fbpx

This Week in Security News: Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update and New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa

week in securityWelcome to your weekly roundup, where we share what you ought to find out about the cybersecurity news and events that happened within the last few days. Week this, learn about Microsoft’tuesday update including 129 CVEs s largest-ever Patch. Also, study about a fresh Android Spyware dubbed ActionSpy.

Read on:

Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update

june Patch Tuesday updates &ndash Microsoft has released patches for 129 vulnerabilities within its; month the highest amount of CVEs ever released by Microsoft within a. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server, Windows Shell, VBScript along with other products.

#LetsTalkSecurity: End up being the Hunter 

week This, Rik Ferguson, vice president of Security Research at Trend Micro, hosted the sixth bout of #LetsTalkSecurity featuring guest Jake Williams, founder of Rendition Infosec. Have a look at this week’s episode and follow the hyperlink to find more info about upcoming guests and episodes.

Not Just Good Security Products, But a Good Partner

This week, Trend Micro announced it’s been put into the Champions quadrant of the Canalys Global Cybersecurity Leadership Matrix, year in recognition of major investments and improvements in the channel within the last. The report highlights Trend Micro&rsquo particularly;s partner portal improvements offering significant investments in deal registration, sales kits, training and promotions.

12 Biggest Cloud Threats and Vulnerabilities In 2020

Data breaches, cybercrime and targeted attacks in the cloud have driven demand for cloud security products in recent years. From misconfigured storage buckets and excess privileges to Infrastructure as Code (IoC) templates and automated attacks, here’this season s a glance at 12 of the largest cloud threats technical experts come to mind about. Data breaches, cybercrime and targeted attacks in the cloud have driven demand for cloud security products lately.

Trend Micro Guardian: Protecting Your Kids On-the-Go

Some smart devices aren’t limited for use on the real home network, for instance, your child’s mobile tablet or phone. Maintaining your kids safe with on-the-go devices means extending your security policies beyond the real home. Trend Micro Home Network Security allows you using its free app, Trend Micro Guardian. Guardian integrates with HNS’s parental control rules via Mobile Device Management technology to increase the guidelines you’ve applied on your own home network to your children’s Wi-Fi/mobile connections beyond your true home.

Microsoft Discovers Cryptomining Gang Hijacking ML-Focused Kubernetes Clusters

Microsoft published a written report detailing a never-before-seen group of attacks against Kubeflow, a toolkit for running machine learning (ML) operations together with Kubernetes clusters. Since April the attacks have already been going on, and Microsoft says its end-goal has gone to use a cryptocurrency miner on Kubernetes clusters running Kubeflow instances subjected to the internet.

New Tekya Ad Fraud Found on Google Play

In late March, researchers from CheckPoint found the Tekya malware family used to handle ad fraud on Google Play. These apps have since been taken off the store, but Trend Micro recently found a variant of the family that had made its way onto Google Play via five malicious apps, although these have already been removed also.

Fake COVID-19 Contact-Tracing Apps Infect Android Phones

Security researchers have identified 12 malicious Android applications, disguised to seem as official government COVID-19 contact-tracing apps, distributing malware onto devices. The Anomali Threat Research team found multiple applications containing a variety of malware families, banking Trojan Anubis and SpyNote primarily, an Android Trojan with the purpose of monitoring and collecting data on infected devices.

Tracking, Detecting, and Thwarting PowerShell-based Malware and Attacks

While traditional malware and attacks depend on crafted executables to operate, fileless malware have a home in memory to evade traditional detection and scanners methods. PowerShell, the best management tool utilized by system administrators, has an ideal cover for threat actors because they craft payloads heavily influenced by its deep Windows integration. Trend Micro has published multiple reports with this phenomenon, which includes been validated by telemetry data further.

Updated Analysis on Nefilim Ransomware’s Behavior

following the discovery of Nefilim in March 2019 Shortly, Trend Micro released its analysis of the ransomware and its own behavior. Through recent investigations of cases seen in several companies, Trend Micro has amassed more info on what this ransomware operates. Some notable updates added the usage of other tools such as for example Mimikatz, AdFind, CobaltStrike, and MegaSync, and the description of events that occur within the attack phases weeks as well as months prior to the ransomware is deployed.

New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa

While tracking Earth Empura, referred to as POISON CARP/Evil Eye also, Trend Micro identified an undocumented Android spyware it has dubbed ActionSpy. Through the first quarter of 2020, Trend Micro observed Earth Empusa’s activity targeting users in Turkey and Tibet before they extended their scope to add Taiwan.

Babylon Health Admits ‘Software Error’ Led to Patient Data Breach

Babylon Health, a UK AI chatbot and telehealth startup which includes been valued more than $2BN, has suffered an uncomfortable data breach following a user of the app found he could access other patients’ video consultations. The company confirmed the breach yesterday, telling the BBC a “software error” linked to an attribute that lets users switch from audio to video-based consultations in the middle of a call had caused a “small number” of UK users in order to see others sessions.

Forward-Looking Security Analysis of Smart Factories Part 3: Trojanized Libraries for Industrial IoT Devices

In part three of the five-part blog series, Trend Micro talks about the security risks of promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. This website describes using Industrial IoT (IIoT) devices and overlooked security risks in software supply chains.

Surprised by the brand new Android spyware ActionSpy that has been revealed via phishing attacks from Earth Empusa? Share your ideas in the comments below or follow me on Twitter to keep the conversation: @JonLClay.

The post This Week in Security News: Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update and New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa appeared first on .

%d bloggers like this: