Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about the latest security patches from Microsoft as part of May Patch Tuesday. Also, learn more about the Russian hacking group called DarkSide that was behind the recent Colonial Pipeline cyberattack.
Compared to the previous months of 2021, May’s Patch Tuesday cycle is a slight lull. Only 55 vulnerabilities were fixed this month, with only four of these classified as Critical. One fell under the rarely used Moderate category, while the remaining 50 were classified as Important. A significant number of these vulnerabilities — 13 in total — were submitted via the Zero Day Initiative (ZDI).
The FBI confirmed that Russian hacking group DarkSide was behind a recent cyberattack that shut down the largest fuel pipeline in the US. DarkSide is a private, for-profit criminal organization that operates under the benign neglect of Russian authorities. DarkSide reserves its mischief for Russia’s geopolitical rivals—companies based in the US and western Europe—and Russian authorities don’t interfere with its work.
Datacenter managers should evaluate their protections against physical threats and consider the associated risk to their data and business operations. Many organizations are undergoing a digital transformation, shifting from on-premises environment hosting to multi-cloud hosting. The use of multiple public and private clouds will help mitigate the risk of outage disruptions pending the use of proper configuration for fail over and redundancy.
Developers of the malicious downloader Buer have taken the unusual step of rewriting the malware in a lesser-known Rust programming language, presumably to avoid detection while also potentially slowing down investigative analysis. Nikko Tamaña, threat analyst at Trend Micro, said that malware written in uncommonly used languages could pose challenges to attempts at investigative analysis – at least at first until security professionals adjust to new quirks.
Ransomware attacks have gone through many iterations and we are now seeing the 4th phase with quadruple extortion. Ransomware will continue to be used in the future, and as such organizations need to take the time to put in place an incident response plan focused on the new model of ransomware attacks.
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met.
Open-source code is the gateway to quick application deployment; however, it is not immune to vulnerabilities. Open-source code with security bugs, or even intentional malware, can be unknowingly pasted into your apps and infrastructure and lead to costly data breaches. In this blog, learn about how Trend Micro and Snyk have partnered up to create developer-friendly security for open-source components.
Apple stopped nearly 1 million risky or vulnerable apps from being included in the App Store in 2020 as part of efforts to protect users from being manipulated. According to a blog post from Apple, 48,000 of those rejections were executed due to the apps containing hidden or undocumented features, while more than 150,000 apps were rejected because they were found to be spam, copycats, or misleading to users.
On May 7, a ransomware attack forced Colonial Pipeline, a company responsible for nearly half the fuel supply for the US East Coast, to proactively shut down operations. Stores have been so heavily affected that the Federal Motor Carrier Safety Administration (FMCSA) declared a state of emergency in 18 states to help with the shortages. Trend Micro Research found dozens of DarkSide ransomware samples in the wild and investigated how the ransomware operates.
The new Trend Micro Cloud One – Open Source Security by Snyk platform enables DevOps teams to both identify vulnerabilities and licensing issues to better monitor, prioritize and share information about risk and exposure rates within application development projects. In this article, Trend Micro’s COO, Kevin Simzer, shares that the SaaS platform provides a unified approach that combines six services within a single subscription.
In the final blog of our four-part series on the dilemma of smart factories, Trend Micro considers what risk mitigation measures each industrial robot manufacturer, integrator and user should take, and presents from a short-term to long-term perspective how to overcome factory-specific issues and implement security.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute for Standards and Technology (NIST) recently published new guidelines for defending against software supply chain attacks. The guideline provides an overview of software supply chain risk and how vendors and customers can identify and assess risks using the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF).
Digital transformation (DX) has been beneficial for many organizations in various industries, especially the manufacturing industry. This newly published whitepaper from Trend Micro explores industrial DX, the technologies used to aid this strategy, the accompanying cybersecurity challenges, and best practices on how stakeholders can collaborate to achieve business goals while mitigating cybersecurity risks.
What are your thoughts on the DarkSide ransomware attack on the Colonial Pipeline? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.