This Week in Security News: Trend Micro Announces Cloud One – Application Security and New US IoT Law Aims to Improve Edge Device Security
This week, learn about Trend Micro’s latest cloud security offering, Cloud One – Application Security. Also, read about the new IoT law passed in the U.S. to help ward off advanced threats and provide greater security in IoT devices.
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s latest cloud security offering, Cloud One – Application Security. Also, read about the new IoT law passed in the U.S. to help ward off advanced threats and provide greater security in IoT devices.
Trend Micro announced the availability of its Trend Micro Cloud One – Application Security, a cloud native security solution for modern applications and APIs. Delivered as part of its industry-leading platform, Cloud One – Application Security provides code-level visibility and protection against the latest cyber threats.
The Internet of Things (IoT) Cybersecurity Improvement Act, passed by the House of Representatives in September and unanimously approved by the Senate last week, is a step toward warding off advanced threats and providing greater security in IoT devices. The act aims to create “standards and guidelines” for the federal government to follow with the hopes that the requirements also make their way into private sector manufacturing.
With 85% of businesses worldwide using the cloud, it has proven its imperative value, especially during the onslaught of the COVID-19 pandemic when remote work and reliance on the cloud for automation and scalability is the norm. After migrating to the cloud, enterprises need to be aware of the visibility-related challenges and security risks associated with it. In this blog, Trend Micro shares security recommendations for organizations to ensure stable security practices in a cloud-first world.
A grand jury in California's Santa Clara County has indicted Thomas Moyer, Apple's head of global security, for bribery. Moyer is accused of offering 200 iPads to the Santa County Sheriff's office in exchange for concealed carry permits for four Apple employees.
In this blog, Trend Micro researchers walk through a recent investigation that involved trojanized open-source software, which is tricky to spot because it takes on the façade of legitimate, non-malicious software, making it especially stealthy and useful for targeted attacks. However, a closer investigation can reveal suspicious behavior that exposes their malicious intent.
Security firm Greynoise found that multiple threat actors, while drawing little attention to themselves, have spent the past two to three years mass-scanning the internet for ENV (environment) files that were accidentally uploaded and left exposed on web servers. Frameworks like Docker, Node.js, Symfony, and Django use ENV files to store environment variables such as API tokens, passwords and database logins.
With the constant evolution of shell scripts and Linux-based malicious backdoors and agents, it’s not surprising that the creators of Kinsing have kept in step. In this blog post Trend Micro researchers discuss the malware variant’s current capabilities, including the addition of features intended to make it more difficult to detect in infected machines.
This article lists the known malware strains that have been used over the past two years to install ransomware, all of which should serve as a "code red" moment for any organization. Once any of these malware strains are detected, system administrators should drop everything, take systems offline, and audit and remove the malware as a top priority.
While cyberattacks that threaten smart factories cannot be ignored, it can be a struggle to decipher which security method is sufficient within your organization’s specific system, as well as where to start. To design a secure system, risk assessment is required. This new white paper is intended to simulate risk assessment practices using an example of a fictitious smart factory. The risk assessment described in this document aims to assess and prioritize the risks of the entire smart factory environment, including IT.
In a data breach notice to affected users, events application Peatix said it learned that user account data had been improperly accessed. Upon further investigation, they found that usernames, email addresses, salted and hashed passwords, nicknames, preferred languages, countries and time zones had been compromised. It’s unclear how many of its 5 million user base were affected or how the breach happened. Not long after the breach occurred, the compromised data was spotted on ads posted on Instagram stories, Telegram channels and various hacking forums.
Cybercriminals have recently been focusing their efforts on the retail industry, launching ransomware-based attacks that could prove disastrous for businesses if it disrupts their operations during important shopping seasons. A ransomware attack on a retailer could mean thousands of lost sales opportunities in the short-term, and serious damage to reputation in the long-term. Perception of an “unsafe” business could turn customers towards competitors who can offer a better and more secure shopping experience.
What are your thoughts on the ransomware attacks on retailers as we approach the busiest times of the year for retailers, including Black Friday, Cyber Monday and the holiday season? Share them in the comments below or follow me on Twitter to continue the conversation: @JonLClay.