This Week in Security News - Feb. 12, 2021
Trend Micro Launches New XDR Platform and Threat Actors Now Target Docker via Container Escape Features
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s new platform, Vision One, that provides enhanced XDR, new risk visibility, new third-party integrations, and simplified response to threats across security layers. Also, read about a container abuse attack that features a payload specifically crafted to escape privileged Docker containers.
Read on:
Trend Micro Expands XDR Solution into “Threat Defense Platform”
Trend Micro has converted its extended detection and response (XDR) solution into a threat defense platform called Vision One that supplements core XDR functionality with risk visibility, centralized management, and other features. In this article, Leah MacMillan, chief marketing officer at Trend Micro, shares more details about the new platform.
Threat Actors Now Target Docker via Container Escape Features
Trend Micro has seen an uptick in attacks against misconfigured services. In this blog, Trend Micro researchers provide a technical analysis of a container abuse attack featuring and a payload specifically crafted to be able to escape privileged Docker containers with all of the root capabilities of a host machine.
February Patch Tuesday Fixes 11 Critical Bugs
February’s Patch Tuesday fixes a total of 56 vulnerabilities, with 11 rated as Critical by Microsoft. This represents a decline both from January’s total of 83 vulnerabilities, as well as that of the same month in 2020, which had 99. Six of these vulnerabilities had been disclosed publicly, with a separate vulnerability being already exploited beforehand. Seven of these vulnerabilities were disclosed by the Zero Day Initiative (ZDI).
Researchers Discover New Malware from Chinese Hacking Group
Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group. The malware, which Palo Alto Network’s Unit 42 has dubbed “BendyBear,” bears some resemblance to the “WaterBear malware family” which has been associated with BlackTech, a state-linked Chinese cyber spy group. Trend Micro researchers said that the group has previously targeted both foreign government and private-sector entities.
Health Care Organizations are Unprepared for Cloud Migration
According to a new Trend Micro-commissioned survey, global health care organizations (HCOs) are increasingly leaning toward adopting the cloud but lack the preparedness for the security risks that come with it. Remote working, cost savings, and improved IT agility were reported as crucial reasons behind HCOs’ accelerated migration to the cloud amid the COVID-19 pandemic.
Splunk Integration Partnership with Trend Micro 2021
The past year has been an eye-opener for many IT and business leaders. Experts claim that digital transformation witnessed unprecedented growth, as organizations scrambled to support mass working and re-engineer business processes and customer-facing services. Trend Micro has been taking major strides in recent weeks and months to support these customers, by expanding industry partnerships—especially with SIEM and SOAR providers—and with its latest offerings for Splunk customers.
New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker
Ransomware is in constant state of development —not only in ransomware families that are big-game hunters or ransomware families that have a targeted approach in their campaigns, but also for new ones. In this blog, Trend Micro researchers look into a new ransomware family dubbed Seth-Locker, which was discovered while at large and is still under development. They also enumerate developments in Babuk Locker, Maoloa, CobraLocker and a possible TeslaCrypt variant.
Slack Email Asking Android App Users to Change Their Passwords
Android users of the popular chat app Slack have received an email from the company requesting them to reset their password. Most users believed that it may be a scam as it contains a ‘phishy-looking’ link. Slack company representatives confirmed that this email is not a scam, and users must immediately change their passwords.
Researchers Identify 223 Vulnerabilities Used in Recent Ransomware Attacks
Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were tied to attacks involving ransomware in 2020. That represents a fourfold increase in the number of ransomware-related vulnerabilities discovered in their last report published in 2019.
Europol: 10 Held for Alleged $100M Cryptocurrency Theft from Celebs, Others
Europol said this week that it assisted in the arrest of 10 hackers suspected of stealing $100 million in cryptocurrency in “SIM-swapping” attacks that allowed suspects to gain access to their victims’ phones. The arrests were made after an investigation with cooperation from Britain, the United States, Belgium, Malta and Canada, Europol said.
42% of Gmail Scams Targeted American Users, Google Finds
Who you are, where you are and how you experience online life are all major factors in whether you’re targeted for phishing and malware campaigns on Gmail, a joint Stanford University-Google study found. The study of 1.2 billion email-based phishing and malware attacks against Gmail users found that the risk of getting hit correlated to age, country, frequency of Gmail usage and past breach exposure.
Hacker Tried to Poison Florida City's Water Supply, Police Say
This week, officials from Pinellas County in Florida announced that an unidentified hacker remotely gained access to a panel that controls the City of Oldsmar's water treatment system, and changed a setting that would have drastically increased the amount of sodium hydroxide in the water supply.
Following Oldsmar Attack, FBI Warns about Using TeamViewer and Windows 7
In the aftermath of the Oldsmar incident, where an unidentified attacker gained access to a water treatment plant's network and modified chemical dosages to dangerous levels, the FBI has sent out an alert, raising attention to three security issues that have been seen on the plant's network following last week's hack.
What are your thoughts on the attack on the City of Oldsmar's water treatment system? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.