— The cybersecurity community during the COVID-19 emergency
War rhetoric surrounds COVID surveillance (C4ISRNET) Technology policy has itself been warped by an overuse of misleading Cold War analogies and that's evident in the recent language surrounding the pandemic.
CyberPeace Institute - World Leaders Call on Governments to Stop Cyberattacks Plaguing Healthcare Systems (CyberPeace Institute) Our mission is to enhance the stability of cyberspace. We work to decrease the frequency impact and scale of cyberattacks.
China’s Virus Apps May Outlast the Outbreak, Stirring Privacy Fears (New York Times) With the disease there mostly under control, officials are looking for new uses for the government software that’s now on many phones.
Boris Johnson and His ‘Svengali’ May Be Facing Their Reckoning at Last (Foreign Policy) The U.K. prime minister’s refusal to fire Brexit guru Dominic Cummings has provoked nationwide outrage.
Fears contact-tracing app will open the floodgates for cyber criminals (ComputerWeekly) Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in government.
India makes source code of contact-tracing app public (Reuters) India said on Tuesday it was making public the source code of its coronavirus contact-tracing app Aarogya Setu for Google's Android smartphones, a move digital rights activists said will boost the security of users.
Govt opens up Aarogya Setu program code for scrutiny, announces reward for finding security flaws (ETTelecom) The government on Tuesday announced opening the source code of its coronavirus tracking app, Aarogya Setu, for scrutiny by the developer community to ..
DHS’s cyber division has stepped up protections for critical research, official says (CyberScoop) DHS’s cybersecurity wing says it has put defense measures for health care organizations and research facilities in place as hackers try to steal U.S. coronavirus research.
Attackers Exploiting COVID-19 to Phish Customers of South Africa’s Third Largest Bank (Global Security Mag Online) Ironscales researchers have identified a new email spoofing phishing attack targeting the customers of Absa Bank, South Africa’s third largest financial institution. The attack is targeting customers and other organizations with a spoofed financial relief funds application. The now-trending phishing attacks were first discovered when at least 25 employees at the same company were targeted at random times over a three-day period.
New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map (BleepingComputer) A new ransomware threat called [F]Unicorn has been encrypting computers in Italy by tricking victims into downloading a fake contact tracing app that promises to bring real-time updates for COVID-19 infections.
[F]Unicorn Ransomware Masquerading as COVID-19 Contact Tracing App (The State of Security) A new ransomware family called "[F]Unicorn" masqueraded as a COVID-19 contact tracing app in order to target Italian users.
Borrower, Beware: Credit-Card Fraud Attempts Rise During the Coronavirus Crisis (Wall Street Journal) Fraudsters are using pilfered credit-card numbers and phishing attacks to prey on overwhelmed consumers and banks during the coronavirus pandemic.
COVID-19 pandemic makes it critical to strengthen personal cyber security against scammers (KOMO) Cyber security experts say the COVID-19 pandemic is exposing all of us to a higher risk of fraud.
Researchers: Nearly Half Of Accounts Tweeting About Coronavirus Are Likely Bots (NPR.org) Researchers culled through more than 200 million tweets discussing the virus since January and found that about 45% were sent by accounts that behave more like computerized robots than humans.
Amazon sells 5G underpants as conspiracy theories flood social media (The Telegraph) Amazon is peddling underwear, stickers and blankets that falsely claim to protect users from electromagnetic radiation and 5G
Data breach hits Florida unemployment system (WJXT) Officials say some Florida residents who have made unemployment claims may have had personal data stolen.
5 principles for effective cybersecurity leadership in a post-COVID world (World Economic Forum) As more people work from home due to COVID-19, cybersecurity operations are facing tremendous challenges. These five principles can help Chief Information Security Officers (CISOs) and cybersecurity leaders ensure effective business continuity in the "new normal."
New Data61 boss says businesses can turn COVID-19 to their advantage (Australian Financial Review) The new boss at CSIRO's data science organisation says companies that keep investing smartly in R&D will emerge from COVID-19 stronger than more timid rivals.
You have the PPP money; this is how you save the country from economic meltdown (Washington Business Journal) In about 12 short years, the U.S has embarked on two historic business bailout programs to avoid an economic meltdown. One was a success. What can we expect from the other?
D.C., Virginia, Maryland businesses see surprising reversal in latest PPP tally (Washington Business Journal) It seems some businesses took advantage of the chance to return their PPP loans.
SBA officially weighs in on using PPP for bonuses. Here's what it says. (Washington Business Journal) The agency's latest guidance ends months of speculation on the hot topic.
Interior, Energy and EPA have more reopening details for employees (Federal News Network) Reopening plans for the Interior and Energy Departments describe upcoming changes to their own telework, leave and screening policies. The Environmental Protection Agency is preparing to initiate…
Open-sourcing new COVID-19 threat intelligence (Microsoft Security) While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.
How MISP Enables the Cybersecurity Community to Collaborate During the Pandemic (Devo.com) As if the pandemic itself weren’t causing enough pain and suffering in the world, cybercriminals are busy developing and deploying COVID-19-related malware to try and … How MISP Enables the Cybersecurity Community to Collaborate During the Pandemic Read More »
Why do we find comfort in terrifying stories? (BBC) Narratives about deadly diseases, self-isolation and increased surveillance in popular media can offer an insight into how to navigate the present.
Cyber Attacks, Threats, and Vulnerabilities
German intelligence agencies warn of Russian hacking threats to critical infrastructure - CyberScoop (CyberScoop) A Kremlin-linked hacking group has continued its long-running efforts to target German companies in the energy, water and power sectors, according to a confidential German government advisory obtained by CyberScoop.
“Spyware” App Containting Trojan, Requests Dangerous App Permissions (VPNpro) Chinese company QuVideo Inc makes apps with 157+ million installs, with some apps hidden. Its apps are known for spyware and even a remote access trojan.
Android users warned about 'significant' security issues found in top handsets (Express) Android users have been warned about "significant" security issues that affected handsets from some of the world's top manufacturers.
Do Androids dream of equal security? (F-Secure Blog) Research published by F-Secure Labs demonstrates that region-specific Android setups are creating a fragmented landscape of security problems.
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat (Dark Reading) The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
A new Android bug, Strandhogg 2.0, lets malware pose as real apps and steal user data (TechCrunch) Android 9.0 devices and earlier are affected, but a security update has been released.
StrandHogg 2.0 Vulnerability Allows Hackers to Hijack Android Devices (SecurityWeek) Researchers discover an Android vulnerability, dubbed StrandHogg 2.0, that allows malware to hijack legitimate apps and gain full access to the targeted device
StrandHogg 2.0 Critical Bug Allows Android App Hijacking (Threatpost) A malicious app installed on a device can hide behind legitimate apps.
New Apple iOS Warning Affects Almost All iPad, iPhone Users (Forbes) Hundreds of millions of iPhones are now vulnerable to attack.
Mandiant dishes on notorious Maze ransomware group (SearchSecurity) FireEye's Mandiant threat intelligence delves into the Maze ransomware group's tactics, techniques and procedures. Threat researchers discuss the tools used in various attack stages and focus on three main clusters they have observed.
Exclusive: Hacker selling 500 million Facebook user data from 82 countries (HackRead) The entire database is being sold for $30,000 on a hacker forum.
Cyber criminal put Truecaller records of 4.75 cr Indians on sale for Rs 75,000 (ETTelecom) A cyber criminal has put on sale records of 4.75 crore Indians claimed to be sourced from online directory Truecaller for about Rs 75,000, according t..
26 million LiveJournal credentials leaked online, sold on the dark web (ZDNet) LiveJournal credentials were obtained in a 2014 hack, but leaked online earlier this month.
Hundreds of cyber attacks aimed at accessing bushfire funds, says Red Cross (The Sydney Morning Herald) The Australian Red Cross has been hit by almost 900 cyber attacks attempting to access the $216 million raised in donations for bushfire victims.
Trend Micro research finds trust lacking within cyber criminal underground (ITWeb) The report details changing tactics and global demand for new malicious services like deepfake ransomware and AI bots.
What's trending on the underground market? (Help Net Security) Underground market trends will likely shift further in the months following the global COVID-19 pandemic, as attack opportunities continue to evolve.
Oh cool, tech service prices are plummeting. And by tech services, we mean botnet rentals and stolen credit cards (Register) Supply and demand in action
Tel Aviv University researchers successfully repel massive attempted cyber attack (i24NEWS) Potential attack assumed to be even more destructive than that which paralyzed east coast of US in 2016
Smart cars vulnerable to hack that could enable ‘remote control’ (SC Magazine) A memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack according to Cisco's Customer Experience Assessment & Penetration Team (CX APT).
Truecaller denies allegations of data breach (ETTelecom.com) Phone number identification app Truecaller has denied allegation of data breach of 4.75 crore Indians, saying the miscreants on dark web have put up o..
Vulnerabilities Found in Emerson SCADA Product Made for Oil and Gas Industry (SecurityWeek) A Kaspersky researcher has identified several vulnerabilities in Emerson OpenEnterprise, a SCADA product designed for the oil and gas industry
Johnson Controls Kantech EntraPass (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: low skill level to exploit
Vendor: Kantech, a subsidiary of Johnson Controls
Equipment: EntraPass
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could potentially allow an authorized low-privileged user to gain full system-level privileges.
Inductive Automation Ignition (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Inductive Automation
Equipment: Ignition
Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data
eBay users spot the online auction house port-scanning their PCs. Um... is that OK? (Register) Fraud is a big issue for etailer, but there are privacy and consent concerns too
Twitter Adds Fact-Check Notice to Trump Tweets on Mail-In Ballots (Wall Street Journal) Twitter turned down a widower’s request to delete tweets by President Trump floating baseless theories about his wife’s death, but for the first time applied a fact-checking notice to a different unsubstantiated claim the president made on the platform.
Trump accuses Twitter of 'interfering' with US elections after fact checking warning (ZDNet) The US President also accused Twitter of 'stifling free speech'.
Superintendent: ‘Ransomware-type virus’ attacks North Babylon School District (News 12 Long Island) According to a message sent by the superintendent and posted on the district’s website, the virus “encrypted some of the computerized files” on its internal network and impacted the district’s ability
Google deletes millions of negative TikTok reviews (BBC News) Angry users had flooded the app with one-star reviews over a controversial video.
Security Patches, Mitigations, and Software Updates
Apple fixes bug that stopped iOS apps from opening (TechCrunch) Apple has now resolved the bug that was plaguing iPhone and iPad apps over the weekend, causing some apps to not launch at all. The issue was related to a bug with Apple’s Family Sharing system, it appears, as users reported error messages which said “This app is no longer shared with y…
Does iOS 13.5 fix the mail bug? Common Mail bug fixes for iPhone (Republic World) Does iOS 13.5 fix the mail bug? Has been one of the most asked question by iPhone users. Read below to know some of the easiest Mail app bug fixes.
Cyber Trends
Nearly One Fifth of Law Firms Show Signs of Compromise (Infosecurity Magazine) BlueVoyant report warns sector is critical to national security
Growing Threat of Destructive Attacks is One of the Top Cyber Risks Organizations Face (Security Boulevard) At a time of technological transformation and “cyber everywhere”, the attack surface for organizations is exponentially growing and cyber criminals are going after operational systems and backup capabilities simultaneously in highly sophisticated ways—leading to enterprise-wide destructive cyber attacks.
Parks Associates: 29% of US Broadband Households Own Both a Smart Speaker and a Smart Home Device (PR Newswire) New Parks Associates research from Smart Home Buyer Journey and User Experience finds that smart speakers are serving as a gateway to smart...
Marketplace
Army Seeks Nontraditional Contractors to Support Cyber Training Tech Development Project (ExecutiveBiz) The U.S. Army is inviting nontraditional defense contractors to participate in a project that aims to integrate new tools into the military service's Persistent Cyber Training Environment. The branch indicated its intent to use an other transaction agreement to address the requirement as part of
Cybersecurity-Focused VC Cyberstarts Raises $100 Million Fund (CTECH) The firm also appointed Lior Simon, formerly an associate at Sequoia Capital and head of the Israel operation of Arbor Ventures, as partner
Exabeam Invests for Growth Across Asia Pacific and Japan to Meet Increasing Demand for Smarter SIEM (BusinessWire) Exabeam, the Smarter SIEM™ company, announced a significant investment in its operations across the Asia Pacific and Japan (APJ) region.
New members and territories join fight against digital violence (Coalition Against Stalkerware) Worldwide lockdowns reconfirm the need for strengthened international working group to domestic violence and stalkerware
WhiteHat Security Expands Its Executive Leadership Team (BusinessWire) WhiteHat Security today announced the appointment of Tanya Gay and the promotion of Judy Sunblade.
Products, Services, and Solutions
EclecticIQ Joins Forces with Endpoint Solution Provider PolyLogyx (BusinessWire) EclecticIQ, the global provider of cyber threat intelligence (CTI) technology solutions and Fusion Center, is joining forces with PolyLogyx, a creator
Akamai launches a new in-browser threat detection solution that uncovers compromised scripts (Help Net Security) Akamai announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts.
Samsung Unveils New Security Chip for Mobile Devices (SecurityWeek) Samsung has unveiled a new security solution for mobile devices that includes an SE chip and enhanced security software
Lowell Service Center Gives Credit Where Credit Is Due – Attributes Flawlessly Executed Data Migration to Datadobi (Datadobi) DobiMigrate seamlessly moved warm archive data to new IaaS data center, while ensuring all contextual and relational information remained intact and not changed in any way.
Netwrix simplifies fulfilling data subject access requests (Netwrix) With the newest version of Netwrix Data Classification, organizations can easily respond to individuals’ requests concerning their personal data, within the required timeframe.
FireEye introduces new endpoint security framework for rapid feature deployment (TahawulTech) FireEye has introduced a new Innovation Architecture behind FireEye Endpoint Security, which includes modules for protection, investigation and response.
Trend Micro launches 'worry-free' security platform as partners battle COVID-19 effects (CRN) Trend Micro opens up on the biggest cybersecurity challenges facing the channel in 2020
Thycotic launches DevOps Secrets Vault solution for greater cloud security (Security Brief) “DevOps Secrets Vault is a cloud-based vault that balances the security and velocity that DevOps teams require for this growing part of the enterprise attack surface.
Social Media Platform 2cents Dedicated to Protecting Privacy (PR Newswire) 2cents, a micro blogging platform, offers a responsible approach to social media by not abusing the privacy of its customers. 2cents believes...
Technologies, Techniques, and Standards
Collaborating Across the Army Cyber Force (DVIDS) A collaborative mix of about 50 U.S. Army and civilian cyber professionals to include a minor Air Force presence gathered to discuss future of the force efforts during the 2020 Army Cyber Workshop held here March 9-13.
Promiscuous Wireless Packet Sniffer Project (Black Hills Information Security) Ray Felch // Introduction: After completing and documenting my recent research into keystroke injections (Executing Keyboard Injection Attacks), I was very much interested in learning the in-depth technical aspects of the tools and scripts I used (created by various authors and security research professionals). In particular, I was interested in creating my own software/hardware implementation …
Design and Innovation
()
Facebook Executives Shut Down Efforts to Make the Site Less Divisive (Wall Street Journal) The social-media giant internally studied how it polarizes users and how it might address the resulting harms, then largely shelved the research.
YouTube automatically deletes comments criticising China's Communist Party (The Telegraph) An algorithmic error was to blame, Google says
YouTube is deleting comments with two phrases that insult China’s Communist Party (The Verge) The two anti-communist phrases you can’t say on YouTube.
Council Post: How To Achieve Balance Between Cybersecurity And The User Experience (Forbes) Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.
Academia
Commonwealth Cyber Initiative awards experiential learning grants to faculty and students across Virginia (Virginia Tech News) Earlier this year, the Commonwealth Cyber Initiative sought proposals for scalable pilot programs for experiential learning from member institutions across Virginia that would provide students with industry experience and enhance their skillsets to better prepare them to enter the cybersecurity workforce. Six experiential learning projects have been funded.
Legislation, Policy, and Regulation
Hong Kong leader says security law not a threat to freedoms (Federal News Network) Hong Kong’s leader says national security legislation proposed by China’s legislature will not threaten the semi-autonomous territory’s civil rights, despite widespread criticism of the move as an…
UK cyber agency launches review of Huawei presence in 5G networks (CyberScoop) The United Kingdom’s cybersecurity agency is reviewing the impact that new U.S. sanctions on Huawei could have on Britain’s deployment of 5G technology.
()
Analysis | The Cybersecurity 202: The Trump administration may be turning a corner in its war with Huawei (Washington Post) A U.K. review could be the first step in blocking the Chinese telecom there.
Japan mulls anti-cyber-bullying steps after Netflix cast member death (Kyodo News+) Japan is considering bolstering countermeasures against cyber-bullying following the death of a cast member of popular Netflix reality show, communications minister Sanae Takaichi says.
Japan Wants Tougher Cyberbully Law After Netflix Star's Suicide (Khaosod English) TOKYO (Kyodo) — Japan is considering bolstering countermeasures against cyber-bullying following the death of a cast member of popular Netflix reality show, communications minister Sanae Takaichi said Tuesday.
()
US officials arrest another member of Fin7 hacking group (Computing) The Ukrainian national was part of spear-phishing campaign that enabled hackers to gain unauthorised access to victims' system
House GOP sues to stop remote voting rule change (CNN) House Republican leaders have sued to stop a remote voting rule change set to be used in the House for the first time this week, a move that underscores the continuing divide between the two parties over whether it's safe to return to work amid the coronavirus pandemic.
California Activists Ramp Up Fight Against Facial-Recognition Technology (Wall Street Journal) California privacy advocates are mobilizing to thwart a bill backed by Microsoft that would regulate facial-recognition technology and that is working its way through the state legislature.
Litigation, Investigation, and Law Enforcement
Report: ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office (KrebsOnSecurity) A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general's office, according to a new complaint filed with the government's internal affairs…
Feds Arrest Member of Fin7, Group Tied to a Billion Dollars Worth of Hacks (Vice) Victims of the group included Chipotle, Whole Foods, and Trump Hotels.
FTC Settles With Canadian Smart Lock Maker Over Security Practices (SecurityWeek) The FTC has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be unbreakable
Hacker Behind 'Doxxing' of German Politicians Charged (SecurityWeek) German prosecutors brought charges against a 22-year-old hacker who released personal data of dozens of politicians, journalists and other public figures online, embarrassing national authorities.
Cyber fraud suspected at Srisailam temple in Andhra as Rs 1.42 crore missing (News Minute) Around 20 contractual employees have been booked for their suspected involvement in the scam.
Stormont now probing historical abuse victims data breach (Belfast Telegraph) A Stormont department is investigating a data breach that led to hundreds of victims of historical institutional abuse having their identities exposed.
How Confused.com’s Cyber Skills Prosecuted a Ghost Broking Ring (Business News Wales) Fraud impacts all financial service industries, and insurance is no exception. Those who get away with it are costing insurers millions, together with
GDPR enforcement over the past two years (Help Net Security) Two years after the GDPR went into effect, official data show that DPAs have not yet been able to create adequate GDPR enforcement.