Security News > 2020 > July

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-a total of 337 non-financial Android applications on its target list. Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-a total of 337 non-financial Android applications on its target list. Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and Cloud Native Computing Foundation, which builds sustainable ecosystems for cloud native software, announced a new certification, the Certified Kubernetes Security Specialist is in development. CKS will consist of a performance-based certification exam testing competence across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.

Quest Software, a global systems management, data protection and security software provider, announced new capabilities available within On Demand Audit to support the industry-wide shift to the cloud and ensure Microsoft environments remain secure in the face of growing malware and cyber threats. To further help customers tighten their security posture, streamline auditing processes, and adhere to compliance requirements, On Demand Audit now features new support for Teams and delivers the necessary auditing and alerting on all critical events to minimize vulnerabilities across the business collaboration tool.

Platform9 announced key additional building blocks in delivering the next generation SaaS managed Kubernetes experience. New features include the industry's first managed Calico networking with API access, an application wizard for automated deployment of bare-metal Kubernetes clusters, and enhanced cluster monitoring and observability that provide better insights into all aspects of cluster behavior.

Amazon Web Services, an Amazon.com company, announced the general availability of Amazon Interactive Video Service, a new fully managed service that makes it easy to set up live, interactive video streams for a web or mobile application in just a few minutes. Customers can then combine the Amazon IVS SDK and APIs to attach structured text data to video streams, and create interactive content, including polls, surveys, and leaderboards, all of which are automatically synchronized to the live video.

LogicGate adds a Zapier integration to its Integrations Suite, and has expanded its Third-Party Risk Management and Information Security offerings with three additional pre-built applications. The integration links activity from Risk Cloud to these applications, creating custom business functions within their GRC programs.

Steampunk announces another leadership addition to its technology capabilities practice. Alan Crouch recently joined Steampunk as the DevSecOps Practice Lead. "Alan has spent the past two decades of his career at the epicenter for development and security serving in a variety of roles and advocating for DevSecOps long before the concept was coined," said Steampunk CTO Sean Dillon.

Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools.

Apple has released a fresh batch of software security updates for its flagship devices. For iOS and iPadOS the 13.6 update includes fixes for 29 CVE-listed vulnerabilities, 10 involving arbitrary code execution.