Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
The European Union’s GDPR (General Data Protection Requirement) obliges firms that hold personally identifiable information care for it appropriately. If a firm fails to achieve this, fines can be substantial – up to 2% of annual revenue for each incident, but not more than 4% of a firm’s total revenue.
Trend Micro first detected the banking malware EMOTET back in 2014. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants that have the potential to unleash different types of payloads in the affected system.
Amid ongoing concern over the role of disinformation in the 2016 election, Facebook said Wednesday it found that more than 5,000 ads, costing more than $150,000, had been placed on its network between June 2015 and May 2017 from "inauthentic accounts" and Pages, likely from Russia.
_A denial-of-service vulnerability Trend Micro recently disclosed lets attackers illicitly and remotely crash their victims’ Android Messages app by sending a malformed multimedia message (MMS). Designated as CVE-2017-0780, Trend confirmed it to be in the latest Nexus and Pixel devices. __ _
Your digital assistant of choice, be it Alexa, Siri, or Google Now, should only carry out the voice commands you issue. But it turns out these assistants are not as loyal as we thought, and all a hacker has to do is whisper to them.
_The Dragonfly hacking group is back and is still interested in penetrating the networks of European and US companies in the energy sector. Even worse, their efforts have been very successful, and they have repeatedly managed to get access to these companies’ operational systems.__ _
Cloud-based storage platforms have a history of cybercriminal abuse. Abusing Autodesk 360 (A360) as a malware delivery platform can enable attacks that are less likely to raise red flags. It resembles the way Google Drive was misused as a repository of stolen data, for instance.
Nobody knows who is behind Locky, but the sophistication of the ransomware, and the strength of the underlying cryptography, points to it being the work of a highly professional group. Like a legitimate software developer they're constantly working to update their product, and the ransomware isn't available 'as-a-service' for others to use.
The WireX botnet took the combined efforts of security researchers and vendors to hobble earlier this year, but the creators of malware used to enslave PCs to the network is back and has increased the WireX arsenal. _The botnet uses a command & control (C&C) center to issue commands.__ _
_With an estimated 1.4 billion Android devices in use today, it’s not hard to see why hackers might have your smartphone in their sights. In fact, attacks on Android devices made up 81 percent of mobile attacks last year. If hackers hit your device, it could end up costing you dear. _
_To make choosing the right mobile solution easier, AV-Comparatives (AVC) systemically check if the various software are as effective as they claim to be. For the past three years Trend Micro™ Mobile Security (TMMS) for Android consumers has consistently been scoring top results for protection.__ _
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.