This Week in Security News - Feb, 26, 2021
Trend Micro 2020 Annual Cybersecurity Report and More Than 6,700 VMware Servers Exposed Online and Vulnerable to Major New Bug
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week read Trend Micro’s annual cybersecurity roundup report to learn the most notable and crucial security concerns that emerged and persisted in 2020. Also, learn how more than 6,700 VMware vCenter servers are currently exposed online and vulnerable.
Read on:
Security Risks for Audio-centric Social Media Apps
The use of audio-only social media apps such as ClubHouse, Riffr, Listen, Audlist, and HearMeOut has been steadily capturing the interest of more and more users over the recent years. But just like any other technology, apps like these are not immune from security risks. In this blog, Trend Micro demonstrates and outlines these risks by analyzing these apps.
10K Microsoft Email Users Hit in FedEx Phishing Attack
Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers – including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials. They also used phishing pages hosted on legitimate domains, including those from Quip and Google Firebase – allowing the emails to slip by security filters built to block known bad links.
An Analysis of the Nefilim Ransomware
Nefilim is among the notable ransomware variants that use double extortion tactics in their campaigns. First discovered in March 2020, Nefilim threatens to release victims’ stolen data to coerce them into paying the ransom. Aside from its use of this tactic, another notable characteristic of Nefilim is its similarity to Nemty; in fact, it is believed to be an evolved version of the older ransomware.
119,000 Threats Per Minute Detected in 2020
The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. That averages out 119,000 cyber-threats per minute. Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.
Gauging LoRaWAN Communication Security with LoraPWN
LoRaWAN technology allows organizations to deploy IoT solutions at a much lower cost than existing cellular infrastructure solutions. Because of this, enterprises and smart cities around the world have started using LoRaWAN in their operations. In part two of its series on LoRaWAN, Trend Micro discusses the security of LoRaWAN communication and possible attacks on vulnerabilities.
These Four New Hacking Groups Are Targeting Critical Infrastructure, Warns Security Company
More hacking groups than ever before are targeting industrial environments as cyber attackers attempt to infiltrate the networks of companies providing vital services, including electric power, water, oil and gas, and manufacturing. According to cybersecurity researchers at Dragos, four new hacking groups targeting industrial systems have been detected over the past year.
A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report
For cybercriminals, 2020 afforded a mother lode of opportunities for malicious activities. They took advantage of major events in their schemes to turn in illicit profit. Looking back at a most unprecedented year, Trend Micro’s annual cybersecurity report surveys the most notable and crucial security concerns that emerged and persisted in 2020 and provides users and organizations with insights into how they can navigate a drastically changing threat landscape.
Ukraine Says Russian Hackers Attack Web-Based State Document System
Ukraine accused an unnamed group of Russian hackers on Wednesday of trying to disseminate malicious documents through a web-based system on which government documents are circulated but did not say whether any damage was caused. The aim of the attack was to contaminate information resources on the System of Electronic Interaction of Executive Bodies, Ukraine’s National Security and Defence Council said in a statement.
Android Users Now Have an Easy Way to Check the Security of Their Passwords
Google is adding its password checkup feature to Android, making the mobile OS the latest company offering to give users an easy way to check if the passcodes they’re using have been compromised. Password Checkup works by checking credentials entered into apps against a list of billions of credentials compromised in the innumerable website breaches that have occurred in recent years.
More Than 6,700 VMware Servers Exposed Online and Vulnerable to Major New Bug
More than 6,700 VMware vCenter servers are currently exposed online and vulnerable to a new attack that can allow hackers to take over unpatched devices and effectively take over companies' entire networks. Scans for VMware vCenter devices are currently underway, according to threat intelligence firm Bad Packets.
Here We Go Again with “Next-Gen”
XDR is a significant evolution in the cybersecurity solution market and has potential for great customer return. As an XDR solution provider itself, Trend Micro is glad to see other providers increasingly validating the space by recognizing the need to move beyond EDR (endpoint detection and response).
Trend Micro is also seeing that the differentiators and the value-drivers for XDR in the market are nuanced claims when it comes to the technology details.
What do you think was the most surprising cybersecurity event of 2020? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.