Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
BadRabbit spreads via fake Adobe Flash updates, tricking users into clicking the malware by falsely alerting the user that their Flash player requires an update. Check out Trend Micro’s recommendations to ensure you’re protected from BadRabbit.
The spread of hidden code that hijacks computing power to mine for cryptocurrencies is spreading even further, as security researchers have discovered hidden cryptomining code in Android apps listed on the Google Play store.
A hacking group is carrying out a series of cyberattacks against banks and financial institutions around the world, deploying Trojan malware to gain entry into networks. The attackers are capable obtaining all the information they need to sneak around bank networks and make off with stolen funds.
Hilton Hotels has been hit with a $700,000 fine in the US, in the wake of two separate credit card data breaches. The POS attacks saw more than 363,000 payment cards impacted—but the hotel giant waited more than nine months after the first breach, and more than three months after the second to notify customers.
On the first day of the Mobile Pwn2Own 2017 hacking competition in Tokyo, security researchers demonstrated new zero-day attacks against fully patched mobile devices. Three of the five successful exploits were made against Apple devices, including two browser exploits against Safari and one WiFi exploit.
Captcha is that irritating thing where you have to type in two words on the screen to prove you’re not a robot. The Recursive Cortical Network (RCN) has now learned to crack Captcha used on major sites including Google, Yahoo, PayPal, and the Captcha website with up to 90 percent accuracy.
In this report Trend Micro explored real world Intelligent Transport Systems ( ITS) cyberattacks and their impact and then applied the industry standard DREAD (Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability) threat model to assess ITS cybersecurity risks.
On Tuesday, Senators Martin Heinrich (D-N.M.) and Susan Collins (R-Maine) introduced a multifaceted election cybersecurity bill. The Securing America’s Voting Equipment Act, or SAVE, includes a bug bounty program for systems manufacturers and a grant program for states to upgrade technology.
The enterprise and IT industries as a whole have been operating under a shortage of experienced IT security workers. To make up for this, organizations need unified IT security technology that can help bridge internal talent gaps while supporting all-encompassing protection.
For the last two years, America’s cybersecurity relationship with China has been held up as a triumph of digital diplomacy. Yet under the surface of that deal, cybersecurity researchers suspect China’s intrusions of American companies continue—including one recent breach that left behind a few tell-tale indicators of Chinese involvement.
Trend Micro and GMV – an industry expert on ATM security – presented last week in London, during ATMSec on the forward-looking topic: “The future of ATM malware.” Additionally, Trend Micro hypothesized how this kind of malware may evolve in the mid-term.
In September, Trend Micro announced its new email security technologies powered by XGen™ and a new product, Smart Protection for Office 365. One key technology introduced was our new AI based Email fraud, or Business Email Compromise (BEC), detection technique. Check out how it works.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.