The CyberWire will continue to publish during the COVID-19 emergency
The CyberWire intends to publish on schedule during the coronavirus emergency. Stay healthy and, as always, please stay in touch.
Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
The CyberWire intends to publish on schedule during the coronavirus emergency. Stay healthy and, as always, please stay in touch.
As FireEye and others warn of the proliferation of commodity industrial control system attack tools, Kaspersky summarizes the activity of "WildPressure," a hitherto unknown advanced persistent threat active against industrial targets in the Middle East. Kaspersky doesn't attribute WildPressure to any nation-state, but it notes that the group distributes a C++ Trojan researchers call "Milum." It's unclear whether WildPressure's goals extend farther than espionage.
The World Health Organization has disclosed, Reuters reports, that it was subjected to cyberattack by the DarkHotel group. The attackers, who were after credentials, were detected "around" March 13th, and the WHO says the attack was unsuccessful. It's not clear whom DarkHotel works for, but they have a long record of cyber espionage, mostly against Russian and East Asian targets, but hitting many other countries as well.
Remember when the Maze, DoppelPaymer and Netwalker ransomware gangs told BleepingComputer that healthcare targets were off limits? The truth changes. L'Express says that CERT-FR reported that Paris hospitals sustained an inconvenient but unsuccessful ransomware attack Sunday. The strain used against the Parisian targets hasn't been specified, but in another case it has. Forbes reports that Hammersmith Medicines Research, a British firm standing by to help test any COVID-19 vaccines that may be developed, was the target of a Maze ransomware attack on March 14th. That's before Maze promised good behavior on March 18th, but on the other hand that good behavior doesn't extend to helping with decryption or relaxing extortion demands. The Maze gang has continued to demand payment.
Today's issue includes events affecting Australia, China, European Union, France, Russia, United Nations, and United States.
Unfortunately, there are too many apps out there that exceed the permissions users grant them.
"When you download an app, the permission requests and privacy policy are usually the only warnings you get about the data that it's collecting. Usually, you just have to take the app's word that it's grabbing only the data you've agreed to give it. Well, it turns out that some security researchers have taken a deeper look at those apps. And they've identified more than 1,000 apps that have been found to take data even after you've denied them permissions. It's interesting that some of the more widespread apps and more well-known ones like AccuWeather are collecting data that is more than what you've agreed to and is more than just your location."
—Malek Ben Salem, Americas cybersecurity R&D lead for Accenture, on the CyberWire Daily Podcast, 3.20.20.
Alas, you may not be that interested in the app, but the app might well be too interested in you.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Working from home is no reason to miss a good podcast. (We're working remotely, and we're listening from our own undisclosed locations.)
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses cameras that claim to scan thousands of people at a distance, detecting the telltale fever of coronavirus. Out guest is Allan Liska from Recorded Future, with more general thoughts on security in the time of a pandemic.
And Recorded Future's threat intelligence podcast, produced in partnership with the CyberWire, is up. The current edition, "Combating the Underground Economy’s Automation Revolution," discusses machine-versus-machine (and human-versus-machine) defense and offense. Automation has become an essential part of nearly every industry, and in cybersecurity that's true of attackers as well as defenders. SOARs can be used to tip the balance back in a defender’s favor by automating defensive intelligence feeds and combining them with automated detection and prevention. Research by Recorded Future’s Insikt Group explored the tools and services threat actors use to automate tasks associated with malicious campaigns, and the mitigation strategies available through SOAR and threat intelligence solutions.
Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike (Reuters) Elite hackers tried to break into the World Health Organization earlier this mon...
Hackers try to breach WHO, other COVID-19-fighting orgs (Help Net Security) "Elite" hackers have tried - and failed - to breach computer systems and networks of the World Health Organization (WHO) earlier this month.
Hackers tried to breach WHO systems amid coronavirus crisis (Computing) The attempt, however, was unsuccessful
Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks (Computing) Groups behind Netwalker switched phishing baits to coronavirus last week - as other ransomware groups pledged to avoid medical facilities
COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online (Forbes) A medical facility on standby to help test any coronavirus vaccine has been hit by a ransomware group that promised not to target medical organizations.
Paris Hospitals Target of Failed Cyber-Attack, Authority Says (Bloomberg Law) The Paris hospital authority, AP-HP, was the target of a cyber-attack on March 22, according to France’s cybersecurity agency.
France ransomware attack hikes amidst coronavirus pandemic (Cryptopolitan) Amidst global fear of deadly coronavirus biting hard in Europe, France ransomware attack hike particularly has drawn serious attention from the government.
Cyber Attackers Are Targeting Netizens with 'Special Coronavirus Discounts': Check Point (The Union Journal) Cybercriminals throughout the globe are benefiting from the coronavirus pandemic by targetting netizens, consisting of amateur online cyberpunks with harmful malware in the role of "special COVID
Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps (BleepingComputer) A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware.
Fake "Corona Antivirus" distributes BlackNET remote administration tool (Malwarebytes Labs) We found a coronavirus scam website that claims its digital antivirus tool will protect people from the physical COVID-19 virus. Yeah, right.
Hackers Target Two Unpatched Flaws in Windows Adobe Type Manager Library (SecurityWeek) Microsoft is working on patches for two actively exploited remote code execution vulnerabilities affecting the Windows Adobe Type Manager library, which is exclusively supported by Microsoft
Microsoft says a new Windows zero-day flaw is under attack (TechCrunch) A patch could be weeks away.
Critical Microsoft security flaw exploits Windows handling of font (CRN Australia) Tricks users into opening a document with remotely run malware.
Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant (Varonis) Phishing remains one of the most successful ways to infiltrate an organization.
Scammers tried using kids apps in the Google Play store to generate cash (CyberScoop) Research published Tuesday by Check Point Technologies details how fraudsters used the network of apps to exploit users’ trust and make a buck.
Android malware found farming ads for cash in kids' apps on Google's Play Store (The Next Web) A new malware family, dubbed Tekya, has infected multiple children’s Android apps, farming ad clicks to earn money. Cybersecurity firm Check Point found that the previously undetected malware was present in 56 apps — 24 of them were targeted towards kids — on Google Play Store. The apps were collectively downloaded over a million times. The firm …
Google Removes Adware-Laced Kids' Apps From Play Store (Wired) After over a million downloads, the Tekya-infected Android offerings are finally on ice.
Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appears to be running it (Register) Yes, you may have detected some sarcasm
Hackers Actively Exploit 0-Day in CCTV Camera Hardware (Threatpost) Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercial DVRs made by LILIN.
Kaspersky finds a new APT campaign targeting engineers in the Middle East - CyberScoop (CyberScoop) A mysterious set of hackers last year began a targeted campaign to breach industrial organizations in the Middle East, antivirus firm Kaspersky said Tuesday.
FireEye warns about the proliferation of ready-made ICS hacking tools (ZDNet) The growing number of hacking tools targeting industrial equipment is slowly becoming a problem.
Vulnerability Exposed Tesla Central Touchscreen to DoS Attacks (SecurityWeek) Hackers could have caused the central touchscreen on the Tesla Model 3 to crash by getting the targeted user to visit a malicious website
Stolen data of company that refused REvil ransom payment now on sale (Naked Security) A comment from one buyer of data purportedly from Brooks International: “It even has credit card number & a password. lol !!”
HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware (BleepingComputer) An HHS.gov open redirect is currently being used by attackers to push malware payloads with the help of coronavirus-themed phishing emails onto unsuspecting victims' systems.
Phishing attacks exploit Coronavirus anxiety (Valimail) In the past week, there have been many reports about criminal activity exploiting people’s fears of the coronavirus, aka Covid-19.
[Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic (KnowBe4) [Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic
Social isolation is a risk factor for scam loss (Help Net Security) According to new research, social isolation is a key risk factor for susceptibility to scams, as is financial vulnerability.
Tricksters in white lab coats and phishing emails: Be wary of coronavirus-related scams, officials warn (USA TODAY) Officials nationwide are warning residents to be wary of potential coronavirus-related scams targeting people gripped by fear in a global pandemic.
Privacy commission warns vs phishing emails using COVID-19 scare (GMA News Online) The National Privacy Commission (NPC) on Tuesday warned the public against online fraudsters that use the COVID-19 scare to steal personal information and money.
Companies risk security breaches, corruption and bribery due to COVID-19 (CRN Australia) Due to Coronavirus outbreak.
Tech Giant GE Discloses Data Breach After Service Provider Hack (BleepingComputer) Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers.
Inside an Instagram Celebrity Hacking Campaign (Vice) Hackers targeted an adult film star. A white hat hacker decided to help.
WhatsApp “Martinelli” hoax is back, warning about “Dance of the Pope” (Naked Security) Two old WhatsApp hoaxes are back, with a grain-of-truth story in the middle to add a veneer of believability. Don’t spread this stuff!
University of Utah Health Discloses Data Breach (SecurityWeek) University of Utah Health revealed last week that it discovered unauthorized access to some employee email accounts, along with a malware infection on one of its workstations
New Mexico Agencies on Edge Amid Rising Ransomware Attacks (SecurityWeek) New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after being hit by ransomware
Vulnerability Summary for the Week of March 16, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Python backdoor attacks and how to prevent them (Help Net Security) Python backdoor attacks are increasingly common and malicious Python traffic looks exactly like the traffic produced by day-to-day network management tools.
Firefox is dropping FTP support (Naked Security) Heads up, Firefox users who rely on FTP: the browser is eliminating support for this venerable protocol.
Critical Infrastructure Cybersecurity: Survey Finds Perfect Storm (Nozomi Networks) Critical infrastructure faces the same security threats as other sectors, except that the consequences can be far more serious for millions of people. This is why it’s important that executives in critical infrastructure develop a comprehensive approach to security that encompasses the physical as well as the digital realm—so-called cyber-physical systems.
New Security Report from WatchGuard Technologies Shows Explosion in Evasive Malware in Q4 2019 (Globe Newswire) Report finds macOS adware and a 2017 Excel exploit running rampant, and includes an analysis of keylogger malware used in coronavirus-related phishing attacks.
Big Tech Could Emerge From Coronavirus Crisis Stronger Than Ever (New York Times) Amazon is hiring aggressively to meet customer demand. Traffic has soared on Facebook and YouTube. And cloud computing has become essential to home workers.
Pentagon loosens cash flow for industry, more measures likely coming (Defense News) Industry will be getting more cash up front to help combat the impacts of the coronavirus.
CenturyLink Extends Employee Benefits, Protections Due to COVID-19 (MediaRoom) Revolutionize your business with CenturyLink technology solutions that can help you modernize IT and transform business, providing a platform to boost innovation and deliver new digital services.
Arkose Labs Raises $22 Million in Series B Round Led by M12, Microsoft’s Venture Fund (Globe Newswire) With participation from PayPal and USVP, this new funding round empowers Arkose Labs in its fight to bankrupt the business of online fraud and abuse
ShorePoint, Inc. Acquires Cyberyllium, Leading Provider of Elasticsearch and Data Analytics for Government Customers – ShorePoint, Inc. (ShorePoint) ShorePoint, Inc. is a privately held cyber security services firm, serving both private and public-sector customers. Our executive team is comprised of cybersecurity experts who collectively bring more than 80 years of experience keeping government agency and company networks strongly secured from cyber threats.
Thoma Bravo Calls Off Sale Of Imprivata Due To Coronavirus: Report (CRN Australia) As coronavirus concerns create market uncertainty.
Phosphorus Wins AFWERX SBIR Phase 1 20.1 Award From The United States Air Force for IoT Vulnerability Remediation (Yahoo) Phosphorus, a provider of automated vulnerability management solutions for embedded IoT devices, has been awarded a United States Air Force AFWERX Small Business Innovation Research (SBIR) 20.1 Phase 1 contract. The award will enable the Air Force IT team to evaluate the Phosphorus solution for automated
Cybera Named to JMP Securities’ 2019 Elite 80 Listing of Hottest Privately Held Companies (Cybera) Cybera, the leader in SD-WAN Edge application and security services, announced it has been named to the 2019 Elite 80 listing of the hottest cybersecurity, data management, and IT infrastructure companies.
Bitdefender offers 12 months of free enterprise grade security for healthcare organisations (The Times of India) Cybersecurity firm Bitdefender has announced free enterprise grade security for healthcare organisations worldwide.
Akamai's Prolexic Platform Completes Fifth Generation Upgrade (Akamai) Akamai introduces new enhancements today to its Prolexic Routed purpose-built DDoS scrubbing service that reflect the changing nature of the threat landscape and capitalize on cloud functionality to enable maximum customer flexibility using newer deployment models....
Menlo Security and VMware Partner to Deliver Phishing and Mobile Malware Protection (BusinessWire) Menlo Security, a leader in cloud security, today announced its Global Cloud Proxy Platform built on an Isolation Core™ is integrated with VMware Work
First curated search platform, TruKno, launches for $185B cybersecurity industry (StreetInsider.com) TruKno curates critical cyber information and experts in one place, empowering the entire cybersecurity community to keep pace with ever-evolving cyber threat landscape
Pulse Secure Announces A Distribution Partnership With Inforte To Expand Its Business In Turkey (Security Informed) Pulse Secure, the provider of software-defined secure access solutions, announces a new distribution partnership with Inforte to grow and better support its channel community across Turkey, and to...
Panda Security Expands Global Partner Program and Improves Customer Management with Full-Service Web Console (PR Newswire) Panda Security, a world leader in advanced cybersecurity solutions and services, today announced its updated partner program designed to...
CV19: Meet The Volunteer COVID-19 Cyber Heroes Helping Healthcare Fight The Hackers (Forbes) As hackers dial up their vile attacks against healthcare, these are the volunteer cyber-heroes out to thwart them.
Coronavirus Confinement Challenges Intelligence Services (SecurityWeek) The home confinement of hundreds of millions of people worldwide to halt coronavirus contagion has presented intelligence services with a challenge: monitoring an explosion in internet traffic, above board and not, even as their own capacity is reduced.
Coronavirus, Self-Isolation and Work From Home Security (IT News Online) As governments across the world struggle to contain the VCOVID-19 virus, businesses are being asked to allow their employees to work from home. For many people this will be the first time they have ever been able to work remotely.
The top-ten tenets of software quality assurance, part five: design (Computing) Design is all about applying the fundamental principles of engineering, believes Mark Wilson, in the latest in his ten-part series
Business continuity: 4 steps to build redundancy into your security team (CSO Online) A biological virus infecting your critical security staff could wreak havoc on your business. These practices will reduce your risk.
What's preventing organizations from making pragmatic security decisions? (Help Net Security) CISOs should be focused on making pragmatic security decisions - getting 80% secure and 80% fast instead of choosing one over another.
It’s time to quit the legacy technology leaving your company vulnerable (SC Magazine) Seven cyber-security experts provide their thoughts on how and why businesses should be giving up legacy technology for good to keep their organisation protected.
More than 1,000 students suffer from hacker attacks daily - Atlas VPN (Atlas VPN) According to the data collected by Atlas VPN, cybercriminals started targeting the field of education and attacked users more than 356,000 times during the last academic year (2018-2019).
China borrowing Russian tactics to spread coronavirus disinformation (CyberScoop) Amidst the COVID-19 pandemic, China has been following Russia's playbook for spreading disinformation, an expert on the subject told a panel on Monday.
What COVID-19 can teach us about cyber resilience (Fifth Domain) COVID-19 has created increased stress on our logistic, digital, public, and financial systems and this could in fact resemble what a major cyber conflict would mean to the general public.
ISPs to continue blocking graphic violent content in Australia (ZDNet) The new protocol positions ISPs to block websites that host graphic material, such as a terrorist act or violent crime, as part of efforts to 'stem the risk of its rapid spread as an online crisis event unfolds'.
Why It’s So Hard for the U.S. to Ban Huawei (One Zero) Almost a year after it was announced, the U.S. government’s ban on Huawei has not been enforced
The Cyberspace Solarium Commission Report and Persistent Engagement (Lawfare) A response to Ben Jensen on persistent engagement.
Progress Is the Promise in National Cybersecurity Strategy (Lawfare) The Cyberspace Solarium Commission report can be added to the list of evidence that change in U.S. national cybersecurity thinking—although neither linear nor easy—is occurring.
White House pushes for more telework as first DOD contractor dies because of COVID-19 (ZDNet) White House OMB tells agencies to "utilize technology to the greatest extent practicable" for remote staff work during coronavirus outbreak.
Senators introduce bill expanding telework during pandemic (Federal Times) Said one senator, government isn’t leading by example on telework policy.
Agencies Request Funds for Emergency Boosts to Telework, Overtime and Hiring (Nextgov.com) The $46 billion White House request would also help bring home feds stationed abroad in response to the coronavirus pandemic.
Europe eyes smartphone location data to stem virus spread (AP NEWS) Several European nations are evaluating powerful but potentially intrusive tools for fighting the coronavirus pandemic, a move that could put public health at odds with individual...
European mobile operators share data for coronavirus fight (Reuters) Mobile carriers are sharing data with the health authorities in Italy, Germany a...
Justice Department’s coronavirus considerations rankle civil liberties advocates (Washington Post) The proposals made to Congress seek to confer a new power on the U.S. chief justice and give other top judges wider latitude to postpone hearings.
Is privacy in pandemics like atheism in foxholes? (Reason) That's the question I debate with David Kris and Nick Weaver in this episode, as we explore the ways in which governments are using location data to fight the covid-19 virus.
U.S. combats martial law conspiracy theories as the National Guard assists in coronavirus response (Washington Post) The Defense Department’s response to the coronavirus outbreak has expanded to include not only the expected deployment of tens of thousands of National Guardsmen, but also a growing effort to stamp out conspiracy theories that the United States will adopt martial law.
Election officials in both parties call for emergency funding to expand voting by mail before November (Washington Post) It’s a sign of how the crisis is altering the usually sharply divided politics around voting measures.
Analysis | The Cybersecurity 202: Mail-in election mandates from Congress could be 'recipe for disaster,' says top state official (Washington Post) Time, money and expertise can all hamper the shift.
How to Vote During a Pandemic (Foreign Affairs) The U.S. Election Must Go On—Here Is What the States Will Need
California Modifies Consumer Privacy Regulations - Again (BankInfo Security) Amidst the COVID-19 pandemic crisis, the California Attorney General’s Office on March 11 released a second modification of the proposed regulations to implement
Round 3: California AG Revises Proposed CCPA Regulations (Cooley) On March 11, 2020, the California Attorney General released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act. These modifications include i…
Tour guide/Chinese spy gets four years for SD card dead drops (Naked Security) The dead drops were very James Bond: once, the data mule taped the SD card to the underside of a desk in a hotel.
For a complete running list of events, please visit the Event Tracker.
QuBit Sofia 2020 (Sofia, Bulgaria, Oct 28 - 29, 2020) The third annual cyber community conference QuBit in Sofia offers its delegates excellent speakers, leading edge topics, keynotes, case studies, panel discussions, hands-on trainings and popular networking events. QuBit is a cybersecurity community event connecting the East and West, now in its 6th year on the cybersecurity market in Central and Eastern Europe. Based on its success in Prague, QuBit expanded further and brought educational conference also to Southeastern Eurrope. QuBit seeks to bring together and build a like-minded cybersecurity community. Our mission is to create a community of knowledge and information sharing for the industry’s experts and professionals through networking & education events.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, Mar 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some of the top names in intelligence and global security involved in matters of cyber, defense and security. Combined with an invitation-only audience, The Cipher Brief Threat Conference provides a unique experience that no other event in the defense and national security space can match. For us, it's not just about who's on the stage, it's about who's in the room.
SecureWorld Boston (Boston, Massachusetts, USA, Mar 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
Kernelcon (Omaha, Nebraska, USA, Mar 27 - 28, 2020) Kernelcon is the result of many motivated information security professionals who recognized the opportunity to create an awesome security conference in Omaha. The idea for Kernelcon started within the local DEF CON Group, DC402, with lots of help from other members of other local security groups such as NebraskaCERT and OWASP. We are inspired by many other conferences including DEF CON, DerbyCon, ShmooCon, etc., and wanted to bring those same experiences to the Mid-West here in Omaha.
InfoSec World (Lake Buena Vista, Florida, USA, Mar 30 - Apr 3, 2020) Join your peers and our experts at InfoSec World 2020 Conference & Expo on March 30 – April 1 to not only address the disruptive technologies and threats on the horizon, but to create a plan for managing the people, processes and tools for how your organizations react and cope with these intrusive circumstances.