Cyber Attacks, Threats, and Vulnerabilities
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT (Malwarebytes Labs) We look at a spear phishing attack from APT36, a group of threat actors posing as the Indian government and offering guidance on coronavirus.
Intelligence agencies use coronavirus information to target enemies, analysts say (NBC News) “We’ve seen Russia use it against Ukraine, China use it against Southeast Asia, North Korea against South Korea,” one cybersecurity analyst said.
US summons Chinese ambassador over coronavirus conspiracy theory (CNN) US Assistant Secretary of State David Stilwell summoned China's ambassador in Washington to the State Department Friday morning, hours after a prominent Chinese official suggested that the US military may have been responsible for bringing the coronavirus to Wuhan, the epicenter of the global pandemic.
Bio-war-of-words: US summons Chinese ambassador over ‘disinformation campaign’ about coronavirus origin (RT International) China's ambassador to Washington Cui Tiankai was summoned to the State Department after a spokesman for the foreign ministry in Beijing tweeted that the deadly coronavirus could have been seeded in Wuhan by the US military.
Iran Launched an App That Claimed to Diagnose Coronavirus. Instead, It Collected Location Data on Millions of People. (Vice) “They can actually track you. If you move your device from location A to B, they can actually see that in real time.”
Phones Could Track the Spread of Covid-19. Is It a Good Idea? (Wired) China and South Korea used smartphone apps to monitor people with the disease. But Americans have different views of privacy and data collection.
COVID-19 campaigns (BAE Systems) Moving into March 2020, countries worldwide are still struggling to manage the spread of the viral disease now known as COVID-19. In cyberspace, threat actors are using the topic of COVID-19 to their advantage with numerous examples of malicious activity using COVID-19 as lure documents in phishing campaigns.
Phishing cases explode as attackers prey on coronavirus fears (Security Brief) Attackers, ever the opportunists, are capitalising on COVID-19, pushing phishing lures and establishing newly-registered coronavirus-related domains.
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation (Digital Shadows) While COVID-19 itself presents a significant global security risk to individuals and organizations across the world, cybercriminal activity around this global pandemic can result in financial damage and promote dangerous guidance, ultimately putting additional strain on efforts to contain the virus.
Coronavirus 'fearware' sees hackers exploit Covid-19 panic to target victims (The Independent) 'Coronavirus is a formidable opportunity to trick panicking people amid the global mayhem,' one cyber expert warns
Online coronavirus scams are here, watch out for these red flags (CNET) COVID-19 fears are fertile ground for malicious actors. Here's how to stay safe online.
Hackers find new target as Americans work from home during outbreak (TheHill) Experts are warning of a new wave of cyberattacks targeting Americans who are forced to work from home during the coronavirus outbreak.
Federal employees may soon be ordered to work from home. That could pose serious cybersecurity risks. (Stars and Stripes) The surge in telework will mark a first-of-its kind test for the government, which has struggled to update and secure its arcane technology systems.
U.S.-Chinese Distrust Is Inviting Dangerous Coronavirus Conspiracy Theories (Foreign Affairs) And Undermining Efforts to Contain the Epidemic
COVID-19 Testing Center Hit By Cyberattack (BleepingComputer) Hospitals around the world struggle with ever-growing waves of COVID-19 infections but the efforts in one testing center in Europe are being hampered by cybercriminal activity.
Czech Republic's second-biggest hospital is hit by cyberattack (CyberScoop) A large Czech Republic hospital responsible for running tests for the novel coronavirus said Friday that a cyberattack had hit its computer systems.
Russian ‘bot farms’: The new-old challenge to Ukraine’s national security (The Ukrainian Weekly) On February 17, the Security Service of Ukraine (known by the Ukrainian acronym SBU) disrupted the activity of a network of “bot farms” – an extensive, organized effort to create “fake” (automated) social media accounts, which was found to be active across multiple regions of Ukraine.
Report: Web Browser for Developers Leaves User Data Exposed (vpnMentor) Researchers Noam Rotem and Ran Locar, leaders of vpnMentor’s security team, recently uncovered a data breach affecting the Blisk browser, a web browser
Slack Bug Allowed Automating Account Takeover Attacks (BleepingComputer) Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using a HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/.
Exclusive: Edtech Startup Skolaro Leaks Data Of Over 50K Children, Govt Officials (Inc42 Media) Gurugram-based edtech SaaS provider Skolaro has left data of over 50K school children, teachers and parents on unsecured servers.
Phishing PDF With Incremental Updates. (SANS Insitute) Someone asked me for help with this phishing PDF.
Cyber attack on Durham County halts real estate transactions (Raleigh News-Observer) A cyber attack on the county of Durham in North Carolina has stalled real estate transactions and prevented some people from moving into homes.
Security Patches, Mitigations, and Software Updates
Slack fixes vulnerability exploitable for session hijacking, account takeovers (ZDNet) Slack’s team jumped on the critical bug and patched the flaw within a matter of hours.
WordPress to add auto-update feature for themes and plugins (ZDNet) Auto-update feature is only available for the WordPress CMS core now. To be expanded for themes and plugins.
Cyber Trends
Open source bugs have soared in the past year (Naked Security) Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.
Half of UK Firms Suffer Basic Cyber-Skills Gaps (Infosecurity Magazine) Government report warns many can’t complete simple tasks
Marketplace
DCMS-backed cyber accelerator postpones LORCA Live event due to coronavirus (NS Tech) <p>The UK’s government-funded cyber security accelerator has postponed its flagship event, LORCA Live, until later in the year due to the coronavirus outbreak. The London Office for Rapid Cybers
Private equity steps up cyber diligence (PE News) Buyout firms are increasingly having to examine cybersecurity in deals and at portfolio companies
SAIC - Unisys Federal Deal Gets U.S. Antitrust Approval (Nasdaq) (RTTNews) - Science Applications International Corp. (SAIC) and Unisys Corp. (UIS) announced the expiration of Hart-Scott-Rodino waiting period for SAIC's acquisition of Unisys Federal, an operating unit of Unisys.
Coronavirus updates: Xerox stalls hostile HP takeover (CRN) Live coverage on event cancellations, vendor reaction and more
Kaspersky speaks on US government ban and a closed Russian internet (ZDNet) As Eugene Kaspersky saw his chance to celebrate a decade of sponsoring the Ferrari Scuderia F1 team evaporate when the Melbourne Grand Prix was cancelled, ZDNet asked about why he was singled out by the US government, parallels with the Huawei ban, and a Russian internet.
Fort Gordon commander discusses impact of Army's new Cyber Command headquarters (Aiken Standard) The impact of the U.S. Army’s new Cyber Command headquarters at Fort Gordon in Georgia is expected to have a major impact in Aiken and the surrounding area, according to
Orion Energy and Deep Instinct Ink Leases at 292 Madison (Commercial Observer) Two new tenants are moving into Vanbarton Group’s office tower at 292 Madison Avenue in Midtown
Bill Gates to Leave Boards of Microsoft and Berkshire Hathaway (Wall Street Journal) Bill Gates announced Friday that he is leaving the boards of Microsoft and Berkshire Hathaway to spend more time with his foundation.
Products, Services, and Solutions
OSN deploys Microsoft security framework for cybersecurity (BroadcastPro ME) OSN, the region’s entertainment network has adopted Microsoft Advanced Threat Protection to protect its digital estate against an increasingly challenging
ConnectWise Strengthening its Security Posture (ConnectWise) ConnectWise, the leading provider of business automation software for technology solution providers (TSPs), today announced updates it is taking to strengthen its security posture.
PornHub Helps Italians Stay Indoors with Free Premium Access (BleepingComputer) To help ease the boredom and isolation caused by a country-wide coronavirus lockdown in Italy, PorbHub is offering a helping hand by providing Italians free access to their premium service.
Technologies, Techniques, and Standards
U.S. internet well-equipped to handle work from home surge (Washington Post) Tech experts say the U.S. internet won’t have any trouble handling spikes in traffic from the millions of Americans who are now working from home to discourage the spread of the new coronavirus
Enterprise VPN Security (CISA) As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity.
CISA Outlines VPN Best Practices for Supporting Teleworkers (Redmondmag) The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday outlining virtual private network (VPN) best practices for organizations supporting remote workforces.
VPN usage in Italy rockets by 112% and 53% in the US (Atlas VPN) According to Atlas VPN user data, VPN usage in Italy increased by 112% in the last week. Meanwhile, there are already 24,747 cases confirmed in the country.
CISA stress tests DHS telework capacity (FCW) Not every agency will be ready to flip the switch from F2F to WFH, according to experts and former officials.
High-Stakes Security Setups Are Making Remote Work Impossible (Wired) Staffers at power grids, intelligence agencies, and more often don’t have the option to work from home, even in light of Covid-19.
Two-part Series: How the Coronavirus Impacts Cybersecurity Best Practices (EmberSec) Part 1 - The Coronavirus Isn’t Just Taking a Toll on Healthcare Patients Preying on fearful, distracted and overworked individuals during times of global concern is a tried-and-true tactic...
Two-part Series: How the Coronavirus Impacts Cybersecurity Best Practices (EmberSec) Part 2- Top 5 Things to Keep in Mind as You Implement Remote Work Policies It’s likely that by now you’ve either heard of or have been personally impacted by recent cancellations...
Working from home because of coronavirus? Be careful what you download to keep cybersafe (USA TODAY) Tips from cybersecurity experts to keep you safe and your computer (and boss) happy while you're working from home during the coronavirus outbreak.
How Coronavirus Remade American Life in One Weekend (Wall Street Journal) Shutdowns reshape society, unmooring people from the routines and activities that typically provide comfort in moments of crisis. “An invisible-but-present blizzard.”
Working from Home: COVID-19's Constellation of Security Challenges (Threatpost) Organizations are sending employees and students home to work and learn — but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.
Coronavirus (COVID-19): Managing Cyber Security Risks of Remote Work (The National Law Review) With cases of the Novel Coronavirus (COVID-19) emerging in nearly every state, many businesses are taking swift action in an effort to curb its spread.&nbsp;&nbsp;Teleworking, &ldquo;remote working,&r
What is Elliptic Curve Cryptography (ECC)? (Gigaom) An efficient encryption technique often used for the exchange of private keys and digital signatures.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us? (Dark Reading) Law-abiding folks like us applauded Texas for its bravery - but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
Paying ransom is often 'only logical solution' for cyberattacks: Deloitte (Smart Cities Dive) Giving in to hacker demands is never ideal for cities. Deloitte's report explains how governments can better build and operate systems to prepare for attacks.
Can 5G make you more vulnerable to cyberattacks? (Help Net Security) Many enterprises and sectors are unaware of the 5G security vulnerabilities that exist today, and should have a plan for discovering and overcoming them.
Research and Development
Patents assigned in New Hampshire from March 1 to March 8 (Concord Monitor) Targeted News ServiceThe following federal patents were assigned in New Hampshire from March 1 to March 8.***Hypertherm Assigned Patent for Cost Effective Cartridge for Plasma Arc TorchHypertherm, Hanover, New Hampshire, has been assigned a patent...
IBM Watson Gains The Ability To Understand Complex Topics (Pulse 2.0) IBM recently announced several new Watson technologies designed for helping organizations understand and analyze complex topics.
Legislation, Policy, and Regulation
Prime Minister calls for 'digital Dunkirk' in fight against coronavirus (Computing) Boris Johnson called on 30 UK tech firms to volunteer their resources to help UK response to COVID-19
UK Spying Debate Leaves Post-Brexit Data Transfers Up In Air (Law360) The U.K. is facing a year-end deadline to secure a vital affirmation of its data protection standards that would allow data transfers from the European Union to continue uninterrupted, but longstanding criticisms of the country's mass surveillance regime could derail those efforts and leave companies scrambling.
We have made America our enemy (Conservative Woman) Of our allies, we can thank the US most for speaking truth to friends.
After tug-of-war, White House shows cyber memo to Congress (Fifth Domain) Following a months long battle, the White House has made available to members of Congress classified documents that describe the approval process for conducting offensive cyber operations outside the United States.
Federal agencies in DC open but with ‘maximum telework’ flexibilities, OMB says (Federal News Network) The Office of Personnel Management also announced an operating status change for the national capital region. Federal offices are open but with maximum telework flexibilities for eligible employees.
Fed Shifts to Remote Oversight of Wall Street Banks (Wall Street Journal) The nation’s biggest banks have fewer government examiners roaming their hallways as federal regulators temporarily switch to teleworking to help control the spread of the coronavirus.
US Surveillance Powers Set to Temporarily Expire (SecurityWeek) Three surveillance powers available to the U.S. government are set to temporarily expire Sunday after a trio of senators opposed a bipartisan House bill that would renew the authorities and impose new restrictions
Schiff protects intel ‘status quo’ power by sinking wide-reaching FISA reform: Source (The Washington Times) Attempts to rein in the government’s ability to spy on Americans fell flat after Rep. Adam B. Schiff intervened to protect the types of powers that the FBI used to go after the Trump campaign in 2016.
Experts Comments On Cyberspace Solarium Commission Report - US At Risk Of A "Catastrophic cyber-attack" (Information Security Buzz) The US is at risk of a “catastrophic cyber attack” and the government needs to adopt sweeping structural changes to address cybersecurity challenges, according to a report from the US Cyberspace Solarium Commission following a year-long investigation. “Our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions, disrupting …
To Defend Forward, the U.S. Must Strengthen the Cyber Mission Force (Lawfare) One of the Cyberspace Solarium Commission’s key recommendations is to ensure the Cyber Mission Force achieves the appropriate resourcing, force size and capability mix.
The U.S. Government Can Deepen Its Operational Partnership With the Private Sector to Better Defend the U.S. in Cyberspace (Lawfare) Why does the U.S. need an enhanced public-private operational partnership, and what would it look like?
U.S. Cyber Command Ready to Combat Election Meddling, General Asserts (MSSP Alert) Election security is the U.S. Cyber Command’s “top priority,” General Paul Nakasone recently told a House Armed Services sub-committee.
We weren’t ready for pandemic. We better be ready for a cyberattack (Lowell Sun) Amid the chaos of coronavirus, it was encouraging this week to see a bipartisan, blue-ribbon commission announce a coherent plan for dealing with the next potential catastrophe &…
House passes Spanberger legislation to build national 5G strategy (Augusta Free Press) The House passed Rep. Abigail Spanberger’s bipartisan legislation requiring a national strategy to protect American 5G telecommunications systems.
EARN IT Act threatens end-to-end encryption (Naked Security) The bill, which would undercut Section 230 protections for online publishing, presents itself as a way to stop online child abuse.
()
Litigation, Investigation, and Law Enforcement
()
DOJ now investigating Chinese telecom giant ZTE for alleged bribery (NBC News) ZTE pleaded guilty three years ago to violating U.S. sanctions against Iran and North Korea and just ended its probation period.
U.S. Probes Chinese Telecom Giant ZTE for Possible Bribery (Wall Street Journal) The Justice Department is investigating ZTE for possible bribes of foreign officials, which could subject the Chinese telecom giant to a fresh round of criminal penalties amid increasing tensions between the U.S. and China.
FSB asset introduced LinkedIn hacker, future Group-IB executive in 2012, U.S. alleges (CyberScoop) Attorneys say tjhe Yevgeniy Nikulin case relates to at the murky relationship between Russian cybercriminals and the Kremlin’s intelligence agencies.
()
Dozens charged in Atlanta-based money laundering operation that funneled $30 million in proceeds from computer fraud schemes, romance scams, and retirement account fraud (US Department of Justice) Federal agents have arrested twenty-four individuals for their involvement in a large-scale fraud and money laundering operation that targeted citizens, corporations, and financial institutions throughout the United States. Business email compromise schemes, romance fraud scams, and retirement account scams, among other frauds, duped numerous victims into losing more than $30 million.
European Authorities Dismantle Two SIM Hijacking Gangs (SecurityWeek) European authorities managed to crack down on two cybercrime gangs responsible for stealing millions by employing SIM hijacking
Kenyans warned on posting these Coronavirus messages, 1 arrested (Facebook) Be warned.
How national security surveillance nabs more than spies (Madison.com) WASHINGTON (AP) — The case against Nassif Sami Daher and Kamel Mohammad Rammal, two Michigan men accused of food stamp fraud, hardly seemed exceptional. But the tool that agents used
Has The Sun Set On The Necurs Botnet? (Shadowserver) Private sector partners Microsoft and Bitsight announced their disruption of the Necurs botnet on March 10th 2020. Shadowserver supported the operation, through the use of our Registrar of Last Resort (RoLR) for helping to deal with the millions of potential DGA C2 domains involved, and by making available our victim remediation reporting channels. In this blog post we provide our take on some of the more interesting aspects of this operation, analyze the sinkholed Necurs victim populations and compared their observed demographics with data from the previous decade of spambot takedowns.
Microsoft Sues Malware Operators for Trademark Infringement - Tech (LawStreetMedia) Law Street provides accessible, client-focused legal news designed to inform readers and connect lawyers with the legal needs in their field.
Under Secretary of Defense Ellen Lord statement on misleading cybersecurity certification information (NDIA) Since I introduced the Cybersecurity Maturity Model Certification model last year, I have consistently stressed the importance of communicating and engaging extensively with industry, academia, military services, the Hill and the public to hear their concerns and suggestions.
Trump considering `full' pardon for ex-adviser Michael Flynn (Madison.com) WASHINGTON (AP) — President Donald Trump said Sunday he is considering a full pardon for former national security adviser Michael Flynn, who had pleaded guilty to lying to the FBI
Talkspace threatens to sue a researcher over bug report (TechCrunch) The therapy app sent the security researcher a cease and desist letter for his blog post describing a website bug.
The March Towards Cybersecurity Maturity in Arbitration (New York Law Journal) This progress towards cybersecurity maturity in arbitration is long overdue, but a welcome development in an industry where cyber risk is substantial and cyber resilience is imperative.
Millions to be invested into future of Northumbria Police with more officers on the beat and cyber crime specialists (Northumberland Gazette) Demands put on detectives to investigate digital evidence and more officers on the beat are at the core of plans to make Northumbria Police fit for the future.