This Week in Security News - March 19, 2021
Joker’s Latest Ploy and NFT Digital Art Is Already Attracting Hackers
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about how some users of digital art marketplace Nifty Gateway reported that their entire accounts of non-fungible tokens (NFTs, or “nifities”) were stolen. Also, learn about the Joker malware’s new malicious Android apps.
Read on:
NFT Digital Art is Already Attracting Hackers
Users of the digital art marketplace Nifty Gateway reported their entire accounts of digital certificates of authenticity for digital assets — known as non-fungible tokens (NFTs or “nifities”) — were drained over the weekend. But even after changing their passwords, some users said the hackers weren’t kicked out of their accounts. Some reported that the digital assets stolen from their accounts were then sold on the chat application Discord or on Twitter.
No Laughing Matter: Joker's Latest Ploy
Trend Micro found several new apps involving Joker, a persistent malware that subscribes unsuspecting mobile users to premium services without their consent. Joker’s operators use GitHub to hide its payload; changes in the malware’s code such as this one serve as evasion techniques to sneak new variants into Google Play, despite Google’s consistent measures to clamp down on these apps. We suspect that these apps are part of not only isolated attacks, but an entire threat campaign.
Nuffield Health Depends on Managed XDR With Trend Micro Vision One
Trend Micro is helping leading healthcare charity Nuffield Health securely meet the needs of their customers with an accelerated time to threat detection and response and maximized in-house IT productivity. They are one of many organizations globally that are successfully using the new Trend Micro Vision One platform.
Cloud One – Conformity Rules Support Amazon ECS Exec
Building in containers offers amazing benefits for development teams – speed, agility, flexibility, scalability, etc., though orchestrating containers at scale can be difficult, unmanageable or impractical for your infrastructure team. AWS has made a simple way for Amazon ECS customers to execute commands in a container running on Amazon EC2 instances or AWS Fargate. This functionality now applies to both Amazon ECS EC2 and Amazon ECS Fargate.
Hutchison’s Wind Tre Unit Reports Suspected Cyber Incident
CK Hutchison Holdings Ltd.’s Italian unit Wind Tre SpA, the country’s third largest phone company, reported a suspected security threat in some of its workstations, according to an internal memo seen by Bloomberg. Federico Maggi, senior researcher at Trend Micro, commented in the article with cybersecurity recommendations.
Trend Micro + ROS-I: Building a More Secure Future
Trend Micro joins ROS-I Consortium to help accelerate the secure development of robotic Industry 4.0 applications. As an associate member of the consortium, Trend Micro will now be able to participate in technical and strategic projects and help shape the ROS-I roadmap.
Mimecast: SolarWinds Attackers Stole Source Code
Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company.
The email security firm initially reported that a certificate compromise in January was part of the sprawling SolarWinds supply-chain attack that also hit Microsoft, FireEye and several U.S. government agencies.
Honda Unveils First Self-Driving Car with Level 3 Autonomy
Automotive giant Honda Motor launched its latest car, featuring the world’s first certified level 3 autonomous driving technology. Legend, a luxury sedan operating without a driver under certain conditions, has a Traffic Jam Pilot system. Through data from high-definition mapping and external sensors, it automatically speeds up, slows down, and steers while monitoring Legend’s surroundings.
18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack
A Florida teen accused of masterminding one of Twitter’s biggest security lapses in its history, pled guilty to fraud charges in exchange for a three-year prison sentence. The development comes after the U.S. Department of Justice (DoJ) charged the attackers with conspiracy to commit wire fraud and money laundering after hijacking nearly 130 high-profile Twitter accounts pertaining to politicians, celebrities, and musicians.
CrowdStrike, Trend Micro Face Off on XDR
The battle over best-of-breed security versus a platform approach has officially made its way to the industry’s favorite new acronym: XDR. The ongoing debate will undoubtedly continue playing out on the blogosphere, and recently it reached a fever pitch between CrowdStrike and Trend Micro.
What are your thoughts on the future security of NFTs? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.