The CyberWire plans no changes to its regular operations during the current COVID-19 pandemic. Stay healthy and, as always, please stay in touch.

Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
Mirai variant "Mukashi" active in the wild. Not DDoS, just citizens seeking relief. US goes after COVID-19 fraud.
A new variant of the Mirai botnet has been exploiting LILIN DVRs and Zyxel network-attached storage devices. Both LILIN and Zyxel have issued fixes, but unpatched devices remain vulnerable. Palo Alto Networks researchers first described the Zyxel issues last Thursday. Researchers at Qihoo 360's Netlab found the similar LILIN vulnerabilities, which they disclosed Friday. Palo Alto calls the botnet "Mukashi." ZDNet reports that the LILIN bugs may have been under exploitation since last August, and have figured in distributed denial-of-service attacks.
Australia's Minister for Government Services said the country's MyGov website had suffered a successful distributed denial-of-service attack, but quickly recanted--it was just thousands seeking COVID-19 relief, the Guardian reports.
The US Department of Justice announced yesterday that it had undertaken its first enforcement action against online coronavirus scams. The Department secured an injunction against a website that was offering World Health Organization COVID-19 vaccine kits (there is no such thing) for $4.85 shipping (and entry of your credit card information on the site). A Federal criminal investigation into alleged wire fraud continues; the injunction is intended to prevent harm to potential victims. The announcement quoted the US Attorney for the Western District of Texas as noting the action's consistency with Attorney General Barr's memorandum urging that priority be given to prosecution of coronavirus-related online crime.
There are also some cooperative state and Federal law enforcement efforts in progress: StateScoop reports that the US Justice Department and the Commonwealth of Virginia have formed a task force to investigate coronavirus fraud.
Today's issue includes events affecting Australia, China, Czech Republic, European Union, France, Germany, Hungary, India, Iran, Ireland, Israel, Jamaica, Japan, Republic of Korea, Russia, Slovakia, Taiwan, United Kingdom, and United States.
Bring your own context.
More on the cloud, and its vulnerabilities to misconfiguration. Sometimes the fault lies in the templates.
"And it sounds fancy, but really all infrastructure-as-code templates do is they create the basic building blocks for how cloud infrastructure is largely now created. And that's a good thing. But what we found was, you know, we wanted to look at what are the security implications of moving towards this infrastructure-as-code? And again, all that means is that instead of me going out and manually creating cloud infrastructure, I now design it on a whiteboard, I put it into code, and I can now re-use that template as many times as I want. Now, the security implication comes here – is that what we've known from both past research and also from this most recent report is that poor cloud security practices are rampant. One of the headlines that we kind of found as we sifted through just, you know, petabytes of data, is that we found over two hundred thousand insecure templates in use....
"In that two hundred thousand number, each of those templates had at least one or more medium or high-severity vulnerability. So an example of a high-severity vulnerability, what we would consider a high vulnerability would be, for example, if a template exposed a database to the public internet. That's an example of a template creating a high-severity vulnerability. Another example could be a infrastructure-as-code template that exposes an S3 bucket to the public internet, right? And of course, there's pieces of it that also come into that as well. But those are just some kind of very high-level examples of what we would consider a high or maybe even a medium-severity vulnerability. Of course, it depends upon the type of data that's also behind that, right? But from just analyzing just this massive number of templates, which has never been done before in the industry, we were able to kind of pull some of these statistics out."
—Matt Chiodi, Chief Security Officer for Public Cloud at Palo Alto Networks, on the CyberWire's Research Saturday, 3.21.20.
Templates make it easier for to replicate useful code, but also to replicate coding errors.
CyberWire Pro delivers timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Not commuting these days? You can listen to us at home, too. In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CenturyLink, as Mike Benjamin describes how threat actors are using third-party file hosting. Our guest is Andrew Peterson from Signal Sciences, with a discussion of top application security attacks.