Loading...

Follow Trend Micro Simply Security on Feedspot


Valid
or
Continue with Google
Continue with Facebook

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, hackers warn Congress that internet security across software and computer networks are insecure. Also, a malware, dubbed VPNFilter, infected more than 500,000 routers worldwide.

Read on to learn more.

CEO Interview: Eva Chen Meets with ‘IIoT World’

Trend Micro CEO Eva Chen recently shared her insights on cybersecurity for industrial control systems (ICS) in an interview with IIoT World co-founder, Lucian Fogoros. IIoT World is the first global digital publication dedicated to the connected industry and Industrial Internet of Things (IIoT).

How Connected Devices put Health Care at Risk

As the WannaCry outbreak demonstrated, an infection-based attack can have a significant impact on a health care facility and its patients.

Malicious Edge and Chrome Extension Used to Deliver Backdoor

Trend Micro noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions’ source. 

Confucius Update: New Tools and Techniques, Further Connections with Patchwork

Back in February, we noted the similarities between the Patchwork and Confucius groups and found that, in addition to the similarities in their malware code, both groups primarily went after targets in South Asia.  

GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities

In April, we discussed our findings on increased activity originating from China targeting network devices in Brazil that mimicked the Mirai botnet’s scanning technique. We recently found similar Mirai-like scanning activity from Mexico.  

Ahead of GDPR, UK Fines University of Greenwich £120,000 Over Data Breach

The University of Greenwich was fined £120,000 for a data breach impacting almost 20,000 people.

The Cybersecurity 202: These Hackers Warned Congress the Internet Was Not Secure. 20 Years Later, Their Message is the Same.

Twenty years ago, hackers warned Congress that software and computer networks everywhere were woefully insecure. This week, the same hackers offered a similarly bleak assessment on digital security.

Reboot Your Routers: VPNFilter Infected Over 500,000 Routers Worldwide

Security researchers published a report after discovering that a group infected more than 500,000 home and small-enterprise routers in at least 54 countries with malware dubbed VPNFilter.

Security by Design: A Checklist for Safeguarding Virtual Machines and Containers

With the public cloud expected to grow into a $178-billion market this year, there’s an evident shift toward automation and scalability in pushing out applications.

Protect Your Online Privacy with the New Trend Micro Zero Browser

To help you maintain your privacy online, Trend Micro now provides users its free Zero Browser for your iPhone®, iPad®, or iPod®.

LifeBridge Data Breach Exposes Personal Information of 500,000 Patients

LifeBridge Health has notified 500,000 patients that their personal information may have been exposed in a cyber-attack recently discovered by the health system.

Do you agree with the Cybersecurity 202 assessment? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Hacker Reports and Router Reboots appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Not that I needed to the reminder, but the influx of emails with the subject line “Updates to our Privacy Policy” from companies that I deal with (and some that I’ve never heard of!) means that TODAY is the day! The General Data Protection Regulation (GDPR) has officially taken effect. Originally adopted by the European Union (EU) in 2016 in an effort to protect EU citizen data in a consistent manner, the regulation gave companies two years to achieve GDPR compliance. So everyone is 100 percent compliant, right? C’mon, you had two years to get ready.

Unfortunately, as everyone suspected, it’s not even close. According to a survey conducted last month by the Ponemon Institute to over 1,000 companies in the United States and Europe, half of the companies will not meet the deadline or didn’t know if they would. But that’s just one side of the story. Reuters surveyed 24 European regulators earlier this month and 17 them said they didn’t have the funding or resources in place to respond to GDPR complaints. It will be interesting to see how GDPR plays out and how it will be enforced. Will my favorite shoe store stop sending me sale notices? Will it mean the death of the e-newsletter? Only time will tell.

If you need information on how to prepare for GDPR, Trend Micro has a resource page that includes a checklist, case studies and other key resources. You can even learn from our experiences on how we prepared for GDPR. Get the latest information here: https://www.trendmicro.com/en_us/business/capabilities/solutions-for/gdpr-compliance.html

New Product Version Release

Earlier this week, we released version 5.0.1 build 108768 of the TippingPoint Security Management System (SMS). For a complete list of enhancements and changes, customers can refer to the product Release Notes located on the Threat Management Center (TMC) website. For questions or technical assistance, customers can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are 15 new zero-day filters covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Advantech (9)

  • 31776: ZDI-CAN-5608,5612: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31777: ZDI-CAN-5609: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31778: ZDI-CAN-5610,5649: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31789: ZDI-CAN-5643: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)
  • 31842: ZDI-CAN-5650: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31843: ZDI-CAN-5651: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31844: ZDI-CAN-5652: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31846: ZDI-CAN-5653: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31847: ZDI-CAN-5654: Zero Day Initiative Vulnerability (Advantech WebAccess Node)

Microsoft (3)

  • 31759: ZDI-CAN-5605: Zero Day Initiative Vulnerability (Microsoft Edge)
  • 31784: HTTP: Microsoft Edge Undo Information Disclosure Vulnerability (ZDI-18-428)
  • 31787: ZDI-CAN-5613: Zero Day Initiative Vulnerability (Microsoft Edge)

NetGain (1)

  • 31764: TCP: NetGain Systems Enterprise Manager RMI Registry Insecure Deserialization (ZDI-17-953)

Squid (1)

  • 31765: HTTP: Squid Reverse Proxy sslBumpAccessCheck Denial-of-Service Vulnerability (ZDI-18-309)

Trend Micro (1)

  • 31788: ZDI-CAN-5640: Zero Day Initiative Vulnerability (Trend Micro Endpoint Application Control)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 21, 2018 appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The health care industry is one of the most attractive sectors to hackers. Not only do hospitals, doctor offices and other facilities store and have access to an array of patients' personal information, but many organizations also have financial details on file to facilitate billing processes.

One of the most damaging attacks on the health care sector took place just last year when the now-infamous WannaCry outbreak impacted organizations across more than 100 countries.

According to Trend Micro's Securing Connected Hospitals report, this ransomware infected National Health Service systems, preventing facilities from accessing patient records. The attack created scenarios in which infected hospitals were forced to reroute ambulances to other facilities. Doctors even had to cancel appointments and reschedule surgeries, all thanks to WannaCry.

This is by no means the first time the health care industry has been impacted by a far-reaching attack, and it likely won't be the last.

"As hospitals and other health care facilities adopt new technology, add new devices, and embrace new partnerships, patients get better and more efficient services – but the digital attack surface expands as well," Trend Micro's report states. "The more connected they get, the more attractive they become as lucrative targets to threat actors."

Top cyber security risk areas

As the WannaCry outbreak demonstrated, an infection-based attack can have a significant impact on a health care facility and its patients. The three most at-risk areas in terms of malicious cyber activity in the health care industry include:

  • Daily hospital operations: Staff scheduling, paging systems, building controls, tube transport systems, inventory, payroll and administration operations could all be severely threatened by a cyber attack. As more of these critical daily functions are automated and shifted to digital platforms, this risk grows exponentially.
  • PII privacy: One of the most compelling elements of the health care industry to hackers is the personally identifiable information (PII) that facilities have associated with patients, including financial details, diagnosis and treatment information, and other confidential information.
  • Patient health: An interruption in normal daily functions or compromised PII data can considerably affect a hospital's ability to provide care to support patient health and well-being.
Connected devices help bolster patient care, but exposed devices could put hospital operations and patient data at risk.
Exposed connected devices

The above described areas of hospital operations and patient data are put at risk through a number of different factors. However, as the report shows, one of the most persistent issues includes exposed connected devices which provide an entryway for hackers and malicious actors.

Modern health care facilities include more connected health information systems than ever before, encompassing settings and elements like:

  • Admission area and nurses' stations: Email, payroll, electronic health record (EHR) and other office systems.
  • Patient rooms: HVAC controls, EHR access, monitoring equipment and inventory system access.
  • Emergency and operating rooms: Diagnostic, surgical, monitoring and imaging equipment.
  • Pathology labs: EHR and pathology equipment.
  • Conference rooms: Video conferencing, VoIP and other office and communication applications.
  • Pharmacy: Inventory and EHR systems.

However, when these devices are exposed and accessible through the internet, it puts daily operations and patient care at risk. Some of the instances and situations that can cause connected health care devices to be exposed include:

  • Direct device and system access through incorrectly configured network infrastructure systems. This extends to issues like the use of default passwords that make it easy for malicious actors to access network infrastructure and supported platforms.
  • Connectivity requirements to enable the regular function of a system or device. Nearly all connected devices need an internet connection to support their functionality, but this can also create an opening for hackers. 
  • Remote-enabled access to ensure troubleshooting capabilities or access for remote workers.

As the Trend Micro research indicates, just because a device is exposed doesn't necessarily mean it is compromised. An exposed device simply means the endpoint is connected to the internet and, therefore, discoverable and accessible through a public connection.

The threat of Shodan

Another factor to take into account here is Shodan. As a search engine that enables users to discover internet-connected devices, it represents a beneficial solution for organizations to identify unpatched vulnerabilities and exposed assets within their systems.

At the same time, though, Shodan also offers advantages for hackers, who could leverage Shodan to surveil and gather intelligence about a target organization's connected devices and systems to support malicious activity.

"[This] is why Shodan has been called the World's Most Dangerous Search Engine," Trend Micro's study notes.

Problem with exposed ports

Although the inherent connectivity of today's advanced applications and devices are critical to their functionality, it is this connectedness that also puts them at risk.

A notable issue identified by Trend Micro is the problem of exposed ports. Researchers identified a number of different exposed and viewable ports within the current health care industry, including these identified ports that could create the greatest risks:

  • Network Time Protocol (NTP): This is one of the oldest protocols today. Because the connections between NTP servers and computers are almost never encrypted, hackers can leverage NTP protocols for man-in-the-middle attacks that prevent systems from updating appropriately.
  • Teletype Network (Telnet): This is another connection that is rarely encrypted – one in which data is transmitted in clear text, creating the ideal hacker opportunity for packet-sniffing attacks.
  • File Transfer Protocol (FTP): This standard network protocol is a default setting on most web servers, enabling hackers to exploit the protocol and compromised connected servers. This then provides access to all sensitive files supported by the servers and offers the ability to upload malicious files to further the attack. 
Health care and IT administrators must ensure that network activity is encrypted and ports aren't left exposed.
Other exposed areas to monitor

As Trend Micro's research shows, exposed ports and hackers' ability to exploit certain protocols aren't the only issues to be aware of – items like exposed databases and industrial controllers can pose a threat to health care operations as well.

"Databases are also treasure troves of critical/sensitive/important data, which makes the lucrative targets for hackers," Trend Micro's report states. "Compromising exposed building automation controls can allow a hacker to 'turn off the lights' inside the hospital. Doomsday scenarios like these are unfortunately not unrealistic, and extreme care should be taken to ensure building automation controllers are never exposed on the public internet."

Safeguarding health care devices

As Trend Micro's research clearly demonstrates, any exposed endpoint – from diagnostic and surgical equipment to electronic health record systems and exploitable protocols – can provide the window malicious actors need to interrupt operations and prevent quality patient care.

For these reasons, hospital administrators and IT stakeholders must ensure that sensitive equipment and devices have the proper protection in place, and that the necessary network connectivity doesn't result in these devices being exposed via public connections.

To find out more about connected devices in the health care industry, read Trend Micro's article and full report.

The post How connected devices put health care at risk appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In the digital age, your personal data and online behavior is increasingly being tracked whenever you browse, search, watch the news, use social networks, purchase goods, or manage your accounts online. Trend Micro, with nearly 30 years of experience in the security industry, is acutely aware of the threat this can pose to your data privacy. This threat is particularly true when you use the browser on your mobile device, the preferred access route for many, with its anytime, anywhere accessibility.

To help you maintain your privacy online, Trend Micro now provides users its free Zero Browser for your iPhone®, iPad®, or iPod®. It’s specifically designed to block various kinds of tracking, including a particularly invasive form of it called session replay, where everything you do on a website is recorded and viewable by interested third parties.

Privacy violations are now center-stage

Online privacy violations and data theft are everyday threats in the digital age, whether it’s your email address (Yahoo!), your credit information (Equifax), or the data you share on the social networks you use. On March 17, 2018 Facebook came under fire after news broke that Cambridge Analytica had secretly acquired personal information from millions of Facebook users to sway voters in political campaigns —including the 2016 presidential election in the United States. Facebook CEO Mark Zuckerberg addressed the scandal, but many questions remain unanswered even as Data Privacy Day came and went.

You may be aware you’re being tracked as you browse or buy online when ads similar to your purchase magically start appearing on websites afterwards, but that’s just the tip of the tracking iceberg. In late 2017, Princeton University researchers suggested that many websites now record everything you do online. After analyzing the top 50,000 Alexa-accessible websites in the world, they found over 480 sites that use a web-tracking technique called “session replay” to document your online behavior.

What is session replay?

As the name suggests, this tracking technique tracks every keystroke, mouse movement, or screen tap you do without you knowing it, essentially letting websites “look over your shoulder,” to keep that information for later review. This can include sensitive information such as medical conditions, credit card details, and other personal data displayed on a page—which can then be leaked to third-parties as part of the recording. Session replay companies like FullStory have captured and shared user data with Walgreens, Shopify, and CareerBuilder, to name just a few. Though FullStory and other session replay services such as UserReplay, SessionCam, Hotjar, Yandex, and Smartlook automatically edit out some user-input data gathered from online forms, important user data like your name, email, phone number, address, and even your social security number can slip through the cracks in the default editing process, to be culled by the website and its partners.

Does using incognito mode stop this kind of spying?

You may think, “Well, I’ll just flip into incognito mode in my browser!” but a 2017 survey by DuckDuckGo showed that only 46 percent of respondents in America have actually even used “private browsing” (known as “incognito mode” or “privacy mode”) at least once, in an attempt to increase their privacy online. Most of those who did so wanted to hide embarrassing searches and probably never realized how much they still revealed online to their internet service providers or the websites they visit.

The truth is, going incognito only prevents your web browser from tracking your activities on your device, as this article by Trend Micro debunking internet security myths explains. It does not stop websites from monitoring your browsing and buying behavior, or session replay scripts from observing and recording exactly what you do.

So what should I do now?

If you care about online privacy, then you need something other than the browser that came with your mobile device. Because Trend Micro has made a commitment to keeping your personal data safe, you can count on the free Trend Micro Zero Browser to do just that. But what makes this app so special?

  • Zero analytics — Trend Micro does not track any of your activities, and so has no data to sell or share with anyone else.
  • Zero leftovers — The app does not keep any usage history or data once you close it.
  • Zero leaks — Automatic blocking of session replays, visitor recordings, cryptojacking, and social media tracking systems means you can open any website or search for anything with total peace of mind.
  • Zero risk — Trend Micro has decades of security experience and a sterling reputation in the security field.

When launched, Trend Micro Zero Browser lets you pick the engine you want to use when you enter your search string or URL in the same way that you’re used to. Here, we choose Google:

When we navigated to the site below, Zero Browser blocked all 30 of the trackers it found, including advertising, behavioral, and social media trackers.

That’s great privacy filtering! You can click Learn More to see additional details about the tracking categories it blocks, even as it provides key Trend Micro protections against other web malware, which includes blocking of crypto-mining malware and the “grayware” session replay scripts we’ve mentioned above.

Note that you can turn off Privacy Filtering for any site you wish. In addition, Trend Micro Zero Browser lets you share website URLs with others and you can also save your bookmarks, as with other mobile browsers, adding the option to lock them away from prying eyes with your device password or Fingerprint ID.

Check out the free Trend Micro Zero Browser on the App Store now and install it on your iPhone®, iPad®, or iPod®. You’ll soon find Zero Browser your browser of choice, particularly for creating new online accounts, since none of the personal data you enter can be tracked by keyloggers or session replay scripts.

See our blogs Protecting Your Privacy Part 1 and Part 2 on Simply Security for more discussion of privacy issues on the web, social networks, and in your browser, and to find out more about the privacy tools (including Privacy Scanner) that Trend Micro Security provides for PCs, Mac® computers, and both Android and iOS mobile devices.

Copyright © 2018. Trend Micro Incorporated. All rights reserved. Trend Micro and the t-ball logo are registered trademarks of Trend Micro Incorporated.  iPhone, iPad, iPod and Mac are trademarks of Apple Inc., registered in the U.S. and other countries.  Android is a trademark of Google LLC.  Other trademarks are the property of their respective owners.

The post Protect Your Online Privacy with the New Trend Micro Zero Browser appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Chili’s parent company – Brinker International – announced that consumer credit and debit card information had been compromised at some locations. In addition, Trend Micro helped the FBI takedown hackers behind the notorious malware, Scan4You.

Read on to learn more.

The Rise and Fall of {Scan4You}

In May 2017, Scan4You, one of the biggest cybercrime facilitators went offline after the FBI arrested and extradited two main suspects.

Blockchain: The Missing Link Between Security and the IoT?

The internet of things (IoT) has been associated with major cyberattacks, often involving the abuse of vulnerable connected devices, such as surveillance cameras, to facilitate malicious activities.

White House Eliminates Cybersecurity Coordinator Role

The White House eliminated the position of cybersecurity coordinator on the National Security Council, a post that helped develop policy to defend against increasingly sophisticated digital attacks.

Homeland Security Unveils New Cyber Security Strategy Amid Threats

The Department of Homeland Security unveiled a national strategy for addressing the growing number of cyber security risks amid concerns about the security of the U.S. midterm congressional elections.

Data Breach in San Francisco Exposes Personal Information of Nearly 900 Patients

Nearly 900 patients at two city-run hospitals in San Francisco are being notified that their personal information was exposed in a data breach late last year.

Chili’s Says Customers’ Payment Information Compromised in Data Breach

Chili’s parent company, Brinker International, announced that customer credit and debit card information had been compromised in some Chili’s restaurants.

Suspected Member of TheDarkOverlord Hacking Group Arrested in Serbia

Serbian police have arrested a 38-year-old man from Belgrade on suspicion of being part of infamous hacking group, The Dark Overlord (TDO).

What do you think of the White House’s decision to eliminate the cybersecurity coordinator position? Share your thoughts in the comments below or follow me on Twitter to continue the conversation; @JonLClay.

The post This Week in Security News: Hackers and Cyber Attackers appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

It’s one thing when your security solutions help protect your organization from a devastating cyberattack. It’s another thing when the company who develops your security solutions takes it to the next level to actually help catch those responsible for some of the biggest cyberattacks in the world. Earlier this week, Trend Micro disclosed the details of its exclusive investigative cooperation with the Federal Bureau of Investigation (FBI) to identify, arrest and bring to trial the individuals linked to the infamous Counter Antivirus (CAV) service Scan4You.

In 2012, Trend Micro began its research on Scan4You, which allowed cybercriminals to check the detection of their latest malware against more than 30 modern antivirus engines, enabling them to make attacks more successful. After close collaboration with the FBI, Scan4You went offline following the arrest of two suspected administrators in May 2017. Ruslans Bondars was found guilty as a result of the recent trial, while Jurijs Martisevs pleaded guilty in March 2018.

You can read more about “The Rise and Fall of {Scan4You}” here.

Red Hat Fedora DHCP Client Network Manager Vulnerability

Yesterday, Trend Micro released DVToolkit CSW file CVE-2018-1111.csw that contains the following filter:

  • Filter C1000001: DHCP: Red Hat Fedora DHCP Client Network Manager Input Validation Vulnerability

This command injection flaw found in a script included in the DHCP client (dhclient) packages affects Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager, which is configured to obtain network configuration using the DHCP protocol.

Note: This filter will be obsoleted by MainlineDV filter 31851 in next week’s package.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before May 8, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2018 Security Update Review from the Zero Day Initiative:

Bulletin # CVE # Digital Vaccine Filter Status
APSB18-16 CVE-2018-4944 31588  
APSB18-09 CVE-2018-4946 31687  
APSB18-09 CVE-2018-4947 31688  
APSB18-09 CVE-2018-4948 31589  
APSB18-09 CVE-2018-4949 31592  
APSB18-09 CVE-2018-4950 31593  
APSB18-09 CVE-2018-4951 31594  
APSB18-09 CVE-2018-4952 31695  
APSB18-09 CVE-2018-4953 31696  
APSB18-09 CVE-2018-4954 31697  
APSB18-09 CVE-2018-4955 31698  
APSB18-09 CVE-2018-4956 N/A Vendor Deemed Reproducibility or Exploitation Unlikely
APSB18-09 CVE-2018-4957 31699  
APSB18-09 CVE-2018-4958 31700  
APSB18-09 CVE-2018-4959 31701  
APSB18-09 CVE-2018-4960 31702  
APSB18-09 CVE-2018-4961 31703  
APSB18-09 CVE-2018-4962 31704  
APSB18-09 CVE-2018-4963 31705  
APSB18-09 CVE-2018-4964 31706  
APSB18-09 CVE-2018-4965 31707  
APSB18-09 CVE-2018-4966 31708  
APSB18-09 CVE-2018-4967 31709  
APSB18-09 CVE-2018-4968 31710  
APSB18-09 CVE-2018-4969 31711  
APSB18-09 CVE-2018-4970 31712  
APSB18-09 CVE-2018-4971 31713  
APSB18-09 CVE-2018-4972 31714  
APSB18-09 CVE-2018-4973 31715  
APSB18-09 CVE-2018-4974 31716  
APSB18-09 CVE-2018-4975 31717  
APSB18-09 CVE-2018-4976 31718  
APSB18-09 CVE-2018-4977 31719  
APSB18-09 CVE-2018-4978 31720  
APSB18-09 CVE-2018-4979 31721  
APSB18-09 CVE-2018-4980 31722  
APSB18-09 CVE-2018-4981 31723  
APSB18-09 CVE-2018-4982 31724  
APSB18-09 CVE-2018-4983 31725  
APSB18-09 CVE-2018-4984 31726  
APSB18-09 CVE-2018-4985 31727  
APSB18-09 CVE-2018-4986 31597  
APSB18-09 CVE-2018-4987 31598  
APSB18-09 CVE-2018-4988 31596  
APSB18-09 CVE-2018-4989 31595  
APSB18-09 CVE-2018-4990 31591  
APSB18-09 CVE-2018-4993 31570  

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Advantech (5)

  • 31622: ZDI-CAN-5587: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)
  • 31624: ZDI-CAN-5590: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31627: ZDI-CAN-5595: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31628: ZDI-CAN-5596: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31629: ZDI-CAN-5597: Zero Day Initiative Vulnerability (Advantech WebAccess Node)

Microsoft (2)

  • 31620: ZDI-CAN-5567: Zero Day Initiative Vulnerability (Microsoft Visual Studio)
  • 31623: ZDI-CAN-5589: Zero Day Initiative Vulnerability (Microsoft Teams)

Omron (1)

  • 30435: HTTP: Omron CX-One CX-FLnet Version Buffer Overflow Vulnerability (ZDI-18-289)

Trend Micro (3)

  • 31619: ZDI-CAN-5553: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
  • 31625: ZDI-CAN-5592: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
  • 31626: ZDI-CAN-5594: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018 appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Trend Micro has always had a close relationship with law enforcement around the globe, because we believe that only together can we make the world a safer place in which to exchange digital information. As the business of cybercrime continues to grow and evolve, so must our response. That’s why we were delighted to be able to help the FBI in a five-year, trans-national case which has seen two suspects brought to trial and the end the of notorious Counter AV (CAV) service Scan4You.

As detailed in our new report, the case highlights not only the strength of Trend Micro’s intelligence gathering and investigative support, but the often arduous nature of cybercrime policing.

A long and winding road

CAV services are a key part of the global cybercrime industry, allowing would-be attackers to test the effectiveness of their malware without the risk of being detected. Without them, attacks would not be nearly so successful. Scan4You was one of the most prolific out there, having gained the hard-won trust of countless black hats. But Trend Micro researchers had other ideas.

Back in 2012, while researching a private exploit kit called g01pack, we spotted some unusual activity. Just minutes before the exploits were used in the wild, somebody using IP addresses in Latvia checked whether Trend Micro’s web reputation system already blocked the URLs hosting the exploits. On closer inspection we noticed those IP addresses were not only checking g01pack’s exploit URLs but many others. We had just found Scan4You, an underground service which let cybercriminals check their latest malware against over 35 commercial AV engines.

Over the next five years we charted the rise of the service, sharing evidence with the FBI in 2014 which ultimately helped lead investigators to arrest and bring to trial two suspects. During that time, we found that site administrators ‘Borland’ and ‘Garrik’ had ties to numerous other cybercrime activities. These included Eva Pharmacy, one of the oldest operations around using spam and SEO tactics to sell prescription drugs, as well as campaigns using banking trojans and the sale of stolen credit card details.

The fight goes on

Boland and Garrik were arrested last year as part of an international policing operation, after which time we noticed all Scan4You scanning activity stopped. Even better, we’ve not seen a sizeable spike in users of rival CAV services such as VirusCheckMate, so it looks like the investigation has had a real impact on the cybercrime underground.

This is why Trend Micro has always worked closely with law enforcement. Protecting our customers is vital, but it’s also important to try and effect change by disrupting cybercrime itself. Since 2013, our 20 partnerships with the likes of the FBI, Interpol, Europol, the UK’s National Crime Agency (NCA) and more have certainly worked hard to do just that. In fact, a Scan4You reseller was recently sentenced to two years behind bars after a joint investigation between the NCA and Trend Micro.

It has been rewarding to see that Trend Micro’s cooperation with intelligence investigators helped to bring the Scan4You suspects to trial: it’s testament to the broad base of world-leading in-house skills and capabilities we have amassed over the past 30 years. Cybercrime is usually portrayed on TV or in the movies in a rather stereotyped, high-octane “good versus evil” battle. The truth, as we’ve seen, is rather more mundane, and cases take much longer than 90 minutes to crack.

So, let’s celebrate this success, but steel ourselves for more hard work to come. With close co-operation like this, police and security vendors like ourselves can make life increasingly uncomfortable for the bad guys. They’ve had it easy for far too long. So let’s take the fight to them as we continue on our mission to secure the connected world.

The post A Five-Year Journey: How Trend Micro Helped Bring Down Scan4You appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

“Why choose Dr. Cleaner?” This is a common question that many people want to ask as there were too many cleanup apps for the Mac and many don’t know which one is the best one or safe to use. However, do not simply believe that there are no viruses or adware found on the macOS. Once you download apps from unknown websites or unidentified developers outside the App Store, there is a big risk that these apps may carry Trojan, viruses, or adware. Also, apps outside the App Store cannot provide a quick update when a new macOS is released. After you upgrade your system, these apps may fail to start or even make the entire system crash.

To free up disk space, use Dr. Cleaner as it’s the best Mac Memory and Disk Space Cleaner in the App Store. The App Store is the official digital distribution platform provided by Apple to allow users to search and download apps safely. Apple has an official authorization procedure to review every app’s functions and code before the app can be launched in the App Store. Apps will only run in a sandbox. For example, deleting certain files or scanning user content requires permissions from users.

What is Dr. Cleaner?

Dr. Cleaner is a cleanup app that offers Memory Optimization, Disk Cleaning and System Monitoring to keep your Mac optimized for its performance. Dr. Cleaner is designed to clean unnecessary files on a Mac with only a few clicks.

The latest Dr. Cleaner is equipped with several features such as Junk Files Cleaner, Big Files Scanner, Duplicate Files Finder, Intelligent App Manager and File Shredder.

Trend Micro has a wealth of experience in this field for more than 30 years, and has received recognition and praise from millions of users all over the world. We have been selling Dr. Cleaner in the App Store for quite some time and it has been downloaded millions of times since its introduction. Therefore, you can feel safe to download and use Dr. Cleaner.

Dr. Cleaner Guideline

To give you a clear picture, we’ll walk you through Dr. Cleaner from four aspects: Menu Window, Main Console, Preferences, and Technical Support.

 

Menu Window

We’ve designed an attractive user interface both in Dr. Cleaner’s menu window and on the main console. The menu window displays the usage of CPU, network, and memory, as well as the size of junk files on your Mac.

Memory Optimizer

Perhaps you didn’t know that there are applications running in the background of your Mac, which take up physical memory and affect its performance. When installed, Dr. Cleaner will automatically calculate and display memory usage and then free up your Mac’s memory in seconds with just one click. If you want to see which apps take up significant memory, you can click the three-dot icon next to “Memory Usage.” It will show you details about the app that uses the most memory on your Mac.

Junk Files Cleaner

Junk files, temporary files, system files and other items that you don’t need will accumulate on your Mac over time. These useless files take up precious hard disk space and degrade the performance of your Mac. With Dr. Cleaner, these unnecessary files can be cleaned up to make your Mac run much faster.

We know how much you are concerned about junk files on your Mac, so we collect as many application caches, logs and useless files as possible for you. Click “Clean” to clean up junk files quickly. You can also see the details by clicking the three-dot icon next to “Junk Files.”

CPU Usage Monitor

Some of you might ask, “Why is CPU usage included?” If you have a friend who loves playing online games, you will know the importance of monitoring CPU usage. With this feature, the apps that use significant CPU resources will be displayed. It also lets you know how much the CPU has been used and how long your computer battery can last at the same time.

Network Usage Monitor

If you are paying to get an unlimited data usage plan or even a plan with limited data usage, you are probably concerned about the speed of your internet connection most.

We think it is useful to let you know the real-time download and upload speeds of your Mac, so we added this feature. You can also view more network related information such as your Wi-Fi signal quality.

Main Console

Besides the menu window illustrated above, the main console is another important part of Dr. Cleaner. It has six sub-features: Junk Files, Big Files, Disk Map, Duplicate Files, App Manager, and File Shredder.

Junk Files 

“Junk files” on the main console is a little different from that in the menu window. We provide a lot of options that allow you to clean up more unnecessary files.

The Mac hard disk is the storage device that holds the entire Mac operating system and all of the important files and data. Through normal use of your Mac, the hard disk will become cluttered with hundreds or even thousands of junk files. These junk files are created by the system and other programs. They write temporary files to the hard disk during installation or running processes so that they can work more quickly. We equipped Dr. Cleaner with advanced efficient algorithms that make it scan and remove junk files within seconds.

Big Files

“Your hard disk is almost full!” You might have seen this alert message on your Mac screen. Take it easy. We know you have a lot of videos or other big files on your Mac and they occupy a lot of hard disk space. With our Big Files scanner, you can easily spot them and remove them if you don’t need them anymore. Is that all? No! If you hover your mouse on a file, you will see a magnifier and a lock icon. Once you click the magnifier icon, you will locate the file. If you click the lock icon, the file will be added to the whitelist which will be locked.

Disk Map

The “Disk Map” option is a significant function that helps you manage all the files on your hard disk using a visual map.

It quickly scans your drive and builds an amazing visualization of all the files and folders on your computer, allowing you to easily navigate the system and find the content that takes up the most space.

All folders and files under the home folder are listed out by size. As for some system-required critical-files, deleting them would provide a prompt that those are important and are not allowed to be removed. With “Disk Map”, you can also find out when this file/folder was created, modified and last opened. Furthermore, hovering your mouse on a folder then clicking the magnifier icon will direct you to the file location.

Duplicate Files

It is common that sometimes we create duplicate files such as pictures, videos or even apps without realizing it. Worse still, they occupy so much memory and affect the performance of your Mac. Whether they are self-generated or accidentally duplicated, you probably will want to remove these duplicate files. With “Duplicate Files”, it’s not a problem anymore. Let’s say you love photography and you have saved a lot of duplicate photos on your Mac. Just open Dr. Cleaner, click “Duplicate Files”, and then choose your photo library to start scanning photos on your Mac.

In the scan results, we provide an option called “Auto Select” to help you automatically select duplicate files. The information provided by “Auto Select” is listed below:

  1. Folder where duplicate files are located
  2. Dates modified
  3. Similar file names
  4. Other qualifications

You can choose “Remove to Trash” or “Delete Permanently” on the confirmation page. It’s really easy and effective to delete duplicate photos.

App Manager

According to our investigation, most users normally open an app once and never use it again. Therefore, in many cases, they may want to remove these apps. For most people, they will delete these unwanted apps by dragging them into the trash, assuming that doing so will free up hard disk space. But this isn’t enough.

When you attempt to uninstall an app, there are often invisible or hidden parts left on your Mac – even after you have emptied the trash. They are known as leftovers.

Leftovers are an app’s associated files and folders that can include different languages, log files, agents, or processes that might try to start an application. This is a natural part of how the macOS is built.

To solve this problem, we developed this App Manager to help you remove apps completely. This manager helps you detect all app leftovers automatically so you can remove them with just one click.

Is it only an app uninstaller? No! It is also an app updater. We know there are hundreds of Mac apps updating every day. For App Store apps, update is just one click away. But if you want to update the apps that are available outside the App Store, you need our App Manager. We review recently-updated non-App Store apps every day to ensure that your apps are up to date.

File Shredder

Data security is very important for everybody. Technically, to permanently remove a file from your system, you must use a program that can overwrite the file with random series of binary data multiple times. This process is often referred to as shredding. In this way, the actual content of the file is being overwritten. The possibility of recovering this fragmented file is almost impossible. With “File Shredder”, you can remove files from your hard disk without worrying that they will be recovered. If you want to delete some files permanently, you can try this feature. We use a special algorithm that can effectively prevent files from being regenerated.

Besides the features in the menu window and on the main console, “Preferences” is also a powerful tool.

Preferences

“Preferences” is the soul of a product. In Dr. Cleaner’s Preferences, you will see “General”, “Notifications”, “Memory”, “Duplicates”, “Whitelists” and “Auto Select.”

On the “General” tab, you can choose “Auto start at login” and other options according to what you prefer.

On the “Notifications” tab, you can disable the notification about smart memory optimization.

Furthermore, Dr. Cleaner is also equipped with the Smart Memory Optimization feature on the “Memory” tab. This feature uses artificial intelligence. You can set auto clean when your available memory is low or when apps close. We believe it’s very helpful when you use your Mac.

The “Duplicates,” “Whitelists” and “Auto Select” tabs work when you use the “Duplicate Files” feature on the main console. When there are too many duplicate files on your Mac, you can set the rules on the minimum file size and files to exempt and to prioritize during deletion.

Support

If you need technical support, click the robot icon either in the menu window or on the main console. Here comes our technical support! We provide two ways to contact us if you have suggestions or troubles when using Dr. Cleaner. You can contact us via email or online chat.

If you choose “Feedback,” you will get our response via email. Make sure to provide a correct email address.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This week marked National Teacher Appreciation Week here in the United States. I was happy to see that many other countries celebrate educators in all the other months of the year. All of us have at least one teacher, instructor or professor who really made a difference in our lives. There are two for me, and while they may not remember me out of the thousands they taught over the years, I definitely remember them. The first one helped me realize that I could write, and had me focus my frustration through poetry and essays as a 10-year-old moving from a city of almost two million (at the time) to a small town with 3,000 people trying to fit in. The second one validated my love for writing and journalism in college, encouraged me to ask the tough questions (don’t forget the five Ws and the H!) and reminded me to never bury the lead. He never forgave me for “going to the dark side” – that was his definition for marketing – but told me that as long as I’m still writing in some capacity, he was happy.

It’s only fitting that during National Teach Appreciation week that the University of Texas at San Antonio announced its plans to open a new cybersecurity center for government agencies and businesses seeking future cybersecurity workers and research. The space may potentially host a startup incubator, a computing center for research, data visualization lab and other research and training facilities. With a predicted 3.5 million unfilled cybersecurity positions by the year 2021, according to the Cybersecurity Jobs Report 2018-2021, we need all the help we can get to stay ahead of sophisticated cyber threats. You can learn more about the new center here.

TippingPoint Operating System (TOS) v5.0.3

Late last week, we released TOS v5.0.3 build 4867 for the TippingPoint TX-Series devices (8200TX/8400TX). For a complete list of enhancements and changes, customers can refer to the product Release Notes located on the Threat Management Center (TMC) website. Customers with any concerns or questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Microsoft Security Updates

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before May 8, 2018. It was another busy month for Microsoft with 68 security patches covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V Server, Windows, Visual Studio, Microsoft Office and Office Services and Web Apps, and the Azure IoT SDK. Of these 68 CVEs, 21 are listed as Critical, 45 are rated Important, and two are listed as Low in severity. Eleven of these CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2018 Security Update Review from the Zero Day Initiative:

CVE # Digital Vaccine Filter # Status
CVE-2018-0765 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0824 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0854 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0905 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0943 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0945 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0946 31487
CVE-2018-0951 31488
CVE-2018-0953 31489
CVE-2018-0954 31490
CVE-2018-0955 31563
CVE-2018-0958 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0959 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0961 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1021 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1022 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1025 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1039 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8112 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8114 31491
CVE-2018-8119 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8120 31562
CVE-2018-8122 31492
CVE-2018-8123 31552
CVE-2018-8124 31558
CVE-2018-8126 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8127 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8128 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8129 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8130 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8132 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8133 31494
CVE-2018-8134 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8136 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8137 31617
CVE-2018-8139 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8145 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8147 31554
CVE-2018-8148 31555
CVE-2018-8149 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8150 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8151 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8152 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8153 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8154 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8155 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8156 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8157 31556
CVE-2018-8158 31557
CVE-2018-8159 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8160 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8161 31573
CVE-2018-8162 31559
CVE-2018-8163 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8164 31561
CVE-2018-8165 31571
CVE-2018-8166 31572
CVE-2018-8167 31560
CVE-2018-8168 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8170 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8173 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8174 31493
CVE-2018-8177 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8178 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8179 31498
CVE-2018-8897 Vendor Deemed Reproducibility or Exploitation Unlikely

 

Zero-Day Filters

There are two new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Trend Micro (2)

  • 31495: ZDI-CAN-5550 Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
  • 31496: ZDI-CAN-5551 Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018 appeared first on .

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, a new report revealed that the Equifax breach had a larger impact than previously thought. In addition, The Senate Intelligence Committee released an interim report declaring that the Department of Homeland Security had an “inadequate” response to the Russian hack of the 2016 election.

Read on to learn more.

The Role of Sales & Channel in GDPR Compliance

Sales people and channel partners are integral parts of our business, and we have considered them key parts of our journey to GDPR compliance.

Equifax Breach Exposed Millions of Driver’s Licenses, Phone Numbers, Emails

A new investigation revealed that millions of driver’s license numbers, phone numbers and email addresses in connection with names, dates of birth and Social Security numbers were exposed.

Get Ready for the GDPR: Fix Susceptible Email Systems

Email is a particularly weak link for companies because of its role as a communication tool, and the fact that it is still the number one threat vector for cybercriminal exploits.

Senate Intelligence Committee Releases Interim Report on Election Security

The Senate Intelligence Committee determined that the Department of Homeland Security mounted an “inadequate” response to the Russian government-affiliated campaign in 2016.

1.13M Records Exposed by 110 Healthcare Data Breaches in Q1 2018

According to the Protenus Breach Barometer, around 1.13 million patient records were compromised in 110 healthcare data breaches in the first quarter of 2018.

Canada to Impose Own Data Breach Notification Regulations

These regulations enshrine mandatory data breach notification in Canadian law in the form of an amendment to the Personal Information Protection and Electronic Documents Act (PIPEDA) of 2000.

Twitter Fixes Bug, Advises Users to Reset Passwords

After advising users to change their account passwords on May 3, Twitter recently revealed that it fixed the bug that stored passwords unmasked in an internal log and that there’s no indication of a breach.  

Exposed Video Streams: How Hackers Abuse Surveillance Cameras

Hackers are gaining access to cameras and recording videos, selling camera access to other parties, or even using cameras to snoop around shops and scoop credit card information from customers. 

What do you think of Canada’s new data breach notification regulations? Share your thoughts in the comments below or follow me on Twitter to continue the conversation; @JonLClay.

The post This Week in Security News: Exposure and Susceptibility appeared first on .

Read Full Article
Visit website

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview