Monday 7/8
Splunk Secure Mobile Access for iOS
Splunk has now released its Splunk Connected Experiences suite of mobile applications, leveraging the new Splunk Cloud Gateway application, to provide secure access to on-premises Splunk Enterprise with no separate VPN software required. Instead, the Cloud Gateway app on Splunk Enterprise communicates with the mobile apps through a secure, transparent, cloud-based service maintained by Splunk.
http://bit.ly/2YG0iiF
CrescentCore Mac Malware Outsmarts Apple: What to Do
CrescentCore is a Trojan horse: It looks like an Adobe Flash Player installer or updater. But it can evade both your antivirus software and Apple's built-in protections, and also can make it difficult for malware analysts to spot it running on a virtual machine.
http://bit.ly/2xA7b9p
Android Warning: New Malware ‘Screen Records’ Banking Apps to Steal Passwords
The new and "improved" BianLian has morphed into a sophisticated malware that brings new techniques to the attack on banking apps, recording screens to steal credentials, locking out users to hide its activities, "rendering devices unusable."
http://bit.ly/2xzdmdJ
Tuesday 7/9
Facebook abused to spread Remote Access Trojans since 2014
Over 30 Facebook pages have been spreading approximately 40 malicious links since 2014 and one of them has managed to secure a substantial following with over 100,000 users. The researchers note that it is possible the threat actor behind the malware spread may have seized control of some of the most popular pages from their original owners.
https://zd.net/2LIkKMq
Evolved IoT Linux Worm Targets Users’ Devices
A new strain of a Linux bricking worm appeared, targeting IoT devices– like tablets, wearables, and other multimedia players. A bricking worm is a type of malware that aims to permanently disable the system it infects. This particular strain, dubbed Silex, was able to break the operating systems of at least 4,000 devices.
http://bit.ly/2XC1zpu
Anubis Android banking malware returns with extensive financial app hit list
The Anubis banking Trojan is often found in social engineering and phishing campaigns, in which unwitting victims are lured to download malicious apps containing the malware. In total, 17,490 new samples of the malware have been found on two related servers
https://zd.net/32jU0Yb
Wednesday 7/10
From Citrix Synergy 2019: Watch as Gotham Technology Group CTO Ken Phelan discusses how Gotham and IGEL can help improve your company’s cloud and virtualization deployments
https://www.youtube.com/watch?v=V4wuA0XXzw4
Microsoft warns about Astaroth malware campaign
The Microsoft security team has issued a warning today about ongoing malware campaigns that are distributing the Astaroth malware using fileless and living-off-the-land techniques that make it harder for traditional antivirus solutions to spot the ongoing attacks.
https://zd.net/2XECTld
Azure Bastion – No More Public RDP/SSH
Azure Bastion is a Platform as a Service (PaaS) that provides secure and seamless access to RDP and SSH on the servers in Azure through the Azure Portal. The Azure Portal reverse proxies the RDP and SSH connections over SSL and connects to the servers in Azure using their private IP addresses.
https://www.gothamtg.com/blog/azure-bastion
New ‘WannaHydra’ Malware a Triple Threat to Android
The new malware, WannaHydra, shares the same UI as WannaCry in its ransomware module, but contains more capabilities including spyware and a banking Trojan.
https://ubm.io/2XxK12K
Thursday 7/11
‘Agent Smith’ malware has replaced Android apps’ code on 25 million devices
The malware doesn’t steal data from a user. Instead, it hacks apps and forces them to display more ads or takes credit for the ads they already display so that the malware’s operator can profit off the fraudulent views.
http://bit.ly/2LJIEXP
Fake eFax emails are now spreading Dridex Trojan, RMS RAT
Dridex, a banking Trojan -- of which latest strains have been able to avoid detection by traditional antivirus products -- is able to steal bank credentials through browser sessions. Dridex uses a number of web injection scripts to compromise browser sessions, including some which previously belonged to the Zeus banking Trojan.
https://zd.net/2XC8wHi
Friday 7/12
US Cyber Command issues alert about hackers exploiting Outlook vulnerability
The bug allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system.
https://zd.net/2JvJuWn
Cisco releases updates for DoS vulnerability
The bug is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header and can be exploited by sending a crafted TLS/SSL packet to an interface on the targeted device.
http://bit.ly/32olfRG
Microsoft is making Windows 10 passwordless
You’ll soon be able to enable a passwordless sign-in for Microsoft accounts on a Windows 10 device. This means PCs will use Windows Hello face authentication, fingerprints, or a PIN code.
http://bit.ly/2xGBueH