Author Archives: Jon Clay (Global Threat Communications)

This Week in Security News: Tax Scams and Spam Emails

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how criminals can use tax deadlines for social engineering schemes and redirection URLs in spam emails to sidestep spam filters.

Read on:

Beware Tax Scams and Sextortion Blackmail Attempts as Email Scams Worsen

Criminals often use the April 15th tax filing deadline in the United States for social engineering schemes to make victims share their credentials, money and personal information – costing 12,000 victims a total of $63 million in 2018.

Singapore Updates Guidelines on Data Breach Notifications and Accountability

Expected to be part of the upcoming amendment to Singapore’s data protection law, the new guidelines state that businesses must take no more than 30 days to investigate a suspected breach and notify the authorities 72 hours after completing their assessment of the breach.

Celebrating the Next Generation of Technology Innovators

Trend Micro and its venture capital arm Trend Forward Capital held a pitch-off competition for ambitious start-ups, where office automation company Roby won the $10,000 Forward Thinker Award.

Millions of Instagram Influencers Had Their Private Contact Data Scraped and Exposed

A massive AWS-hosted database containing contact information of millions of Instagram influencers, celebrities and brand accounts was found online exposed and without a password, allowing anyone to look inside.

Trickbot Watch: Arrival via Redirection URL in Spam

Trend Micro discovered a variant of the Trickbot banking trojan using a redirection URL in a spam email to sidestep spam filters that may block Trickbot at the onset.

Florida Governor Announces Cybersecurity Review Following Election Hacking Revelations

The state of Florida will conduct a cybersecurity review into election security for every county in the state after it was revealed two counties were hacked during the 2016 election.

Ryuk Ransomware Shows Diversity in Targets, Consistency in Higher Payouts

Ransomware’s persistence is best embodied by a relatively new breed of ransomware, Ryuk, which has been making waves recently with multiple incidents occurring over the past year.

TalkTalk Admits New Failings in 2015 Data Breach Notification

UK telecom company TalkTalk has admitted that it failed to notify 4,545 customers affected by the cyberattack in 2015 that exposed personal details of more than 150,000 customers.

Cyberextortionists Wipe Over 12,000 MongoDB Databases

Over the past three weeks, over 12,000 MongoDB databases have been deleted, with attackers from hacking group Unistellar demanding ransom in return for their restoration.

What are some of the warning signs of spam that you look for in your emails? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

The post This Week in Security News: Tax Scams and Spam Emails appeared first on .

This Week in Security News: Unsecured Servers and Vulnerable Processors

 

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about vulnerabilities that can allow hackers to retrieve data from CPUs and mine cryptocurrency.

Read on:

May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.

Trend Micro Unveils Cloud-Native Security Customized to the Demand of DevOps

Trend Micro launched container security capabilities added to Trend Micro Deep Security to elevate protection across the entire DevOps lifecycle and runtime stack.

Side-Channel Attacks RIDL, Fallout, and ZombieLoad Affect Millions of Vulnerable Intel Processors

Researchers found a bevy of critical vulnerabilities in modern Intel processors that, when exploited successfully, can leak or let hackers retrieve data being processed by the vulnerable CPUs.

Trump Issues Executive Order Paving Way for Ban on Huawei

President Trump has issued an executive order declaring a national emergency and prohibiting U.S. companies from using telecom services that are solely owned, controlled, or directed by a foreign adversary, clearing the way for a ban on the Chinese-owned Huawei.

Unsecured Server Leaks PII of Almost 90% of Panama Residents

The personally identifiable information of almost 90% of Panama’s population has been divulged due to an unsecured Elasticsearch server that was found without authentication or firewall protection, connected to the internet, and publicly viewable on any browser.

Google Discloses Security Bug in its Bluetooth Titan Security Keys, Offers Free Replacement

Google says that the security bug, which could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide, is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols.”

Jenkins Vulnerability Exploited to Drop Kerberods Malware and Launch Monero Miner

Threat actors were found exploiting CVE-2018-1000861, a vulnerability in the Stapler web framework that is used by the Apache Jenkins open-source software development automation server with versions 2.153 and earlier.

Crypto Exchange Binance Restarting Services After Post-Hack Upgrade

Cryptocurrency exchange Binance has announced that it is back online after completing a security upgrade prompted by a recent hack that saw 7,000 BTC worth $41 million stolen.

Do you worry about your personally identifiable information being divulged to cyber criminals? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

 

The post This Week in Security News: Unsecured Servers and Vulnerable Processors appeared first on .

This Week in Security News: Skimming Attacks and Ransomware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how credit card skimming attacks can impact businesses and how ransomware can use software installations to help hide malicious activities.

Read on:

Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada

Trend Micro uncovered recent activity by hacking group Mirrorthief involving the notorious online credit card skimming attack known as Magecart, which impacted 201 online campus stores in the United States and Canada.

Hackers Steal $40.7 Million in Bitcoin from Crypto Exchange Binance

Hackers stole more than 7,000 bitcoin from crypto exchange Binance and were able to access user API keys, two-factor authentication codes and other information to withdraw $41 million in bitcoin from the exchange.

Cyberattack Cripples Baltimore’s Government Computer Servers

Baltimore’s government rushed to shut down most of its computer servers after its network was hit by a ransomware virus, though officials believe it has not touched critical public safety systems.

Dharma Ransomware Uses AV Tool to Distract from Malicious Activities

Trend Micro recently found new samples of Dharma ransomware that are using a new technique: using software installation as a distraction to help hide malicious activities.

What Israel’s Strike on Hamas Hackers Means for Cyberwar

The Israeli Defense Force claimed that it bombed and partially destroyed one building in Gaza because it was allegedly the base of an active Hamas hacking group.

CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner with Rootkit

Trend Micro observed a critical vulnerability involving Confluence that was being exploited by threat actors to perform malicious attacks.

Trump Creates New Cybersecurity Competition with a $25,000 Award

The Trump administration announced steps to address a shortage of cybersecurity workers across the federal government, including sponsorship of a national competition and allowing cyber experts to rotate from one agency to another.

What are your thoughts on hacking groups like Mirrorthief and their impact on businesses and consumers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

The post This Week in Security News: Skimming Attacks and Ransomware appeared first on .

This Week in Security News: BEC Attacks and Botnet Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the prevalence and impact of BEC attacks. Also, find out how botnet malware can perform remote code execution, DDoS attacks and cryptocurrency mining.

Read on:

Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers

Trend Micro discovered a new technical support scam (TSS) campaign that makes use of iframe in combination with basic pop-up authentication to freeze a user’s browser. 

Cybersecurity Pros Could Work for Multiple Agencies Under Bill Passed by Senate

Skilled federal cybersecurity workers could be rotated among civilian agencies under bipartisan legislation the Senate passed to help fill specific gaps in the workforce. 

New Cybersecurity Report Warns CIOs — ‘If You’re Breached Or Hacked, It’s Your Own Fault’

A new cybersecurity survey conducted by endpoint management specialists 1E and technology market researchers Vanson Bourne, a survey that questioned 600 IT operations and IT security decision-makers across the U.S. and U.K., and found that 60% of the organizations had been breached in the last two years and 31% had been breached more than once.

AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining

Trend Micro’s honeypot sensors detected an AESDDoS botnet malware variant exploiting a server-side template injection vulnerability in a collaboration software program used by DevOps professionals. 

U.K. Prime Minister Theresa May Fires Defense Secretary Gavin Williamson Over Huawei Leak

British Prime Minister Theresa May fired Defense Secretary Gavin Williamson, saying he leaked sensitive information surrounding a review into the use of equipment from China’s Huawei Technologies Co. in the U.K.’s telecoms network. 

This Hacker Is Selling Dangerous Windows 0-Day Hacks For Past 3 Years

report by ZDNet has revealed that a mysterious hacker is selling Windows zero-day exploits to the world’s most notorious cybercrime groups for the past three years. At least three cyber-espionage groups also known as Advanced Persistent Threats (APTs) are regular customers of this hacker.

Docker Hub Repository Suffers Data Breach, 190,000 Users Potentially Affected

In an email sent to their customers on April 26, Docker reported that the online repository of their popular container platform suffered a data breach that affected 190,000 users. 

IC3: BEC Cost Organizations US$1.2 Billion in 2018

In the recently published 2018 Internet Crime Report by the FBI’s Internet Crime Complaint Center (IC3), the agency states that in 2018 alone, it received 20,373 BEC/email account compromise (EAC) complaints that racked up a total of over US$1.2 billion in adjusted losses. 

Trend Forward Capital’s First Startup Pitch Competition in Dallas

Trend Forward Capital, in a partnership with Veem, is bringing its Forward Thinker Award and pitch competition to Dallas on May 20. 

BEC Scammers Steal US$1.75 Million From an Ohio Church

The Saint Ambrose Catholic Parish in Brunswick, Ohio was the victim of a BEC attack when cybercriminals gained access to employee email accounts and used them to trick other members of the organization into wiring the payments into a fraudulent bank account. 

Cybersecurity Experts Share Tips And Insights For World Password Day

May 2 is World Password Day. World Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong passwords. 

Confluence Vulnerability Opens Door to GandCrab

A vulnerability in a popular devops tool could leave companies with a dose of ransomware to go with their organizational agility, according to researchers at Trend Micro and Alert Logic.

Were you surprised by the amount of business email compromise complaints the FBI received in 2018? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: BEC Attacks and Botnet Malware appeared first on .

This Week in Security News: Phishing Attacks and Ransomware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about schemes used in phishing and other email-based attacks. Also, learn how ransomware continues to make a significant impact in the threat landscape.

Read on:

New Report Finds 25% of Phishing Attacks Circumvent Office 365 Security

As email remains to be a common infection vector because of how easily it can be abused, attackers continue to take advantage of it by crafting threats that are persistent in nature and massive in number. 

New Twist in the Stuxnet Story

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.

Cybersecurity Proposal Pits Cyber Pros Against Campaign Finance Hawks

A Federal Election Commission proposal aims to help presidential and congressional campaigns steer clear of hacking operations by allowing nonprofits to provide cybersecurity free of charge.

New Sextortion Scheme Demands Payment in Bitcoin Cash

Trend Micro researchers uncovered a sextortion scheme targeting Italian-speaking users. Based on IP lookups of the spam emails’ senders, they appear to have been sent via the Gamut spam botnet.  

This Free Tool Lets You Test Your Hacker Defenses

Organizations will be able to test their ability to deter hackers and cyberattacks with a free new tool designed by experts at the UK’s National Cyber Security Centre to prepare them against online threats including malware, phishing and other malicious activities.

Ransomware Hits County Offices, Knocks The Weather Channel Offline

On April 18, the systems of The Weather Channel in Atlanta, Georgia, were infected by ransomware, disrupting the channel’s live broadcast for 90 minutes. 

Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps

A hacker broke into thousands of accounts belonging to users of two GPS tracker apps, giving him the ability to monitor the locations of tens of thousands of vehicles and even turn off the engines for some of them while they were in motion.

Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat

Trend Micro delves deeper into this vulnerability by expounding on what it is, how it can be exploited, and how it can be addressed. 

Hacker Dumps Thousands of Sensitive Mexican Embassy Documents Online

A hacker stole thousands of documents related to the inner workings of the Mexican embassy in Guatemala and posted them online.

Cybersecurity: UK Could Build an Automatic National Defense System, Says GCHQ Chief

The UK could one day create a national cyber-defense system built on sharing real-time cybersecurity information between intelligence agencies and business, the head of the UK’s Government Communications Headquarters said at CYBERUK 19.

Do you think the new hacker defenses tool will decrease the number of cyber-attacks targeted at organizations and public sectors? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Phishing Attacks and Ransomware appeared first on .

This Week in Security News: Medical Malware and Monitor Hacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware.

Read on:

Is Your Baby Monitor Susceptible to Hacking?

In a number of high-profile cases, home surveillance cameras have been easily compromised and disturbing reports of hacked baby monitors are in the news. 

 

Global Governments Demonstrate Rising Commitment to Cybersecurity

According to the International Telecommunications Union’s (ITU) 2018 Global Cybersecurity Index, only half of countries around the globe had a government cybersecurity strategy in 2017, which rose to 58 percent in 2018.

What Did We Learn from the Global GPS Collapse?

The problem highlights the pervasive disconnect between the worlds of IT and OT.

Malware Creates Cryptominer Botnet Using EternalBlue and Mimikatz

A malware campaign is actively attacking Asian targets using the EternalBlue exploit and taking advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines.

Medical Format Flaw Can Let Attackers Hide Malware in Medical Images

Research into DICOM has revealed that the medical file format in medical images has a flaw that can give threat actors a new way to spread malicious code through these images.

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

A hacker or group of hackers broke into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

New Business Email Compromise Scheme Reroutes Paycheck by Direct Deposit

A new business email compromise (BEC) scheme, where the attacker tricks the recipients into rerouting paychecks by direct deposit, has emerged.

Leadership Turnover at DHS and Secret Service Could Hurt US Cybersecurity Plans

Departures of top officials at the Secret Service and Department of Homeland Security (DHS) will add to an already difficult public-private disconnect on cybersecurity, especially since Kirstjen Nielsen has a rare set of cybersecurity skills that helped the DHS protect companies in critical industries.

Microsoft Disclosed Security Breach From Compromised Support Agent’s Credentials

Microsoft has notified affected Outlook users of a security breach that allowed hackers access to email accounts from January 1 to March 28, 2019.

Do you think the leadership turnover at DHS and the Secret Service will hurt US cybersecurity plans? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Medical Malware and Monitor Hacks appeared first on .

Continuing Education On Cyber Threats And Defenses

Anyone who has been in cybersecurity for any length of time knows, the threat landscape is constantly changing and requires regularly monitoring of news, blogs, podcasts, and other ways to ensure you know what is happening today. I have tried to bring this information to the public since starting my monthly threat webinar series in July of 2015. Over the years, I’ve been able to share information about the different aspects of the threat landscape from advanced persistent threats (APT) to zero-day exploits and everything in-between. My focus with these webinars is to share information about how these threats work and the technologies available to defend against them. I regularly have experts join me on these webinars too, so you don’t have to just listen to me all the time.

However, my main goal is to help you better understand what you are up against in your fight against threat actors and their ways of attacking you, your employees, systems and networks. I also ask for requests on topics you want me to cover in the future using a survey option within our webinar platform we use. Each of the webinars is live and allows you to ask questions to be answered either during the live event or afterwards via an email. We also record each of these webinars and you can watch them on-demand, as we know your time is valuable and sometimes you cannot attend it live or you want to share with your colleagues. Note – if you sign up for any of the on-demand webinars, you will receive an email with the upcoming month’s webinar topic. The April 2019 webinar will cover Bug Bounties and How They Help and you can sign up to attend here.

Webinars are one way we can help you stay educated and up-to-date about the industry and what’s happening today, as well as what we expect to happen next. You can also follow our other blogs, like Security Intelligence or Security News, for the latest from Trend Micro Research. We also have great explanatory videos on our Trend Micro YouTube channel.

Feel free to leave a comment below if there are any topics you’d like me to cover in upcoming months or if you simply want to say hello. I look forward to seeing you on one of my next webinars.

The post Continuing Education On Cyber Threats And Defenses appeared first on .