This Week in Security News: Cyberespionage Campaigns and Botnet Malware
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a cyberespionage campaign targeting Middle Eastern countries anda botnet malware that infiltrates containers via exposed Docker APIs.
Read on:
Hackers Are After Your Personal Data – Here’s How to Stop Them
The latest FBI Internet Crime Complaint Center (IC3) report paints an accurate picture of the scale of online threats and shows that consumers need to take urgent steps to protect their most sensitive identity and financial data from online attackers.
Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
Trend Micro uncovered a cyberespionage campaign targeting Middle Eastern countries and named it “Bouncing Golf” based on the malware’s code in the package named “golf.”
Trend Micro Partners with VIVOTEK to Enhance IP Cameras Security
Trend Micro announced it has blocked 5 million attempted cyberattacks against IP cameras in just five months. Through its strategic partnership with VIVOTEK, Trend Micro’s IoT security solutions are embedded in globally deployed IP cameras to provide superior protection.
AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
Trend Micro details an attack type where an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of the Linux botnet malware AESDDoS.
Ransomware Repercussions: Baltimore County Sewer Charges, 2 Medical Services Temporarily Suspended
A ransomware attack in May prevented the Baltimore City and County governments from mailing the annual water and sewage tax bills to its residents due to unverifiable accounts of abnormally low or no water consumption in 2018.
Hackers Have Carried Out 12 Billion Attacks Against Gaming Sites in 17 Months
Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites in 17 months, according to a new report by internet delivery and cloud services company Akamai.
Critical Linux and FreeBSD Vulnerabilities Found by Netflix, Including One That Induces Kernel Panic
A Netflix researcher uncovered four critical vulnerabilities within the TCP implementations on Linux and FreeBSD kernels that are related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities.
New Oracle WebLogic Zero-day Vulnerability Allows Remote Attacks Without Authentication
Oracle published an out-of-band security alert advisory on CVE-2019-2729, a zero-day deserialization vulnerability that could allow remote attackers to execute arbitrary code on targeted servers.
The hacking group, Xenotime, behind intrusions targeting facilities in oil and gas industries has started probing industrial control systems (ICSs) of power grids in the U.S. and the Asia-Pacific region, researchers reported.
Data Breach Forces Medical Debt Collector AMCA to File for Bankruptcy Protection
US medical bill and debt collector American Medical Collection Agency (AMCA) has filed for bankruptcy protection in the aftermath of a disastrous data breach that resulted in the theft of information from clients including Quest Diagnostics, LabCorp, BioReference Laboratories and more.
Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH
Trend Micro observed a new cryptocurrency mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread from an infected host to any system that has had a previous SSH connection with the host.
Hacker Groups Pounce on Millions of Vulnerable Exim Servers
Multiple groups are launching attacks against exposed Exim mail servers, trying to exploit a vulnerability that could give them permanent root access.
Florida City to Pay $600K Ransom to Hacker Who Seized Computer Systems Weeks Ago
Riviera Beach is paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago.
Are you up-to-date on the best ways to lower the risk of hackers accessing your personal data? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Read More HERE