Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
All indications are that Angler is gone for good. Its likely authors have been apprehended and other exploit kits are starting to jockey for position: Neutrino and Rig exploit kits are both moving to fill the vacuum. The fall of Angler means, for now at least, that exploit kit activity is less than it had been.
CryLocker Ransomware Uploads User Information as PNG Files
One of the latest ransomware families, CryLocker (detected as RANSOM_MILICRY.A) takes advantage of Imgur, a free online image hosting site that allows users to upload and share photos to their contacts. During our monitoring of activities related to exploit kits, we spotted both Rig and Sundown distributing this threat.
A Third-Party App Store is Abusing Apple’s Developer Enterprise Program to Serve Adware
We discovered a China-based third-party iOS app store aggressively promoting their repackaged apps in social network channels—YouTube, Facebook, Google+, and Twitter—banking on the popularity of games and apps such as Minecraft, Terraria, and Instagram to lure users into downloading them.
Trend Micro Security for 2017 is Now Available
We’re proud to announce the availability of our newest release of the industry-leading security software that lets you enjoy your digital life safely. In addition to providing advanced Internet protection and privacy, safeguarding you from viruses, spam, phishing, and identity theft, this year’s edition has even more robust ransomware protection.
HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive. Such a damaging routine makes this particular ransomware a very serious and credible threat not only to home users but also to enterprises.
Google Offers $200K for Top Prize in Their New Android Hack Challenge
Google announced a six-month bug contest that will pay up to $200,000 for an Android “bug chain,” one or more successful exploits of previously unknown vulnerabilities. Dubbed “Project Zero Prize,” it differs from hacking contests that take place over one or two days: Researchers can submit entries from now until March 14, 2017.
Microsoft and Adobe Rolled out Critical Security Updates this Week
You should not miss this month’s Patch Updates, as it brings fixes for critical issues in Adobe Flash Player, iOS, Xcode, the Apple Watch, Windows, Internet Explorer, and the Edge browser. Adobe has rolled out a critical update to address several issues, most of which are Remote Code Execution flaws, in its widely-used Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. Whereas, Microsoft has released 14 security updates to fix a total of 50 vulnerabilities in Windows and related software.
Survey Says 40% of Executives Don’t Know the Cybersecurity Protocols in their Organization
Executives need to personally know how strong their company’s cyber defenses are, as well as the expected responses for attacks or breaches. But according to a survey, 40% admitted they lacked a clear understanding of the cybersecurity protocols within their organizations. This should be an urgent wake-up call to executives that cybersecurity needs to be taken seriously throughout the organization.
Volkswagen Started a New Cybersecurity Firm to Prevent Car Hacking
The automaker said it would partner with a former Israeli intelligence agency director to jointly establish a new company, called Cymotive Technologies. It’s unclear how much Volkswagen is investing in the new firm, but security experts have been warning that internet-connected cars and self-driving vehicles could one day be a major target for hackers.
U.K.’s New Cybersecurity Chief Wants National Filter to Block “Bad Addresses”
The head of Britain’s newly formed cybersecurity agency says authorities are exploring the creation of a national Internet filter to block malicious software and rogue websites, a proposal that has raised eyebrows among Internet freedom advocates.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.