Tag Archives: Trend Micro

Security Never Sleeps- High Sierra Zero-Day Issues, Dirty Cow

Nasty Password-Pilfering Hack Ruins Apple macOS High Sierra Launch

“Patches expected to be issued as soon as possible”

Apple released a new macOS operating system today, dubbed High Sierra. But already a serious weakness has been found lurking within, a security researcher has claimed, allowing a hacker to steal passwords from Apple Macs running the new OS.

Patrick Wardle, ex-NSA analyst and now head of research at security firm Synack, found the problem Monday, warning that it could allow anyone able to run malicious code on a Mac to pilfer passwords from the keychain. With his “keychainStealer” app, the researcher’s hack forced the keychain to disclose Facebook, Twitter and Bank of America passwords.

Dirty Cow vulnerability discovered in Android malware campaign for the first time

“First malware sample to contain an exploit for the flaw”

For the first time, threat actors have added the Dirty Cow Android exploit to malware designed to compromise devices running on the mobile platform. On Monday, researchers from Trend Micro said the vulnerability, traced as CVE-2016-5195, has been discovered in a malware sample of ZNIU, detected as AndroidOS_ZNIU.

Mobile stock trading apps ignore critical flaw warnings

“Billions of dollars processed per year through apps”

IOActive has discovered severe security issues with today’s most popular stock trading applications, but it appears that the developers behind the apps are not interested. On Tuesday, the security firm released the results of research into 21 popular mobile stock trading applications available on iOS and Android, which have millions of users worldwide and process billions of dollars in transactions per year.

Exploiting these vulnerabilities can not only lead to the leak of user data, but can allow threat actors to trade a user’s stocks, steal their funds, and spy on their net worth and investment strategies, which could then be used to conduct additional fraudulent trading.

Enjoy your read? Check out our other content here.

Security Never Sleeps- HBO Social Hack, Security Spending

HBO social media hacked in latest cyber security breach

“Facebook and Twitter accounts breached”

HBO has had two of its social platforms hacked in the latest cyber attack against the entertainment firm. OurMine, a hacker group, seems to have taken control of the main account posting messages such as “OurMine are here. we are just testing your security”. This is just the latest in many attacks on HBO, with notable recent incidents resulting in the leak of popular show Game of Thrones scripts and other company data.

Gartner Predicts Information Security Spending To Reach $93 Billion In 2018

“Security concerns grow with malware rise”

It seems that anyone who has anything to do with tech has probably had an endless stream of malware scares hitting their news feed seemingly daily. Data breaches, ransomware, Trojan’s, and much more are on the rise, prompting a big increase in security spending. Gartner released a report this week that predicts over $86.4 billion in information security spending, a 7% increase over last year. Further, the following year it will likely grow to $93 billion by the next year given current trends.

70% of DevOps Pros Say They Didn’t Get Proper Security Training in College

“Mostly on the job security processes”

A new Veracode survey shows that most DevOps pros don’t get adequate security training in their academic institutions. The vast majority of the respondents, about 70% of the 400 total, feel that their college did not prepare them to be successful, and 65% learned most relevant skills while they were on the job.

The data breach blame game

“UK business cyber threat is growing steadily”

Ever since the National Cyber Security Centre opened in February the UK has been hit by 188 high level attacks, and there were many other low level attacks that are difficult to quantify. This was big enough to bring in the NCSC.

Public outcry searching for answers leads many to impromptu blame and quick answers, while the truth is often much too complicated for such solutions. Certainly security systems must improve for business, and regulation will accompany this.

‘Indefensible’ hack could leave modern cars vulnerable to critical cybersecurity attack

“Advances necessary for safe systems”

A connect car hack has recently revealed that the systems is currently “indefensible by modern car security technology.” These vulnerabilities can put large numbers of consumers at considerable risk. Traditionally these attacks focus on specific models or makes of cars, such as the Jeep hack in 2015, while this threat target the controller area network. Trend Micro’s Forward-looking Threat Research team discovered the hack, and first posted the information on Wednesday in their blog.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 186

SambaCry Vulnerability Used to Deploy Backdoors on NAS Devices

“Running on older versions of the Samba file-sharing server”

An unknown entity is using the SambaCry security vulnerability to install a backdoor Trojan on Linux devices. According to TrendMicro, most of the attacks are tied to NAS devices which ship with the Samba server that provides file-sharing interoperability between different operating systems.

Millions of IoT Devices Possibly Affected by ‘Devil’s Ivy’ Flaw

“Could affect millions of IoT devices”

Researchers have dubbed a new security flaw that could affect many devices as “Devils Ivy.” The stack-based overflow was discovered by IoT security startup Senrio in a camera from Axis Communications.

These 10 US states have the highest rate of malware infections in the country

“Does location have a correlation to malware attacks?”

A new look at over 1 million malware infections from Enigma Software Group has found significant across all states in the U.S. New Hampshire seems to be the most at risk, with infection rates around 200% higher than than the national average.

Enjoy your read? Check out our other content here.