Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s new XDR Center in India that will help solve data sovereignty issues. Also, read about 5G network software use being a top security issue for mobile networks and devices.
The Phorpiex botnet is now capable of taking over unwitting email users’ accounts to bombard the masses with emails that threaten to publish personal sexual content on the web, social media, and to other email contacts unless they pay extortion money in the form of bitcoin.
A zero-day vulnerability found in Apple iTunes and iCloud was exploited by cybercriminals to infect Windows computers of an automotive company with the BitPaymer ransomware. It was found in the Bonjour component that iTunes and iCloud programs for Windows use to deliver software updates. The attack was reportedly not detected by antivirus solutions.
Cybersecurity and defense company Trend Micro recently launched its local managed XDR data center service in India to solve data sovereignty issue. The company announced the news at its own security event named CLOUDSEC India 2019, which gathered more than 750 business and technology leaders from the cybersecurity industry.
The extent with which 5G networks use software is one of the top security issues for mobile networks as well as devices and current technologies (for example, 3G, 4G) that use or incorporate it, according to an EU report supported by the European Commission and European Union Agency for Cybersecurity.
A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks. Trend Micro’s David Sancho, a senior threat researcher, discusses the wide accessibility of the malware.
Imperva recently revealed the primary cause of a breach that accidentally exposed customer data (which included email addresses, hashed & salted passwords, as well as TLS and API keys). It turned out to have been caused by a stolen Amazon Web Services (AWS) API key that was used to access a database snapshot containing the compromised data.
China is applying tougher cybersecurity standards more widely as of Dec. 1, requiring companies to open their networks and deploy government-approved equipment. The changes worry international organizations and underscore the difference between U.S. and Chinese approaches to cybersecurity.
The Winnti group used a previously undocumented and unreported backdoor named PortReuse to compromise a high-profile, Asia-based mobile hardware and software manufacturer, presumably as a jump-off point for launching supply chain attacks. This is what researchers at ESET found after an in-depth analysis of the Winnti group’s operations.
Reuters reports that the United States launched a "secret cyber operation" against Iran in September, following the alleged drone and missile attack by Iran on Saudi Arabian oil facilities. Unnamed officials told Reuters that the late-September cyberattack targeted Iran's "propaganda" infrastructure. The attack, one official said, affected physical hardware. But no further details were provided.
Over 2,000 Docker hosts have been infected by a worm that discreetly uses them to mine the Monero cryptocurrency. According to the researchers who discovered the malware variant, the worm searched for and infected exposed Docker Engines to spread the worm to, then queried its command-and-control (C&C) server to look for more vulnerable hosts, choosing at random from among the possible targets.
The so-called Cozy Bear hackers, who were revealed in 2016 to have infiltrated the DNC along with a group called Fancy Bear as part of a Russian-government sponsored attack on American democracy, have hacked the Washington, D.C., embassy of a European member state. The hackers also broke into computers at the ministries of foreign affairs of three European countries.
Do you know the signs of a jackpotting ATM attack? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.