Cyber Threat Report: Cyber Security News for 02/17/23

Super Evasive Beep Malware Stuns Researchers
A new malware has surprised researchers with the use of a significant amount of evasion techniques to avoid sandboxes and resist analysis. Read More

Growing Number of Endpoint Security Tools Overwhelm Users, Leaving Devices Unprotected
A new study shows that the sprawl of new management and security tools can end up leaving some endpoints unprotected. Read More

Hyundai and Kia cars could be stolen with just a USB cable
There’s a patch coming, but it could take months... Read More

Top Chinese Android Vendors Ship Pre-Installed Malware in Smartphones
Android smartphones from three of the most popular vendors in China—OnePlus, Oppo Realme, and Xiaomi—were analyzed by the experts. Read More

Arris Router Vulnerability could Lead to a Complete Takeover
Security researchers found an authenticated remote code execution (RCE) vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers’ telephony and internet access. Read More

Social Engineering Attacks Increases in Q4 2022, Reveals Avast Labs
Refund and invoice fraud saw a 22% jump in December 2022, with perpetrators utilizing emails originating from a trustworthy organization to create the illusion of unauthorized charges and false receipts. Read More

Controller-level Flaws can let Hackers Physically Damage Moving Bridges
By exploiting these flaws, hackers can access anything from sensors responsible for gauging temperature, pressure, liquid, air, and gas levels, as well as analyzers used to determine chemical compositions. Read More

Atlassian Investigating Security Breach After Hackers Leak Data
A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy. Read More

Splunk Enterprise Updates Patch High-Severity Vulnerabilities
Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages. Read More

SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities
SolarWinds advisories describe multiple high-severity vulnerabilities that a Platform update will patch by the end of February. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

There's a new type of malicious software (malware) called "Beep" that's been found by computer security experts. It's really good at hiding itself from being found and analyzed. It can get into your computer through email, social media, or file-sharing services. Once it's in, it can download even more harmful tools, like ransomware, that can steal your personal information or exfiltrate data. Beep has three parts that help it stay hidden, and it's especially tricky to find because it has a lot of different ways to protect itself.

Endpoint security and management technologies are used by companies to protect and manage their devices. However, as the number and variety of devices that need protection have grown, so have the number of tools available to manage them. This "sprawl" of tools is making it harder for companies to manage their endpoints, which could lead to worse security. The study found that device diversity has increased sharply, with IoT devices being the second-most common type of device. The biggest challenges in managing endpoints include aligning IT and security priorities for patching, tracking specific vulnerabilities, and managing unpatchable vulnerabilities.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.