This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On July 12, 2019

Monday 7/8

Splunk Secure Mobile Access for iOS

Splunk has now released its Splunk Connected Experiences suite of mobile applications, leveraging the new Splunk Cloud Gateway application, to provide secure access to on-premises Splunk Enterprise with no separate VPN software required. Instead, the Cloud Gateway app on Splunk Enterprise communicates with the mobile apps through a secure, transparent, cloud-based service maintained by Splunk.

CrescentCore Mac Malware Outsmarts Apple: What to Do

CrescentCore is a Trojan horse: It looks like an Adobe Flash Player installer or updater. But it can evade both your antivirus software and Apple's built-in protections, and also can make it difficult for malware analysts to spot it running on a virtual machine.

Android Warning: New Malware ‘Screen Records’ Banking Apps to Steal Passwords

The new and "improved" BianLian has morphed into a sophisticated malware that brings new techniques to the attack on banking apps, recording screens to steal credentials, locking out users to hide its activities, "rendering devices unusable."

Tuesday 7/9

Facebook abused to spread Remote Access Trojans since 2014

Over 30 Facebook pages have been spreading approximately 40 malicious links since 2014 and one of them has managed to secure a substantial following with over 100,000 users. The researchers note that it is possible the threat actor behind the malware spread may have seized control of some of the most popular pages from their original owners.

Evolved IoT Linux Worm Targets Users’ Devices

A new strain of a Linux bricking worm appeared, targeting IoT devices– like tablets, wearables, and other multimedia players. A bricking worm is a type of malware that aims to permanently disable the system it infects. This particular strain, dubbed Silex, was able to break the operating systems of at least 4,000 devices.

Anubis Android banking malware returns with extensive financial app hit list

The Anubis banking Trojan is often found in social engineering and phishing campaigns, in which unwitting victims are lured to download malicious apps containing the malware. In total, 17,490 new samples of the malware have been found on two related servers

Wednesday 7/10

From Citrix Synergy 2019: Watch as Gotham Technology Group CTO Ken Phelan discusses how Gotham and IGEL can help improve your company’s cloud and virtualization deployments

Microsoft warns about Astaroth malware campaign

The Microsoft security team has issued a warning today about ongoing malware campaigns that are distributing the Astaroth malware using fileless and living-off-the-land techniques that make it harder for traditional antivirus solutions to spot the ongoing attacks.

Azure Bastion – No More Public RDP/SSH

Azure Bastion is a Platform as a Service (PaaS) that provides secure and seamless access to RDP and SSH on the servers in Azure through the Azure Portal. The Azure Portal reverse proxies the RDP and SSH connections over SSL and connects to the servers in Azure using their private IP addresses.

New ‘WannaHydra’ Malware a Triple Threat to Android

The new malware, WannaHydra, shares the same UI as WannaCry in its ransomware module, but contains more capabilities including spyware and a banking Trojan.

Thursday 7/11

‘Agent Smith’ malware has replaced Android apps’ code on 25 million devices

The malware doesn’t steal data from a user. Instead, it hacks apps and forces them to display more ads or takes credit for the ads they already display so that the malware’s operator can profit off the fraudulent views.

Fake eFax emails are now spreading Dridex Trojan, RMS RAT

Dridex, a banking Trojan -- of which latest strains have been able to avoid detection by traditional antivirus products -- is able to steal bank credentials through browser sessions. Dridex uses a number of web injection scripts to compromise browser sessions, including some which previously belonged to the Zeus banking Trojan.

Friday 7/12

US Cyber Command issues alert about hackers exploiting Outlook vulnerability

The bug allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system.

Cisco releases updates for DoS vulnerability

The bug is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header and can be exploited by sending a crafted TLS/SSL packet to an interface on the targeted device.

Microsoft is making Windows 10 passwordless

You’ll soon be able to enable a passwordless sign-in for Microsoft accounts on a Windows 10 device. This means PCs will use Windows Hello face authentication, fingerprints, or a PIN code.