Cyber Threats
This Week in Security News – October 15, 2021
Actors target Huawei Cloud using upgraded Linux malware, 7-Eleven breached customer privacy by collecting facial imagery without consent and more.
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Huawei Cloud was targeted through upgraded Linux malware. Also, read how 7-Eleven breached customer privacy by collecting facial imagery without consent.
Read on:
Actors Target Huawei Cloud Using Upgraded Linux Malware
Another Linux threat evolution targets relatively new cloud service providers (CSPs) with cryptocurrency-mining malware and cryptojacking attacks. In this article, Trend Micro discusses a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud. The malicious code disables the hostguard service, a Huawei Cloud Linux agent process that “detects security issues, protects the system, and monitors the agent.”
7-Eleven Breached Customer Privacy by Collecting Facial Imagery Without Consent
From June 2020 to August 2021, 7-Eleven conducted surveys that required customers to fill out information on tablets with built-in cameras. These tablets, which were installed in 700 stores, captured customers' facial images at two points during the survey-taking process -- when the individual first engaged with the tablet, and after they completed the survey.
How Quantum Computers Can Impact Security
While it might be too early to completely overhaul security protocols to prepare for quantum computing — not to mention that there is currently no post-quantum cryptographic standard existing at the moment — it would be a good idea for organisations to start planning for the future. In this blog, learn about the potential security implications of quantum computing.
Apple Silently Fixes iOS Zero-Day, Asks Bug Reporter to Keep Quiet
Apple has silently fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information. The company addressed the bug without acknowledging or crediting software developer Denis Tokarev for the discovery even though he reported the flaw seven months before iOS 15.0.2 was released.
Expanded Cloud Misconfiguration & IaaS Security
Trend Micro’s Cloud One – Conformity has expanded its support for multi-clouds and Terraform users to add even more configuration checks, so cloud projects are built on a foundation of best practice security and compliance. This is an important piece of support as many organisations lack resources to ensure cloud infrastructure is configured and deployed securely.
A senior administration official told reporters that the US wants to see "follow-up actions" ahead of a 30-country virtual meeting on ransomware that began Wednesday. The US government has "shared information with Russia regarding criminal ransomware activity being conducted from its territory," said the official, who spoke on the condition of anonymity under ground rules that the White House set for the call.
Honda to Start Selling Smart Car Data
Automotive giant Honda Motor announced that it will start selling data generated by smart vehicles, joining various rivals in a new industry predicted to be worth as much as $400 billion a year. To gather data, smart cars are geared with cameras, lasers, and electric control units, turning the vehicles into moving sensors. This new technology aims to gather a whole range of data—from driving distances and speeds to entertainment content by vehicle users.
Google Launches Security Advisory Service, Security to Workspaces
Google has launched the Google Cybersecurity Action Team to provide strategic advisory, compliance, threat intelligence, and incident response services aimed at helping government and corporate clients tackle complex cybersecurity efforts. The Cybersecurity Action Team will also work with clients to engineer a combination of services and systems to meet regulatory and corporate requirements.
Minimize SecOps Risk with Less Tools and More Security
Security leaders are seeking new ways to minimise SecOps security monitoring tools while increasing efficiency for SecOps teams. So how bad is the current challenge for SOC teams? According to new Trend Micro research, tool sprawl has reached epic proportions—with potentially serious implications for cyber risk and the mental health of SecOps analysts.
DoJ Launches Crypto Enforcement Team, Cyber-Fraud Initiative
Last week the U.S. Department of Justice took steps to crack down on ransomware with the creation of a National Cryptocurrency Enforcement Team (NCET) and the Civil Cyber-Fraud Initiative. The NCET will handle complex investigations and prosecutions of criminal misuses of cryptocurrency, Deputy Attorney General Lisa O. Monaco announced.
October Patch Tuesday: 3 Critical Bulletins Among 71
The October 2021 Patch Tuesday continues the quiet streak observed for the months of August and September. Out of 71 bulletins, only three were rated Critical this month. The list also included a fix for four publicly known vulnerabilities. Of the fixed vulnerabilities, 11 were disclosed via the Zero Day Initiative.
New CISA Bill to Require Cyber Attack Reporting in the US
Senators on the Homeland Security Committee have introduced new legislation last September 2021, requiring critical infrastructure companies to report cyberattacks to the federal government within hours. The bill also aims to mandate most organisations to tell the federal government if they make ransomware payments.
Minding the Gaps: The State of Vulnerabilities in Cloud Native Applications
What does it mean to be cloud native? According to The Cloud Native Computing Foundation (CNCF), cloud native technologies help organisations grow and run solutions in cloud environments and on-premises architectures. In a new Trend Micro report, learn about the vulnerable cracks in cloud native application security and why enterprises should devote time and resources to secure cloud applications.
Analyzing Email Services Abused for Business Email Compromise
Like a number of online attacks and threats that took advantage of the changing work dynamics, business email compromise (BEC) remains one of the cybercrimes that causes the most financial losses for businesses, despite the decrease in number of victims. Trend Micro’s continued monitoring of BEC activities showed a consistent increase in numbers during the year.
What do you think about 7-Eleven’s breach of customer privacy and trust? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.