This Week in Security News

ID TRENDMICROBLOG:06ED836E1285832BB8C98A2267BC4127
Type trendmicroblog
Reporter Jon Clay
Modified 2017-09-08T13:00:38


Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

The GDPR Aims to Protect Consumers from Identity Theft

The European Union’s GDPR (General Data Protection Requirement) obliges firms that hold personally identifiable information care for it appropriately. If a firm fails to achieve this, fines can be substantial – up to 2% of annual revenue for each incident, but not more than 4% of a firm’s total revenue.

EMOTET Returns and Starts Spreading via Spam Botnet

Trend Micro first detected the banking malware EMOTET back in 2014. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants that have the potential to unleash different types of payloads in the affected system.

Thousands of Political Ads on Facebook Have Been Tied to Bogus Russian Accounts

Amid ongoing concern over the role of disinformation in the 2016 election, Facebook said Wednesday it found that more than 5,000 ads, costing more than $150,000, had been placed on its network between June 2015 and May 2017 from "inauthentic accounts" and Pages, likely from Russia.

Denial-of-Service Vulnerability Allows Attackers to Crash Android Messages App

_A denial-of-service vulnerability Trend Micro recently disclosed lets attackers illicitly and remotely crash their victims’ Android Messages app by sending a malformed multimedia message (MMS). Designated as CVE-2017-0780, Trend confirmed it to be in the latest Nexus and Pixel devices. __ _

Hackers Can Whisper Commands to Alexa, Siri and Google Now

Your digital assistant of choice, be it Alexa, Siri, or Google Now, should only carry out the voice commands you issue. But it turns out these assistants are not as loyal as we thought, and all a hacker has to do is whisper to them.

Dragonfly Hackers Gained Operational Access to European and US Power Companies

_The Dragonfly hacking group is back and is still interested in penetrating the networks of European and US companies in the energy sector. Even worse, their efforts have been very successful, and they have repeatedly managed to get access to these companies’ operational systems.__ _

A360 Drive Can Be Abused to Deliver Adwind, Remcos and Netwire RATs

Cloud-based storage platforms have a history of cybercriminal abuse. Abusing Autodesk 360 (A360) as a malware delivery platform can enable attacks that are less likely to raise red flags. It resembles the way Google Drive was misused as a repository of stolen data, for instance.

Locky Ransomware Keeps Coming Back

Nobody knows who is behind Locky, but the sophistication of the ransomware, and the strength of the underlying cryptography, points to it being the work of a highly professional group. Like a legitimate software developer they're constantly working to update their product, and the ransomware isn't available 'as-a-service' for others to use.

WireX DDoS Malware Upgrades with UDP Flood Capabilities

The WireX botnet took the combined efforts of security researchers and vendors to hobble earlier this year, but the creators of malware used to enslave PCs to the network is back and has increased the WireX arsenal. _The botnet uses a command & control (C&C) center to issue commands.__ _

Keep Your Android Devices Safe

_With an estimated 1.4 billion Android devices in use today, it’s not hard to see why hackers might have your smartphone in their sights. In fact, attacks on Android devices made up 81 percent of mobile attacks last year. If hackers hit your device, it could end up costing you dear. _

Trust an Established Solution for Mobile Threats

_To make choosing the right mobile solution easier, AV-Comparatives (AVC) systemically check if the various software are as effective as they claim to be. For the past three years Trend Micro™ Mobile Security (TMMS) for Android consumers has consistently been scoring top results for protection.__ _

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.