This Week in Security News: Fake Apps & Malicious Bots

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 09 Nov 2018 15:48:47 +0000

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how the adoption of mobile banking services has grown as an opportunity for scammers with fake banking apps. Also, see how Trickbot steals access from several applications and browsers, and a Perl-based Shellbot exploits vulnerabilities on IoT devices.

Read on:

Cyber-Attacks: How to Stop a Multibillion-Dollar Problem

Traditional robbery and physical assaults on ATMs are still a challenge, and now a new breed of cyber-enabled theft has become a multibillion-dollar problem. 

SMS Phishing + Cardless ATM = Profit

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

Cybersecurity, AI Skills to Dominate IT Staff Hires in 2019

Cybersecurity skills and talent in the field of artificial intelligence will dominate IT hires in 2019, a new survey suggests.

Fake Banking App Found on Google Play Used in SMiShing Scheme

As new financial technology proliferates and users start to look for apps and other services from their particular bank, opportunities for scammers also increase – as seen in the malicious app Movil Secure.

The Unprecedented Effort to Secure Election Day

Since the wake-up call of the 2016 election, local, state, federal officials, and privacy organizations have worked together to improve system defenses in ways they never have before. 

Trickbot Shows Off New Trick: Password Grabber Module

This month, Trend Micro saw that Trickbot steals access from several applications and browsers, such as Microsoft Outlook, Google Chrome, Mozilla Firefox, Internet Explorer, Microsoft Edge, and more. 

Perl-Based Shellbot Looks to Target Organizations via C&C

Trend Micro uncovered an operation of a hacking group involving the use of an IRC bot, which exploits a common command injection vulnerability on Internet of Things (IoT) devices and Linux servers.  

HSBC Bank Alerts US Customers to Data Breach

HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it’s detected no signs of fraud.

Sporting Event Threats: Lessons from the 2018 FIFA World Cup

The popularity of major sporting events on the internet means that security also needs to extend online. Cybercriminals often involve spam and phishing techniques to trick users caught up in the festivities. 

Busting SIM Swappers and SIM Swap Myths

A California cybercrime task force has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud used to steal large amounts of cryptocurrencies from victims. 

Apache Struts Users Urged to Update Against Remote Code Execution and DoS Vulnerabilities

Users of Apache Struts are encouraged to update to the latest version of Commons FileUpload library to prevent remote code execution and denial-of-service (DoS) attacks through vulnerabilities.

Do you think there will be an increase in fake banking apps and malicious bots in 2019? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Fake Apps & Malicious Bots appeared first on .

http://feeds.trendmicro.com/TrendMicroSimplySecurity