• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   This Week in Security News: Trend Micro Acquires Cloud Conformity and Apple Removes Malicious iOS Apps from App Store

This Week in Security News: Trend Micro Acquires Cloud Conformity and Apple Removes Malicious iOS Apps from App Store

  • Posted on:October 25, 2019
  • Posted in:Current News, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s recent acquisition of Cloud Conformity. Also, read about a fake photo editing app on Google Play and the 17 malicious iOS apps removed from Apple’s app store.

Read on:

Trend Micro Acquires Cloud Conformity

Trend Micro recently acquired Cloud Conformity, an innovative Cloud Security Posture Management (CSPM) company. The acquisition instantly broadens the cloud services Trend Micro can secure and resolves often overlooked security issues caused by cloud infrastructure misconfiguration. Hear our VP of cybersecurity, Greg Young, explain the specific benefits of this acquisition for developers in this vlog.

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing

Despite Google’s recent updated permission requests in Android applications restricting access to SMS and CALL Log permissions, Trend Micro recently found an app on Google Play named “Yellow Camera” that poses as a photo editing app. The app is embedded with a routine that reads SMS verification codes from the system notifications and in turn activates a Wireless Application Protocol (WAP) billing.

Apple Removes 17 Malicious iOS Apps from App Store

Researchers have uncovered 17 apps on Apple’s official App Store infected with malware. Apple has since removed the apps from the App Store – but a “significant” number of iOS users could have installed them, researchers said.

The Shared Responsibility Model

Security in the cloud works using the Shared Responsibility Model. Mark Nunnikhoven, vice president of cloud research, shares how this model dictates who is responsible for any operational task in the cloud, and how the number one threat in the cloud today is service misconfigurations, which often arise when there’s a misunderstanding of who is responsible for an area of responsibility.

Sodinokibi Ransomware Gang Appears to Be Making a Killing

The Sodinokibi ransomware-as-a-service operation appears to be making a killing, with proceeds flowing both to the gang behind the malware as well as dozens of affiliates.

The Cloud: What It Is and What It’s For

From powering video streaming, web-based apps, customer relationship management (CRM) systems, mobile banking, inventory, and big data analyses, the cloud is helping empower businesses of all sizes to focus on innovation rather than infrastructure. This blog from Trend Micro discusses the ins and outs of cloud computing and how it’s changing the way we work.

Chrome and Firefox Will Now Alert You About Data Breaches Involving Your Accounts

Mozilla has launched Firefox 70 for Windows, Mac, and Linux with new features such as social tracking protection, a Privacy Protections report, and a native data breach notification service for your saved logins.

Alexa and Google Home Devices can be Abused to Phish and Eavesdrop on Users, Research Finds

Researchers at Security Research Labs (SRL) demonstrated how applications (called Skills in Amazon Alexa and Actions on Google Home) can be used to exploit security issues in the way certain device functions are operated through the apps. To show how threat actors can eavesdrop on the device’s owners, the researchers used a variation of the techniques used to steal data.

Ransomware Cripples German Automation Company, BEC Operators Arrested in Spain

Trend Micro report covers two noteworthy incidents that took place in Europe: a ransomware attack crippling a German automation company and business email compromise (BEC) operators getting arrested in Spain.

FTC Bars Company from Selling “Stalking” Apps

The Federal Trade Commission said it barred the developer of three “stalking” apps from selling the products until the company can ensure they’re used legally. Software maker Retina-X Studio market apps used to monitor employees and children. But federal regulators said the apps, called MobileSpy, PhoneSheriff and Teen Shield, were often installed by hackers without users’ knowledge or consent.

European International Airport Workstations Infected with Persistent Anti-CoinMiner Malware

XMRig cryptocurrency miner malware has been found running in more than half of the workstations in a European international airport, despite having an industry-standard anti-virus installed. Reports said Cyberbit discovered the campaign running in the background while undergoing a standard installation of an endpoint product.

The Banking and Finance Industry Under Cybercriminal Siege: An Overview

The need for 24/7-connected smart devices has driven the banking and finance industry to adapt, especially with the wider adoption of the internet of things (IoT) among businesses and users. In this analysis, Trend Micro discusses the evolving attacks and threats that cybercriminals use to compromise financial companies, their third-party partners and suppliers, and their customers.

Underground Intrusion Specialists Team Up with Ransomware Groups

A new report highlights how “access-as-a-service” providers and ransomware groups have come together to compromise and victimize targets. Trend Micro shares best practices for organizations to implement to protect against these attacks in its recent blog.

Trend Micro Picks Up Cloud Conformity for $70 Million

As part of the acquisition, all Cloud Conformity staff will join the company, Trend Micro confirmed. The company added that existing Cloud Conformity customers will further grow Trend Micro’s current 16,000 hybrid cloud customer base. Trend Micro has also made Cloud Conformity immediately available to its customers.

Putting the Eternal in EternalBlue: Mapping the Use of the Infamous Exploit

In 2017, EternalBlue was the driving force behind one of the nastiest ransomware outbreaks on record. And despite available fixes, it is still being used by malware today—from ransomware to widespread cryptocurrency miners. Learn about EternalBlue activity over the past two years in Trend Micro’s recent analysis.

How to Get the Most Out of AWS re:Invent 2019

More than 50,000 people attended last year’s conference, and, undoubtedly, more will attend AWS re:Invent 2019. But a little preparation can go a long way to ensure you pack in as many of the sessions and meetings as possible. Mark Nunnikhoven, vice president of cloud research, shares his recommendation on how to make the most of time spent at the conference.

Bug Bountie$ = Patches (How?)

In this episode of The SecureWorld Sessions, we hear from Brian Gorenc who runs the Zero Day Initiative (ZDI), which is the largest vendor agnostic bug bounty program in the world. Gorenc discusses the process of how security vulnerabilities are discovered, reported, and fixed.

Surprised by the sudden influx of fake and malicious mobile apps posing as legit apps? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Related posts:

  1. Trend Micro Acquires Cloud Conformity
  2. This Week in Security News: Fake Apps & Malicious Bots
  3. This Week in Security News: Trend Micro Unveils New Cloud Security Platform and Thousands of Disney+ Accounts are Compromised
  4. This Week in Security News: IIoT Threats and Malware Apps

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.