Android, Nest, & Linux Malware – Paul’s Security Weekly #591

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert!

Paul’s Stories

  1. The 51 Things Most Homeowners Arent Doing But Need To
  2. Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
  3. Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert
  4. PHP PEAR official site hacked, tainted package manager distributed for 6 months
  5. Twitter warns that private tweets were public for years
  6. Researchers discover state actors mobile malware efforts because of YOLO OPSEC
  7. Two more Windows zero-days get temporary patches | ZDNet
  8. SD-WAN admin? Your number came up in Cisco’s latest bug list
  9. AWS Provides Secure Access to Internal Assets With Amazon WorkLink | SecurityWeek.Com
  10. Database of 24 Million Mortgage, Loan Records Left Exposed Online

Lee’s Stories

  1. If someone is calling from Scam Likely… Cellular carriers are implementing services to identify cell scam leveraging STIR, SHAKEN standards and other techniques to identify these callers.
  2. New Android Malware uses motion sensor to avoid detection. The malware assumes a real device if motion sensor input is detected, to then download a fake android update which includes the Anubis banking trojan.
  3. Linux Malware disables security software to mine cryptocurrency Discovered by Palo Alto Unit 42 finds malware uses flaws in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion.

Full Show Notes

Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

Lee Neely
Lee Neely – Senior Cyber Analyst , Lawrence Livermore National Laboratory.

Paul Asadorian
Paul Asadorian – CEO, Security Weekly.

Doug White
Doug White – Professor, Roger Williams University.

Joff Thyer
Joff Thyer – Security Analyst, Black Hills Information Security.

 

 

 

 

 

 

Announcements

  • RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
  • Join us April 1-3, at Disney’s Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!