Security News > 2020 > February

Zyxel Communications launched the ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for small and medium businesses. The flagship of the growing Zyxel family of ZyWALL VPN firewalls, VPN1000 is an integrated security solution that combines a powerful firewall with high-performance VPN tunnel capabilities to protect the local network against threats and safeguard data communications between multiple locations or hybrid clouds.

Trend Micro, a global leader in cybersecurity solutions, announced that it will collaborate with Baker Hughes' Nexus Controls operational technology security experts through a strategic framework agreement, signed in late 2019. Under the terms of the agreement, Trend Micro and Baker Hughes plan to work together to help mitigate these and other cyber-risks in support of IT and security leaders looking to drive digital transformation success.

The chair of the House Energy and Commerce Committee - which oversees the FCC - Frank Pallone issued a statement: "Following our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers' real-time location data. This is certainly a step in the right direction, but I'll be watching to make sure the FCC doesn't just let these lawbreakers off the hook with a slap on the wrist." For her part, Commissioner Rosenworcel put out a statement saying: "For more than a year, the FCC was silent after news reports alerted us that for just a few hundred dollars, shady middlemen could sell your location within a few hundred meters based on your wireless phone data."

"We are more interested in ransomware that models behavior that we saw in the WannaCry attacks, where ransomware can exploit a vulnerability and propagate across a network," Ekstrom, who helped work on the documents, tells Information Security Media Group. One significant reason why NIST created these practice guidelines now is that the nature of ransomware has changed over the last two years, Ekstrom says.

A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection. AZORult is remote access trojan popular on Russian forums and most recently spotted last month in a spam campaign perpetrated by a hacker with an affinity toward singer-songwriter Drake.

Hackers are actively targeting a vulnerability in Linear eMerge E3 access controllers to infect the devices with malware and abuse them to launch distributed denial-of-service attacks, SonicWall revealed over the weekend. A Nortek Security and Control LLC product, the Linear eMerge E3 access controller is used in the commercial, industrial, banking, medical, retail, and hospitality sectors to manage user access to specific facilities or areas.

The Mobileye 630 PRO and Tesla's HW 2.5 autopilot system, which comes embedded in the Tesla Model X. On the scale of level 0 to level 5, these two systems are considered "Level 2" automation. In one instance, researchers showed how they were able to cause the Tesla Model X to brake suddenly due to a phantom image, perceived as a person, projected in front of the car.

Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. One of the advisories, initially published in March 2019 by both CISA and Medtronic, covers vulnerabilities affecting the Medtronic Conexus radio frequency wireless telemetry protocol used by some of the company's implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators.

TA505 - a sophisticated advanced persistent threat group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers. This threat group is believed to have caused over $100 million in losses over the years, according to the U.S. Treasury Department, which published a report about the group in December when it issued sanctions against some of its members.

Six individuals were arrested in the United Kingdom last week for their involvement in a bank cyber-heist and money laundering operation. The arrests were made in connection to the laundering of money stolen in February 2019 from Malta's Bank of Valletta, after cyber-criminals used malware to access the bank's systems and illegally remove around €13 million.