— The cybersecurity community during the COVID-19 emergency
CenturyLink Installs and Donates High-Speed Connectivity To Hospital Ship USNS Mercy Amid COVID-19 Crisis (CenturyLink) CenturyLink installed and donated high-speed connectivity to the hospital ship U.S. Naval Ship Mercy when it arrived at the port of Los Angeles from San Diego Friday, March 27.
Apple releases new COVID-19 app and website based on CDC guidance (Apple Newsroom) Apple today released a new screening tool and resources to help people stay informed and protect their health during the spread of COVID-19.
Google donates $800 million in cash and ads to fight coronavirus (Axios) It's one of the biggest donations yet in the fight against COVID-19.
K7 Computing Commits to Protect the Indian Cyberspace (APN) At a time of extreme anxiety due to the grave COVID-19 pandemic raging across the globe, leading to countless news articles and content on social media, a veritable opportunity for cybercriminals to wreak havoc, exploiting people’s fragile mental state and the vulnerabilities in the security protections of consumers and organisations. Cybercriminals have wasted no […]
Cellusys Offers Free Analytics to Overloaded Mobile Networks During COVID-19 Crisis (Yahoo) Cellusys, a global mobile telecoms solutions company, is offering its advanced analytics system to mobile telecom operators free of charge to help maintain network resources and ensure availability for critical users during the COVID-19 pandemic. Subscriber movements are changing drastically and the
Kaspersky helps healthcare firms stay secure amid COVID-19 pandemic (TahawulTech) Kaspersky has pledged to help healthcare firms stay protected from cyber threats as they continue to work hard to curb the coronavirus pandemic.
Coronavirus: What are the latest free cyber security offers? (ComputerWeekly.com) We round up the latest free offers on cyber security products and services being made available during the Covid-19 coronavirus crisis
One Business Winner Amid Coronavirus Lockdowns: the Cloud (Wall Street Journal) Cloud-computing providers are emerging as among the few corporate winners in the coronavirus pandemic as office and store closures across the globe have pushed more activity online.
Crowdstrike CEO seeing 'increased need of security as everyone works from home' (Yahoo) CrowdStrike Co-founder and CEO George Kurtz joins Yahoo Finance’s Zack Guzman and Brian Cheung to discuss the demands for his cybersecurity technology company, as more Americans are working from home during the coronavirus.
COVID-19 Cyber Security Fundamentals – Minimizing Risks to Your Business and Employees (Global Atlanta) On Tuesday, March 31 from 9:00 a.m. to 10:30 a.m. ET, join Aprio for a webinar on managing and mitigating cyber threats and risk to your business, including those exacerbated by the COVID-19 crisis. Exiting 2019, the rate and significance of cyber-attacks and damage is greater than ever for businesses of all sizes and across …
Cybersecurity in the time of coronavirus (CRN) As hardware resellers and distributors face disrupted supply chains, CRN investigates how the sudden increase in people working from home has thrown up a set of new challenges for cybersecurity specialists
Genpact’s response to coronavirus is a lesson in what not to do during a pandemic (Quartz India) A vice-president was allegedly bribing workers to come in, promising Rs1,000/day ($13/day), besides free food and tea.
Spend Generously, Take Care of Workers: Coronavirus Stimulus Takes Lessons From TARP (Wall Street Journal) The 2008 bailouts helped end the financial crisis but created resentment among Americans who felt banks took most of the benefits. The current plan puts individuals and Main Street at the center, with pledges of large amounts of cash. Last time, “we were penny-wise and pound-foolish.”
Coronavirus hits defense contractor jobs (TheHill) The aerospace industry is buckling under the strain of the coronavirus pandemic.
Candor: 267 companies have frozen hiring, 44 had layoffs, 36 rescinded offers, 111 are hiring (VentureBeat) The coronavirus has taken a toll on the workforce, and now you can see a list of who's hiring, freezing hires, laying off people, or rescinding job offers.
Startup workers let go due to COVID-19 face billions in lost equity (Silicon Valley Business Journal) Startup workers who lose their jobs only have a short period when they must buy the private stock that was offered in options as part of their pay package or they lose that equity they worked for.
VMware's Sanjay Poonen: Only the strongest enterprises will survive the pandemic (SiliconANGLE) VMware's Sanjay Poonen: Only the strongest enterprises will survive the pandemic
Business and police like 'fever detection' cameras. Experts say they don't work. (NBC News) "I have many customers approach and say, 'Wow, this is a good thing you do,' and some customers are excited to get their temp taken," one business owner said.
Coronavirus survivor recovering after coma: ‘I’m improving every day’ (TODAY.com) Chris Tillett, who contracted the coronavirus and had to be put into a medically induced coma, joins TODAY with his wife and newborn twin boys, saying his health is improving every day and that he is grateful to be alive.
Cyber Attacks, Threats, and Vulnerabilities
Revealed: Saudis suspected of phone spying campaign in US (the Guardian) Exclusive: Whistleblower’s data suggests millions of tracking requests sent over four-month period
Cybersecurity Lawyer Who Flagged The WHO Hack Warns Of 'Massive' Remote Work Risks (Net Nebraska) Large numbers of companies are rolling out mandatory work-from-home policies to help limit the risks posed by the coronavirus outbreak. But cybersecurity experts warn that those remote setups invite new hacking risks.
Self-Isolation Might Stop Coronavirus, but It Will Speed the Spread of Extremism (Foreign Policy) Millions of people stuck at home will turn to social media, where disinformation is rife. Radical Islamists and far-right groups are exploiting widespread confusion and…
Coronavirus: Why the pandemic is a hotbed for cyber attacks (CityAM) As the threat of coronavirus builds, so too does the risk of attacks by opportunistic criminals hoping to exploit a society in lockdown.
80% of cyber threat landscape uses COVID-19 as leverage - report (Security Brief) A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.
'Absolute perfect time' for cyber criminals to attack, as businesses work from home (The Sydney Morning Herald) Attempts by cyber criminals to defraud Australian businesses, whose thousands of employees are now working from home, have increased more than ten-fold since the outbreak of the deadly coronavirus.
Delhi Police releases list of ‘dangerous’ Coronavirus-related websites that you should not open (Gadget Now) The cybercrime division of Delhi Police is alerting the general public to not fall for fake or malicious websites related to the coronavirus disease.
Ransomware attacks are causing panic and chaos at overwhelmed hospitals struggling with COVID-19, and it may be about to get worse (Business Insider) Ransomware attacks are locking up the computer systems of healthcare agencies large and small – and it may be about to get much worse.
A Twitch streamer is exposing coronavirus scams live (Ars Technica) Covid-19 opportunists make for a whole new crop of targets.
Hackers using coronavirus malware to steal data: Cyber cops (Gadget Now) Even as Maharashtra grapples with rising COVID-19 cases, cyber fraudsters have devised a malware called "coronavirus map" to steal confidential data, including bank account details and passwords.
Google Bans Infowars Android App Over Coronavirus Claims (Wired) Apple kicked Alex Jones out of the App Store in 2018. The Google Play Store has finally followed suit.
Phishing Attack Says You're Exposed to Coronavirus, Spreads Malware (BleepingComputer) A new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.
Beware! New coronavirus phishing campaign tricks you by telling you you've been infected (International Business Times) Cybercriminals are using a new phishing campaign that tells victims they've come in contact with someone diagnosed with COVID-19 and tricks them into downloading malware.
Finastra Says Cyber-Attack Sought to Take Advantage of COVID-19 Driven Shift to Remote Operations (Crowdfund Insider) Just about all financial services firms have rushed to move operations to as much as possible to remote operations. For many Fintechs, the migration was fairly simple as many had established tech and protocols in place to operate in a virtual environment. For more traditional
Zeus Sphinx malware resurrects to abuse COVID-19 fears (ZDNet) Operators are exploiting the pandemic in the quest to steal your financial information.
Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy (Security Intelligence) The renewed Zeus Sphinx activity that IBM X-Force is seeing features a modified variant targeting online banking users in North America and Australia through the use of maldocs themed around COVID-19.
KU Leuven: Researchers discover security flaw that would enable hackers to copy millions of car keys | MarketScreener (SURPERFORMANCE) A team of researchers from the COSIC research group at KU Leuven and from the University of Birmingham has discovered that a wide range of car models produced by Toyota, Kia and Hyundai use weak...
Microsoft Xbox Series X Code Stolen in Cyber Attack on AMD, Reveals Company (News18) It is not quite clear as to how the stolen test files may affect the overall safety of the new Microsoft Xbox platform.
Source code of Dharma ransomware pops up for sale on hacking forums (ZDNet) The source code of one of today's most profitable and advanced ransomware strains is up for sale on two Russian-language hacking forums.
Malware from notorious FIN7 group is being delivered by snail mail (CyberScoop) While hackers all over the world rely on emails and text messages to breach networks, one infamous criminal group appears to be turning to the mailman to deliver their malicious code
FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS (BleepingComputer) Hackers from the FIN7 cybercriminal group have been targeting various businesses with malicious USB devices acting as a keyboard when plugged into a computer. Injected commands download and execute a JavaScript backdoor associated with this actor.
Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Threat Alert (NSFOCUS, Inc.) Overview On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. Instead of a security patch, Microsoft currently provides a workaround for users to mitigate this vulnerability. Vulnerability Description According …
Boost security defenses against Kwampirs RAT malware with new list of IOCs (TechRepublic) ReversingLabs did a forensic analysis of attacks from the remote access trojan to understand the malware control structure.
Fake DHL Text Message (Update March 2020) - Get Rid of DHL Scams (SensorsTechForum) New DHL scam is plaguing users. DHL scams, including related emails, messages and websites in this article. If you see a Fake DHL text message 2020 know...
Voter records for the entire country of Georgia published online (ZDNet) A file containing voter information for 4,934,863 Georgians has been published on a hacker forum over the weekend.
Maze Authors Claim to Have Hit Insurer Chubb (Infosecurity Magazine) Group says it will release stolen data
Chubb Investigating Possible Cyber Attack; Says Network Unaffected (Insurance Journal) Chubb confirmed that is looking into a possible hack attack, though a spokesperson said the insurance giant's network appears at this point to be
Cyber attack at LSUE cost $2M (Eunice News) A cyber-ransomware attack cost LSUE close to $2 million, according to a report to the LSU Board of Supervisors. Chancellor Nancee Sorenson said the loss is an accounting of the costs LSUE incurred from the Oct. 23, 2019, attack. The university did not pay a ransom, she said. LSUE is asking for $350,000 in its budget to pay for recovery expenses that may not be covered by insurance, she said. The attack stopped all electronic and digital business operations for three weeks, with only basic operating capability restored by mid-November, the report stated.
Some Ontario beer chain outlets forced to use cash-only after cyber attack (IT World Canada) Some of Ontario's 450 industry-owned retail beer outlets known as The Beer Store have been forced to accept only cash for sales
Security Patches, Mitigations, and Software Updates
Zoom Removes Code That Sends Data to Facebook (Vice) The change comes after Motherboard found the Zoom iOS app was sending analytics information to Facebook when users opened the app.
Zoom patched vulnerabilities that allowed eavesdropping on video meetings (TheHill) Software group Check Point announced Tuesday that it had discovered now-patched cyber vulnerabilities involved in video conferencing service Zoom that would have allowed hackers to eavesdrop into non-password protected conversations and
Micropatches block exploitation of Windows zero-days under attack (Help Net Security) ACROS has released micropatches that can prevent remote attackers from exploiting the two new Windows RCE zero-days that are currently under attack.
Cyber Trends
Seven key cybersecurity trends for 2020 by world-leading professionals (Help Net Security) TÜV Rheinland released its seventh annual report on seven key cybersecurity trends which will be important to be aware of in 2020.
Google Confirms 40,000 Nation-State Cyber Attack Warnings Issued (Forbes) Tens of thousands of Google account holders have been warned of state-sponsored attacks targeting them.
Public and Private Secgtros Still Vulnerable to Tax Season Phishing Attacks (Valimail) Large corporations, tax preparation services and state tax agencies lack adequate protection against email-based scam
More UK firms than ever before suffer repeated cyber-breaches (SC Magazine) More and more firms have started reporting repeated cyber-incidents in the past 12 months according to recent UK government figures.
Marketplace
Stellar Cyber Raises $7.1 Million in Series A Funding (Top SIEM Vendors, News & Reviews for Security Information and Event Management) Stellar Cyber announced a successful Series A funding round, bringing in $7.1 million. According to a statement, this brings Stellar Cybersecurity’s total
DataGuard, which provides GDPR and privacy compliance-as-a-service, raises $20M (TechCrunch) Watchdogs have started to raise the issue that new working practices and online activity necessitated by the spread of the coronavirus pandemic are creating new sets of privacy, security and data protection challenges. Today a startup is announcing a growth round of funding to help online businesse…
‘China’s Palantir’ MiningLamp raises US$300 million in new funding (South China Morning Post) Beijing-based big data and AI company MiningLamp’s new funding round, co-led by Singapore’s state investor Temasek Holdings and Chinese internet giant Tencent Holdings, comes amid a global coronavirus pandemic which is expected to dampen China's funding environment.
Huawei dumped from Western Australian train radio contract due to US trade restrictions (ZDNet) Despite earlier assurances that it would be able to deliver on its contract, both parties have agreed to end the deal.
Microsoft to end investments in facial recognition firms after AnyVision controversy (The Verge) Microsoft says it can’t exercise enough oversight over third-party companies using sensitive tech.
Coronavirus ‘Uncertainty’: Dell, VMware Pull Financial Guidance (CRN Australia) Both are “unable to predict the extent” of how coronavirus could “adversely impact” business.
5 HP announcements you would've seen at Reinvent 2020 (CRN Australia) Small-business printers, advanced PC security and workstation solution targeting remote workers.
Romania: From ‘Hackerville’ to Cybersecurity Powerhouse (Balkan Insight) Once maligned as a hotbed of hacking, Romania is now at the cutting edge of cybersecurity.
Should you hire a specialized cybersecurity recruiter? (Help Net Security) Using a cybersecurity recruiter to fill a cybersecurity position comes with many advantages, learn what they are and what positions are hot right now.
Largest Cybersecurity Technology Firms in Massachusetts (Boston Business Journal) The list includes companies either headquartered, or with an office, in Massachusetts that provide technologies or product-based services designed to protect computers, networks and data against cyber threats. Firms listed develop their own products.
All the winners from Microsoft's 20/20 security awards (Security Brief) Security partners across 16 categories were recognised at the inaugural 20/20 partner awards.
Digital Guardian Named to JMP Securities 2020 Elite 80 List (Digital Guardian) JMP Securities has announced its annual Elite 80 list and we're pleased to report Digital Guardian is on it!
Products, Services, and Solutions
Explore 7 data loss prevention tools for utmost security (SearchSecurity) Data loss prevention tools help to address one of the most important parts of enterprise security today. Learn the factors to consider when sorting through these seven DLP-focused vendors and the features, deployment and area(s) of focus they can provide.
Fantastic! CIA-funded Palantir is helping the NHS plan its coronavirus response (Neural | The Next Web) Palantir is helping the NHS build a new data platform that tracks medical staff and resources across the country in order to combat the coronavirus
Do we really want Palantir embedded in the NHS? (Computing) Beware bad policy made in haste because of coronavirus, say campaigners
Zettaset Releases XCrypt Kubernetes Encryption to Secure Data Within Kubernetes Environments and Enable Continued DevSecOps Adoption (BusinessWire) Zettaset releases XCrypt Kubernetes Encryption to secure data within Kubernetes environments and enable continued DevSecOps adoption
Technologies, Techniques, and Standards
The 10 Rules Of BYOD: Rewritten (Forbes) We are in an era where a personal device as a work tool is not just accepted but essential to support remote work.
Why Traditional Security Is Failing Us, Part 2] (Security Boulevard) This is the second part of a two-part series that explores the reasons behind the failure of security technologies to protect companies and their data
Debunking vulnerability management myths for a safer enterprise (Help Net Security) Let’s look at and debunk the top vulnerability management myths, so that enterprises may opt to change their practices and increase cyber resilience.
Design and Innovation
Facebook, Google and Twitter Struggle to Handle November’s Election (New York Times) After spending billions to avoid a repeat of 2016, the tech giants are careening from crisis to crisis as their foes change tactics.
Air Force trusted computing experts look to digital twins to foil cyber attack on GPS satellite constellation (Military & Aerospace Electronics) SMC ran tests without risking damage to expensive and resource-constrained satellites, and to confirm that all system components behave as intended.
Research and Development
Deception Tactics in Cybersecurity: Human Lab Rat (CISO MAG) Deception has been a defense strategy in military and intelligence programs for hundreds of years. As cybersecurity techniques mature, we continue to borrow proven methods from more traditional security industries.
MIT Researchers Launch Location-Tracking Effort for the New Coronavirus (Wall Street Journal) A project to track Covid-19 patients via their phones is being launched by Massachusetts Institute of Technology researchers, potentially the first large-scale project in the U.S. to trace their movement and those with whom they interact.
Researchers use AI and create early warning system to identify disinformation online (Help Net Security) Researchers are using AI to develop an early warning system that will identify manipulated images, deepfake videos and disinformation online.
Industry comes together for ‘game-changer’ cyber ship initiative (Riviera Maritime Media) Experts in cyber security and maritime operations are forging ahead with the creation of a first-of-its-kind research facility
Legislation, Policy, and Regulation
ICO approves use of British mobile phone tracking data to fight spread of coronavirus (Computing) Regulator okays the use of anonymised phone tracking data to help tackle the spread of COVID-19
WSJ News Exclusive | Government Tracking How People Move Around in Coronavirus Pandemic (Wall Street Journal) Government officials across the U.S. are using location data from millions of cellphones in a bid to better understand the movements of Americans during the coronavirus pandemic and how they may be affecting the spread of the disease.
Internet Censorship During COVID-19 Is Threat To Cryptocurrencies And Liberty (Forbes) Censorship of the Internet and a shifting attitude towards digital privacy during COVID-19 poses a threat to Bitcoin and cryptocurrencies.
Saudi spies tracked phones using flaws the FCC failed to fix for years (TechCrunch) One lawmaker on the Senate Intelligence Committee put the blame firmly at the FCC's door.
How Russia’s Troll Farm Is Changing Tactics Before the Fall Election (New York Times) The Kremlin-backed Internet Research Agency, which interfered in the 2016 election, is using different methods to hide itself better.
In a COVID-19 World, Russia Sticks to International Distancing (Chatham House) While a global response is needed against the coronavirus crisis, Russia does not see it as in its interests to contribute – and in fact the Kremlin is using the crisis to further destabilise the world.
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics (ZDNet) Booz Allen: Russia uses its GRU military hackers following predictable patterns based on a public military doctrine.
House Republican urges Pompeo to take steps to limit misinformation from China on coronavirus (TheHill) Rep. Michael McCaul (R-Texas) is urging Secretary of State Mike Pompeo to take steps to limit the spread of online Chinese misinformation around the coronavirus pandemic.
Coronavirus Fake News Isn’t Like Other Fake News (Foreign Affairs) Political Speech Is Harder and Riskier to Police
The Intelligence Contest in Cyberspace (Lawfare) Although the technology is different, the underlying contest exhibits all of the characteristics of traditional spy-versus-spy battles.
Coronavirus signals we must shift from terrorism to new bipartisan intelligence priorities (USA TODAY) US intelligence agencies started warning the Trump administration in January about the coronavirus outbreak. We need a new agenda for this new world.
Is your industry one of those being targeted by China's VISION 2025 campaign? (SC Magazine) Western companies targetted by APT41 as it aims to help China shift its economy toward higher value products and services, including IT, Robotics, energy efficiency, electric vehicles, aerospace equipment.
China and Huawei propose reinvention of the internet (Financial Times) New architecture would enable cutting-edge technologies but western countries fear more control for state-run internet services
Huawei faces fresh threat from US-China spat over COVID-19 (Telecoms.com) While the two presidents have spoken to each other again, the American government are planning to further restrict Huawei’s access to chip supplies.
How Huawei is dividing Western nations (TechCrunch) The relationship between the United Kingdom and Australia is not usually a flashpoint in international relations. After all, the two allies share a common language, ancestry, and monarch. So what caused a dustup recently that saw a senior Australian parliamentarian rebuke the British foreign secret…
DoD Contractors Must Ditch Huawei, ZTE, CISO Arrington Emphasizes (Meritalk) Katie Arrington, the Department of Defense’s (DoD) CISO for acquisition and a prime mover for the recently released Cybersecurity Maturity Model Certification (CMMC) program, this week emphasized the vital importance of defense contractors making the switch away from Chinese-built communications equipment.
Breaking down the Huawei v. Pentagon dispute (Federal News Network) If nothing else, the long-running Huawei situation shows the importance of considering the supply chain when it comes to cybersecurity.
The coronavirus crisis proves the internet should be a public utility (Quartz) It's never been more evident than in this time of pandemic panic that internet access is as essential as electricity and running water.
Coronavirus Delays October REAL ID Deadline By One Year (Homeland Security Today) The announcement comes as the National Governors Association has been lobbying for an extension, arguing in a March 17 letter to Wolf that many departments of motor vehicles had shut their doors to enforce social distancing.
Analysis | The Cybersecurity 202: Cybersecurity experts slam child protection bill that risks rolling back encryption (Washington Post) A strong majority of The Cybersecurity 202 Network experts say the EARN IT Act is a bad idea.
Tech Industry Voices Concerns about the Pentagon’s Cybersecurity Certification Plan (Nextgov.com) Officials say an updated rule for implementing the program will be open for comment later this spring.
Tech companies tell DoD its new cyber standards are missing the mark (Federal News Network) The Defense Department signed its agreement with the CMMC Accreditation Board, kicking off the training for third-party assessors and the release of the necessary documents to help vendors prepare to…
COVID-19 Fuels Heated Fight Over CCPA Enforcement Timing (Law360) The coronavirus pandemic has escalated tensions over whether companies have the necessary time and resources to fully comply with California's landmark privacy law by July, but even a temporary enforcement reprieve wouldn’t give businesses a free pass for their current conduct, experts say.
New Director General of MI5 appointed (MI5 - The Security Service) New Director General of MI5 appointed. The Home Secretary has today (Monday 30 March) announced that Ken McCallum has been appointed as Director General of M
Litigation, Investigation, and Law Enforcement
FTC Warns VoIP Providers to Stop Facilitating Coronavirus Scams (BleepingComputer) The US Federal Trade Commission (FTC) warned nine VoIP service providers against assisting and facilitating illegal robocalls designed to capitalize on public anxiety surrounding the Coronavirus/COVID-19 pandemic.
Russia's Cybercrime Rule Reminder: Never Hack Russians (BankInfo Security) Russian authorities typically turn a blind eye to cybercrime committed by citizens, provided they target foreigners. But as the recent "BuyBest" arrests of 25 individuals demonstrate, authorities do not tolerate criminals that target Russians, and especially not anyone who targets Russian banks.
Virgin Media faces £4.5BILLION compensation payout after data breach (Mail Online) Your Lawyers, a firm based in Chesterfield, Derbyshire, has offered to help people who had their full names and contact details released by Virgin Media get up to £5,000 each.
Glamorous Brazilian pro gamer ‘sentenced to 116 YEARS in jail for fraud’ (The Sun) A BRAZILIAN gamer-girl-turned-influencer has allegedly been sentenced to 30 years in jail. Shayene “shAy” Victorio, 27, is one of the world’s biggest female esports stars but is h…