• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   This Week in Security News

This Week in Security News

  • Posted on:May 20, 2016
  • Posted in:Current News
  • Posted by:Christopher Budd (Global Threat Communications)
0

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

 

New Flash Vulnerability Shares Similarities with Older Pawn Storm Exploit

Earlier this week Adobe released a security advisory (APSA16-02) which disclosed that a critical vulnerability (CVE-2016-4117) was present in versions of Adobe Flash Player. Reports also said it was being exploited in the wild. A successful exploit could cause the targeted system to crash and potentially allow arbitrary code to run on the system, allowing an attacker to take control of it. Note that Adobe has released the patch on May 12. 

Ransomware is Fast Becoming the Scourge of IT Departments All Over the World

It’s risen over the past 12-24 months from a minor nuisance to a major threat – causing business disruption and damaging the brand and reputation of countless organizations. There’s no silver bullet for stopping this new malware threat. But take the time to put in place layered protection, coupled with other preventative measures, and you stand the best chance of mitigating the risk of infection. 

Flashlight App Spews Malicious Ads

Not all Android phones come with a built-in flashlight feature in its operating system. Users would have to download flashlight apps to have this utility on their phone. Chances are, these apps will come with updates and ads. Imagine that, flashlights with updates and ads. And while this may seem normal with how apps operate, one flashlight app that’s available in Google Play shows ads that goes beyond the annoying and tells users that their mobile unit is infected with malware. 

New Ransomware Goliath is Up for Sale in the Deep Web

Malware and computer forensics expert Lawrence Abrams has uncovered a site in the deep web a week ago advertising its ransomware-related products and services. The site, named “Hall of Ransom,” can be accessed through the Tor network and sells the Locky ransomware for $3,000. Locky infiltrates the system through a malicious macro in Microsoft Word document sent as email attachments to its victims. 

Chinese-Language Ransomware Makes an Appearance

Whenever a threat is “localized” to a specific region, it’s a sign that attackers believe there is money to be made. Ransomware has made millions of dollars around the world, and it looks like it’s poking its nose into a new part of the world: China. However, the initial foray into this market made several mistakes. We recently came across multiple samples of what appeared to be Chinese-language ransomware. We detect this as Ransom_SHUJIN.A.

Approximately 117 Million LinkedIn Emails and Passwords Have Been Hacked

A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users. The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach.

The Next Cyberattack Front Could Be Your Car

For the many folks concerned about cyberthieves hacking emails and stealing personal information from online accounts, here comes another worry: A cyberattack on your car – while you’re driving. That’s one of the threats outlined in a report on “Vehicle Cybersecurity” by the Government Accountability Office (GAO). The computerized gadgets that make late-model cars safer and more fun to drive also provide an entry for thieves, terrorists and thrill seeking geeks.

Anonymous Launches U.S. Government Cyberattack in Protest Against ‘Bathroom Bill’

A hacker affiliated with the notorious Anonymous collective has launched a series of cyberattacks against government portals in North Carolina to protest against the so-called ‘bathroom bill’ – which has been criticized by many as being anti-LGBT. The attacks were focused on a number of domains, including the main government portal (nc.gov) and the website of US governor Pat McCrory, who has been a vocal defendant of the controversial proposals. 

There’s New Cyberattack Evidence of a ‘Highly Adaptive Campaign Targeting Banks’

The SWIFT messaging network is used by banks to transmit instructions for money transfers around the world. But hackers utilized the network to steal $81 million from Bangladesh’s central bank in February. Now, SWIFT (an acronym for Society of Worldwide Interbank Financial Telecommunication) says a second bank was attacked. Forensic experts said the latest security breach is evidence that they’re facing “a wider and highly adaptive campaign targeting banks,” according to a statement from SWIFT. 

SEC Says Cybersecurity is the Biggest Risk to the Global Financial System

Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks. Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

U.S. Presidential Campaigns are Under Cyberattack

Cyber hackers — possibly working for foreign governments — are trying to infiltrate the Democratic and Republican presidential campaigns, a senior U.S. intelligence official said Wednesday. “We’ve already had some indications of that,” James Clapper, the director of national intelligence, said in Washington. During the 2008 presidential campaign, U.S. intelligence agencies traced massive cyberattacks to China. At that time, both the Democratic candidate, now-President Barack Obama, and his Republican rival John McCain, were targeted. 

One Hacker Cost British Airways £100,000 in His Cyberattack

A hacker cost British Airways £100,000 by taking down their website for an hour in a cyberattack, a court heard. Paul Dixon, 23, is also accused of disabling the websites of Durham Police, Police Scotland and video game retailer CeX. 

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. This Week in Security News
  2. This Week in Security News
  3. This Week in Security News
  4. This Week in Security News

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.