• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   This Week in Security News: Spam Campaigns and Mobile Malware

This Week in Security News: Spam Campaigns and Mobile Malware

  • Posted on:July 19, 2019
  • Posted in:Current News, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0
week in security

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a mobile malware that infects Android devices by exploiting the vulnerabilities found within the operating system. Also, read about a recent spam campaign that targets entities using a disposable email address service for its command and control server.

iOS URL Scheme Susceptible to Hijacking

Abuse of Apple’s URL Scheme, a feature that allows developers to launch apps on an iOS device through URLs, can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads and more.

Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

Trend Micro observed a recent spam campaign that targets Colombian entities using YOPmail, a disposable email address service, for its command and control server (C&C). The payload, written in Visual Basic 6, is a customized version of a remote access tool called “Proyecto RAT.”

 Trend Micro’s Deep Security as a Service Now Available on the Microsoft Azure Marketplace

Trend Micro announced the availability of its cloud solution Deep Security as a Service on the Microsoft Azure Marketplace, enabling organizations to combine the benefits of security software-as-a-service with the convenience of consolidated cloud billing and usage-based, metered pricing.

SLUB Gets Rid of GitHub, Intensifies Slack Use

Trend Micro discovered a new version of the SLUB malware that has stopped using GitHub to communicate, heavily using Slack instead via two free workspaces that Slack has since shut down.

Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks

Trend Micro observed that a Jenkins user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e. the main Jenkins server), a setup enabled by default.

 FTC Approves Roughly $5 Billion Facebook Settlement

The Federal Trade Commission has endorsed a roughly $5 billion settlement with Facebook over a long-running probe into the tech giant’s privacy violations such as the Cambridge Analytica scandal, causing immediate concern from some politicians.

 GandCrab Threat Actors Possibly Behind Sodinokibi Ransomware

Various security researchers reported that the ransomware-as-a-service (RaaS) threat actors behind GandCrab might be responsible for releasing a more advanced ransomware variant called Sodinokibi.

Agent Smith Malware Infecting Android Apps, Devices for Adware

Agent Smith, a new kind of mobile malware, has been found infecting Android devices by exploiting the vulnerabilities found within the operating system (OS) to replace installed apps with malicious versions without the user knowing.

 Sprint Says Hackers Breached Customer Accounts Via Samsung Website

US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com “add a line” website, giving them access to personal information such as phone numbers, account numbers, billing addresses and more.

Report: Average BEC Attacks Per Month Increased by 120% from 2016 to 2018

According to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the total amount that cybercriminals attempted to steal via business email compromise (BEC) scams rose to an average of $301 million per month — a substantial increase from the $110 million monthly average in 2016.

U.S. Mayors Take Stand Against Ransomware Payments

As ransomware becomes an increasing problem for local governments with 22 attacks in 2019 alone, U.S. mayors took a firm stand against paying ransom to hackers in their resolutions at the U.S. Conference of Mayors.

 Another 2.2 Million Patients Affected by AMCA Data Breach

Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, and other personal information stolen because of the AMCA data breach.

Fake Invoices Used by BEC Scammers to Defraud Griffin City, Georgia of Over US$800,000

The government of the City of Griffin, Georgia lost over $800,000 to a business email compromise (BEC) scam when BEC operators posed as its vendor P.F. Moon to reroute funds in two separate transactions to a fraudulent bank account.

Cloud-Based IoT Solutions: Responding to Traditional Limits and Security Concerns

In the face of challenges brought about by the expansion of the Internet of Things (IoT) – a trend that is expected to be amplified in the 5G era – many organizations have turned to cloud-based IoT solutions that can respond to organizations’ needs when it comes to integration, processing, scalability and security.

Were you surprised by the increase in business email compromise attempts from 2016 to 2018? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Related posts:

  1. This Week in Security News: Spam Campaigns and Vulnerable Infrastructures
  2. This Week in Security News: Spam Campaigns and Cryptocurrency Miners
  3. This Week in Security News: Cyberespionage Campaigns and Botnet Malware
  4. This Week in Security News: Banking Malware and Phishing Campaigns

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.