This Week in Security News: Pwn2Own Adds Industrial Control Systems to Hacking Contest and Cyber Crooks Target ESports
Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 01 Nov 2019 13:05:25 +0000
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Among news from this week, learn about Pwn2Own’s new hacking contest that will take place in Miami next year. Also, as October was Cybersecurity Awareness Month, read about best practices for keeping your family safe online.
Read on:
3 Ways for MSPs to Increase Their Managed Security Footprint
Small and midsize businesses compromise a bulk of the managed service providers (MSPs) customer base — but they have a limited understanding of cyber attacks that can cause millions of dollars in remediation, recovery and reputational costs. This Trend Micro blog discusses 3 security service opportunities MSPs can explore with their existing customer base.
Microsoft: Russian Hackers Are Targeting Sporting Organizations Ahead of Tokyo Olympics
Microsoft said that a group of well-known Russian government hackers has targeted at least 16 national and international sporting and anti-doping organizations ahead of next year’s Tokyo Olympics. Microsoft said the attacks involved spear-phishing, password spraying, exploiting internet-connected devices, and the use of both open-source and custom malware.
Current and Future Hacks and Attacks that Threaten Esports
Esports has evolved from niche entertainment into a highly lucrative industry, and its growing popularity and increased funds have opened the door for cybercriminals looking for an opportunity to make a profit. In its recent report, Trend Micro predicts four threats that will target the growing esports industry over the next few years.
AutoIT-Compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam
Trend Micro has recently discovered a malicious spam campaign that has AutoIT-compiled payloads trojan spy Negasteal or Agent Tesla, and remote access trojan (RAT) Ave Maria or Warzone. In this blog, Trend Micro discusses best practices businesses and users can use to protect against Negasteal, Ave Maria and other highly complicated threats.
Breaches at NetworkSolutions, Register.com, and Web.com
Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.
Home and Away, All Year Round: How Can I Keep My Kids Safe Online?
With kids spending more time on internet-connected devices outside of the home, how do you make sure they’re safe online? In light of October being Cybersecurity Awareness Month, Trend Micro shares best practices for keeping your family safe online.
A New Playground for Cybercrime: Why Supply Chain Security Must Cover Software Development
Most organizations see supply chains as providers of physical goods and services, but there’s another crucial part of this ecosystem which some organizations may be overlooking: the software supply chain. The software supply chain opens a threat vector via which cybercriminals can infiltrate organizations, so it’s vital that IT security teams gain visibility and control of their organization’s code.
Misconfigured ElasticSearch Database Exposed Almost 7.5 Million Adobe Creative Cloud Users’ Records
A misconfigured cloud-based ElasticSearch database has exposed almost 7.5 million Adobe Creative Cloud user records that include email addresses, member IDs, information on installed Adobe products and subscription statuses, and whether or not they are Adobe employees.
Pwn2Own Adds Industrial Control Systems to Hacking Contest
The Zero Day Initiative will bring ICS Pwn2Own competition to the S4x20 conference in Miami in January, giving researchers an opportunity to hunt for bugs in popular ICS software and protocols. This is the first time Trend Micro’s Pwn2Own, now in its twelfth year, has added ICS tech to its lineup.
Cyber Crooks Take Aim at Their Next Big Target: ESports Tournaments and Players
Researchers at Trend Micro detail the ways in which the multi-billion dollar competitive online gaming industry could be vulnerable to malicious campaigns including DDoS attacks, malware and extortion.
Defending Systems Against Cryptocurrency Miner Malware
Cryptocurrencies have gained recognition as a legitimate currency because of their perceived anonymity and the online market’s speculation of their value. With increased use of internet-connected devices, online transactions using cryptocurrencies are expected to rise. Unfortunately, cybercriminals have already cashed in on its growing value and popularity.
Phishing Campaign Targets Humanitarian and Other Non-Governmental Organizations
Threat actors launched phishing attempts against several humanitarian and non-governmental organizations, including aid arms of the United Nations such as the United Nations Children’s Fund (UNICEF) and the UN World Food Program, as well as other groups like the International Federation of Red Cross and Red Crescent Societies.
Report: Over 20% of Phishing Campaigns Target Microsoft Users
Almost 4,000 domains and 62 phishing kit variants used to target Microsoft users were uncovered within an observation window of 262 days, according to a new report. This supports what Trend Micro reported in its 2019 Midyear Security Roundup, where it found that the number of blocked unique phishing URLs that spoofed Microsoft increased by 76% from 2018 2H to 2019 1H.
The First Steps in Effective IoT Device Security
A new study from Gartner estimates that 5.8 billion enterprise and automotive internet of things (IoT) endpoints will be in use by 2020. Undoubtedly, daily operations and production have become easier and safer, thanks to these devices. But what are the risks involved in embracing this new technology?
Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages
A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of backdoor malware, dubbed “MessageTap,” which is designed to spy on text messages sent or received by highly targeted individuals.
Looking forward to seeing industrial control systems (ICS) as a category at Pwn2Own Miami? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Pwn2Own Adds Industrial Control Systems to Hacking Contest and Cyber Crooks Target ESports appeared first on .