Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read how the Zero Day Initiative (ZDI) has awarded more than $25 million in bounty rewards to security researchers over the past decade and a half as it celebrates its 15th birthday. Also, learn about a new data breach from Experian affecting 24 million customers in South Africa.
Bug bounty platform pioneer Zero-Day Initiative (ZDI) awarded more than $25 million in bounty rewards to security researchers over the past decade and a half. In an anniversary post celebrating its 15-year-old birthday, ZDI said the bounty rewards represent payments to more than 10,000 security researchers for more than 7,500 successful bug submissions.
Leading consumer credit reporting agency Experian is in news again for a data breach. This week, a fraudster contacted the agency posing as a representative of a ‘legitimate client’ and obtained personal details of its South African customers. The company notes that it is an ‘isolated incident in South Africa involving a fraudulent data inquiry.’
Benny Yazdanpanahi, CIO for the City of Tyler, knows that a highly secure IT environment is essential to the city’s continued success. To accomplish their security goals with limited resources and staff, Tyler’s leaders have been collaborating with Trend Micro for several years. Read this blog to learn more about how Trend Micro has strengthened the city’s security posture and empowers the IT team to focus on serving the community.
Greg Young, vice president of cybersecurity at Trend Micro, joins BNN Bloomberg to discuss his take on the Canada Revenue Agency (CRA) attack and Trend Micro’s new report on security risks for remote working since the pandemic lockdown. Watch the video to learn more.
With more people relying on connected car technologies for safety, accessibility, and infotainment—and with connected cars producing up to 30 terabytes of data each day—it’s important to keep connected cars protected against a range of ever-evolving risks and threats. Trend Micro’s recent research paper offers an examination of the cybersecurity blind spots of connected cars to help developers and manufacturers create secure and smart vehicles.
In this blog, Trend Micro discusses the security pitfalls that developers might face when shifting to gRPC and implementing gRPC in their projects. Because secure gRPC APIs play a pivotal role in overall application security, Trend Micro provides recommendations on how to protect gRPC implementations from threats and mitigate against risks.
Virtually all security professionals believe that human error could put the security of cloud data at risk, according to new research published this week. A survey commissioned by Tripwire and carried out last month by Dimensional Research found that 93% of security professionals were concerned that human error could result in the accidental exposure of their cloud data.
Trend Micro has observed an increase in the number of compromised Facebook pages of influential personalities since June. Through an analysis of the surge, we found fake Facebook accounts posting notification messages on pages allegedly hacked with an attached link. The fake accounts also steal the owner or admins’ credentials to sell the page, change the details and name, and/or disguise the page to make another phishing account.
Increased adoption of containers has given rise to a range of potential threats to DevOps pipelines. Many of the attacks Trend Micro observed involved the abuse of container images to carry out malicious functionalities. For Docker-related threats, Trend Micro recently encountered an attack where the threat actor uploaded two malicious images to Docker Hub for cryptocurrency mining.
Hackers locked down several servers used by the epidemiology and biostatistics department at the University of California at San Francisco and wanted a $3 million ransom to give them the keys. Transcripts reveal University of California at San Francisco’s weeklong negotiation to free its ransomware-locked servers. The haggling worked, sort of.
In the past few weeks, Trend Micro has spotted notable developments for different types of threats. For ransomware, a new family named Darkside surfaced, while operators behind Crysis/Dharma released a hacking toolkit. For messaging threats, a targeted email campaign was used to propagate Negasteal/Agent Tesla. For fileless threats, a coinminer was seen bundled with legitimate applications.
New methods for detecting threats using AI challenges the need for human input and involves end-to-end deep learning solutions, which are being touted as the next big thing in malware detection. In the pipeline of such solutions, expert handcrafted input is replaced with ones provided by automated processes. The absence of expert handcrafted input gives rise to the question of whether human input is still relevant in the process of developing an efficient AI-powered cybersecurity solution.
At Black Hat USA 2020, Trend Micro presented two important talks on vulnerabilities in Industrial IoT (IIoT). The first discussed weaknesses in proprietary languages used by industrial robots, and the second talked about vulnerabilities in protocol gateways. Any organization using robots, and any organization running a multi-vendor OT environment, should be aware of these attack surfaces. In this blog, find a summary of the key points from each talk.
Have you seen an uptick in hacked Facebook pages recently? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.