Monday 1/21
Malware Evades Detection One Step at a Time
The apps were reportedly able to evade detection by using the device's motion sensor data. The malware authors assume that the device is scanning for malware, so they created an emulator with no motion sensors that monitors the user’s steps so that they check for sensor data to determine whether the app is running in a sandbox environment. If it is, the malicious code does not run. If it does run, though, the user receives a fraudulent prompt, alerting them that a system update is available.
http://bit.ly/2sDqmMY
This malware spreading tool is back with some new tricks
The Fallout exploit kit provides cyber criminals with a selection of Internet Explorer and Flash Player exploits that they can take advantage of to distribute malware. Fallout is often delivered via malvertising, which targets high-traffic torrent and streaming sites and redirects users towards malicious payloads.
https://zd.net/2AVtTL0
Tuesday 1/22
Online casino group leaks information on 108 million bets, including user details
An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned. The data leaked from an ElasticSearch server that was left exposed online without a password, Justin Paine, the security researcher who discovered the server, told ZDNet.
https://zd.net/2FRC9iL
Security researchers take down 100,000 malware sites over the last ten months
Of the 380,000 malware samples that security researchers found hosted on newly created or hacked websites, the most common malware family was Emotet (also known as Heodo), a multi-faceted malware strain that can work as a downloader for other malware, a backdoor, a banking trojan, a credentials stealer, or a spam bot, among many other things.
https://zd.net/2HrY4iV
Cisco and Pure shove mini AI in FlashStack converged systems
Pure Storage and Cisco have linked arms to build a converged FlashStack system for AI, a kind of AIRI microMINI but one that will run at half the speed. FlashStack is a line of reference architecture converged systems using Pure Storage all-flash arrays, Cisco UCS servers and Nexus switches. It has typically competed with the NetApp-Cisco FlexPod.
http://bit.ly/2FQtTiN
Wednesday 1/23
Trojan malware is back and it’s the biggest hacking threat to your business
Figures from security company Malwarebytes Labs in a new report suggest that trojan and backdoor attacks have risen to become the most detected against businesses – and the number of trojan attacks has more than doubled in the last year, increasing by 132 percent between 2017 and 2018, with backdoors up by 173 percent.
https://zd.net/2B0Qaan
Artificial Intelligence: Separating the Hype from Reality
The catchall phrase of artificial intelligence is shaping up as the defining technological trend of the moment. And yet, because the claims of what it will achieve are so grand, businesses risk raising their hopes for A.I. too high—and wasting money by trying to apply the technology to problems it can’t solve.
http://bit.ly/2DsgPyr
BMC caught with ‘pantsdown’ over new security flaw
The bug, CVE-2019-6260, has been nicknamed "pantsdown" according to IBM CICS Services and Technology Engineer Stewart Smith, who published a technical write-up on the security issue on Wednesday and said the flaw could best be described as "the nature of feeling that we feel that we've caught chunks of the industry with their…."
https://zd.net/2DusOvw
Thursday 1/24
Happy New Year 2019! Anatova is here!
During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public.
http://bit.ly/2T9upfK
Multi-vector attacks target cloud-hosted technologies
In a new report released today, security researchers from Securonix warn of an increase in the number of multi-vector and multi-platform automated attacks against cloud infrastructure over the past few months. These often combine cryptomining, ransomware and botnet malware all in one.
http://bit.ly/2CLvR0G
Friday 1/25
Malvertising campaign targets Apple users with malicious code hidden in images
The report describes a new malvertising group called VeryMal that's been going after Apple users, with the latest campaigns employing steganography techniques to hide malicious code inside ad images to avoid detection.
https://zd.net/2CM544i
Veeam Expands Leadership in Cloud Data Management
The new major capabilities deliver cost effective data retention, easy cloud migration and data mobility, cloud-native backup and protection for Amazon Web Services (AWS), portable cloud-ready licensing, increased security and data governance, and solutions to make it easier than ever for service providers to deliver Veeam-powered services to market.
http://bit.ly/2S5nB5C
Introducing Maestro – The Industry’s First Hyperscale Network Security Solution
With Check Point Maestro, organizations can easily scale up their existing Check Point security gateways on demand — the same way as they can spin up new servers and compute resources in public clouds. By extending the Gen V security capabilities of our Infinity architecture into hyperscale environments, Maestro allows organizations to secure their dynamic, evolving environments without limits… now and in the future.
http://bit.ly/2UaASae