• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   This Week in Security News

This Week in Security News

  • Posted on:September 15, 2017
  • Posted in:Current News, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

 

BankBot Found on Google Play Is Targeting Ten New UAE Banking Apps

The Android-targeting BankBot malware first surfaced January of this year, and is particularly risky because it disguises itself as legitimate banking apps. This newer BankBot variant targets banks based in 27 different countries and the total number of targeted apps has increased from 150 to 160.

Security Flaws Put Billions of Bluetooth IoT Devices at Risk

A set of eight separate vulnerabilities, known collectively as BlueBorne, affecting most Bluetooth-connected desktops, mobile and smart devices on the market has been revealed. The more serious flaws allow an attacker to gain control of affected devices and their data and steal sensitive business data. 

Hangul Word Processor and PostScript Abused Via Malicious Attachments

A fairly popular word processing application in South Korea, the Hangul Word Processor (HWP), and a branch of PostScript called Encapsulated PostScript are both being exploited in attacks involving malicious attachments. 

21 Million Users Fall Victim to Second Android Malware Attack

Google has fallen victim to another cyberattack affecting 21 million Android users from one malware system. The malware has been named ExpensiveWall, and at least 50 apps were infected after being collectively downloaded between 1 million and 4.2 million times. 

Equifax Hackers Used a Months-Old Apache Struts Vulnerability to Breach Its Servers

In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. Equifax’s confirmation comes after a report circulated last week blaming the same flaw. 

US Government Bans Agencies from Using Russian Cybersecurity Software over Spying Fears

The US government has banned federal agencies from using Russian security software, over concerns that it may be tied to state-sponsored espionage. Acting Homeland Security Secretary Elaine Duke has issued a directive given at least six federal agencies a timeline for removing the software. 

Trend Micro Released 2017 Midyear Security Roundup

Trend Micro released its 2017 Midyear Security Roundup detailing the most impactful headlines from the first half of 2017. The report outlines the attacks and trends witnessed this year, such as the WannaCry and Petya ransomware attacks, cyberpropaganda campaigns and the continued rise of BEC scams. 

Smart Buildings Require Full-Stack Cybersecurity

Today nearly every large enterprise or government facility has some level of “smart” functionality. This progress and convenience comes with increased risks as the controllers and IoT devices used in smart buildings typically run on legacy operating systems that have not been patched for years.

Microsoft Office Zero-Day Vulnerability Addressed in September Patch Tuesday

Microsoft’s monthly security bulletin addressed a zero-day vulnerability that exploits Microsoft Word. The vulnerability is exploited via the use of a spam email that prompts the user to open the attached Microsoft Office RTF document, and allows attackers to execute code on the target system remotely.

Does Face ID Make the iPhone X More Secure?

Face ID is one of the most attention-grabbing new features of the upcoming iPhone X, but there are serious questions about whether it can keep your device secure. Is Face ID more secure than a passcode? It depends who you ask.

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.

Related posts:

  1. This Week in Security News: Security and Privacy Issues
  2. This Week in Security News
  3. This Week in Security News: IIoT Threats and Malware Apps
  4. This Week in Security News: Gray Alerts and Wormable Malware

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.