Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
In our 2016 security roundup report, A Record Year for Enterprise Threats, we talked about the vulnerability landscape during the year and what trends we saw. Trend Micro’s Zero Day Initiative (ZDI) discovered and responsibly disclosed 678 vulnerabilities in 2016.
It is unclear exactly who the target of this malicious app is. The account book app is designed with Japanese characters, but the app store itself is written in Mandarin Chinese. In addition, it was found in the App Store of multiple countries.
The US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data. When people are concerned about finances, it’s an opportunity for hackers to carry out phishing attacks or distribute malware and ransomware.
Researchers have discovered a well-intentioned debugging tool found in many versions of Microsoft Windows can be used maliciously to gain access to vulnerable antivirus programs, and weaponize them. “DoubleAgent attack” takes advantage of the Microsoft Application Verifier.
Hackers are attempting to extort Apple into paying $100,000 for the “recovery” of millions of iCloud accounts. The hackers have set an April 7th deadline for Apple to pay up. If Apple doesn’t, the criminals are threatening to reset the accounts and wipe devices connected to them.
The Twitter accounts of “Good Morning America,” ABC News, and GMA Pop News were hacked early Thursday. A series of profanity-laden posts appeared on the accounts. The identity of the hackers was not known, though one suggested to ABC News that it should secure its account.
Ransomware attacks are now incredibly sophisticated and occurring with increasing frequency. In fact, many called 2016 “the year of ransomware,” and for good reason: Trend Micro found there were 752 percent more new ransomware families discovered compared to 2015.
Sometimes, your data protection tools may actually be providing a false sense of security. A Venafi survey of 500 CIOs found that they were wasting millions of dollars on cybersecurity solutions that couldn’t differentiate between malicious and authorized keys and certificates.
If you’ve ever bought anything online, checked your bank accounts through the app, or logged on to your favorite social media network, you’ve used a technology called SSL/TLS. The S in HTTPS. SSL/TLS is the technology used to encrypt the communication between your browser and the site you’re visiting.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.