This Week in Security News - April 9, 2021
Microsoft Teams and Zoom Hacked In $1 Million Competition and Preventing Ransomware While Working from Home
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn how Microsoft Teams and Zoom were exposed as vulnerable by hackers taking part in Trend Micro Zero Day Initiative’s annual Pwn2Own competition. Also, read about preventing ransomware while working from home.
Read on:
Microsoft Teams and Zoom Hacked In $1 Million Competition
Both Microsoft Teams and Zoom have been exposed as vulnerable by benevolent hackers taking part in Trend Micro’s Zero Day Initiative annual Pwn2Own competition. The hacks, which won the contestants a joint $400,000 in a competition that’s now doled out more than $1 million in prizes, show it’s possible to target the hugely popular videoconferencing tools to take control of a users’ PC.
Return to Sender: Preventing Ransomware While Working from Home
The sudden change in working setups has forced many employees to set up makeshift offices using unsecured home networks and shared spaces. This leaves home workers more susceptible to threats like ransomware. In this article, Trend Micro provides home workers with an overview of how ransomware attacks work, sharing actionable insight on weak points in home setups.
As Ransomware Stalks the Manufacturing Sector, Victims Are Still Keeping Quiet
Cyberattacks have become an increasing concern for manufacturers. Many ransomware victims, across different sectors, remain reluctant to discuss their experiences for fear of losing clients or admitting that they paid criminals to recover their data. However, William Malik, VP of infrastructure strategies at Trend Micro, said transparency is important in the face of cyberthreats.
The Nightmares of Patch Management: The Status Quo and Beyond
As the value of data increases together with continuous discoveries about what can be done with it, the number of targeted attacks and threats that abuse vulnerabilities in systems has also increased. Patching and tracking updates for risk mitigation has become a daunting task for administrators and IT teams, especially since this is only a small part of their everyday tasks in an already thinly distributed team.
New Wormable Android Malware Poses as Netflix to Hijack WhatsApp Sessions
A new wormable variant of Android malware has been discovered in an app on the Google Play store. The malicious software, dubbed "FlixOnline", disguises itself as a legitimate Netflix application and appears to focus on targeting the WhatsApp messaging application.
WEF Releases the Principles for Board Governance of Cyber Risk, in Partnership with NACD and ISA
The World Economic Forum (WEF), in cooperation with the National Association of Corporate Directors (NACD) and the Internet Security Association (ISA), has published the Principles for Board Governance of Cyber Risk: six principles for cybersecurity board governance. The document presents principles that are vital steps for board of directors to enhance their organization’s cyber governance, leading to a more cyber-resilient business.
Attackers Actively Seeking, Exploiting Vulnerable SAP Applications
Threat actors are actively exploiting unpatched vulnerabilities in SAP applications, including in mission-critical environments such as enterprise resource planning (ERP), supply chain management (SCM), product life cycle management (PLM), and customer relationship management (CRM). A new CISA advisory urges SAP customers to apply necessary security patches and updates.
The State of Industrial Cybersecurity (Part 2)
This blog is the second part in a three-part series that explains the results of Trend Micro’s latest survey about industrial cybersecurity. Findings reveal that most factories have already implemented technical cybersecurity measures and understand the importance of process alongside technology, but few are involved in both IT and OT.
Conti Ransomware Gang Demanded $40m from US School District
Broward County Public Schools, the nation’s sixth-largest school district, has experienced a ransomware attack with a demand of $40 million. The Conti ransomware gang threatened to encrypt and erase the files containing the personal data of students and employees and post the details online. The gang also posted screenshots of its online negotiations with the district to its site on the dark web.
Pwn2Own 2021 – Schedule and Live Results
This year’s Pwn2Own event is shaping up to be one of the largest in Pwn2Own history, with 23 separate entries targeting 10 different products in the categories of Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and - our newest category - Enterprise Communications. Follow along on this blog to view daily updates, watch live and view upcoming schedules.
The Extortion Economy: Inside the Shadowy World of Ransomware Payouts
In 2020, the total amount paid by ransomware victims increased by 311% to reach nearly $350 million worth of cryptocurrency. In this article, CNBC digs into a rare and exclusive look inside a shadowy world where American companies find themselves paying millions of dollars to known criminals.
What are your thoughts on this year’s Pwn2Own competition? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.