This Week in Security News: Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday and Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about this month’s Patch Tuesday update from Microsoft. Also, learn about Trend Micro’s Worry-Free XDR: a new version of its XDR platform designed to extend the power of correlated detection and response beyond the endpoint for smaller businesses.

Read on:

Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot

Malicious actors continue to target environments running Docker containers. Trend Micro recently encountered an attack that drops both a malicious cryptocurrency miner and a distributed denial-of-service (DDoS) bot on a Docker container built using Alpine Linux as its base image. A similar attack was also reported by Trend Micro in May; in that previous attack, threat actors created a malicious Alpine Linux container to also host a malicious cryptocurrency miner and a DDoS bot.

Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday

Microsoft released patches for 129 CVEs (common vulnerabilities and exposures) as part of its monthly Patch Tuesday rollout. Dustin Childs from Trend Micro’s Zero Day Initiative shared that this marks seven consecutive months of more than 110 bugs fixed and brings the yearly total close to 1,000.

Purple Fox EK Relies on Cloudflare for Stability

A year ago, Trend Micro talked about Purple Fox malware being delivered by the Rig exploit kit. Malwarebytes later found evidence that it had its own delivery mechanism, and thus named it the Purple Fox exploit kit. Trend Micro recently found a spike in the Purple Fox exploit kit with improved delivering tactics in our telemetry. Some of the improvements include use of full HTTPS infrastructure based on Cloudflare as frontend, fully encrypted landing page, and disguised redirection.

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties.

War of Linux Cryptocurrency Miners: A Battle for Resources

The Linux ecosystem is regarded as more secure and reliable than other operating systems, which possibly explains why Google, NASA, and the US Department of Defense (DoD) utilize it for their online infrastructures and systems. Unfortunately, the adoption of Linux systems is also an attractive target for cybercriminals. In this blog, learn about the ruthless battle for computing power among the different cryptocurrency-mining malware that target Linux systems. 

Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response

Trend Micro announced Worry-Free XDR is a new version of its XDR platform designed to extend the power of correlated detection and response beyond the endpoint for smaller businesses. This unmatched channel offering is available now as a standalone or managed solution tailored for SMBs.

Securing Enterprise Security: How to Manage the New Generation of Access Control Devices

Enterprises are increasingly deploying contactless security solutions to control access to their spaces, especially now in the midst of a pandemic. These solutions mostly rely on devices that use facial recognition to manage entry to enterprise premises in an effective and efficient manner. Considering that these access control devices are the first line of defense for employees and assets on enterprise premises, Trend Micro set out to test the security of the devices and to find out whether they are susceptible to cyber as well as physical attacks.

Zeppelin Ransomware Returns with New Trojan on Board

The Zeppelin ransomware has sailed back into relevance, after a hiatus of several months. A wave of attacks were spotted in August by Juniper Threatlab researchers, making use of a new trojan downloader. These, like an initial Zeppelin wave observed in late 2019, start with phishing emails with Microsoft Word attachments (themed as “invoices”) that have malicious macros on board. Once a user enables macros, the infection process starts.

Published New Ebook: Strategic Investment to Secure Smart Factories

Security is undergoing a digital transformation in the manufacturing industry. As the fusion of the cyber world and the physical world progresses, various security issues are mounting. Manufacturing executives must view security as a management issue, not as a system issue. Trend Micro has published an ebook that focuses on security issues in the convergence of IT and OT.

Ransomware Accounted for 41% of All Cyber Insurance Claims in H1 2020

Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cybersecurity firms that ransomware is one of today’s most prevalent and destructive threats.

What do you think about the Zeppelin ransomware attacks and the rise in ransomware overall? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.