Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the evolution of EDR to XDR (and why your CISO should care), stock trading app attacks and fake gambling apps. Also, read about how Instagram and the Heyyo dating app exposed its users’ data.
Will the evolution of EDR to XDR meet the challenges we are seeing today? In Trend Micro’s latest Simply Security blog, learn how XDR fills the gaps that EDR can’t, including malicious artifacts that are siloed or missed at the network, cloud and gateway – and why your CISO should care.
As the use of stock trading apps continues to rise and gain popularity, cybercriminals continue to create and leverage fake trading apps to steal users’ personal data. Trend Micro found and analyzed a fake stock trading app, which had a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio.
Another day, another security issue for the Facebook family of companies. This time out, an Instagram data leak was discovered, exposing hidden contact information including the real names of millions of Instagram users and their phone numbers.
Trend Micro found hundreds of fake apps on iOS and Google Play stores, many of which posed as seemingly normal gambling games and were controlled to appear innocuous. Leveraging a “switch” feature, threat actors set the apps to either show or hide the app’s actual content.
Researchers have tracked a problem that caused corruption to the file systems of macOS users to a bug in a Google Chrome update after users originally feared it was a problem with Avid Media Composer. Users scrambled to find a fix for the problem, and eventually Google took responsibility for the issue.
As more businesses take advantage of rapidly developing IoT (Internet of Things) technology and begin adoption for their network environments, the underlying concern for network and data security has grown. In this blog, read about the commonly used features and types of home devices currently on the market, their security risks and Trend Micro’s best practices to defend and mitigate against attacks.
The nonprofit group Open Privacy Research Society publicized in a press release that the confidential medical and personally identifiable information (PII) of patients across Vancouver, Canada, is being leaked through the paging systems of hospitals in the area. In this article, Trend Micro analyzes the security risks of pager technology.
Microsoft released two out-of-band security patches to address critical issues for Internet Explorer (IE) and Microsoft Defender. While no exploit has been reported, Microsoft stated that an IE zero-day scripting engine flaw has been observed in the wild and advised users to manually update their systems immediately.
Online dating app Heyyo has made the same mistake that thousands of companies have made before it — namely, it left a server exposed on the internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users, which is believed to be the app’s entire userbase.
Emotet malware expanded its campaign to bank on the popularity of former CIA contractor and NSA whistleblower Edward Snowden’s bestselling memoir. The cybercriminals behind the campaign sent spam emails containing a Microsoft Word document pretending to be a free “Permanent Record” copy, luring victims to open the malicious document containing Emotet.
Social engineering has proven to be a successful way for criminals to get inside your organization using the art of exploiting human psychology, rather than technical hacking techniques. This article breaks down various social engineering techniques and discusses five ways to defend your organization against social engineering.
Are you surprised that fake gambling apps are making it past Apple and Google Play app store reviews? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.