This Week in Security News: Fake Apps & Malicious Bots
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how the adoption of mobile banking services has grown as an opportunity for scammers with fake banking apps. Also, see how Trickbot steals access from several applications and browsers, and a Perl-based Shellbot exploits vulnerabilities on IoT devices.
Read on:
Cyber-Attacks: How to Stop a Multibillion-Dollar Problem
Traditional robbery and physical assaults on ATMs are still a challenge, and now a new breed of cyber-enabled theft has become a multibillion-dollar problem.
SMS Phishing + Cardless ATM = Profit
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.
Cybersecurity, AI Skills to Dominate IT Staff Hires in 2019
Cybersecurity skills and talent in the field of artificial intelligence will dominate IT hires in 2019, a new survey suggests.
Fake Banking App Found on Google Play Used in SMiShing Scheme
As new financial technology proliferates and users start to look for apps and other services from their particular bank, opportunities for scammers also increase – as seen in the malicious app Movil Secure.
The Unprecedented Effort to Secure Election Day
Since the wake-up call of the 2016 election, local, state, federal officials, and privacy organizations have worked together to improve system defenses in ways they never have before.
Trickbot Shows Off New Trick: Password Grabber Module
This month, Trend Micro saw that Trickbot steals access from several applications and browsers, such as Microsoft Outlook, Google Chrome, Mozilla Firefox, Internet Explorer, Microsoft Edge, and more.
Perl-Based Shellbot Looks to Target Organizations via C&C
Trend Micro uncovered an operation of a hacking group involving the use of an IRC bot, which exploits a common command injection vulnerability on Internet of Things (IoT) devices and Linux servers.
HSBC Bank Alerts US Customers to Data Breach
HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it’s detected no signs of fraud.
Sporting Event Threats: Lessons from the 2018 FIFA World Cup
The popularity of major sporting events on the internet means that security also needs to extend online. Cybercriminals often involve spam and phishing techniques to trick users caught up in the festivities.
Busting SIM Swappers and SIM Swap Myths
A California cybercrime task force has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud used to steal large amounts of cryptocurrencies from victims.
Apache Struts Users Urged to Update Against Remote Code Execution and DoS Vulnerabilities
Users of Apache Struts are encouraged to update to the latest version of Commons FileUpload library to prevent remote code execution and denial-of-service (DoS) attacks through vulnerabilities.
Do you think there will be an increase in fake banking apps and malicious bots in 2019? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Read More HERE