This Week in Security News - Feb. 19, 2021
Cybersecurity Risks of Connected Cars and SHAREit Flaw Could Lead to Remote Code Execution
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the risks brought about by technologies that connected cars use, such as 5G connectivity and the cloud. Also, read about vulnerabilities in the SHAREit app that can be abused to leak a user’s sensitive data and execute arbitrary code.
Read on:
Connected Cars, 5G, the Cloud: Opportunities and Risks
Gartner revealed that in 2023, the automotive industry will become the largest market for 5G Internet of Things (IoT) solutions. The industry will comprise 53% of the entire 5G IoT endpoint opportunity, out of which 39% of opportunities will come from connected cars — a significant climb from the 11% predicted for 2020. In this blog, Trend Micro outlines opportunities and risks brought about by technologies that connected cars use, such as 5G connectivity and the cloud.
Trend Micro Details Attack Against Containers
Trend Micro encountered a malicious payload in a Docker container, which was specifically crafted to escape from a privileged container in a way that would enable malware to infect all workloads running on a host machine. Mark Nunnikhoven, vice president for cloud research for Trend Micro, said that while most Docker containers are not running in privileged mode, the attack shows cybercriminals are getting more adept at exploiting the loosely isolated nature of containers sharing the same host machine.
SHAREit Flaw Could Lead to Remote Code Execution
Trend Micro recently discovered several vulnerabilities in the SHAREit app. The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE). SHAREit has over 1 billion downloads in Google Play.
IoT Security Trends and What to Expect in 2021 | Trend Micro's Greg Young
In this episode of the IoT For All Podcast, Greg Young, vice president of cybersecurity at Trend Micro, talks about the biggest and most damaging security trends in the IoT space. Greg shares some of the industries and geographical areas most affected by security vulnerabilities and why that might be, as well as what companies can do to better protect their devices and solutions in 2021.
In Transit, Interconnected, at Risk: Cybersecurity Risks of Connected Cars
As the use of connected cars becomes more common, the technologies that power or support these vehicles continue to evolve. This provides a host of benefits, but just like any other technology, this new territory comes with risks. In a new research paper, Trend Micro delves into the threats that could jeopardize connected cars.
Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers.
Published New Ebook: Manufacturing Cybersecurity Case Studies
Manufacturing is an important industry that plays a big role in the world economy and is closely linked to our daily lives. Manufacturers produce a variety of products, such as automobiles and semiconductors, industrial equipment, steel, oil, cement, food and pharmaceuticals. Each company has a different environment and different cybersecurity challenges. In this ebook, Trend Micro classifies their security challenges into four categories based on its expertise on cybersecurity in the manufacturing industry.
U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist
The U.S. Department of Justice (DoJ) this week indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The suspects are said to be members of the Reconnaissance General Bureau, a military intelligence division of North Korea, also known as the Lazarus group, Hidden Cobra, or APT 38.
Toyota, Nissan to Roll Out Connected Cars That Can Be Remotely Updated
Automotive manufacturing giants Toyota and Nissan recently announced that they are producing autonomous vehicles with software that can be updated over the air or remotely. This new feature will enable drivers to access the latest features and performance tweaks without getting the latest model in the market.
Windows and Linux Servers Targeted by New WatchDog Botnet for Almost Two Years
Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords. The latest of these threats is a botnet named WatchDog. Discovered by Unit42, a security division at Palo Alto Networks, this crypto-mining botnet has been active since January 2019.
What is your outlook on the future of connected car security? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.