have a high cyber threat environment today.

The intent of the CRI is to give organizations an understanding of their risk levels and insights into many areas of their security posture. From the results, they can make changes to their security infrastructure, policies, and educating their employees and board members to help minimize their risk in the future. As we continue to run the CRI survey every six months, we hope to see gradual improvement in the results.

Stay tuned for more insights from the survey in future blogs. If you want to check out the current results and take a mini version of the survey, go to our landing page here.

The post How Likely Is Your Organization to Be Breached? appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Fifteen years ago, Gmail was launched by Google. The web-based service now has 1.5 billion users a month. In addition to being the extremely popular personal email service, Gmail is also a key component of G Suite for organizations.

One of the many reasons of Gmail’s popularity is its security. Google makes use of multiple antivirus engines to help identify malware that may be missed by antivirus signatures. Authentication features, like 2-step verification and single sign-on, and email security policies like secure transport (TLS) enforcement are also being offered within Gmail/G suite.

There’s another aspect of security that is evolving and hard to detect. Business Email Compromise (BEC) and unknown malware/zero-days are top threats threatening email users globally. The baseline security included with G Suite is designed to protect against known malware, which only accounts for 5 percent of malware. It is crucial to consider third-party tools to protect your organization from the other 95 percent of malware and other types of email threats.

Trend Micro Cloud App Security now protects Gmail within G Suite, in addition to Google Drive. It is an API-based service protecting Gmail, Microsoft® Office 365 Exchange Online and other cloud file sharing services. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through G Suite/Office 365 scanning. In 2018, Cloud App Security caught 8.9 million high-risk email threats missed by Office 365 security.

Trend Micro Cloud App Security protects Gmail from three types of threats:

1. Unknown malware/zero-days: G Suite/Gmail uses antivirus engines to detect known malware.
As the second layer of filtering, Trend Micro Cloud App Security catches unknown malware using multiple advanced techniques (e.g. machine learning-based anti-malware, document exploit detection, and behavioral analysis using sandboxes). In fact, Trend Micro’s sandbox technology has been recommended by NSS Labs 5 years in a row.

2. BEC attacks: The most common type of BEC attack is CEO fraud – an email impersonating the CEO asks an employee to conduct a wire transfer, usually to a bank account overseas. BEC attacks are difficult to detect as cyber criminals use social engineering to trick users, and no attachment or malicious URL is in the email. Gmail protects against inbound emails spoofing your domain, which is a common tactic used by BEC messages. After the email passes Google’s scanning, Trend Micro Cloud App Security would use artificial intelligence to stop email fraud, and conduct unique authorship analysis by checking the writing style of the high profile users. The simple but hard to catch BEC attacks require multi-layered defense for the best protection.

3. Threats already exist in your organization: For threats that have passed through an organization’s security measures, it’s critical to have the capability to perform discovery and remediation. Trend Micro Cloud App Security offers a unique manual scan capability allowing admins to scan and protect Gmail mailboxes and Google Drive on-demand.  The manual scan capability is available on Drive now and will be available on Gmail in July, 2019.

Trend Micro Cloud App Security is the easy solution which deploys in minutes, requires no MX record routing, and is transparent to users. Get a free trial now to see how many threats are passing your G suite environment.

The post Hit the Easy Button for Your Organization’s Gmail Security appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

At Trend Micro we’ve spent the past three decades successfully solving problems for our customers. It’s helped us to become a leading provider of services to secure the connected world. But we’re not done there. We also want to find and learn from the technology innovators and problem-solvers of tomorrow.

That’s why our venture arm, Trend Forward Capital, is inviting ambitious start-ups to send in their submissions for the first pitch-off contest to be held at our North American HQ in Dallas. Submissions for the Forward Thinker Award are due by April 24th, and with only five lucky applicants selected to attend the event on May 20, the standard will need to be high.

Finding talent, closing skills gaps

Trend Micro’s mission is Securing Our Connected World. But we also recognize that, as important as it is, there’s a wealth of innovation happening outside the security sphere. Smart and connected technologies offer an unparalleled opportunity to make us all safer, healthier, more social and productive.

We’re in it for the long haul: teaming up to offer as much support as they need – from go-to-market expertise, to cybersecurity solutions and global resources. In this respect, you can view the pitch-off and the wider Trend Forward Capital mission as part of our global commitment to close skills gaps. Start-ups might have the ideas and the drive, but often need fine-tuning and support to help nurture their skills and expand their in-house know-how.

In return, we get to plug-in and learn from some of the most exciting companies around, who are pushing the boundaries of what’s possible across the globe.

Focus on Dallas

Trend Forward Capital has run successful pitch-off competitions at the past two CES conferences. But this is the first time we’ve taken the idea to the Dallas Fort Worth region. Why now? Because the area has become a thriving hotbed of entrepreneurial ideas and business growth. And as it plays host to our own North American headquarters, we wanted to cement our commitment to local start-up talent.

As mentioned, just five finalists will be chosen to pitch on May 20. They’ll have to impress an all-star line-up of judges including Trend Micro co-founder and CEO, Eva Chen; Marwan Forzley, CEO of one of our start-up success stories, Veem; Thomas Whiteaker, Partner at IBM Ventures; Shmuel Kliger, Founder and President of Turbonomic, as well as Will Akins, Manager of WeWork Labs Dallas.

There’ll be a $10,000 reward for the winner of the Forward Thinker Award, who will also be considered for pre-selection for the 2020 CES contest, including two passes to the show. All five finalists receive a year’s free cybersecurity protection with Trend Micro.

Trend Forward Capital has spent the past two years helping some of the most innovative companies around to reach the next stage of growth. If you’re a Dallas-based start-up, apply to the Forward Thinker Award today and you could be the next.

The post Dallas Start-Ups: Pitch Us Your Ideas for a Smarter Connected World appeared first on .

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about security threats directed at smart manufacturing environments. Also, learn why malware installed from the Android app store increased by 100% last year.

Read on:

Security in the Era of Industry 4.0: Dealing With Threats to Smart Manufacturing Environments

As manufacturing companies continue to adopt Industry 4.0, many environments could still be falling short on security that leave them vulnerable to attacks. 

Arizona Beverages Hacked in Targeted Ransomware Attack: Report

Arizona Beverages is recovering from a ransomware infection that recently compromised scores of Windows servers and computers and effectively shut down sales operations for days. 

Android Security: Click Fraud Apps Drove 100% Malware Increase in Google Play for 2018

Security issues are no stranger to apps found on Google’s Play Store. Malware installed from the Android app store grew by 100 percent in 2018 due to click fraud apps. 

Capture the Flag Competitions Can Help Close the Security Skills Gap

Members of the security teams at IBM Collaboration Solutions (ICS) and Industry Solutions, made a great impression when they spoke about capture the flag (CTF) events they were building for students and the IT industry.

Health Information of 350,000 Oregon DHS Clients Exposed After Phishing Attack

The Oregon Department of Human Services (DHS) recently notified the public that the personal health information of over 350,000 clients had been exposed due to a phishing attack.

Vehicles and Mobility Services to be Secured Against Cyber-Attacks by Partners Trend Micro and Luxoft

Trend Micro and Luxoft are jointly introducing and deploying an Intrusion Detection System (IDS), designed to detect, mitigate and respond to cyber-attacks on connected cars. 

Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

Trend Micro discovered a phishing campaign that has compromised at least four South Korean websites by injecting fake login forms to steal user credentials. 

Toyota Data Breach Affects Up to 3.1 Million Customers

Automotive maker Toyota announced that a data breach had hit its sales offices in Japan, exposing information on up to 3.1 million customers. 

Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices

Trend Micro uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet.

New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy

In previous attacks, XLoader posed as Facebook, Chrome and other apps to trick users into downloading its malicious app. Trend Micro researchers found a new variant that uses a different way to lure users. 

Are you surprised to learn that there was a 100% malware increase in Google Play for 2018? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: IIoT Threats and Malware Apps appeared first on .

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview