This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On January 25, 2019

Monday 1/21

Malware Evades Detection One Step at a Time

The apps were reportedly able to evade detection by using the device's motion sensor data. The malware authors assume that the device is scanning for malware, so they created an emulator with no motion sensors that monitors the user’s steps so that they check for sensor data to determine whether the app is running in a sandbox environment. If it is, the malicious code does not run. If it does run, though, the user receives a fraudulent prompt, alerting them that a system update is available.

This malware spreading tool is back with some new tricks

The Fallout exploit kit provides cyber criminals with a selection of Internet Explorer and Flash Player exploits that they can take advantage of to distribute malware. Fallout is often delivered via malvertising, which targets high-traffic torrent and streaming sites and redirects users towards malicious payloads.

Tuesday 1/22

Online casino group leaks information on 108 million bets, including user details

An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned. The data leaked from an ElasticSearch server that was left exposed online without a password, Justin Paine, the security researcher who discovered the server, told ZDNet.

Security researchers take down 100,000 malware sites over the last ten months

Of the 380,000 malware samples that security researchers found hosted on newly created or hacked websites, the most common malware family was Emotet (also known as Heodo), a multi-faceted malware strain that can work as a downloader for other malware, a backdoor, a banking trojan, a credentials stealer, or a spam bot, among many other things.

Cisco and Pure shove mini AI in FlashStack converged systems

Pure Storage and Cisco have linked arms to build a converged FlashStack system for AI, a kind of AIRI microMINI but one that will run at half the speed. FlashStack is a line of reference architecture converged systems using Pure Storage all-flash arrays, Cisco UCS servers and Nexus switches. It has typically competed with the NetApp-Cisco FlexPod.

Wednesday 1/23

Trojan malware is back and it’s the biggest hacking threat to your business

Figures from security company Malwarebytes Labs in a new report suggest that trojan and backdoor attacks have risen to become the most detected against businesses – and the number of trojan attacks has more than doubled in the last year, increasing by 132 percent between 2017 and 2018, with backdoors up by 173 percent.

Artificial Intelligence: Separating the Hype from Reality

The catchall phrase of artificial intelligence is shaping up as the defining technological trend of the moment. And yet, because the claims of what it will achieve are so grand, businesses risk raising their hopes for A.I. too high—and wasting money by trying to apply the technology to problems it can’t solve.

BMC caught with ‘pantsdown’ over new security flaw

The bug, CVE-2019-6260, has been nicknamed "pantsdown" according to IBM CICS Services and Technology Engineer Stewart Smith, who published a technical write-up on the security issue on Wednesday and said the flaw could best be described as "the nature of feeling that we feel that we've caught chunks of the industry with their…."

Thursday 1/24

Happy New Year 2019! Anatova is here!

During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public.

Multi-vector attacks target cloud-hosted technologies

In a new report released today, security researchers from Securonix warn of an increase in the number of multi-vector and multi-platform automated attacks against cloud infrastructure over the past few months. These often combine cryptomining, ransomware and botnet malware all in one.

Friday 1/25

Malvertising campaign targets Apple users with malicious code hidden in images

The report describes a new malvertising group called VeryMal that's been going after Apple users, with the latest campaigns employing steganography techniques to hide malicious code inside ad images to avoid detection.

Veeam Expands Leadership in Cloud Data Management

The new major capabilities deliver cost effective data retention, easy cloud migration and data mobility, cloud-native backup and protection for Amazon Web Services (AWS), portable cloud-ready licensing, increased security and data governance, and solutions to make it easier than ever for service providers to deliver Veeam-powered services to market.

Introducing Maestro – The Industry’s First Hyperscale Network Security Solution

With Check Point Maestro, organizations can easily scale up their existing Check Point security gateways on demand — the same way as they can spin up new servers and compute resources in public clouds. By extending the Gen V security capabilities of our Infinity architecture into hyperscale environments, Maestro allows organizations to secure their dynamic, evolving environments without limits… now and in the future.