The CyberWire Daily Briefing, 4.14.20

Dateline

Public-Sector Tech Faces Crush of Coronavirus-Linked Demands (Wall Street Journal) Public-sector technology leaders are balancing efforts to update aging IT systems with more urgent needs sparked by the coronavirus pandemic, including supporting overwhelmed online services.

Hackers Exploit Coronavirus to ‘Surge’ Attacks on the Pentagon (USA Today) The Defense Department has faced unprecedented threats as hackers seek to take advantage of employees with security clearances who are forced to work from home.

Putin’s Long War Against American Science (New York Times) A decade of health disinformation promoted by President Vladimir Putin of Russia has sown wide confusion, hurt major institutions and encouraged the spread of deadly illnesses.

Slow Internet Is Speeding the Spread of the Coronavirus in Kashmir (Foreign Policy) The region is accustomed to lockdowns, but New Delhi’s ban on high-speed internet is undermining the medical community’s ability to fight the pandemic.

U.S. Official: Beware of Chinese Leaders Bearing Coronavirus Gifts (Foreign Policy) Senior State arms official says China’s outreach could put at risk sovereign U.S. allies and American weapons systems.

Xi Jinping Won the Coronavirus Crisis (Foreign Affairs) How China Made the Most of the Pandemic It Unleashed

Will a contact tracing app actually stop the coronavirus spread? (The Telegraph) Apps using Bluetooth and GPS can help the authorities track the spread of coronavirus - but how well do they work?

Apple Responds to Senators Questioning Privacy of Covid-19 Tools (Bloomberg) Apple Inc. responded to Democratic Senators who sent a letter to Chief Executive Officer Tim Cook with questions related to the privacy of the iPhone maker’s Covid-19 screening tools.

Analysis | The Cybersecurity 202: Privacy experts fear a boom in coronavirus surveillance (Washington Post) Surveillance programs built to combat the pandemic may outlast it.

There Is No Devil’s Bargain Between Privacy and Public Health (Foreign Affairs) But Protecting Rights Requires Constant Vigilance

BREAKING: Supreme Court To Hold Arguments By Teleconference (Law360) The U.S. Supreme Court will hold oral arguments by teleconference next month due to the ongoing coronavirus crisis, with all nine justices and counsel participating remotely in what will be a bold new experiment for an institution not known for its technical prowess.

Virtual Courts Expanded; New Filings Still Banned (New York Law Journal) Virtual court is being expanded beyond emergency proceedings to cover the bulk of trial court caseloads, while an existing ban on new filings for nonessential matters will remain in effect.

Coronavirus Hobbles Corporate Compliance Monitoring (Wall Street Journal) Online data and videoconferencing have become more prominent in compliance monitoring, but it’s hard to see corporate culture or how honest employees are being at a distance

It's Official: Most Zoom Versions Now Off-Limits to the Military (Military.com) The popular free video conferencing application Zoom is now officially off-limits to DoD personnel.

ICE cautions staff, contractors on Zoom (GCN) Agency employees and contractors have been told not to install the client software on any equipment or use it for internal conversations, according to an April 9 internal memo from the Immigration and Customs Enforcement CIO.

Zoom will let paying customers pick which data center their calls are routed from (The Verge) Paying customers can "opt in or out of a specific data center region."

Over 500,000 Zoom accounts sold on hacker forums, the dark web (BleepingComputer) Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.

Hackers Are Selling Zoom’s ‘Zero-Day’ Exploits On Dark Web For Up To $30,000: Report (Mashable India) Hackers have been taking advantage of the security flaws in the app and one such hacker claimed that security exploits discovered on Zoom are being sold on the dark web.

Expert offers tips to avoid being ‘Zoom bombed:’ ‘Intention is just to mess with people’ (FOX6Now.com) A virtual news conference hosted by Milwaukee election officials on Sunday, April 12 was "Zoom bombed" -- a term used to describe the moment when a malicious actor hijacks a Zoom call.

Here’s when you can trust Zoom, and when you shouldn’t (Fast Company) Whether you can be comfortable with the controversial videoconferencing phenom depends on your work, your secrets, and how much you believe its promises.

Why Zoom Remains My Favorite Business Grade VTC Solution (CTOvision.com) Here is my view on Zoom: You are either going to use video teleconferencing or not. And if you use it you are going to use a system with vulnerabilities. So your best bet from a security perspective is to use one where the company is proven to take rapid action to address problems, like …

Microsoft Isn’t Cutting Zoom Any Slack (Wall Street Journal) The software giant boasts about the video-calling ability of its Teams platform just as the position of competitor Zoom looks vulnerable.

Unit 42: Phishing attacks are thriving during the pandemic (VentureBeat) The COVID-19 pandemic doesn't seem to be slowing down cyberthieves, as phishing and other attacks are thriving, according to a new report.

Canadian coronavirus response workers targeted in ransomware attack, says U.S. cybersecurity report (Financial Post) Increase seen in phishing attacks in which criminals use the pandemic as a hook to trick people into opening an attachment or clicking a link

COVID-19 Isn’t the Only Virus to Fear: Cybersecurity Attackers Target Hospitals Amidst COVID-19 (Lexology) Among the many obstacles facing businesses as a result of the COVID-19 pandemic are new cyberattacks targeting key infrastructure and industry in the…

4,000% increase in ransomware emails during COVID-19 (National Observer) The COVID-19 pandemic has forced many people to work from home. But are you keeping yourself and your work cybersecure?

Remote security: 5 common myths about phishing scams (Enterprisers Project) Phishing scams are rising in the time of COVID-19. With expert help from IT leaders and security pros, we debunk 5 misconceptions

Coronavirus accelerates Pentagon’s network upgrades from years to weeks (Washington Business Journal) The DOD and its military services are racing with industry to expand their network capacity and tools to meet new demands for teleworking amid the coronavirus pandemic.

‘A staggering problem’: Working from home could lead to massive data leaks (Yahoo) The corporate security situation right now is like trying to quickly assemble a shelter during a rainstorm, experts say: Even if you get something set up, you’re still likely to have some water leaking through.

Malware Risks Triple on WFH Networks: Experts Offer Advice (Threatpost) New research found that almost half of companies had malware on their corporate-associated home networks – in comparison to malware being found on only 13 percent of corporate networks.

Business at risk from home-working perils, warns Bitglass (Whatech) Bitglass, next-gen cloud security company, has warned businesses whose staff are working from home, are at risk from security issues. Thousands, if not millions, of people are working from home.

Critical Vulnerabilities You Need to Find and Fix to Protect the Remote Workforce (Tenable®) As uncertain times lead to a shift in how we work, identifying, prioritizing and addressing critical flaws that have been exploited in the wild is paramount.

Key Elements for Securing Remote Telework for Government (Fortinet Blog) Learn more about the key elements of a solution for secure remote access to ensure the continuity of government operations.…

Free Cyber Attack Hotline Offered Amid COVID-19 Pandemic by Data Security and Compliance Firm SecurityMetrics (PR Newswire) The COVID-19 pandemic is having an unprecedented impact on businesses around the world. Whether a business has shut down operations for the...

Fugue Survey Finds Widespread Concern Over Cloud Security Risks During the COVID-19 Crisis (Fugue) 84% are concerned about new security vulnerabilities during the COVID-19 crisis, and 84% are concerned their cloud data has been hacked and don’t know it.

Retrospect: StorCentric’s Retrospect Offers Free 90-Day Backup Subscriptions During Pandemic (Retrospect) Backup Now, Restore Forever, and No Credit Card Required.

Cyber Attacks, Threats, and Vulnerabilities

APT41 Using New Speculoos Backdoor to Target Organizations Globally (Unit42) Unit 42 identifies the payload installed onto a Citrix appliance by APT41, which we are calling Speculoos.

New York Investigating Hack of State’s Computer Network (Wall Street Journal) Hackers compromised the computer network serving New York’s state government in late January, officials said Monday, prompting the state to hire an outside firm and change thousands of employee passwords.

Ransomware Crooks Emboldened by More Payments, Experiments in 'Customer' Experience (Bitdefender) Ransomware Crooks Emboldened by More Payments, Experiments in 'Customer' Experience

Hackers file fake tax returns in scheme to steal IRS refunds - CyberScoop (CyberScoop) It may be open season for coronavirus scammers, but tax frauds aren’t letting up, either.

TikTok users beware: Hackers could swap your videos with their own (Naked Security) TikTok doesn’t use HTTPS for its images and videos – so crooks could swap out the videos you see and you would never know.

TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds (Threatpost) The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.

Ransomware targets C-suite executives – CyberCube (Insurance Business) Organized criminals are moving away from high-volume, low-value attacks

TrickBot Emerges with a Few New Tricks (Zscaler) Trickbot often works with other malwares, whether it is using them as initial infection vectors to find its way into the target host or downloading other malware families, Ryuk ransomware, coinminer, etc, to get most out of the infection.

Nearly 4 Million Quidd User Credentials Stolen and Shared on Hacking Forum (RBS) The credentials of nearly 4 million Quidd users have recently been discovered by our Data Breach Research team on a prominent deep web hacking forum. At this time, the leaked data has not been offered for sale but is available in a non-restricted manner. Headquartered in Brooklyn, Quidd is an app

Cyber attack may be cause of network failure (Port Strategy) A container shipping company hit by a network outage cannot yet rule out a cyber attack.

Ransomware attacks lock 2 Manitoba law firms out of computer systems (CBC) Work at two Manitoba law firms is at a virtual standstill after cyber attacks left staff without access to their computer systems, locking out digital files, emails and data backups.

Call Of Duty: Warzone Developers Lash Out At Hackers- Ban 70,000 Players (EssentiallySports) Infinity Ward lashed out at cheaters in Call Of Duty: Warzone by permanently banning 70,000 accounts. The publisher conveyed their message on Twitter.

It’s hard for campaigns to be transparent without aiding attackers (CyberScoop) Transparency is essential to democratic elections. But security is also important to the integrity of the process. All of us need to be vigilant.

Vulnerability Summary for the Week of April 6, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

VMware plugs critical flaw in vCenter Server, patch ASAP! (Help Net Security) VMware has fixed a critical vulnerability (CVE-2020-3952) affecting vCenter Server, which can be exploited to extract highly sensitive information.

Microsoft and Google delay online authentication change (Naked Security) Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication.

Cyber Trends

Cybersecurity is top concern, as online threats mount in Malaysia by 82.5% (Tech Wire Asia) Businesses, individuals in the region need to safeguard themselves and their systems, as cybersecurity threat reports hit astronomical numbers in Malaysia.

How Cyber Secure Is Your State? (Security Boulevard) Even the most cyber secure states didn't score above a 'C' in Webroot's survey, which means there's more work to be done to educate users.

Marketplace

Cyber Risks Impact on Mergers and Acquisitions (Infosecurity Magazine) In an acquisition, the purchasing organization also acquires the associated cybersecurity program and cyber risks.

As cybersecurity concerns grow, so does need for security professionals (Cincinnati Business Journal) Businesses in the U.S. and across the globe are under attack. State and city governments are, too. The enemy is invisible and so are its weapons.

Duff & Phelps Announces Completion of Acquisition by Investor Consortium (Yahoo) Duff & Phelps has announced the completion of its acquisition by a global investor consortium.

CFIUS Clearance: Capgemini and Leidos Cyber (The National Law Review) In 2018, Capgemini SE, a French multinational corporation providing consulting, professional, technology and outsourcing services announced that it had entered into an agreement to acquire Leidos Cyber, the “commercial cybersecurity arm” of the US company Leidos Holdings Inc.

Optiv Hires Deloitte Stalwart Kevin Lynch as Chief Executive Officer (BusinessWire) Optiv Security today announced that it has named Kevin Lynch as the company’s Chief Executive Officer (CEO), effective April 17, 2020.

Jaya Baloo, a recognized cybersecurity professional joins Nixu Corporation Board of Directors (News Powered by Cision) European cybersecurity company Nixu is pleased to...

Perspecta brings back former SAIC, HPE exec (Washington Technology) Perspecta hires two-decade market veteran and former SAIC and HPE executive Orlando Figueredo to help lead business development functions.

Products, Services, and Solutions

Enveil Delivers ZeroReveal Machine Learning for Secure Advanced Decisioning (Globe Newswire) Extending the company’s privacy-preserving offerings, ZeroReveal® ML expands the magnitude of enterprise machine learning capabilities through secure collaboration

PolySwarm's threat intel tool now integrated with leading SOAR platform, ThreatConnect (Business Insider) Now it's even easier for cyber threat analysts to tap into PolySwarm for file reputation and threa...

King & Union Awarded U.S. GSA IT Schedule 70 Contract (King & Union) King & Union today announced it has been awarded a five year U.S. General Services Administration (GSA) IT Schedule 70 contract to provide its Avalon Cyber Analysis Platform to U.S. public sector agencies.

BlackBerry Strengthens Automotive and Embedded Software Portfolio with QNX Black Channel Communications Technology (BlackBerry) New solution provides peace of mind within safety-critical systems

Payspan Employs Datadobi to Help Simplify Healthcare Payments (Datadobi) Healthcare’s leading provider of payment and reimbursement solutions migrates business-critical financial data with DobiMigrate – helps Payspan meet PCI and HIPAA compliance regulations mandates.

Dell unveils new PC security capabilities (CRN Australia) To help secure businesses during remote-work deployments

Dell releases new tool to detect BIOS attacks (ZDNet) Dell makes new tool named SafeBIOS Events & Indicators of Attack available for download for all Dell commercial PCs.

Palo Alto Networks Secures FedRAMP 'In Process' Milestone for Prisma Access (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today announced that PrismaTM Access has achieved the designation of "In...

Edison Software Talks Email Cybersecurity (PYMNTS.com) Edison Software discusses the role of the email service in combatting the business email compromise scam, as well as its new email service OnMail.

Let's authenticate: Beyond Identity pitches app-wrapped certificate authority (Register) Enclave-bound service aims to be another nail in the password coffin

Technologies, Techniques, and Standards

You have to consider cybersecurity at all points of a cloud migration (Help Net Security) IT teams can take advantage of cloud native tools to help mitigate these risks, but they should not rely solely on these tools.

The security conundrum of 5G network slicing (Urgent Communications) One benefit of moving to a standalone 5G network is that it makes it possible for wireless operators to implement network slicing, which means they can run multiple dedicated networks that all share a common, physical infrastructure. Each network slice can have its own characteristics and identity – but that also means it will have its own risks.

Summary of INCOSE control system cyber security presentation – IT/OT is almost as much of a threat to infrastructures as the hackers (Control Global) Thursday, April 9th, 2020, I gave a presentation to the International Council on Systems Engineering’s (INCOSE) Critical Infrastructure Protection and Recovery (CIPR) working group monthly call (go here to learn more about INCOSE and the CIPR working group).

Experian exec on recognition gap, enterprise IAM progress and the biometrics layer (Biometric Update) Physical biometrics are the most secure form of identity verification, 81 percent of consumers around the world say according to Experian’s recent Global Identity and Fraud Report. The importance o…

GDPR, CCPA and beyond: How synthetic data can reduce the scope of stringent regulations (Help Net Security) Synthetic data is helping highly regulated companies safely use customer data to increase efficiencies or reduce operational costs.

Using Components with Known Vulnerabilities (Professionally Evil Insights) When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against.

Tracking Attackers With Word Web Bugs (Cyber Deception) (Black Hills Information Security) Hello and welcome! My name is John Strand, and in this video, we’re going to be talking about Word Web Bug Servers. Now the idea of a Word Web Bug Server is we can create a Word document that any time that document is opened it will actually create a call back and it will …

The dangers of assumptions in security (Help Net Security) Assuming things is bad for your security posture. You are leaving yourself vulnerable when you assume what you have is what you need.

Design and Innovation

Reddit makes political ads more transparent ahead of 2020 election (POLITICO) Reddit will begin publicly disclosing its political advertisers and how much money they shell out, the company said Monday.

The end of passwords: Industry experts explore the possibilities and challenges (TechRepublic) Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.

Academia

Master of Science in Cybersecurity now offered by UMA and USM (Bangor Daily News) Program will provide training to fill demand for highly skilled technologically savvy workforce; applications now being accepted for fall 2020...

Legislation, Policy and Regulation

NATO’s new panel needs to think beyond Cold War assumptions (Defense News) A legacy alliance, NATO has seen better days — today, it is covered in cobwebs and dominated by stale thinking.

Making Cyberspace Safe for Democracy: The New Landscape of Information Competition (Foreign Affairs) With the 2020 U.S. presidential campaign underway, stories of Russian interference are again in the headlines. In 2016, Russia’s hacking operations and use of social media to manipulate public discourse in the United States caught U.S. policymakers off-guard. Four years later, officials have not yet fully understood that those attacks reflected the changing landscape of geopolitical competition.

MPs summon China-owned firm over security concerns (BBC News) MPs to summon British based, Chinese-owned firm executives over plans to transfer sensitive technology.

MPs summon Imagination Technologies executives over alleged attempts to transfer British firm's ownership to China (Computing) The US government has also ordered an urgent probe into the matter

FCC Seeks Comment on Excluding Suspect Foreign Tech (Broadcasting & Cable) Wants input on squaring FCC, Hill decisions

Litigation, Investigation, and Enforcement

Watchdog finds the Pentagon is behind on several cybersecurity initiatives (Fifth Domain) It's unclear who's in charge of what cybersecurity tasks across the Defense Department.

GAO Joins OIG in Criticizing Pentagon’s Approach to Cyber Risk (Homeland Security Today) The Government Accountability Office says the Department of Defense has not fully implemented key initiatives and practices aimed at improving cyber hygiene.

Cybersecurity: DOD Needs to Take Decisive Actions to Improve Cyber Hygiene (US Government Accountability Office) “Cyber hygiene” is a set of practices for managing the most common and pervasive cybersecurity risks. The Department of Defense’s cyber hygiene is critical as threats to its information and networks increase.DOD has had 3 cyber hygiene initiatives underway. These efforts are incomplete—or their status is unknown because no one is in charge of reporting on progress.DOD has also developed lists of its adversaries’ most frequently used techniques, and practices to combat them.

Hyderabad: Cyber crime victim losses 92,000 attempting to buy liquor online (Telangana Today) According to the police, the victim came across a Facebook page of a popular liquor outlet at Gowliguda in the city.

APT41's backdoor campaign. Tax fraud season news. Shipping hack? Tech transfers. COVID-19 notes.

At a glance.

Bring your own context.

CSO Perspectives, now available to CyberWire Pro subscribers.