— The cybersecurity community during the COVID-19 emergency
NIST Cybersecurity Recommendations for Working from Home (Security Magazine) The Information Technology Laboratory (ITL), a component of the NIST Computer Resource Center, has issued a bulletin that reiterates NIST standards for teleworking.
Cybersecurity Crisis Management During the Coronavirus Pandemic (IoT World Today) Cybercriminals thrive on chaos, making cybersecurity crisis management vital.
COVID-19 Part 2: Data Tells the Story (PerimeterX) This blog dives deeper into recent traffic surges and the rise in ATO and skimming attacks in e-learning and travel respectively.
Surge in online traffic increases risk to businesses (Imperva) Imperva Research Labs has been monitoring the data across our thousands of customers since the outbreak of COVID-19. In reviewing anonymized data from our CyberThreat Index, we see new risks and several initial security implications from this pandemic for our customers and global businesses.
Tech Companies Weren't Hoarding Masks, They Were Protecting Employees From Wildfire Smoke (Reason) Plus: Kudlow says total stimulus package will cost $6 trillion, jails free nonviolent offenders, more...
[Slack CEO Butterfield on his company's COVID-19 experience] (Twitter) My day job (also: night job) is CEO of Slack, a publicly traded company with investors to whom I am a fiduciary, 110k+ paying customers of all sizes, and thousands of employees I care about very, very much. The last few weeks have been 🤯😳😢 Here’s what it's been like. [Thread]
COVID-19 & Voting: When Paper is the Safest Election Technology (McAfee Blogs) There are concerns that the COVID-19 pandemic will discourage voters from turning out to vote in person for this year’s U.S. presidential primaries and
Authoriti to Provide Free Fraud Protection to State and Local Government Agencies (Globe Newswire) This strategy will help local government agencies to preempt costly Business Email Compromise attacks during the coronavirus crisis
Businesses Can Quickly Assess Third Parties During COVID-19 With ProcessUnity’s Pandemic Questionnaire (Yahoo) ProcessUnity, a leading provider of cloud-based applications for risk and compliance management, today released a complimentary pandemic assessment for businesses to assess their third parties, vendors and suppliers to understand the effect of COVID-19 on critical business operations. ProcessUnity’s
SixFifty and Wilson Sonsini Launch Free Automated Legal Tools to Help Businesses Manage Employment Issues Created by COVID-19 (PR Newswire) SixFifty, the technology subsidiary of the law firm Wilson Sonsini Goodrich & Rosati, today announced the release of free automated legal tools...
SANS is offering fully certified cybersecurity training – without leaving your bunker (Register) Isolation is the perfect time to learn new skills
Secure Working from Home – Some Ideas and Guidance (Roger Halbheer on Security) There is plenty of information out there how to secure a “Home Office” environment in these days and I do not want this to be another one. However, I tried to compile a few resources, which might h…
Network Safe (Untangle) We have consolidated several check lists, guides, and best practices that you can implement at work or at home to ensure that networks can remain secure and vulnerabilities minimized.
Internet Archive launches National Emergency Library with no waitlists (TechSpot) The Internet Archive is doing its part during the Covid-19 outbreak by suspending its waitlists and creating a National Emergency Library to help serve what it calls displaced learners.
Cyber Attacks, Threats, and Vulnerabilities
Mexico's economy ministry hit by cyber attack (Reuters) Mexico's economy ministry detected a cyber attack on some of its servers on...
U.S. cybersecurity experts see recent spike in Chinese digital espionage (Reuters) A U.S. cybersecurity firm said Wednesday it has detected a surge in new cyberspy...
Hackers are messing with routers' DNS settings as telework surges around the world (CyberScoop) Attackers have discovered a way to change DNS settings in Linksys routers, pointing users to websites with what looks to be information about COVID-19.
D-Link and Linksys routers hacked to point users to coronavirus-themed malware (ZDNet) Hackers hijack routers' DNS settings to point users to malware-infected downloads.
New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer (Bitdefender Labs) Bitdefender researchers have recently found a new attack that targets home routers and changes their DNS settings to redirect victims to a malware-serving website that delivers the Oski infostealer as a final payload. What’s interesting about the attack is that...
Apple iOS users served mobile malware in Poisoned News campaign (ZDNet) As we all devour online news sources in the current climate, cyberattackers are waiting to spring.
Dark web hosting provider hacked again -- 7,600 sites down (ZDNet) EXCLUSIVE: Dark web hosting provider shuts down after getting hacked for the second time in 16 months.
Tupperware Website Hacked to Steal Credit Card Numbers (PCMAG) According to Malwarebytes, the credit card skimmer on Tupperware.com has been active for days now—until the antivirus company published today's report on the attack.
GE Employees Lit Up with Sensitive Doc Breach (Threatpost) Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.
Ginp banking malware takes advantage of coronavirus crisis: Kaspersky (TahawulTech.com) Kaspersky researchers revealed that the infamous Ginp banking Trojan has acquired a new functionality - that takes advantage of the coronavirus outbreak.
Security firm warns of increased phishing attacks on streaming services (Rapid TV News) There has never been so many people at home at any one time and there has never been so many in demand on-demand video services but these dynamics are increasin...
#COVID19 Fears Drive Phishing Emails Up 667% in Under a Month (Infosecurity Magazine) More than a third of untrained end users are susceptible to such scams
MN AG warning of COVID-19 phishing scams (Austin Daily Herald) Minnesota Attorney General Keith Ellison is warning Minnesotans about a reported spike in phishing attacks related to COVID-19 and is offering advice about how to spot, avoid, and report them. “We’re all concerned right now about our own health and the health of our loves ones and our communities,” Ellison said in a …
As consumers turn online for purchases, many are targeted by pandemic-related digital fraud (Help Net Security) There has been a spike in pandemic-related digital fraud since social distancing became widespread globally, according to a TransUnion research.
Malware Disguised as Google Updates Pushed via Hacked News Sites (BleepingComputer) Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans.
Warning: Hackers Trick Thousands Into Downloading Dangerous ‘Google Chrome Update’ (Forbes) As Google pauses all but security update to Chrome, hackers seek to exploit the confusion
Do not download this Android 'coronavirus safety app' – it's a scam that can steal your texts and phonebook (The Sun) A SCAM encouraging people to download an app if they want a ‘coronavirus safety mask’ is targeting Android users. Cyber-security experts found the dangerous website which states “…
More Ransomware Gangs Join Data-Leaking Cult (BankInfo Security) More bad ransomware news: Following in the footsteps of Maze, now even more cybercrime gangs are threatening to not only crypto-lock systems but also leak stolen
Ransomware and cryptocurrency: A killer duo? (Cryptopolitan) Ransomware and cryptocurrency go back a long way indeed. So long that people have actually forgotten that the two are not really directly related but yes ransomware, as the name […]
Evasive malware increasing, evading signature-based antivirus solutions (Help Net Security) Evasive malware reached record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions.
Hackers target Three customers with "sophisticated" phishing scam (IT PRO) Cyber criminals use elements from Three’s style and links out to its website
Warning of HMRC phishing and text scam circulating in St Helens area (St. Helens Reporter) St Helens Chamber has warned businesses be aware of a HMRC phishing scam circulating in the area.
Security Patches, Mitigations, and Software Updates
Apple iOS 13.4 offers fixes for 30 vulnerabilities (Naked Security) Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.
Adobe issues emergency fix for file-munching bug (Naked Security) Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victims’ files.
Google's Chrome will give you an 'always show full URL' setting (ZDNet) Google will give Chrome users the choice to have the browser display the www of a website's address.
Namecheap blocks registration of domains with ‘coronavirus’ and ‘vaccine’ in the name (The Verge) You can still apply manually to register a new domain
RSA 2020: A Game of "Would You Rather" (Lastline) Though RSA is officially behind us, headlines surrounding the show continue to circulate. It’s no secret that attendees walking the halls of Moscone had a lot of pressing issues to think about. Health concerns aside,
Exabeam Research Shows Companies are Embracing Cloud-based Security Tools, but Concerns Around Risk, Ease of Deployment Remain - Exabeam (Exabeam) Over half (58 percent) of organizations have migrated at least one quarter of their security tools to the[...]
SpyCloud Research: Breach Exposure of the Fortune 1000 (SpyCloud) We were able to tie more than 412 million breach assets within the SpyCloud database to employees within the Fortune 1000, providing a snapshot of the breach exposure affecting major enterprises.
Your SSN costs less than a Starbucks coffee on the dark web (Atlas VPN) Social Security number (SSN) costs as little as $4 on the darknet. Meaning, Venti latte at Starbucks costs 15 cents more than your SSN on the dark web.
Cybersecurity Investors Take Varying Approaches Amid Market Turmoil (Wall Street Journal) Strategies for investing in cybersecurity startups are widely differing as the coronavirus-related economic rout affects venture-capital markets.
5 ways to attract the best information security pros (TechBeacon) Organizations with the right mindset can exploit dissatisfaction in the market and land the information security talent they need. Here's how.
CGI to acquire TeraThink (Intelligence Community News) On March 25, Fairfax, VA-based CGI announced its intent to acquire TeraThink, a leading information technology and management consulting firm providing
Accenture wins Defence contracts (CRN Australia) $5m with Army and $4m with the ASD.
GSA awards $17 million task order (Federal Times) Two companies are partnering to modernize the Federal Acquisition Service's legacy websites.
Tufin Recognized as Best Cybersecurity Company of 2020 (BusinessWire) Tufin® (NYSE:TUFN), a company pioneering a policy-centric approach to security and IT operations, today announced that it received several accolades i
ForgeRock Expands Leadership Team to Extend Success in Cloud and Identity Governance (Globe Newswire) Renee Beckloff, VP of Cloud Success, and Sudhakar Peddibhotla, VP of Engineering, join digital identity leader
Cisco continues exec reshuffle with new EMEAR boss (CRN) Elisabeth De Dobbeleer steps into the role left vacant by new UK and Ireland MD
Nick Savvides joins Forcepoint (CRN Australia) Symantec veteran jumps ship.
Products, Services, and Solutions
Hunters.AI Now Available in CrowdStrike Store, Offering Users ‘XDR’ Capabilities and Extending Threat Detection Beyond the Endpoint (Globe Newswire) Hunters, an Israeli cybersecurity pioneer in autonomous threat hunting, announced CrowdStrike, a leader in cloud-delivered endpoint protection, has made Hunters.AI threat hunting solution available through the CrowdStrike Store. Hunters’ innovative approach extends threat detection beyond the endpoint and enables threat hunting at scale.
Altitude Networks Announces Free Security Assessment for Enterprises to Understand Risks to Data Stored in the Cloud (PR Newswire) Altitude Networks, the industry's first cloud-native DLP for SaaS collaboration, today announced its Rapid Security Assessment program. The...
Concerned About Wi-Fi Security? Guard Dog Solutions Premieres First AI Solution to Proactively Find and Eliminate Cyber Security Threats (StreetInsider.com) Especially critical for remote workers, Public Wi-Fi during efforts to slow the advancement of COVID-19: Proactively manages Wi-Fi vulnerability with real-time elimination of threats before they can progress into exploits -...
Onward Security promotes DevSecOps to address challenges in cybersecurity regulatory compliance (DIGITIMES) In the IoT era, device manufacturers or brands are strongly promoting network-enabled products while trying their best to shorten time-to-market. In their effort to speed up product development, they may overlook some blind spots in data protection and put devices with security vulnerabilities on the market. More often than not, such security vulnerabilities are discovered by foreign government agencies or hackers, which may not only cause harm to consumer privacy but also lead to litigations that damage to business reputation and brand image.
Technologies, Techniques, and Standards
Tokyo Olympics Postponed, But 5G Security Lessons Shine (Threatpost) Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.
US Government Sites Give Bad Security Advice (KrebsOnSecurity) Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.
INSIGHT: Cyber Incidents Call for Privacy Counsel and Litigation Counsel (Bloomberg Law) Companies facing an actual or suspected cyber incident or breach often rely on outside counsel to help them navigate the legal aftermath. Robins Kaplan LLP partner Anne M. Lockner recommends general counsel hire separate privacy counsel and litigation counsel to create a strong team ready to focus on their areas of expertise.
Do DevOps Teams Need a Company Attorney on Speed Dial? (Dark Reading) In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
Threat Simulation Overview and Setup (Active Countermeasures) Intro No software project is complete without testing. In this blog series, we’ll cover how to test if your Threat Hunting platform can …
Threat Simulation - Unexpected Protocol on Non-Standard Port (Active Countermeasures) Intro This article is 1 of 7 in a series on testing Threat Hunting software to make sure that it’s configured correctly and …
Design and Innovation
Governments could track COVID-19 lockdowns through social media posts (CNET) A research group scrapes more than 500,000 Instagram profiles in Italy to see if people are abiding by the quarantine.
This team wants to teach your kids cybersecurity while they're home from school (CyberScoop) The virtual "Cyber School," plans to host livestreams focused on topics including online safety, ethical hacking, and social engineering.
Legislation, Policy, and Regulation
Brazil-EU Cyber Cooperation: Swinging Bridges on the Road to Stability in Cyberspace (Council on Foreign Relations) The February 20 Brazil-EU Cyber Dialogue signaled the most recent step taken by Brasília and Brussels to collaborate on advancing responsible state behavior in cyberspace.
Slovakia to track coronavirus victims through telecoms data (Financial Times) Parliament passes law as Europe weighs right to privacy against moves to contain outbreak
France announces $4.3B plan to support startups (TechCrunch) France’s Ministry of State for Digital Affairs Cédric O and public investment bank Bpifrance announced a comprehensive support plan for startups this morning. Some French startups are going to face revenue issues as well as funding issues in the coming months. The French government wants to tempora…
White House Releases National Strategy for 5G Security (Nextgov.com) The strategy focuses on four lines of effort and will guide how the government approaches 5G for the near future.
Amid pandemic, Pentagon urges ‘hyper-vigilance’ against foreign investment (Defense News) The economic situation creates
Washington Pushes for More Sanctions on Russian Businessman (Wall Street Journal) Eleven members of the U.S. House of Representatives have urged the European Union to impose sanctions on Russian oligarch Yevgeny Prigozhin, the latest attempt by lawmakers to combat alleged election meddling by the Kremlin in the U.S. and allied countries and possible disinformation about the coronavirus pandemic.
Pentagon leaders are ‘doing what we can’ to improve networks (C4ISRNET) The Department of Defense has been working to bolster its networks as the number of employees teleworking surges during the new coronavirus pandemic, senior leaders say.
Teleworking among feds ramped up but plenty of issues remain (Federal News Network) In a Federal News Network online survey of feds, 77% said they are teleworking because of the coronavirus emergency.
One senator wants vendors to ensure their internet connectivity devices are secure (Fifth Domain) The senator also called on vendors to notify users of available security updates.
‘Just Say No’ Is Not a Strategy for Supply Chain Security (Lawfare) Globalization has left Western end-users at least partially dependent on capabilities and services provided by foreign vendors that may not be entirely trustworthy.
Analysis | The Cybersecurity 202: It’s probably game over for more election security before November elections (Washington Post) The third round of security funding since 2016 came with no strings attached in the coronavirus stimulus bill.
Review: If coronavirus doesn't end us, electronic voting just might (Los Angeles Times) The documentary ‘Kill Chain: The Cyber War on America's Elections,’ directed by Simon Ardizzone, Russell Michaels and Sarah Teale, reveals that electronic voting is still woefully unsafe.
Litigation, Investigation, and Law Enforcement
Battling the global COVID-19 scammers and fake news hawkers (Naked Security) Europol seized 34K fake surgical masks, while the office of NY's AG wants registrars to explain how they're battling the sale of lies.
Patent board grants BlackBerry review of Facebook challenge (Seeking Alpha) The Patent Trial and Appeal Board today has granted a petition from BlackBerry (BB +6.9%) for an inter partes review of Facebook's (FB -0.8%) patent 7,302,698. That suggests it's determined that Blac
WikiLeaks Founder Assange Denied Bail Amid Pandemic (Law360) A London judge refused Wednesday to release WikiLeaks founder Julian Assange, who is fighting extradition to the U.S., from prison after his lawyers had argued he should be granted bail because he was vulnerable to contracting the coronavirus in prison.
Data Privacy Risks and COVID-19 Defense (The National Law Review) Electronic technology is protecting us from COVID-19, but is it violating our privacy?
Individuals and institutions are taking drastic measures to flatten the curve of COVID-19 infections, and thes