— The cybersecurity community during the COVID-19 emergency
Analysis | The Cybersecurity 202: Coronavirus pandemic unleashes unprecedented number of online scams (Washington Post) Researchers say this reflects how the virus has upended every aspect of daily life across the globe.
FTC Data Shows Jump in Coronavirus-related Complaints from Consumers (Federal Trade Commission) Consumer complaints to the Federal Trade Commission related to the coronavirus (also known as COVID-19) have surged in recent weeks.
CenturyLink Connects Emergency Healthcare Facilities During COVID-19 (PR Newswire) CenturyLink is donating high-speed internet connections to temporary hospital facilities created to help ease the burden on the nation's...
Kaspersky supports health care institutions amid COVID-19 (Arab News) Kaspersky has announced free availability of its core endpoint security products for medical organizations, in order to help them stay protected from cyber threats during the pandemic. The full list of B2B products available for free for six months includes: Kaspersky Endpoint Security Cloud Plus, Kaspersky Security for Microsoft Office 365, Kaspersky Endpoint Security for Business Advanced and Kaspersky Hybrid Cloud Security.
SECTARA and SRMAM link in the fight against Coronavirus cyber threats (PRWeb) As the world reels from the coronavirus pandemic, the situation has been seen as an opportunity for threat actors, who've taken advantage of the opportunity to targe
Two Exabeam employees at RSA conference who tested positive for COVID-19 are recovering (TechRepublic) Exabeam's employees are recovering from coronavirus. Both tested positive for COVID-19 after attending RSA in San Francisco.
Duo Security Co-Founder And Wife Helping Local Small Businesses (WEMU) The co-founder of Duo Security in Ann Arbor and his wife are committing $1 million in short-term, emergency relief grants to help small businesses in our
()
Palantir in Talks With Germany, France for Virus-Fighting Tool (Yahoo) (Bloomberg) -- Data-analytics company Palantir Technologies Inc. is in talks to provide software to governments across Europe to battle the spread of Covid-19 and make strained health-care systems more efficient, a person familiar with the matter said.The software company is in discussions with authorities
Coronavirus: NHS corrals Microsoft, Palantir and Google to hone data analysis (ComputerWeekly.com) The NHS has confirmed it is working with Microsoft, Palantir and Google to improve data analysis to make its anti-coronavirus effort more efficient and effective.
WSJ News Exclusive | Xerox Is Ending Hostile Takeover Bid for HP (Wall Street Journal) Xerox is pulling the plug on its hostile bid to buy larger rival HP after the coronavirus pandemic undermined the copier maker’s ability to pull off the debt-laden merger.
Comcast says voice and video calls have skyrocketed 212 percent during widespread self-isolation (The Verge) In some cities, peak traffic is up 60 percent
Akamai: Undercovered Beneficiary Of The COVID-19 Crisis (Seeking Alpha) The recent outbreak of COVID-19 has forced a significant portion of the global population to self-isolate at home, leading to an uptick in work-from-home and streaming activity.
Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems (Vox) Zoom’s best month could also be its worst.
Zoom Video's active users soar as data privacy concerns grow (CRN Australia) FBI received multiple reports of disrupted conferences.
[Letter to Zoom CEO concerning privacy and security] (Senator Richard Blumenthal) Dear Mr. Yuan, I write with concern and to seek information regarding how Zoom handles the personal data of its users and protects against security threats and abuse against its services.
()
Amid COVID-19 Crisis, Cybersecurity Executives Look to Virtual Summits for Information, Education (Yahoo) Data Connectors, representing the largest cybersecurity community in North America, announced today it will hold its first Virtual Cybersecurity.
Working from home, staying secure: 14 Identity & Access Management tools to deal with the coronavirus fallout (Computing) With record numbers working remotely during the COVID-19 crisis, CIOs and CISOs must look at how to maintain identity and access securely across a dispersed network
COVID-19: Outbreak Delays Russian Conscription; Belarus Denies First Fatality (RadioFreeEurope/RadioLiberty) The global death toll has surpassed 42,000 with over 855,000 infections confirmed, causing mass disruptions as governments continue to try to slow the spread of the new respiratory illness.
Coronavirus: Saudi Arabia asks Muslims to put hajj on hold (Reuters, via the San Jose Mercury News) Saudi Arabia wants Muslims to wait until there is more clarity about the coronavirus pandemic before planning to attend the annual hajj pilgrimage, the mini…
‘We can’t meet, but we will gather’: Faith leaders adapt to offer services for Passover, Easter (Baltimore Sun) With Easter and Passover fast approaching, Baltimore-area ministers and rabbis are drawing on every resource they can to provide services for their flocks as coronavirus-related lockdowns expand across the region.
Cybersecurity Activity Book for Kids (Balbix) We have created a 12-page printable book with cybersecurity themed coloring pages, puzzles, games, and other activities that you and your kids to enjoy.
Cyber Attacks, Threats, and Vulnerabilities
North Korea-linked Geumseong121 APT group is sending spear-phishing emails to target people interested in North Korean refugees (Computing) Fifty malicious domains belonging to the group were seized by Microsoft in December
Marriott International confirms data breach of up to 5.2 million guests (Naked Security) Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people.
Marriott confirms data breach impacting up to 5.2 million people (Computing) The company has notified guests whose information was compromised in the incident
New Marriott Data Breach Could Affect Up to 5.2 Million Guests (Business Travel News) For the second time in less than 18 months, Marriott International has experienced a data breach, the company reported Tuesday. The breach affects up to 5.2 million guests, and the company is emailing all those affected, Marriott said in a statement.
Ex-NSA hacker drops new zero-day doom for Zoom (TechCrunch) Zoom’s troubled year just got worse.
The 'S' in Zoom, Stands for Security (Objective-See) Uncovering (local) security flaws in Zoom's latest macOS client
()
Report: Cloud Backup Provider Exposes Customer Data in Massive Leak (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to Cloud backup provider SOS Online
Is the Houseparty app safe? How it works – and how to delete your account (The Telegraph) Users have complained of hackers using Houseparty to access their Paypal, Spotify and Netflix accounts
No proof of a Houseparty breach, but its privacy policy is still gatecrashing your data (TechCrunch) Houseparty has been a smashing success with people staying home during the coronavirus pandemic who still want to connect with friends. The group video chat app, interspersed with games and other bells and whistles, raises it above the more mundane Zooms and Hangouts (fun only in their names, other…
Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks (SecurityWeek) Researchers demonstrated recently how a Stuxnet-style attack can be launched against Schneider Electric’s Modicon PLCs, but it’s believed that controllers from other vendors are vulnerable as well
BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Low skill level to exploit
Vendor: Becton, Dickinson and Company (BD)
Equipment: Pyxis MedStation and Pyxis Anesthesia (PAS) ES System
Vulnerability: Protection Mechanism Failure
2.
Hirschmann Automation and Control HiOS and HiSecOS Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Hirschmann Automation and Control GmbH, a division of Belden Inc.
Equipment: HiOS, HiSecOS
Vulnerability: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.
Mitsubishi Electric MELSEC (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: MELSEC
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability may render the device unresponsive.
Schneider Electric Modicon Controllers (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium
Vulnerability: Improper Check for Unusual or Exceptional Conditions
2.
Racist 'zoombombing' during synagogue meeting (BBC News) Hackers hijacking Zoom meetings to shout abuse is on the rise as more people talk virtually.
California system alerts 397,000 patients of phishing attack: Merced, Calif.-based Golden Valley Health Centers began notifying 397,000 patients March 9 that their protected health information may have been exposed in a phishing attack. (Beckers Hospital Review) Merced, Calif.-based Golden Valley Health Centers began notifying 397,000 patients March 9 that their protected health information may have been exposed in a phishing attack.
Top 10 Application Vulnerabilities of 2019 (WhiteHat Security) In application security, so often the cause of vulnerabilities can be traced to the development process. It’s the nature of application development and a consequence of moving faster with shorter deadlines.
SBTech client sites to resume operations after cyber attack (SBC Americas) Sportsbooks powered by SBTech are to resume operations as early as today as the company continues to respond to a cyber attack that resulted
Security Patches, Mitigations, and Software Updates
Patch now! Critical flaw found in OpenWrt router software (Naked Security) OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.
Marketplace
Palo Alto Networks to acquire CloudGenix for $420 million (ZDNet) CloudGenix competes with Cisco and other incumbents in the SD-WAN space.
Sidley Steers $420M CloudGenix Deal For Palo Alto Networks (Law360) Cybersecurity company Palo Alto Networks, represented by Sidley Austin, has agreed to buy network services provider CloudGenix Inc. for $420 million, the companies said Tuesday, in an agreement that stands to extend the breadth of the Palo Alto Networks cybersecurity platform.
Acuant and IdentityMind Union Creates a Global Leader in Digital Identity Proofing and Verification (PR Newswire) Acuant, a leading global provider of identity verification solutions, today announced it has finalized the acquisition of former strategic...
Ex-State Street Blockchain Team Drops DLT From New Data-Privacy Startup (CoinDesk) Data privacy startup Manetu goes live early next month with $3.5 million in backing from Castle Island Ventures and others.
Blackpoint Cyber Announces its Virtual Cyber Security Conference: Remote Reality LIVE Covering Cyber Security and Business Continuity for Managed Service Providers (MSPs) (PR Newswire) Today, Blackpoint Cyber announced its Remote Reality LIVE conference, which will occur online April 8th and April 9th 2020. The conference will...
Dell's R&D Spending Grew 5x to $4.9bn in the Last 5 Years (LearnBonds.com) During the 2020 financial year, Dell Technologies' R&D expenditure was $4.9 billion, a growth of about five times from the last five years.
McAfee Finally On The Right Path (Forbes) McAfee is coming out of a decade of false starts and disruptive decisions to become a consistent force in the cybersecurity industry once again.
Thycotic Recognized with a 5-Star Rating in the 2020 CRN® Partner Program Guide (Thycotic) The IT Channel’s Top Partner Programs are Highlighted
Ntrepid Recognized as Winner of Coveted Cyber Defense Magazine InfoSec Awards (Yahoo) Ntrepid LLC has won Cyber Defense Magazine's Editor’s Choice for Deception Based Security and Publisher’s Choice for Digital Footprint Security.
Products, Services, and Solutions
Scale Computing Offers Acronis Cloud Storage, Expands Storage Options for Enhanced Data Backup, Disaster Recovery, and Ransomware Mitigation - Scale Computing (Scale Computing) Scale Computing, a market leader in edge computing, virtualization and hyperconverged solutions, today announced it is offering Acronis Cloud Storage, adding a further dimension to the existing OEM partnership with the global leader in cyber protection.
Okta Unveils Okta FastPass: The End of Passwords at Work (Okta) The leading independent identity platform introduces intuitive, secure,passwordless access for end-users across applications, operating systems, and endpoints
Automox Cloud-Native Endpoint Hardening Now Available through CrowdStrike Store (Automox) Automox and CrowdStrike's new partnership enables proactive detection and closed-loop response of vulnerabilities within CrowdStrike Falcon customer environments.
AttackIQ Delivers Breach and Attack Simulation Solutions to Government Agencies Through RockITek’s GSA Schedule (BusinessWire) AttackIQⓇ, the leading independent vendor in the breach and attack simulation market, today announced their platform has been approved by the U.S. Gen
Swimlane Launches Customer Experience Program (Yahoo) Enhanced method of partnering with customers ensures initial and long-term success.
Inkscreen’s CAPTOR™ Compliance Adds Data Loss Prevention Alerts and New Insider Threat Protections to Leading Business Camera and Document Scanning Mobile App (BusinessWire) Inkscreen’s CAPTOR™ Compliance Adds Data Loss Prevention Alerts; New Insider Threat Protections to Top Business Camera/Document Scanning Mobile Apps
RevBits announces the launch of its next-gen Cybersecurity Suite (PR Newswire) RevBits announces the general availability of its Cybersecurity Suite that is designed to provide companies across the globe with superior...
Wärtsilä Translink becomes first ever solution fully compliant with latest IEC and DNV GL Cyber Security rules (Helllenic Shipping News) The technology group Wärtsilä has been awarded a DNV GL type-approval certificate and cyber security certification by the International Electrotechnical
Trend Micro partners with CyberX to drive Saudi Arabia’s cybersecurity awareness (SME Advisor) Trend Micro’s Initiative for Education is the parent program for numerous global initiatives that support Internet safety for kids and families, small businesses, and universities.
Technologies, Techniques, and Standards
The NERC CIPS are not designed to keep the electric industry safe from cyber incidents or attacks (Control Global) To cyber secure the grid, the North American electric industry has to meet a set of standards known as the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.
Council Post: Seven Simple Strategies To Guard Against CEO Fraud (Forbes) There are some common red flags to watch for and some core security measures you can put in place to drastically reduce the chance of a successful attack.
Alert Logic Defines Required Capabilities for Managed Detection and Response (Alert Logic) Alert Logic Defines Required Capabilities for Managed Detection and Response and Launches Virtual Forums to Drive Industry Consensus on Definition of MDR
Threat Simulation - Long Connections (Active Countermeasures) Intro This article is number 2 of 7 in a series on testing Threat Hunting software to make sure that it’s configured correctly …
Cracking Dictionaries: What You Need to Know (Enzoic) Cracking Dictionaries: What You Need to Know. What they are. How are they used. How Can Organizations Secure Passwords & Make Passwords Harder to Crack?
Guest column: The coronavirus isn’t the only virus that should concern companies (The Pottstown Mercury) Americans are rightly concerned about the current coronavirus pandemic. But businesses’ audit committees and boards need to be better prepared for viruses of another kind — cyber-attacks on their data
How Much Downtime Can Your Company Handle? (Dark Reading) Why every business needs cyber resilience and quick recovery times.
Research and Development
Trusona Patents World's First Anti-Replay Technology For Passwordless Authentication (Yahoo) Trusona, the pioneering leader in passwordless multi-factor authentication technology, today announced that the United States Patent and Trademark Office has issued U.S. Patent 10,601,859 titled, "Anti-replay systems and methods." Trusona's patented anti-replay technology plays an integral
Some mobile phone apps may contain hidden behaviors that users never see (Ohio State News) A team of cybersecurity researchers has discovered that a large number of cell phone applications contain hardcoded secrets allowing others to access private data or block content provided by users.
How rapid advances in quantum computing are reshaping cybersecurity (Computing) We must all prepare for the end of public key encryption as we know it
Legislation, Policy, and Regulation
Knesset fights Bennett’s proposal to let IDF and NSO Group track virus patients (Times of Israel) Lawmakers oppose idea to give contentious private spy firm access to personal data; Shin Bet, tasked with monitoring carriers, says it's not giving information to Defense Ministry
Coronavirus Response To Test Limits Of Location Privacy (Law360) U.S. authorities may be able to use location data culled from smartphones to track people amid the coronavirus pandemic without breaching privacy laws, but they should explain how they are masking that data and taking steps to avoid targeting individuals, attorneys told Law360.
Rigorous Privacy and InfoSec Requirements May Be in Store for Companies That Accept Government Equity Stakes (Cooley) Federal government agencies, government-controlled corporations and some government contractors must comply with robust federal laws that govern federal agencies’ privacy and information security p…
China won't sit and watch Huawei get 'slaughtered,' exec says as US reportedly preps new sanctions (CNBC) "The Chinese government would not sit there and watch Huawei being slaughtered. I believe there would be counter-measures," Eric Xu, rotating chairman at Huawei, told CNBC, amid reports the U.S. was preparing new restrictions against the tech giant.
Huawei warns China will strike back against new U.S. restrictions (CRN Australia) Predicted the Chinese government would retaliate against the United States.
The Newest US Sanctions on China's Huawei Could Backfire (Wired) A reported ban on sales to Huawei of chips made with American equipment might intensify China's drive to develop its own chip industry.
UK launches team to tackle Covid-related misinformation and scams (SC Magazine) UK’s rapid response unit set up to combat misinformation about Coronavirus tackles five to ten misinformation campaigns each day
FCC will require phone carriers to authenticate calls by June 2021 (Engadget) The FCC announced today all carriers and phone companies must adopt the STIR/SHAKEN protocol by June 30th, 2021. The regulatory requirement is designed to combat robocalls, specifically those that try to hide their phone numbers by allowing carriers to authenticate caller IDs.
Wisconsin goes it alone, holding elections next week amid fears of infection and voting chaos (Washington Post) The state is the only one of the 11 originally scheduled to hold contests in April that has not postponed or dramatically altered voting amid the coronavirus pandemic.
Litigation, Investigation, and Law Enforcement
Problems with FBI surveillance extended far beyond probe of Trump campaign, Justice Dept. inspector general says (Washington Post) The inspector general issued a memorandum alerting officials of widespread problems in FISA applications.
DOJ Watchdog Faults FBI's Surveillance Warrant Process (Law360) A Justice Department watchdog report released Tuesday found significant lapses in the FBI's surveillance warrant process for Foreign Intelligence Surveillance Act applications, and said the bureau often falls short of the “scrupulously accurate” standard the applications should be held to.
Watchdog finds new problems with FBI wiretap applications (AP via Madison) The Justice Department inspector general has found additional failures in the FBI's handling of a secretive surveillance program that came under scrutiny after the Russia investigation, identifying
Management Advisory Memorandum for the Director of the Federal Bureau of Investigation Regarding the Execution of Woods Procedures for Applications Filed with the Foreign Intelligence Surveillance Court Relating to U.S. Persons (Office of the Inspector General, US Department of Justice) As you are aware, in December 2019 my office issued a report examining four Foreign Intelligence Surveillance Act (FISA) applications—an initial application and three renewal applications—targeting a U.S. Person and other aspects of the Federal Bureau of Investigation’s (FBI) “Crossfire Hurricane” investigation (“December 2019 FISA Report”).
Virus Delaying Court's Review Of Unredacted Mueller Report (Law360) A D.C. federal judge said ongoing court disruptions caused by the coronavirus pandemic is preventing him from immediately reviewing the unredacted version of former special counsel Robert Mueller's report on Russian interference in the 2016 U.S. presidential election.
Top UK Court Says Morrisons Not Liable For Data Breach (Law360) Morrisons has escaped liability for a disgruntled staff member stealing and distributing the payroll data of 100,000 colleagues, as the U.K.’s highest court ruled Wednesday that the connection between his job and the theft was not close enough.
AT&T Looks To Nix Some Of Crypto Investor's Hacking Suit (Law360) AT&T again urged a California federal court to dismiss part of a cryptocurrency investor’s suit accusing the telecom giant of failing to protect his personal data, arguing Monday that an amended complaint still failed to show that it lied about data protection.
Digital Investigations Remain a Major Challenge for Law Enforcement (CPO Magazine) Digital investigations take an important role in criminal justice today but law enforcement agencies face many challenges to drive operational efficiencies and standards in handling digital data.
One Russian Blogger's Effort To Unearth The Secrets Of Putin's Rise To Power (RadioFreeEurope/RadioLiberty) Vladimir Putin has been the face of Russia for two decades. But many aspects of his early life remain closely held secrets, blogger Artyom Kruglov says -- and for good reason.