Weekly Recap of Cybersecurity News 11/24

cybersecurity news

In case you missed it, here are some of the biggest cybersecurity news stories from the past week!

 

Proton Mac Malware Spreads via Fake Symantec Blog
The Proton Mac malware is back with a new—and ironic—method: Spoofing Symantec’s security blog, then amplifying it through Twitter. Read More

 

 

Intel Chip Flaws Leave Millions of Devices Exposed
Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible. Read More

 

 

FCC Plans to Gut Net Neutrality, Allow Internet ‘Fast Lanes’
The Federal Communications Commission will publish on Wednesday its plan to reverse Obama-era net neutrality rules that banned internet service providers from blocking or slowing down content, or creating so-called “fast lanes” for companies willing to pay extra to deliver their content more quickly. Read More

 

 

UBER Paid Off Hackers to Hide a 57-Million User Data Breach
The ridesharing service lost control of 57 million people’s private information, and hid that massive breach for more than a year, a cover-up that potentially defied data breach disclosure laws. Uber may have even actively deceived Federal Trade Commission investigators who were already looking into the company for distinct, earlier data breach. Read More

 

 

Matrix Banker malware spreads to multiple industries
The Matrix Banker malware, first found in Latin America, is now gaining a foothold in diversified targets. Steve Ragan breaks down the threat with Justin Fier, director for cyber intelligence and analysis at Darktrace. Read More

 

 

Cisco, Interpol team up to share cybercriminal threat data
Cisco and Interpol have announced a new agreement to share threat data on cybercriminal activities. The tech giant and international law enforcement agency said that sharing threat intelligence between the parties will be the “first step” in jointly tackling today’s cybercrime. Read More

 

 

HP patches severe code execution bug in enterprise printers
HP has issued firmware patches to fix a security flaw which allowed attackers to perform remote code execution attacks on enterprise-grade printers. FoxGlove Security researchers issued an advisory disclosing the technical details of the bug, CVE-2017-2750, earlier this week. Read More

 

 

Researcher Finds Hole in Windows ASLR Security Defense
The latest versions of Microsoft Windows are vulnerable to attacks due to a newly discovered vulnerability in Address Space Layout Randomization (ASLR). The vulnerability affects Windows 8, Windows 8.1, and Windows 10 systems with system-wide ASLR enabled via Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) or Windows Defender Exploit Guard. Read More

 

 

Trickbot Evolves with Account-Checking Activity
While Trickbot has historically targeted the financial industry, it has now expanded its targeting of other industries via its account-checking activities, according to fresh analysis. Read More

 

 

Google collects Android users’ locations even when location services are disabled
Many people realize that smartphones track their locations, but what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed. Read More

 

 

Ransomware is now a $2 billion-per-year criminal industry
Ransomware payments in 2017 will hit a record $2 billion, according to a new research from the cybersecurity firm Bitdefender. That figure would make 2017 the most costly year ever for ransomware, doubling the $1 billion paid out by ransomware victims in 2016 and skyrocketing above the $24 million paid in 2015. The upward trend will likely continue into 2018 as malware becomes more sophisticated and difficult to stop. Read More

 

 

Tether Claims $30 Million in US Dollar Token Stolen
Tether, the company behind a dollar-pegged cryptocurrency widely used in the market’s exchange trade, is claiming that its systems have been hacked and that $30 million worth of its tokens have been stolen. Read More

 

 

Like our content? Follow us on LinkedIn, Twitter, or Facebook to stay up to date each week!
Want to see how SentinelOne can help improve your security efforts? Request a Demo Now