Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
BankBot Found on Google Play Is Targeting Ten New UAE Banking Apps
The Android-targeting BankBot malware first surfaced January of this year, and is particularly risky because it disguises itself as legitimate banking apps. This newer BankBot variant targets banks based in 27 different countries and the total number of targeted apps has increased from 150 to 160.
Security Flaws Put Billions of Bluetooth IoT Devices at Risk
A set of eight separate vulnerabilities, known collectively as BlueBorne, affecting most Bluetooth-connected desktops, mobile and smart devices on the market has been revealed. The more serious flaws allow an attacker to gain control of affected devices and their data and steal sensitive business data.
Hangul Word Processor and PostScript Abused Via Malicious Attachments
A fairly popular word processing application in South Korea, the Hangul Word Processor (HWP), and a branch of PostScript called Encapsulated PostScript are both being exploited in attacks involving malicious attachments.
21 Million Users Fall Victim to Second Android Malware Attack
Google has fallen victim to another cyberattack affecting 21 million Android users from one malware system. The malware has been named ExpensiveWall, and at least 50 apps were infected after being collectively downloaded between 1 million and 4.2 million times.
Equifax Hackers Used a Months-Old Apache Struts Vulnerability to Breach Its Servers
In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. Equifax’s confirmation comes after a report circulated last week blaming the same flaw.
US Government Bans Agencies from Using Russian Cybersecurity Software over Spying Fears
The US government has banned federal agencies from using Russian security software, over concerns that it may be tied to state-sponsored espionage. Acting Homeland Security Secretary Elaine Duke has issued a directive given at least six federal agencies a timeline for removing the software.
Trend Micro Released 2017 Midyear Security Roundup
Trend Micro released its 2017 Midyear Security Roundup detailing the most impactful headlines from the first half of 2017. The report outlines the attacks and trends witnessed this year, such as the WannaCry and Petya ransomware attacks, cyberpropaganda campaigns and the continued rise of BEC scams.
Smart Buildings Require Full-Stack Cybersecurity
Today nearly every large enterprise or government facility has some level of “smart” functionality. This progress and convenience comes with increased risks as the controllers and IoT devices used in smart buildings typically run on legacy operating systems that have not been patched for years.
Microsoft Office Zero-Day Vulnerability Addressed in September Patch Tuesday
Microsoft’s monthly security bulletin addressed a zero-day vulnerability that exploits Microsoft Word. The vulnerability is exploited via the use of a spam email that prompts the user to open the attached Microsoft Office RTF document, and allows attackers to execute code on the target system remotely.
Does Face ID Make the iPhone X More Secure?
Face ID is one of the most attention-grabbing new features of the upcoming iPhone X, but there are serious questions about whether it can keep your device secure. Is Face ID more secure than a passcode? It depends who you ask.
Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.