Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Microsoft Puts the Lid on Another IE Zero-Day Used in AdGholas Campaign
Microsoft’s Patch Tuesday for October fixed another previous zero-day vulnerability in Internet Explorer. Before the lid was put on it, the security flaw was employed by operators of the AdGholas malvertising campaign.
Masque Attack Abuses iOS’s Code Signing to Spoof Apps and Bypass Privacy Protection
First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities, but while it closed a door, scammers seemed to have opened a window.
Trend Micro Discovered and Patched 13 Android Vulnerabilities
Mobile threats are trending upward, with vulnerability exploits gaining traction. More of these vulnerabilities are also disclosed, analyzed and detected. This helps better mitigate Android devices from zero-days and malware, enabling OEMs/vendors to more proactively respond to these threats.
Microsoft Adobe Flash and Windows Vulnerability Exploited by Hackers
On Tuesday, Microsoft alleged that a hacking group previously linked to the cyberattack on the Democratic National Committee has exploited a security flaw in Microsoft’s Adobe Flash and Windows operating system.
Windows 10 Anniversary Update Made Improvements to Control Flow Guard
Control Flow Guard (CFG) is an exploit mitigation feature that Microsoft introduced in Windows 10 and Windows 8.1 Update 3 that makes it significantly harder for exploits to run code on systems running these operating systems.
U.S. Election Hacking Fears Grow
As Election Day approaches, tension is rising. Investors are waiting cautiously. Law enforcement is on alert for violence at polling locations. And when what seemed like half the internet shut down last week, fear of a large-scale cyberattack joined that list.
VMware Environments Are Evolving
Trend Micro has a long history of providing organizations with advanced server security for physical, virtual, and cloud environments. We protect enterprise applications and data from ransomware, breaches, and business disruptions without requiring emergency patching.
WeMo Smart Home Can Spy On Your Android Smartphone
Belkin, a company that’s been called out before for vulnerable home automation kit, has issued a firmware update that will prevent old school attacks on its WeMo kit that could have let malicious hackers haunt not just customers’ homes, but their Android smartphones too.
Chinese Cybersecurity Law Is Approaching Approval
A controversial Chinese cybersecurity law has neared approval on Monday as the Chinese parliament held the third reading of the draft bill. The state-run Xinhua news agency said parliament had taken on board the views of its standing committee and other parties, and it is now proposing passing the third and typically final reading of the law, at its meeting on Monday to November 7.
18-Year-Old Arrested in Cyberattack on 911 System
Meetkumar Hiteshbhai Desai was taken into custody after the Surprise Police Department notified the Sheriff’s Office of more than 100 hang-up 911 calls within a few minutes late Tuesday. Desai was booked into a Maricopa County jail on suspicion of three counts of computer tampering.
Hacker Responsible for Distributing Nude Photos of Celebrities Gets 18 Months in Prison
The hacker who stole nude photos of female celebrities in 2014 has been sentenced to 18 months in federal prison. Ryan Collins, a 36-year-old from Lancaster, Pennsylvania, pleaded guilty to federal hacking charges and admitted to a two-year phishing scam to gain passwords of more than 100 people.
Drone-hacking cybersecurity boot camp launched in UK
Budding cyberspies will learn how to hack into drones and crack codes at a new cybersecurity boot camp backed by the government. The 10-week course has been “certified” by UK spy agency GCHQ. The Cyber Retraining Academy will be operated by cybersecurity training firm Sans Institute.
Protect Your Kids from Cybercriminals
Kids know the internet as a wonder-filled place where their cyberspace adventures are only limited by imagination. As parents, however, we know better. The Internet does have its faults. Cybercriminals, malware viruses, phishing and even social engineering attacks can, and often do, happen.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.