Category Archives: Current News

This Week in Security News: Phishing Campaigns and a Biometric Data Breach

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type — a 59% increase from 1.5 million in the second half of 2018. Also, read millions of sensitive biometric records were found exposed in a massive data breach involving a major biometric security platform.

Read on:

August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default

Microsoft released updates to patch 93 CVEs, along with two advisories, in this month’s Patch Tuesday. The bulletin patches issues in Azure DevOps Server, Internet Explorer, Microsoft Office, Microsoft Windows, Visual Studio and more. The patches address 29 vulnerabilities rated Critical and 64 that were rated Important, and a total of 21 CVEs were disclosed through the Zero Day Initiative (ZDI) program.

Over 27.8M Records Exposed in BioStar 2 Data Breach

About 23 GB worth of data consisting of 27.8 million sensitive biometric records were found exposed in a massive data breach involving biometric security platform BioStar 2, which provides thousands of companies with biometrics security in order to restrict access to buildings and other private areas.

New Tech: Trend Micro Inserts ‘X’ Factor Into ‘EDR’ – Endpoint Detection and Response

While endpoint detection and response (EDR) is one of the most significant advancements made by endpoint security vendors in the past six years, enterprises need more. Trend’s COO Kevin Simzer discusses these needs and Trend Micro’s new solution to meet them: XDR.

Report: Huge Increase in Ransomware Attacks on Businesses

According to a report by Malwarebytes, there has been a 363% year-over-year increase in the first half of the year. Aside from businesses, there has also been a greater number of ransomware attacks targeting different public sectors and local governments since the start of 2019.

Customer Perspective: Catching the Thief Lurking in the Shadows with EDR and MDR

Organizations want more visibility, enriched by data, into every nook and cranny of their IT infrastructure. The industry is decidedly moving towards XDR, a form of data-powered defense that provides omnipresent, nuanced visibility into attacks.

Hackers Can Turn Everyday Weapons into Acoustic Cyberweapons

A researcher found that writing custom malware that can induce embedded speakers to emit inaudible frequencies at high intensity or blast out audible sounds at high volume. Those aural barrages can potentially harm human hearing, cause tinnitus or have psychological effects and highlight the potential for acoustic malware to be distributed and controlled through remote access attacks.

Cyberattack Lateral Movement Explained

Trend’ VP of Cloud Research, Mark Nunnikhoven, explains the concept of lateral movement, which

refers to the techniques cyber attackers use to progressively move through a network post-breach as they search for the key data and assets that are ultimately the target of their attack campaigns.

Cloud Atlas Group Updates Infection Chain with Polymorphic Malware to Evade Detection

Recently observed by security researchers, this malware campaign uses a polymorphic HTML application (HTA) and a polymorphic backdoor to evade detection. As in its previous iteration, the threat routine begins with phishing emails to high-value targets.

BGP Hijackings Take on New Meaning in Cybersecurity Climate

The Border Gateway Protocol is vulnerable to malicious actors — and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable. Trend Micro’s Mark Nunnikhoven, VP of cloud research, discusses BGP’s reliability and threat risk.

The Rising Tide of Credential Phishing: 2.4 Million Attacks Blocked by Trend Micro Cloud App Security in 2019 1H

Credential phishing continues to be a bane for organizations. In the first half of 2019, the Trend Micro™ Cloud App Security™ solution caught 2.4 million attacks of this type — a 59% increase from 1.5 million in the second half of 2018.

Securing the Industrial Internet of Things: Protecting Energy, Water and Oil Infrastructures

Given the expected expansion of industrial internet of things (IIoT), this guide discusses the possible security risks, threats, and scenarios that cybercriminals can abuse to compromise the energy, water, and oil industries. Also included are recommendations on how to defend against these attacks based on Trend Micro (TM) research.

Anatomy of an Attack: How Coinbase was Targeted with Emails Booby-Trapped with Firefox Zero-Days

Coinbase’s chief information security officer published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication. The thwarted attack began with email messages on May 30 to more than a dozen Coinbase employees that appeared to be from Gregory Harris, a research grant administrator at the University of Cambridge in the UK.

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices

Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. These malware variants enlist infected routers to botnets that are capable of launching distributed denial of service (DDoS) attacks.

Analysis: New Remcos RAT Arrives Via Phishing Email

In July, our researchers came across a phishing email purporting to be a new order notification, which contained a malicious attachment that leads to the remote access tool Remcos RAT. This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware.

Are you up to speed on our recommendations to avoid possible security risks, threats, and scenarios that cybercriminals can abuse to compromise the energy, water, and oil industries? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Phishing Campaigns and a Biometric Data Breach appeared first on .

Innovate or Die?

The recent series of IT acquisitions and IPOs highlight a simple economic fact: companies that fail to keep up with the fast-paced innovation of technology can easily become targets for acquisition.

Mark Twain put it this way: History doesn’t repeat itself, but it rhymes. As a former Gartner analyst, I find it irresistible to comment when our industry versifies.

During the 1970s and 1980s, Computer Associates executed a sound business model. They acquired mainframe software companies following a careful economic analysis. When a potential target company achieved more than half its revenues from maintenance contracts, when its stock price dropped as investors felt that long-term growth was slowing, and when the company had a significant cash hoard, CA would make its bid. Usually the acquisition would succeed. Following the takeover, CA would use the cash to repay the loan used to fund the acquisition. They would liquidate assets and cut expenses in research and development, sales, support, training, administration, marketing, and channel support. The resulting shell would improve the unit’s financial performance. The maintenance revenue stream would fund the next round of acquisitions.

During my time with Gartner, I worked with financial analysts at our sister company, Soundview Associates. They developed a spreadsheet incorporating the CA model, and used it to spot potential acquisitions. The same model guided Oracle during its acquisitions in the 1990s and 2000s. Now, a similar pattern seems to be guiding Broadcom.

Information security is a highly dynamic industry sector. As a non-functional strategy, information security typically gains less focus and resources than core new product functionality. As new capabilities enter the market, they introduce new attack surfaces and invite new attack vectors. Any viable information security vendor must sustain relevance in this volatile technology landscape. Without extensible products, a vendor cannot maintain a leadership position in the field. While start-ups proliferate, these offer a solitary point product to address a specific new vulnerability. This leaves the enterprise customer with an unpleasant set of options.

Most enterprise customers already have dozens of information security products in their portfolio. The option of adding yet another solution to the mix is unappealing. A clever start-up may have an insightful approach to tackling a novel vulnerability. Most prospective customers also weigh the additional complexity in their operations, the burden of training scarce staff on another product, the additional stream of alerts into their SEIM or SOC, and the discipline of managing a small vendor with problematic financial viability.

A second option is to wait for a larger information security vendor to acquire a start-up, and integrate the new technology into their existing portfolio. Integrating new products into an existing portfolio is vastly more complex than most customers appreciate. Typically, the process takes these steps. First, the new tool gets a new name. Then, its alerts flow into whichever SEIM or SOC the existing suite exploits. Next, the product’s agents (if any) are built into any pre-existing agents, minimizing the customer’s installation complexity. Later, product engineering merges the new back-end data store into the suite’s data store, possibly driving a re-engineering of that back-end store to handle the new information’s structure and analytical tools. Finally, the product engineering team has to bring the combined capabilities to par for both on-site installed customers and cloud-based SaaS customers. That step must include appropriate APIs for integration to MSPs, as most enterprise customers do not want to run complex SOCs and prefer to outsource specialists for diagnosis, support, and remediation.

Note that this stream of investment takes years. It draws down cash as the vendor invests in the “plumbing.” The financially successful strategy of “acquire – strip cost – monetize maintenance” discussed above prohibits costly investment in that plumbing, meaning most acquisitions never achieve much more than re-branding.

Consider mainframe job schedulers acquired by CA over the decades: CA-7 (once UCC-7), CA-AutoSys (formerly Paragon Global Technology via Platinum Technologies), CA-Workload Control Center (formerly Cybermation), and other offerings from Boole and Babbage and Legent. None of these products were integrated beyond branding: the cost would have rendered the acquisition unprofitable. (See https://www.itjungle.com/2007/04/10/fhs041007-story04/ for background on CA’s integration strategy in 2007.) Firms chasing the financially driven acquisition model cannot make long-term investments in their acquisitions.

The third customer choice is to invest heavily in a start-up. This mitigates the financial viability question. The customer/partner will drive product development. This guarantees the vendor addresses the customer’s needs quickly, but it does potentially distract the customer’s IT team from their primary mission, which is not running a start-up but handling the customer’s business problems.

The final customer choice is to find a vendor what invests in product integration at a deep level, for the long term, and delivers on that strategy. This necessitates the vendor prioritize product enhancement over short-term financial results. This business strategy is not a flashy as others, but it is deliberate, measured, and generates durable results. The vendors in this camp acquire companies not for their maintenance revenue stream or their cash and real estate holdings, not for their customer list, not for their geographical presence, not to monopolize a market, thwart a deal, nullify a competitor, and not for their patent portfolio. These vendors acquire companies for their current and future technology. They focus on technical capabilities and cultural fit – if the people don’t stay, the future of the product is lost.

Please note that I am a technology analyst, not a financial analyst. But I am proud to work for a company like Trend Micro. This timeline shows our history of innovation and integration: www.trendmicro.com/en_us/about/history-vision-values.html?modal=s4a-btn-see-infographic-06c573

Let me know what you think! Either comment below or @WilliamMalikTM

The post Innovate or Die? appeared first on .

This Week in Security News: Phishing Campaigns and a Biometric Data Breach

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type — a 59% increase from 1.5 million in the second half of 2018. Also, read millions of sensitive biometric records were found exposed in a massive data breach involving a major biometric security platform.

Read on:

August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default

Microsoft released updates to patch 93 CVEs, along with two advisories, in this month’s Patch Tuesday. The bulletin patches issues in Azure DevOps Server, Internet Explorer, Microsoft Office, Microsoft Windows, Visual Studio and more. The patches address 29 vulnerabilities rated Critical and 64 that were rated Important, and a total of 21 CVEs were disclosed through the Zero Day Initiative (ZDI) program.

Over 27.8M Records Exposed in BioStar 2 Data Breach

About 23 GB worth of data consisting of 27.8 million sensitive biometric records were found exposed in a massive data breach involving biometric security platform BioStar 2, which provides thousands of companies with biometrics security in order to restrict access to buildings and other private areas.

New Tech: Trend Micro Inserts ‘X’ Factor Into ‘EDR’ – Endpoint Detection and Response

While endpoint detection and response (EDR) is one of the most significant advancements made by endpoint security vendors in the past six years, enterprises need more. Trend’s COO Kevin Simzer discusses these needs and Trend Micro’s new solution to meet them: XDR.

Report: Huge Increase in Ransomware Attacks on Businesses

According to a report by Malwarebytes, there has been a 363% year-over-year increase in the first half of the year. Aside from businesses, there has also been a greater number of ransomware attacks targeting different public sectors and local governments since the start of 2019.

Hackers Can Turn Everyday Weapons into Acoustic Cyberweapons

A researcher found that writing custom malware that can induce embedded speakers to emit inaudible frequencies at high intensity or blast out audible sounds at high volume. Those aural barrages can potentially harm human hearing, cause tinnitus or have psychological effects and highlight the potential for acoustic malware to be distributed and controlled through remote access attacks.

Cyberattack Lateral Movement Explained

Trend Micro’s VP of Cloud Research, Mark Nunnikhoven, explains the concept of lateral movement, which refers to the techniques cyber attackers use to progressively move through a network post-breach as they search for the key data and assets that are ultimately the target of their attack campaigns.

Cloud Atlas Group Updates Infection Chain with Polymorphic Malware to Evade Detection

Recently observed by security researchers, this malware campaign uses a polymorphic HTML application (HTA) and a polymorphic backdoor to evade detection. As in its previous iteration, the threat routine begins with phishing emails to high-value targets.

BGP Hijackings Take on New Meaning in Cybersecurity Climate

The Border Gateway Protocol is vulnerable to malicious actors — and as of right now, little can be done about it from a security perspective, although there have been attempts to make it more reliable. Trend Micro’s Mark Nunnikhoven, VP of cloud research, discusses BGP’s reliability and threat risk.

The Rising Tide of Credential Phishing: 2.4 Million Attacks Blocked by Trend Micro Cloud App Security in 2019 1H

Credential phishing continues to be a bane for organizations. In the first half of 2019, the Trend Micro™ Cloud App Security™ solution caught 2.4 million attacks of this type — a 59% increase from 1.5 million in the second half of 2018.

Securing the Industrial Internet of Things: Protecting Energy, Water and Oil Infrastructures

Given the expected expansion of industrial internet of things (IIoT), this guide discusses the possible security risks, threats, and scenarios that cybercriminals can abuse to compromise the energy, water, and oil industries. Also included are recommendations on how to defend against these attacks based on Trend Micro (TM) research.

Anatomy of an Attack: How Coinbase was Targeted with Emails Booby-Trapped with Firefox Zero-Days

Coinbase’s chief information security officer published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication. The thwarted attack began with email messages on May 30 to more than a dozen Coinbase employees that appeared to be from Gregory Harris, a research grant administrator at the University of Cambridge in the UK.

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices

Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. These malware variants enlist infected routers to botnets that are capable of launching distributed denial of service (DDoS) attacks.

Analysis: New Remcos RAT Arrives Via Phishing Email

In July, our researchers came across a phishing email purporting to be a new order notification, which contained a malicious attachment that leads to the remote access tool Remcos RAT. This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware.

Are you up to speed on our recommendations to avoid possible security risks, threats, and scenarios that cybercriminals can abuse to compromise the energy, water, and oil industries? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Phishing Campaigns and a Biometric Data Breach appeared first on .

This Week in Security News: Unpatched Systems and Lateral Phishing

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about an attack against Elasticsearch that delivers backdoors as its payload. Additionally, read how cybercriminals are turning to hijacked accounts to perform lateral phishing attacks on organizations.

Read on:

Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’

Trend Micro spotted another attack against Elasticsearch that deviates from the usual profit-driven motive by delivering backdoors as its payload. These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks.

Trend Micro Approved as an SLP Plus Endpoint Security Vendor

Trend Micro announced its endpoint security products are available for purchase via the California Software Licensing Program (SLP) Plus vehicle. This means government agencies don’t have to carry out a formal proof-of-concept or RFP to purchase, which will shorten sales cycles and ensure they benefit from security sooner.

Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-Year-Old XHide

Trend Micro detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor that is capable of scanning for open ports, downloading files, executing UDP floods, and remotely executing shell commands. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake the name of a process.

Zuckerberg Promises ‘Completely New Standard’ for Privacy Following FTC Fine

The Federal Trade Commission formally approved a record $5 billion settlement with Facebook over the company’s privacy policies, requiring the company to establish a new board committee on privacy and making CEO Mark Zuckerberg report each quarter to the FTC on how the company is taking steps to protect consumer privacy.

Hackers Exploit ERP App Flaw for Fraudulent Accounts in 62 Colleges, Universities

The U.S. Department of Education released a security alert after 62 higher education institutions were reportedly infiltrated via Ellucian, an enterprise resource planning web app, and the attackers hijacked students’ IDs to create fraudulent accounts.

Equifax Exposed 150 Million Americans’ Personal Data. Now it Will Pay Up to $700 million

Equifax Inc. has reached a deal to pay up to $700 million to a slew of state and federal regulators to settle probes stemming from a 2017 data breach that exposed nearly 150 million Americans’ Social Security numbers and other sensitive personal information.

Cybercriminals Going After Office 365 Administrators, Using Hijacked Accounts to Perform Phishing Attacks

Cybercriminals have recently been sending phishing emails specifically targeting Microsoft Office 365 administrators to gain administrative control over an organization’s Office 365 domain and accounts. Additionally, they’ve been turning to hijacked accounts to perform phishing attacks — a technique called lateral phishing.

Cybercrime and Exploits: Attacks on Unpatched Systems

Cybercriminals exploiting unpatched system vulnerabilities continue to be one of the top reasons enterprises suffer unauthorized intrusions. Trend Micro compiled some of the most destructive cyberattacks and data breaches over the past few years, showing the that failing to patch systems with the latest security updates can inflict a costly amount of damage, making the time it takes to patch systems worth it.

A Hacker Broke into Bulgaria’s Tax System and Stole the Details of Every Working Adult in the Country

A hacker broke into Bulgaria’s largest tax database and stole the financial details of every working adult in the country before releasing them online. In their search for the perpetrator, police arrested 20-year-old Kristian Boykov charging him with committing a computer crime against critical infrastructure.

FIN8 Reemerges with New PoS Malware Badhatch

Security researchers found threat group FIN8 reappearing after two years with a new point-of-sale (PoS) malware named Badhatch, which is designed to steal credit card information. Badhatch features capabilities that allow it to scan for victim networks, provide attackers with remote access, install a backdoor, and deliver other modified malware payloads such as PoSlurp and ShellTea.

Do you trust organizations to patch system vulnerabilities in a timely manner? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Unpatched Systems and Lateral Phishing appeared first on .

This Week in Security News: Spam Campaigns and Mobile Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a mobile malware that infects Android devices by exploiting the vulnerabilities found within the operating system. Also, read about a recent spam campaign that targets entities using a disposable email address service for its command and control server.

Read on:

iOS URL Scheme Susceptible to Hijacking

Abuse of Apple’s URL Scheme, a feature that allows developers to launch apps on an iOS device through URLs, can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads and more.

Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

Trend Micro observed a recent spam campaign that targets Colombian entities using YOPmail, a disposable email address service, for its command and control server (C&C). The payload, written in Visual Basic 6, is a customized version of a remote access tool called “Proyecto RAT.”

 Trend Micro’s Deep Security as a Service Now Available on the Microsoft Azure Marketplace

Trend Micro announced the availability of its cloud solution Deep Security as a Service on the Microsoft Azure Marketplace, enabling organizations to combine the benefits of security software-as-a-service with the convenience of consolidated cloud billing and usage-based, metered pricing.

SLUB Gets Rid of GitHub, Intensifies Slack Use

Trend Micro discovered a new version of the SLUB malware that has stopped using GitHub to communicate, heavily using Slack instead via two free workspaces that Slack has since shut down.

Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks

Trend Micro observed that a Jenkins user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e. the main Jenkins server), a setup enabled by default.

 FTC Approves Roughly $5 Billion Facebook Settlement

The Federal Trade Commission has endorsed a roughly $5 billion settlement with Facebook over a long-running probe into the tech giant’s privacy violations such as the Cambridge Analytica scandal, causing immediate concern from some politicians.

 GandCrab Threat Actors Possibly Behind Sodinokibi Ransomware

Various security researchers reported that the ransomware-as-a-service (RaaS) threat actors behind GandCrab might be responsible for releasing a more advanced ransomware variant called Sodinokibi.

Agent Smith Malware Infecting Android Apps, Devices for Adware

Agent Smith, a new kind of mobile malware, has been found infecting Android devices by exploiting the vulnerabilities found within the operating system (OS) to replace installed apps with malicious versions without the user knowing.

 Sprint Says Hackers Breached Customer Accounts Via Samsung Website

US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com “add a line” website, giving them access to personal information such as phone numbers, account numbers, billing addresses and more.

Report: Average BEC Attacks Per Month Increased by 120% from 2016 to 2018

According to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the total amount that cybercriminals attempted to steal via business email compromise (BEC) scams rose to an average of $301 million per month — a substantial increase from the $110 million monthly average in 2016.

U.S. Mayors Take Stand Against Ransomware Payments

As ransomware becomes an increasing problem for local governments with 22 attacks in 2019 alone, U.S. mayors took a firm stand against paying ransom to hackers in their resolutions at the U.S. Conference of Mayors.

 Another 2.2 Million Patients Affected by AMCA Data Breach

Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, and other personal information stolen because of the AMCA data breach.

Fake Invoices Used by BEC Scammers to Defraud Griffin City, Georgia of Over US$800,000

The government of the City of Griffin, Georgia lost over $800,000 to a business email compromise (BEC) scam when BEC operators posed as its vendor P.F. Moon to reroute funds in two separate transactions to a fraudulent bank account.

Cloud-Based IoT Solutions: Responding to Traditional Limits and Security Concerns

In the face of challenges brought about by the expansion of the Internet of Things (IoT) – a trend that is expected to be amplified in the 5G era – many organizations have turned to cloud-based IoT solutions that can respond to organizations’ needs when it comes to integration, processing, scalability and security.

Were you surprised by the increase in business email compromise attempts from 2016 to 2018? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Spam Campaigns and Mobile Malware appeared first on .

New Azure Marketplace Pay-As-You-Go Billing for Trend Micro Deep Security as a Service

Cloud adoption continues to rise as organizations reduce their data center footprint, look to cloud native technologies to improve their application design and output, and strive to improve scalability and management of resources and systems.

In a recent survey conducted by analyst firm ESG, 87% of respondents indicated that they currently run production applications and workloads on a public cloud infrastructure-as-a-service platform. However only 10% of respondents run more than half of their workloads in the cloud.  This means that while cloud adoption is on the rise, businesses are still heavily vested in on-premises and hybrid-cloud environments.

With all this change comes the task of understanding how best to secure new cloud technologies and environments, while maintaining protection for traditional server platforms against threats and risks which present both technical and cost challenges.

So, what options does your business have to tackle this?

Trend Micro is excited to announce pay-as-you-go billing with its leading cloud solution, Deep Security as a Service (DSaaS) on the Microsoft Azure Marketplace. As a launch partner for pay-as-you-go billing at Microsoft’s Inspire 2019 conference, Trend Micro’s offering enables organizations to combine the benefits of security software-as-a-service (SaaS) with the convenience of usage-based metered pricing and consolidated cloud billing.

“Providing Trend Micro’s Deep Security as a Service offering through Azure Marketplace gives customers more ways to enable, automate, and orchestrate cloud security,” said Jeana Jorgensen, GM, Cloud and AI for Microsoft. “Customers can pay for only what they use with Trend Micro’s flexible, metered pricing or negotiate more a more traditional enterprise agreement using private offers while enjoying a consolidated bill for software and cloud infrastructure.”

Trend Micro Deep Security as a Service is purpose built to deliver a multi-layered automated approach to protect hybrid cloud workloads and container environments against known and unknown threats. Deep Security’s capabilities include network controls such as a host firewall and Intrusion Prevention/Detection (IPS) to shield servers and web applications from vulnerabilities and exploits. Deep Security also has system security capabilities such as log inspection, application control to detect and lockdown unauthorized executables, and real-time integrity monitoring to alert the security team of any suspicious or unexpected changes to registry values, registry keys, services, processes, installed software, ports, or files.

Additionally, Deep Security provides this same complete protection for your containers, with real-time malware protection, container vulnerability shielding, full traffic inspection for both North-South and East-West traffic between containers, as well as network and system controls, extending protection to the container and Kubernetes platforms. This also helps to meet compliance obligations across major regulations and industry guidelines, like PCI DSS, HIPAA, NIST, GDPR and more from within one trusted security solution.

Microsoft’s new Azure Marketplace offerings and billing methods allow IT and developers a means to quickly identify what software-as-a-service offerings they need and pay only for what is consumed with no additional costs. This makes purchasing easy for customers, with one transaction and a single invoice helping to remove friction across budget planning, capacity, and scaling.

“Our priority is to make cloud security as effortless as possible, which starts by meeting IT users and developers where they are and then offering comfortable usage and pricing options,” said Sanjay Mehta, SVP, Business Development & Strategic Alliances at Trend Micro. “Trend Micro is proud to continue our close relationship with Microsoft Azure as one of its top global security partners. Being part of their consumption-based billing launch for SaaS offerings helps customers looking to secure workloads and containers through their Azure instances.”

Trend Micro’s Deep Security as a Service will provide Microsoft Azure customers a fully hosted security management experience, starting at only $0.01 per workload per hour.

Learn more visit https://www.trendmicro.com/azure/

 

 

The post New Azure Marketplace Pay-As-You-Go Billing for Trend Micro Deep Security as a Service appeared first on .

This Week in Security News: Banking Malware and Phishing Campaigns

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the banking malware Anubis that has been retooled for use in fresh attack waves. Also, read about a new phishing campaign that uses OneNote audio recordings to fool email recipients.

Read on:

New Miori Variant Uses Unique Protocol to Communicate with C&C

A Mirai variant called Miori recently reappeared, though it has departed from the usual binary-based protocol and instead uses a text-based protocol to communicate with its command-and-control (C&C) server.

Anubis Android Malware Returns with Over 17,000 Samples

The attacker behind the malware Anubis has retooled it, changing its use from cyberespionage to banking malware, combining information theft and ransomware-like routines. Trend Micro recently discovered 17,490 new samples of Anubis on two related servers.  

DevOps Will Fail Unless Security and Developer Teams Communicate Better

According to a Trend Micro survey of IT leaders, DevOps initiatives have become important for 74 percent of organizations over the past year, but communication must improve for DevOps to be successful.

July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including 2 Exploited Vulnerabilities

Microsoft’s July Patch Tuesday release includes updates for almost 80 vulnerabilities, along with two advisories. Other flaws in Azure Automation, Docker, DirectWrite, DirectX, SymCrypt, Windows DNS Server, and Windows GDI have also been resolved.

Nexus Repository Manager Vulnerabilities CVE-2019-9629 and CVE-2019-9630 Could Expose Private Artifacts

Two vulnerabilities were uncovered in Sonatype’s Nexus Repository Manager (NXRM), an open-source governance platform used by DevOps professionals for component management. The vulnerabilities result from the poor configuration of the repository manager’s default settings.

British Airways Faces Record £183m Fine for Data Breach

British Airways is facing a record fine of £183m for last year’s breach of its security systems when details of about 500,000 customers were harvested by attackers through a fraudulent site.

Powload Loads Up on Evasion Techniques

By sifting through six months’ worth of data covering over 50,000 samples from the Trend Micro Smart Protection Network infrastructure, Trend Micro gained insight into how Powload, a cybercrime staple, has incorporated new techniques to increase its effectiveness, especially in its ability to hide from detection.

Microsoft Discovers Fileless Malware Campaign Dropping Astaroth Info Stealer

The Microsoft Defender ATP Research Team released a report covering a malware campaign that dropped the Astaroth trojan into the memory of infected computers by using fileless distribution techniques to hide its activities from security solutions.

New Phishing Campaign Uses OneNote Audio to Lure Users to Fake Microsoft Login Page

In a new phishing campaign reported by Bleeping Computer, audio recordings purportedly shared via OneNote were used as a lure to lead email recipients to a fake Microsoft login page that steals user account credentials.

Zoom Flaw Turns Mac Cam into Spy Cam

A security researcher has found a flaw in the popular video conferencing app Zoom that allows any website to forcibly join a user to a Zoom call, with their video camera activated, without a user’s permission.

New Godlua Backdoor Found Abusing DNS Over HTTPS (DoH) Protocol

A newly discovered backdoor malware dubbed Godlua was discovered conducting DDoS attacks on outdated Linux systems through a vulnerability in the Atlassian Confluence Server.

Where Will Ransomware Go in The Second Half Of 2019?

Based on the latest trends, Trend Micro predicts the threat of ransomware will grow in the second half of 2019 and will continue to shift and change over the coming years.

Migrating Network Protection to the Cloud with Confidence

Trend Micro’s Cloud Network Protection is the first transparent, in-line network security offering for AWS customers: simple to deploy and manage, cloud-ready and leveraging industry leading expertise in network threat protection.

Marriott Faces $123 Million GDPR Fine in the UK for Last Year’s Data Breach

The UK’s Information Commissioner’s Office (ICO) intends to impose a fine of £99,200,396 ($123,705,870) on international hotel chain Marriott for last year’s data breach that impacted 383 million people.

eCh0raix Ransomware Found Targeting QNAP Network-Attached Storage Devices

A newly uncovered ransomware family called eCh0raix, designed for targeted ransomware attacks similar to how Ryuk or LockerGoga were used, is now targeting QNAP network-attached storage (NAS) devices.

Which newly discovered ransomware did you find most interesting this week? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

 

The post This Week in Security News: Banking Malware and Phishing Campaigns appeared first on .

This Week in Security News: Malvertising and Internet of Things Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new Internet of Things malware that’s bricked thousands of devices. Also, read about a ransomware family that’s using malvertising to direct victims to a RIG exploit kit.

Read on:

 

Shadowgate Returns to Worldwide Operations with Evolved Greenflash Sundown Exploit Kit

After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit, which has been spotted targeting global victims after primarily operating in Asia. 

Silex Malware Bricks IoT Devices with Weak Passwords

A new Internet of Things malware called Silex only operated for about a day, though it has already managed to quickly spread and wipe devices’ firmware, bricking thousands of IoT devices. 

Top Takeaways from AWS Security Chief Stephen Schmidt at re:Inforce 2019

Steven Schmidt’s keynote address at AWS re:Inforce touched on the current state of cloud security, building a security culture, tactical security tips and a road map of where the industry and technology are headed. 

AWS re:Inforce Warm-Up Episode

Mark Nunnikhoven gives key predictions and insights into trends at AWS re:Inforce, security in the top three major public cloud providers and the evolution of the cloud industry as a whole. 

Dell Urges Millions of Users to Patch Vulnerability in SupportAssist Tool

Dell released a security advisory that implored customers to update the vulnerable SupportAssist application in both business and home machines. The privilege escalation vulnerability can give hackers access to sensitive information and control over millions of Dell computers running Windows.

HTTPS Protocol Now Used in 58% of Phishing Websites

According to the Q1 2019 report from the Anti-Phishing Working Group (APWG), the Hypertext Transfer Protocol Secure (HTTPS) protocol tactic has been on the rise in phishing attacks, now used in 58% of phishing websites.  

Federal Cybersecurity Defenses are Critical Failures, Senate Report Warns

A 10-month review of 10 years of inspector general reports revealed that several Federal agencies responsible for safeguarding millions of Americans’ security, public safety and personal data have failed to apply even basic defenses to cyberattacks.

Kubernetes Vulnerability CVE-2019-11246 Discovered Due to Incomplete Updates from a Previous Flaw

Kubernetes announced the discovery of a high-severity vulnerability that, if exploited, could lead to a directory traversal that allows an attacker to use a malicious container to create or replace files in a user’s workstation. 

The IIoT Attack Surface: Threats and Security Solutions

Many manufacturing factories and energy plants have hundreds of IIoT devices that help streamline operations, but those facilities now also have to defend against new threats that take advantage of attack vectors and weaknesses in the technology. 

Facebook’s Bid to Quash Data Breach Lawsuit Dismissed by Judge

Facebook has failed in its attempt to prevent a lawsuit over a data breach impacting close to 30 million users from going to trial. A federal appeals court in San Francisco rejected the social media giant’s request to dismiss the court case out of hand.

Sodinokibi Ransomware Group Adds Malvertising as Delivery Technique

Attackers behind a ransomware family called Sodinokibi have used a variety of delivery vectors since April: malicious spam, vulnerable servers, managed server providers (MSPs) and now malvertising. The malicious advertisements were on the PopCash ad network, and certain conditions would redirect users to the RIG exploit kit. 

CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code

Trend Micro discovered and disclosed a double free vulnerability in macOS that, if successfully exploited, can allow an attacker to implement privilege escalation and execute malicious code on the system with root privileges.

Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic

Trend Micro took a closer look at Oracle’s recent vulnerability CVE-2019-2729 to see how this class of vulnerability has been remediated — particularly via blacklisting or whitelisting — and why it has become a recurring security issue.

95,000 Delawareans Impacted in Data Breach that Lasted Nearly Nine Years

The personal data of roughly 95,000 Delawareans may have been compromised in a nine-year security breach at Dominion National, a large vision and dental insurer, according to Delaware’s Department of Insurance.

Do you feel that the IoT devices in your home are well-protected against cyberattacks? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay. 

The post This Week in Security News: Malvertising and Internet of Things Malware appeared first on .

This Week in Security News: Cyberespionage Campaigns and Botnet Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a cyberespionage campaign targeting Middle Eastern countries and a botnet malware that infiltrates containers via exposed Docker APIs.

Read on:

Hackers Are After Your Personal Data – Here’s How to Stop Them

The latest FBI Internet Crime Complaint Center (IC3) report paints an accurate picture of the scale of online threats and shows that consumers need to take urgent steps to protect their most sensitive identity and financial data from online attackers.

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

Trend Micro uncovered a cyberespionage campaign targeting Middle Eastern countries and named it “Bouncing Golf” based on the malware’s code in the package named “golf.” 

Trend Micro Partners with VIVOTEK to Enhance IP Cameras Security

Trend Micro announced it has blocked 5 million attempted cyberattacks against IP cameras in just five months. Through its strategic partnership with VIVOTEK, Trend Micro’s IoT security solutions are embedded in globally deployed IP cameras to provide superior protection.

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

Trend Micro details an attack type where an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of the Linux botnet malware AESDDoS.

Ransomware Repercussions: Baltimore County Sewer Charges, 2 Medical Services Temporarily Suspended

A ransomware attack in May prevented the Baltimore City and County governments from mailing the annual water and sewage tax bills to its residents due to unverifiable accounts of abnormally low or no water consumption in 2018. 

Hackers Have Carried Out 12 Billion Attacks Against Gaming Sites in 17 Months

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites in 17 months, according to a new report by internet delivery and cloud services company Akamai. 

Critical Linux and FreeBSD Vulnerabilities Found by Netflix, Including One That Induces Kernel Panic

A Netflix researcher uncovered four critical vulnerabilities within the TCP implementations on Linux and FreeBSD kernels that are related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. 

New Oracle WebLogic Zero-day Vulnerability Allows Remote Attacks Without Authentication

Oracle published an out-of-band security alert advisory on CVE-2019-2729, a zero-day deserialization vulnerability that could allow remote attackers to execute arbitrary code on targeted servers.

Xenotime, Hacking Group Behind Triton, Found Probing Industrial Control Systems of Power Grids in the US

The hacking group, Xenotime, behind intrusions targeting facilities in oil and gas industries has started probing industrial control systems (ICSs) of power grids in the U.S. and the Asia-Pacific region, researchers reported.

Data Breach Forces Medical Debt Collector AMCA to File for Bankruptcy Protection

US medical bill and debt collector American Medical Collection Agency (AMCA) has filed for bankruptcy protection in the aftermath of a disastrous data breach that resulted in the theft of information from clients including Quest Diagnostics, LabCorp, BioReference Laboratories and more.

Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH

Trend Micro observed a new cryptocurrency mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread from an infected host to any system that has had a previous SSH connection with the host.

Hacker Groups Pounce on Millions of Vulnerable Exim Servers

Multiple groups are launching attacks against exposed Exim mail servers, trying to exploit a vulnerability that could give them permanent root access.

Florida City to Pay $600K Ransom to Hacker Who Seized Computer Systems Weeks Ago

Riviera Beach is paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago.

Are you up-to-date on the best ways to lower the risk of hackers accessing your personal data? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Cyberespionage Campaigns and Botnet Malware appeared first on .

Movie Tech Review: Child’s Play 2019

BETRAYED: A Trend Micro Child's Play Tech Review

A while back, Rik & Kasia Ferguson shared their thoughts on the movie, “Unfriended: The Dark Web.” The dark web and technology in general plays a pivotal role in the movie’s plot, so the team decided it would be interesting to have a real-world expert review.

Everyone had a lot of fun, and thus Trend Micro movie reviews were born. I was “fortunate” enough to get the next call. The downside? The movie is, “Child’s Play” and I don’t do horror movies well.

Opening night, I powered through, watched the movie and was…pleasantly surprised?

The Movie

Was there too much gore and violence? Absolutely. However, the movie was a lot better than I expected, with an eerie performance by Mark Hamill as the voice of Chucky. Aubrey Plaza, as Karen, played her role well, which added the only real-relatable character of any depth beyond Chucky.

How does this movie rate in the horror genre? No idea. What I do know is that I enjoyed it more than I expected—which was, an admittedly low bar—and found myself entertained for the duration.

[ Spoilers ahead : scroll down if you’re ok with that ]

⤵

⬇

⬇

⬇

⬇

⬇

⬇

⬇

⬇

⬇

⬇

Bad Training Data

Unlike the original entries in the series, this edition brings Chucky into the 21st century. Chucky is no longer a demonically possessed doll, but a blank slate in the form of a nascent AI in a robotic toy doll.

As with any AI or machine learning model, the AI starts off neutral. It requires training data in order to generate results. In Chucky’s case, he is a unique example of the “Buddi” product.

In a classic insider supply chain attack, a QA employee is fired by an overly abusive boss, but before he’s removed from the property, the employee is ordered to finish one last Buddi doll: Chucky.

This employee modifies Chucky’s code to remove any boundary checking for his core behaviours. This creates a truly unbounded, clean slate for the AI that is set out into the world.

Skipping ahead, Chucky is trained on a biased data set. This bias is the naive world view of a group of kids and their run-down neighbourhood. Chucky is exposed to crude humour, horror movies and heated emotional commentary…all without the context to process it.

This tunes the AI to generate the psychotic behaviour that fuels the rest of the movie.

IoT Insecurity

One of the features of this 21st century Buddi doll is the ability to control your smart home. Think of the doll like a walking Alexa or Google Home. Of course, there’s zero authentication or information security controls in place.

Once he’s synced with the latest update from the cloud, Chucky can simply wave his tiny finger and control the devices around him.

This leads to a number of issues around privacy (in this case, used to increase the suspense and move the plot forward) that mirror cases we’ve seen in the real world.

3rd party access to smart speakers to terrorize unsuspecting victims, remote viewing of private video streams, and manipulation of key devices, like thermostats, have all happened already in the real world, but not by rogue AIs.

…yet.

Lateral Movement

In the movie’s climax, Chucky really lets loose. He comes into his digital powers and starts to wreak havoc. Our heroes and supporting cast struggle to respond to this maniacal behaviour. The interesting point is that Chucky has developed enough as a character by this point to understand that it’s not maniacal behaviour from his perspective. To him, it’s perfectly reasonable. This underscores the fact that AI is only as good as it’s training data and won’t highlight bad results from a bad model.

While striving to reach his goal, Chucky—a trusted endpoint in the corporation’s services network—reaches out to all of the compatible devices within his local area.

This type of lateral movement is extremely common in today’s cyberattacks.

The movie presents the issue in an overly dramatic fashion (it is a movie after all), but the point stands up. Most technologies, IoT specifically, are generally designed with two types of endpoints: trusted and untrusted.

Security and privacy controls are then designed to prevent untrusted endpoints from accessing trusted endpoints. Trusted endpoints have little to no verification applied when communicating with each.

In “Child’s Play”, this results in disastrous consequences. In the real world, too.

The movie is a stark—and bloody—reminder that networks and systems need visibility across all endpoints and layers and layers of security and privacy controls.

Takeaways

The way the movie leverages poor AI training, a lack of IoT security, and lateral movement techniques is intriguing, but what really caught my attention is the larger trend within the horror and suspense genre.

Films are moving away from fantasy and otherworldly villains to digital ones. That’s a reflection of how big a role technology plays in our lives, as well as the general lack of deep understanding of how it works.

For me—and the security community—that’s a big challenge: helping people understand cybersecurity and privacy in context.

If you’re looking for a fun suspense film with a technology slant, I would—shockingly— recommend watching this movie. As long as you have realistic exceptions and remember that breaking most current IoT security is…child’s play.

[ 🤣Sorry, couldn’t resist ]

The post Movie Tech Review: Child’s Play 2019 appeared first on .