• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   This Week in Security News: Malvertising and Internet of Things Malware

This Week in Security News: Malvertising and Internet of Things Malware

  • Posted on:June 28, 2019
  • Posted in:Current News, Cybercrime, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new Internet of Things malware that’s bricked thousands of devices. Also, read about a ransomware family that’s using malvertising to direct victims to a RIG exploit kit.

Read on:

 

Shadowgate Returns to Worldwide Operations with Evolved Greenflash Sundown Exploit Kit

After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit, which has been spotted targeting global victims after primarily operating in Asia. 

Silex Malware Bricks IoT Devices with Weak Passwords

A new Internet of Things malware called Silex only operated for about a day, though it has already managed to quickly spread and wipe devices’ firmware, bricking thousands of IoT devices. 

Top Takeaways from AWS Security Chief Stephen Schmidt at re:Inforce 2019

Steven Schmidt’s keynote address at AWS re:Inforce touched on the current state of cloud security, building a security culture, tactical security tips and a road map of where the industry and technology are headed. 

AWS re:Inforce Warm-Up Episode

Mark Nunnikhoven gives key predictions and insights into trends at AWS re:Inforce, security in the top three major public cloud providers and the evolution of the cloud industry as a whole. 

Dell Urges Millions of Users to Patch Vulnerability in SupportAssist Tool

Dell released a security advisory that implored customers to update the vulnerable SupportAssist application in both business and home machines. The privilege escalation vulnerability can give hackers access to sensitive information and control over millions of Dell computers running Windows.

HTTPS Protocol Now Used in 58% of Phishing Websites

According to the Q1 2019 report from the Anti-Phishing Working Group (APWG), the Hypertext Transfer Protocol Secure (HTTPS) protocol tactic has been on the rise in phishing attacks, now used in 58% of phishing websites.  

Federal Cybersecurity Defenses are Critical Failures, Senate Report Warns

A 10-month review of 10 years of inspector general reports revealed that several Federal agencies responsible for safeguarding millions of Americans’ security, public safety and personal data have failed to apply even basic defenses to cyberattacks.

Kubernetes Vulnerability CVE-2019-11246 Discovered Due to Incomplete Updates from a Previous Flaw

Kubernetes announced the discovery of a high-severity vulnerability that, if exploited, could lead to a directory traversal that allows an attacker to use a malicious container to create or replace files in a user’s workstation. 

The IIoT Attack Surface: Threats and Security Solutions

Many manufacturing factories and energy plants have hundreds of IIoT devices that help streamline operations, but those facilities now also have to defend against new threats that take advantage of attack vectors and weaknesses in the technology. 

Facebook’s Bid to Quash Data Breach Lawsuit Dismissed by Judge

Facebook has failed in its attempt to prevent a lawsuit over a data breach impacting close to 30 million users from going to trial. A federal appeals court in San Francisco rejected the social media giant’s request to dismiss the court case out of hand.

Sodinokibi Ransomware Group Adds Malvertising as Delivery Technique

Attackers behind a ransomware family called Sodinokibi have used a variety of delivery vectors since April: malicious spam, vulnerable servers, managed server providers (MSPs) and now malvertising. The malicious advertisements were on the PopCash ad network, and certain conditions would redirect users to the RIG exploit kit. 

CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code

Trend Micro discovered and disclosed a double free vulnerability in macOS that, if successfully exploited, can allow an attacker to implement privilege escalation and execute malicious code on the system with root privileges.

Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic

Trend Micro took a closer look at Oracle’s recent vulnerability CVE-2019-2729 to see how this class of vulnerability has been remediated — particularly via blacklisting or whitelisting — and why it has become a recurring security issue.

95,000 Delawareans Impacted in Data Breach that Lasted Nearly Nine Years

The personal data of roughly 95,000 Delawareans may have been compromised in a nine-year security breach at Dominion National, a large vision and dental insurer, according to Delaware’s Department of Insurance.

Do you feel that the IoT devices in your home are well-protected against cyberattacks? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay. 

Related posts:

  1. This Week in Security News: Banking Malware and Phishing Campaigns
  2. This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
  3. This Week in Security News: Gray Alerts and Wormable Malware
  4. This Week in Security News: Cyberespionage Campaigns and Botnet Malware

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.