Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how fileless malware abuses PowerShell. Also, read how Trend Micro researchers are pulling back the curtain on the cybercriminal underground to warn consumers and businesses about potential threats against IoT devices.
Trend Micro researchers from around the globe monitored five different cybercriminal undergrounds and, given the amount of chatter, found that there is no doubt that IoT devices, mainly routers, are certainly a target.
Researchers share a proof of concept showing how a use-after-free vulnerability in Internet Explorer can be fully and consistently exploited in Windows 10 RS5. The flaw was discovered through BinDiff and addressed in Microsoft’s September Patch Tuesday.
The newest iteration of Purple Fox that researchers came across, being delivered by Rig, retains its rookit component by abusing publicly available code and now eschews its use of NSIS in favor of abusing PowerShell, making Purple Fox capable of fileless infection. This blog discusses features of this malware and security recommendations to avoid these types of threats.
Trend Micro ensures its family of products is progressively enhanced to meet the needs of consumers and the Trend Micro Security 2020 Fall Release is no exception. Endpoint and network security products are improved to provide the most advanced protections from persistent, new, and emerging threats.
As cities become smarter, officials and security experts say that current defenses are unlikely to keep hackers at bay. Ideas for making cyber defenses smarter include reducing reliance on passwords and open-sourcing security standards to benefit from the perspective of a wider range of security professionals.
Continuing the trend from last month, several critical patches were for Remote Desktop Clients – all Remote Code Execution (RCE) vulnerabilities. Microsoft also patched two zero-days which are both elevation of privilege vulnerabilities.
Social engineering is by far the biggest factor in malicious hacking campaigns and nearly all successful email-based cyberattacks require the target to open files, click on links, or carry out some other action. While many of these attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack.
CEOs of 51 companies from the Business Roundtable, including Amazon, IBM and Salesforce, signed a letter to U.S. congressional leaders urging them to create a comprehensive consumer data privacy law.
Wikipedia confirmed that it was hit by a malicious DDoS attack that took it offline across many countries. Following the attack, the Wikipedia Foundation received a $2.5M donation from Craigslist founder, Craig Newmark, to further expand security programs.
The medical provider noted that the malware restricted employee’s access to their systems and data and has officially revealed the approximate number of affected patients in a disclosure to the federal government.
Cyber criminals are increasingly turning their attention to hacking Internet of Things devices as connected products proliferate. While routers remain the top target for IoT-based cyberattacks, there’s a lot of discussion in underground forums about compromising internet-connected gas pumps.
Trend Micro announced the latest version of its flagship consumer offering, Trend Micro Security, which features enhanced protection from web threats and a new AI-powered Fraud Buster tool to protect Gmail and Outlook inboxes across the globe.
Cybercriminals who held to ransom the files of 22 Texas local government units for a combined ransom amount of US$2.5 million did not get a single cent thanks to a coordinated state and federal cyber response plan.
Are you well-versed on Trend’s suggestions for protecting your routers and other devices from malware? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.