— The cybersecurity community during the COVID-19 emergency
Pandemic impact report: Security leaders weigh in (CSO Online) A new survey of security and IT leaders sheds light on how organizations across industries are dealing with the COVID-19 crisis, how prepared they were, how vulnerable they are, and what the long-term impact may be.
Start-Ups Are Pummeled in the ‘Great Unwinding’ (New York Times) Dozens have laid off thousands, slashed costs and changed their businesses to try to survive the pandemic. All that may not work.
Start-ups cut nearly 4,000 jobs in March as coronavirus impact ripples through tech (CNBC) The layoffs, compiled by CNBC based on media reports, spanned more than 40 companies that have collectively raised nearly $15 billion.
Webcast: Pandemic Paradigm Shift: Remote Working is the New Normal (Black Hills Information Security) What does it mean to work from home across your corporate VPN? What exactly is VPN? Is your home office prepared? How can you improve and better secure your home network? Is your corporate network ready for the change in IT environment network access? Join us to explore these topics, and describe some potential actions …
Zoom Just Made These Powerful COVID-19 Security And Privacy Moves Following Outcry (Forbes) The COVID-19 crisis gave Zoom a huge surge in users, along with an outcry over security and privacy. But now the firm is aiming to put things right with a series of powerful moves...
A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles (New York Times) After an inquiry from Times reporters, Zoom said it would disable a data-mining feature that could be used to snoop on participants during meetings without their knowledge.
Zoom Video's active users soar as data privacy concerns grow (CRN Australia) FBI received multiple reports of disrupted conferences.
Zoom's 'Company Directory' feature exposes personal data of thousands (iMore) In another damning indictment of its security and privacy shortcomings, Zoom's Company Directory feature has shared the personal information of users with thousands of strangers who signed up using personal email addresses.
The Zoom Privacy Backlash Is Only Getting Started (Wired) A class action lawsuit. Rampant zoombombing. And as of today, two new zero-day vulnerabilities.
Palantir in Talks With Germany, France for Virus-Fighting Tool (Bloomberg) Data-mining firm has an agreement to provide analytics to U.K. Firm is also in talks with Austria, Switzerland for software.
FireEye: Managing email phishing risks during the quarantine (AMEInfo) Crime never sleeps: A global pandemic and quarantine have not prevented threat actors from waging attacks on unsuspecting users and businesses.
Coronavirus/COVID-19 Payment Lures on the Rise (Proofpoint) As the threat landscape continues to be dominated by coronavirus-related activity, Proofpoint researchers have observed an emerging trend of social engineering lures around financial relief.
Keep Calm and Carry On: 5 Data Security Do’s and Don’ts for Everyone (JD Supra) Cyber criminals see opportunity in the pandemic. Some exploit security vulnerabilities in remote working. Others prey on people’s fears by crafting...
Security And Privacy In A Brave New Work From Home World (Techdirt.) We have moved to a radically remote posture, leaving a lot of empty real-estate in corporate
offices and abandoning the final protections of the digital perimeter. For years, we’ve heard that
the perimeter is dead and there are no borders in...
Six Ways to Protect Yourself From COVID-19 Payment Fraud Attempts (Proofpoint) Threat actors continue to use coronavirus-related email lures at a staggering rate—currently more than 80 percent of the threat landscape is using the theme in some way.
Rajant's Globally Available Emergency Response Rapid Deployment Kit (Rajant Corporation) In light of the COVID-19 worldwide health crisis, Rajant Corporation and its global distribution and integration partners have made immediately available a private wireless network for mobile field hospitals and pop-up, health treatment shelters. Rajant’s “Emergency Response Rapid Deployment Kit” is the connectivity solution for facility-strapped healthcare, running out of medical space and patient beds…
First Orion's COVID-19 Fund Helps Essential Service Providers (First Orion Corp.) To aid essential businesses and service providers, we are providing our Inform for a period of time during the COVID-19 pandemic.
Intelligence agency contractors often can't work from home. Here's where that leaves them in a pandemic. (Washington Business Journal) Contractors doing classified work face an increasingly unpredictable environment amid the coronavirus pandemic. Here's how some of them are approaching it.
Cyber Attacks, Threats, and Vulnerabilities
Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources (Reuters) Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.
Bitdefender reveals Mandrake spyware targeting Aussie Android users (ZDNet) Mandrake has been found subverting Google Chrome, Gmail, ANZ Australia, Commonwealth Bank of Australia, Bank of Melbourne Mobile Banking, Bank of SA, Australian Super, and PayPal apps.
The Vollgar Campaign: MS-SQL Servers Under Attack (Guardicore Labs) Guardicore Labs uncovers an attack campaign that’s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers.
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers (The Hacker News) Cyberattack Warning: Hackers Install Secret Backdoor and cryptocurrency malware on Thousands of Microsoft SQL Servers.
Hackers mining Monero on Microsoft SQL databases for last 2 years (HackRead) Microsoft has been doing a tremendous job in tackling cybercrime but lately, it has been facing large scale cyber attacks which is understandable since it’s a technology giant.
There's now COVID-19 malware that will wipe your PC and rewrite your MBR (ZDNet) Security researchers have discovered coronavirus-themed malware created to destroy users' computers.
Trojanized Zoom Apps Target Remote Workers (SecurityWeek) Malicious, re-packaged versions of the Zoom video conferencing application are targeting work-from-home Android users with adware and Trojans
Italy's social security website hit by hacker attack (Reuters) Computer hackers have attacked Italy's social security website, forcing it to shut down on Wednesday just as people were starting to apply for coronavirus benefits, the head of the welfare agency said.
Coronavirus: Microsoft directly warns hospitals, 'Fix your vulnerable VPN appliances' (ZDNet) Microsoft issues its first-ever targeted ransomware alert to hospitals over their vulnerable VPN appliances.
Microsoft warns hospitals of sophisticated ransomware attacks targeting remote workforce (FierceHealthcare) Microsoft is warning hospitals that sophisticated ransomware attacks are trying to exploit remote workers to gain access to their networks. The tech giant recommends immediate actions hospitals should take to reduce the risk of an attack.
Hackers ‘without conscience’ demand ransom from health providers (The Malaysian Reserve) When hackers broke into computers at Hammersmith Medicines Research Ltd, a London-based company that carries out clinical trials for new medicines, it was a nightmare scenario for MD Malcolm Boyce
LimeRAT malware is being spread through VelvetSweatshop Excel encryption technique (ZDNet) The old tactic is proving fruitful in a new campaign.
Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks (SecurityWeek) A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites
Flaw in WordPress plug-in turns hackers into admins (SC Magazine) Wordfence discovers flaw that could grant or revoke admin rights to any registered user, another allows attacker to control website navigation
SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems (SecurityWeek) Researchers have released PoC exploits to demonstrate that the Windows vulnerability tracked as SMBGhost and CVE-2020-0796 can be exploited for privilege escalation
Watering hole attack uses Adobe Flash update warnings (SC Magazine) Kaspersky discovered watering hole websites targeting Asian ethnic group; preferred method for toppers in ATP Who’s Who, said CYFIRMA researchers
QR code generator scam steals thousands in Bitcoin (Naked Security) Every once in a while an attack comes along that is so simple to set up, and yet so effective, that it makes your jaw drop. Here’s one.
Cyber attackers target children at home (Information Age) Kids more likely to click on links and download malware.
Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others (KrebsOnSecurity) A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned.
Voter list in huge data breach was compiled by the Labour Party (Times of Malta) A massive cache of data which was leaked online is understood to have originated from the Labour Party and shows the voting preferences of a majority of the population.
The personal information on some 337,384 people includes names, addresses,ID card details, phone numbers and whether they are...
Most smartphone apps have ‘backdoor secrets’ for hackers (Express Computer) Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users
Security Patches, Mitigations, and Software Updates
Patch Released for Linux Kernel Vulnerability Disclosed at Hacking Contest (SecurityWeek) A patch has been released for a Linux kernel vulnerability that a researcher exploited at the Pwn2Own 2020 competition to escalate privileges to root on Ubuntu Desktop
Cyber Trends
Increased Data Recovery and Ransom Payments Are Stimulating the Ransomware Industry, Finds ‘2020 Cyberthreat Defense Report’ (BusinessWire) CyberEdge Group today announced the availability of its seventh annual Cyberthreat Defense Report. Findings include record-setting cyberattacks.
CISOs Suffering From Increasingly Complex Workload: Cisco (SecurityWeek) Cisco's annual CISO benchmark report examines what it means to be a CISO today by surveying 2,800 IT decision makers, and discussing issues with a panel of CISOs.
CISO Conversations: Verizon, AT&T CISOs Talk Communications Sector Security (SecurityWeek) SecurityWeek talks to Chandra McMahon (CISO at Verizon) and Bill O’Hern (CSO at AT&T) to discuss the role of CISO and what it takes to be a successful CISO.
28% of parents in the Middle East worry about harmful online content, proving the importance of reliable parental control software (Zawya) Harmful content can be found everywhere on the internet, even in-app advertising, where the producer of such materials can profit from applications
Marketplace
Axonius nabs $58M for its cybersecurity-focused network asset management platform (TechCrunch) As companies get to grips with a wider (and, lately, more enforced) model of remote working, a startup that provides a platform to help track and manage all the devices that are accessing networked services — an essential component of cybersecurity policy — has raised a large round of g…
Collibra Raises $112.5M to Help Businesses Make Data-Driven Decisions (PR Newswire) Collibra, the Data Intelligence company, today announced $112.5 million in funding at a post-money valuation of $2.3 billion, bringing the...
BlackBerry CEO: How Cylance Differentiates In Unified Endpoint Security (MSSP Alert) BlackBerry CEO describes how Cylance differentiates in unified endpoint security (UES) market. Plus, COVID-19 reality check & integrations with Microsoft Intune & VMware AirWatch.
KnowBe4’s Year-Over-Year Sales Increase 40% Q1 2020 Compared to Q1 2019 (Globe Newswire) KnowBe4 named a leader in security awareness and training evaluation, appointed a new board member and won numerous awards
Forcepoint shakes up local leadership (CRN Australia) Adds four new names to regional leadership team.
Nutanix appoints ANZ boss out of NetSuite (CRN Australia) Lee Thompson replaces Jamie Humphrey.
Products, Services, and Solutions
IRONSCALES Themis™ Emerges as World’s First Fully Autonomous AI Email (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced that Themis, its AI-driven virtual security analyst, now has the ability...
enclayve Launches Private Communications Network for Consumers (PR Newswire) enclayve Group has launched the enclayve Block, a social media product that you own. It addresses the crucial problem of privacy and data...
Enzoic Helps Organizations Reduce The Threat of Insider Risks From Poor Password Hygiene in Active Directory (BusinessWire) Enzoic helps organizations reduce the threat of insider risks from poor password hygiene in Active Directory.
Panther Labs Launches Open-Source Cloud-Native SIEM (SecurityWeek) San Francisco-based cloud security startup Panther Labs has launched the first stable version of its open-source security information and event management (SIEM) solution, Panther
Flexera Launches Patch Automation for Software Vulnerability Manager (Globe Newswire) Manage more with existing resources thanks to intelligent automation
EPFL software to enable secure data-sharing for hospitals (Mirage News) The MedCo system aims to facilitate medical research on pathologies - such as cancer and infectious diseases - by enabling secure computations on...
Amazon Detective: AWS Cloud Security Service Launches (MSSP Alert) Amazon Detective, and AWS cloud security service, launches to help organizations investigate security incidents across their AWS workloads.
Blue Prism Teams Up with SailPoint to Deliver New Governance and Security Capabilities (PR Wire) Looking to extend its industry leading security capabilities, Blue Prism (AIM: PRSM) today announced a partnership with SailPoint, a market leader in enterprise...
Okta Partners with VMware, CrowdStrike to Boost Log-In Security (Yahoo) Okta Inc., a maker of identity management software, unveiled three cybersecurity partnerships meant to help safeguard corporate networks while millions of employees have been forced to work remotely.Okta announced the agreements Wednesday with VMware Inc.’s Carbon Black unit, CrowdStrike
Obsidian Partners with Snowflake to Consolidate Security Visibility at Scale (Odessa American) Obsidian Security, the Cloud Detection and Response company, and Snowflake, the cloud data platform, today announced a partnership to deliver unified operational visibility of cloud applications, networks, and endpoints.
Technologies, Techniques, and Standards
North American utilities drill 'GridEx' brings record turnout — except from supply chain vendors - CyberScoop (CyberScoop) A November drill involving electric utilities across North America mimicked the disruptive malware used to cut power in Ukraine in 2016, testing operators’ ability to expunge the malicious code from their systems.
The Swiss version of the GCA Cybersecurity Toolkit supplements the new edition of the Cybersecurity quick check for SME (PR Newswire) Today the Global Cyber Alliance (GCA) in partnership with ICTswitzerland and the Swiss Academy of Engineering Sciences (SATW) is launching the...
How can you strengthen an enterprise third-party risk management program? (Help Net Security) Sean Cronin, CEO of ProcessUnity, explores the challenges related to enterprise third-party risk today and in the future.
Creating the optimal cloud defense strategy (ITP.net) | Cloud, F5 Networks, Security, Hybrid Cloud, Back in the day, the theft and loss of backup tapes and laptops were a primary cause of data breaches. That all changed when systems were redesigned and data at rest was encrypted on portable News
Coronavirus doesn't stop Indian Army from carrying out its annual cyber security exercise (ThePrint) Army had earlier issued advisory claiming India's adversaries were launching coronavirus-themed campaigns to infect official or personal IT assets of defence personnel.
Colorado National Guard Practicing ‘Muscle Memory’ Cybersecurity (MeriTalk) The Colorado National Guard is ramping up its cybersecurity awareness, starting with a cultural change to normalize cyber practices and the introduction of a cyber mascot, CIO Col. Isaac Martinez shared at a March 31 Cybersmart webinar.
Research and Development
Shift5, Inc., Awarded Cooperative Research and Development Agreement (CRADA) with US Army (PR Newswire) Shift5, Inc., a cybersecurity company, announces its Cooperative Research and Development Agreement (CRADA) with the US Army Combat...
Academia
Mass school closures in the wake of the coronavirus are driving a new wave of student surveillance (Washington Post) Colleges are racing to sign deals with “online proctor” companies that watch students through their webcams while they take exams. But education advocates say the surveillance software forces students to choose between privacy and their grades.
A guide to the UK's top universities for cyber-security (SC Magazine) SC's table (enclosed) looks at UK educational institutions catering for cyber-security, whether that be dedicated cyber MScs or MBAs, more niche digital forensic or broader courses in computer science.
Legislation, Policy, and Regulation
Chinese COVID-19 disinformation campaigns commenced as early as January: Stanford (ZDNet) This culminated in a Chinese government official accusing the US military of starting the outbreak on social media.
Russia's Planned Coronavirus App Is a State-Run Security Nightmare (Gizmodo) Like other countries, COVID-19 rocked both Russia and its neighbors, with recent numbers pointing to a collective 4,375 residents across the post-Soviet states being infected by the virus. And while some of these territories are seemingly less than worried about the pandemic, Russia’s spent the bulk of this week rolling out a series of initiatives to surveil its citizens that are putting experts on edge.
The Sinicization of Russia’s Cyber Sovereignty Model (Council on Foreign Relations) In recent years, Russia has mimicked China's model of cyber sovereignty. This will likely harm Russian domestic security and influence in its near-abroad.
National Strategy to Secure 5G Addresses Infrastructure Risk Posed by Adversarial Foreign Vendors (Homeland Security Today) 5G infrastructure
'New IP' is an actual Huawei threat to networks (Light Reading) A new system for the Internet is a far greater threat to the West than Huawei's role in 5G networks.
Agencies to get more insight into their cybersecurity posture this month (Fifth Domain) The new Continuous Diagnostics and Mitigation dashboard is set to be deployed this month.
()
Cybersecurity Decision Making Demands Guidance (SIGNAL Magazine) An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.
Former DHS secretaries to propose major reforms streamlining resources for cybersecurity, coronavirus threats (FedScoop) A bipartisan group including former Department of Homeland Security secretaries plans to recommend major reforms in July to improve the department’s response to emerging threats, including cyberthreats. When President Trump ordered incoming flights from Europe to be screened for COVID-19 starting March 14, DHS couldn’t access the doctors, supplies or facilities needed to do that efficiently, …
FCC requires anti-robocall tech after “voluntary” plan didn’t work out [Updated] (Ars Technica) Pai follows Congress' orders, requires carriers to verify Caller ID accuracy.
Senators slam 'reckless' House over surveillance debacle (POLITICO) Senators were livid after House lawmakers left Washington without temporarily extending FISA provisions.
Federal officials scramble to ensure tech glitches, bureaucracy don’t delay $1,200 coronavirus checks (Washington Post) The $2 trillion law signed by the president last week calls for payments to be made "as rapidly as possible," as the Trump administration looks to put much-needed cash in the hands of an estimated 150 million Americans. But the Treasury Department's ability to meet that congressional mandate hinges on a series of systems it is still bringing online.
Analysis | The Cybersecurity 202: States plan to expand mobile voting amid coronavirus pandemic, despite security concerns (Washington Post) States weigh increasing access to voting during a crisis with cybersecurity risks.
Australian state will install home surveillance hardware to make sure if you're in virus isolation, you stay there (Register) Could be a wearable, could be wired. Backed by big fines and jail
Microsoft president calls Washington state’s new facial recognition law ‘a significant breakthrough’ (GeekWire) Microsoft President Brad Smith took a break from responding to the COVID-19 outbreak Tuesday to praise Washington state’s landmark facial recognition regulations. Washington Gov. Jay Inslee signed a…
Litigation, Investigation, and Law Enforcement
Infosec Reviews Not Good for Small Business Administration, Veterans Affairs Department (Nextgov.com) Audits note poor posture and highlight weaknesses related to remote work and contractor oversight.
Zelensky: Over 100 perpetrators spinning coronavirus disinformation exposed (UNIAN) The president urged citizens to remain vigilant and trust official information sources only.
Facebook, Chamber Back Bid To Strike TCPA Autodialer Ban (Law360) Facebook, the U.S. Chamber of Commerce and more than a half-dozen others have joined the push to convince the U.S. Supreme Court to invalidate the Telephone Consumer Protection Act's autodialer ban, arguing that axing the entire speech-abridging provision is the only way to properly remedy First Amendment deficiencies.
Preparing For Private Right Of Action Under Calif. Privacy Law (Law360) While enforcement of the California Consumer Privacy Act won’t begin until July, the private right of action created by the CCPA is available to consumers now, and companies assessing their litigation risk should evaluate three open questions, say Amanda Lawrence and Michael Rome at Buckley.
UK Supreme Court rules that Morrisons can't be held responsible for 2014 data breach (Computing) The company was facing compensation claims from thousands of former and current employees over the security incident