The CyberWire Daily Briefing, 4.15.20

Dateline

NATO defense ministers to weigh coronavirus fallout (Defense News) Amid the immediate crisis management, questions surrounding virus-related disinformation, supply-chain dependencies and military spending are expected to be on the agenda for April 15.

Sidelined by Coronavirus, Congressional Leaders Face Pressure to Vote Remotely (New York Times) Rank-and-file lawmakers, scholars and good government groups say it is time for Congress to allow remote voting and virtual legislating.

COVID-19 NEWS: Coronavirus Could Stymie U.S. Cybersecurity Enhancements (National Defense) The COVID-19 pandemic may throw a monkey wrench into plans to boost cybersecurity in the United States, two members of a blue ribbon panel said April 14.

US consumers report $12M in COVID-19 scam losses since January (BleepingComputer) The U.S. Federal Trade Commission says that approximately $12 million were lost to Coronavirus-related scams according to consumer reports received since January 2020.

ICANN asks registrars to crack down on scam coronavirus websites (Naked Security) It doesn’t have regulatory authority, so it can’t do much, but the hundreds of registrars it authorizes can and should.

The Internet Archive Is Being Used As A Disinformation Mule (Medium) Actors are using archive.org and exploiting the ‘Save Page Now’ feature to propagate disinformation even after their stories are removed.

Uncertainty fuels coronavirus scams, misinformation around Colorado (The Colorado Sun) There’s plenty of misinformation and disinformation circulating as Coloradans and the rest of the world cope with COVID-19. Here's what it looks like in Colorado.

IRS warns of hackers targeting tax professionals during coronavirus pandemic (TheHill) The Internal Revenue Service (IRS) on Tuesday warned that hackers are looking to take advantage of the ongoing COVID-19 pandemic to target tax professionals in a bid to steal financial information.

COVID-19-themed cyberattacks continue to proliferate (SiliconANGLE) Despite reports in March that those in the hacking community were encouraging others to not take advantage of the COVID-19 pandemic, the number of cyberattacks has continued to rise, according to new research from Palo Alto Networks Inc.’s Unit 42.

Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns (Unit42) New research shows COVID-19 themed phishing campaigns are targeting healthcare organizations and medical research facilities around the world

Analysis | The Cybersecurity 202: Hospitals face a surge of cyberattacks during the novel coronavirus pandemic (Washington Post) The attacks have shut down services and impeded care.

Hackers Favor Small Hospitals, Health Centers as Ransomware Targets (HealthITSecurity) Hackers tend to favor targeting smaller providers, like hospitals and healthcare centers with ransomware attacks, given many lack an on-staff security leader and an increased likelihood they'll pay.

Cyberattacks Target Firms on Coronavirus Frontlines (Threatpost) Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.

COVID-19 Hacks Bring Cyber Hygiene Into Sharp Focus (Law360) Companies are seeing a major uptick in the number of COVID-19-related cybersecurity attacks as employees shift to working remotely, prompting attorneys to urge clients across industries to ramp up security protocols for the long haul and be wary of adopting third-party software.

Zoom issues latest security update to improve passwords and more (iMore) Zoom has issued updates to improve security on its platform, including improved password security and increasing the length of meeting IDs.

Exclusive: Stay off Zoom and Google Hangouts, Standard Chartered chief tells staff (Reuters) Standard Chartered Plc is the first major global bank to tell employees not to use Zoom Video Communications Inc during the coronavirus pandemic due to cybersecurity concerns, according to a memo seen by Reuters.

Hacker Selling Zoom App User Data on Dark Web for As Low As $5,000 (The Quint) Everything from webcam or microphone security to passwords, emails are being sold on the Dark Web.

Will Zoom manage to retain security-conscious customers? (Help Net Security) While Zoom Video Communications is trying to change the public's rightful perception that, at least until a few weeks ago, Zoom security and privacy were

Zoom in crisis: How to respond and manage product security incidents (Help Net Security) Zoom is in crisis mode, facing grave and public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy.

Fake VPN Sites Deliver Infostealers (Zscaler) Fake Nord VPN site and Fake VPN4Test site delivers Infostealer like Grand Stealer, Azorult Infostealer, Masad Stealer, Parasite RAT, NukeBot

3 ways to ensure your company's cybersecurity as you work from home, according to Microsoft (GMA News Online) Working from home has rendered us slaves to every imaginable messaging app — from GChat to FB messenger to Viber, Whatsapp, Telegram, and Zoom. This has opened ourselves and our teams to increased risk.

Identifying Unique Risks of Work from Home Remote Office Networks (BitSight) With companies around the world adapting to a remote workforce, we looked at our data to understand inherent risks posed to organizations by home networks.

Cybersecurity in a remote workplace: A joint effort (Help Net Security) In the context of a remote workplace, how can organizations improve their cybersecurity and prevent workers falling prey to hackers?

What is the Cyber security Equivalent of Washing Your Hands for 20 Seconds? (Enterprise Times) We are all learning to wash our hands regularly to stay safe but are your staff doing just as well when it comes to keeping your IT and data safe?

How to lock down RDP servers (CSO Online) Make sure you've made all the proper settings to secure remote desktop protocol (RDP) to best protect your Windows network when supporting remote workers.

Data Security Checklist: Ensuring business continuity in the time of COVID-19 pandemic: data security risks (McCullough Robertson) As Governments implement severe measures to fight the COVID-19 pandemic, businesses are increasingly reliant on remote Internet-connected workforces in order to ensure business continuity. With this shift to remote working, comes heightened data sensitivity risks, including an increase in the likelihood of cyber attacks and privacy breaches.

A legal perspective on data breaches and home working (ComputerWeekly.com) Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification

Apple and Google discuss their coronavirus tracing efforts (TechCrunch) The tech giants answer reporters' questions.

Everything we know about the Google/Apple COVID-19 contact tracing tech (Computerworld) Here's how it works, what it does, why it matters and links to further information.

Apple is gathering data from Apple Maps to show how well people are social distancing (CNBC) Apple said it wants to help public health authorities and governments figure out whether social distancing guidelines are being followed but that it won't infringe on any individual's privacy.

Apple: We respect your privacy so much we've revealed a little about what we can track when you use Maps (Register) But we've only done it to help governments understand that virus thing you may have heard about lately

Less than half in Singapore willing to share COVID-19 results with contact tracing tech (ZDNet) Just 41% of Singaporeans are comfortable sharing a positive COVID-19 test result with contact tracing technology, though 55% -- the highest amongst six countries surveyed -- are willing to do so with their employer or school.

Coronavirus tracing tech policy 'more significant' than the war on encryption (ZDNet) COVID-19 apps that track individuals' movements and report them to a government server? What could possibly go wrong? Digital rights activists are starting to push back.

Federal contractors need coronavirus relief measures (Federal News Network) Hexagon U.S. Federal COO Chris Bellios argues that mid-size to large firms with employees working as federal contractors, particularly on defense and intelligence contracts…

DoD, ODNI sign ‘permission slips’ to keep contractors viable through the pandemic (Federal News Network) Recent DoD and ODNI memos outline how contractor officers can use the stimulus bill to pay contractors who can’t work because of COVID-19.

Silicon Valley’s tech start-ups face funding crisis: ‘This is more serious than the dotcom bubble’ (The Telegraph) Valuations are dropping, belts are being tightened and fundraising rounds cancelled. How can Silicon Valley get through this latest crisis?

Cisco Continues Commitment to Customers and Partners with $2.5B in Financing to Support Business Resiliency (Seeking Alpha) Today, Cisco (CSCO) is continuing its global commitment to help customers and partners navigate an evolving landscape with the introduction of a new Business Resiliency Program.

Space Force Is Now Fighting Coronavirus. Here's How (Military.com) The newly formed U.S. Space Force is not staying on the sidelines for the fight against the novel coronavirus.

How to Improve Your Enterprise VPN Security (Vulcan) While VPN use has skyrocketed as result of the new WFH situation, it doesn't come without security risks. Learn how to improve you enterprise VPN security.

Freebies from IT Vendors that you can grab right now (ETCIO.com) CIOs can leverage IT vendors' offers such as free access to enterprise platforms, access zero-cost licensing and even deferred payment options.

Microsoft offers free threat notification service to healthcare, human rights organizations (Help Net Security) Microsoft offers its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations.

SonicWall Boundless Cybersecurity Platform Swiftly Providing Remote Workforces with Secure Mobile Access, Defense in 'New Business Norm' (PR Newswire) SonicWall today announced a modern Boundless Cybersecurity model designed to protect and mobilize organizations, large enterprises, government...

A Message from Mario (ReversingLabs) We’ve seen firsthand threat actors attempting to exploit the operational transition companies have quickly had to make, and we’d like to help offload this resource burden--especially in this time of uncertainty and targeted attack growth.

Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial (Checkmarx) The application security testing world is made up of various different solutions, all with one ultimate aim – to protect software from hackers and attacks.

Indian Cybersecurity Market to Rise Post COVID-19: Experts (CISO MAG) Cybersecurity experts opined that Indian market witness an increase in the demand for cybersecurity and privacy post the COVID-19 pandemic.

VMworld 2020 goes digital (CRN Australia) Latest in-person event hit by COVID-19.

Cyber Attacks, Threats, and Vulnerabilities

Russian state hackers behind San Francisco airport hack (ZDNet) ESET says a Russian hacker group known as Energetic Bear (DragonFly) is behind a hack of two of the airport's websites.

Power giant EDP 'faces €10m ransomware demand after cyberattack' (Recharge) Portuguese utility and EDPR owner reportedly subject of security breach this week

RagnarLocker ransomware hits EDP energy giant, asks for €10M (BleepingComputer) Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).

Hackers are mass-scanning the internet to discover Microsoft Exchange servers vulnerable to RCE bug (Computing) A patch to fix this bug has already been released by Microsoft

Exclusive: Personal data of 1.41m US doctors sold on hacker forum (HackRead) Cybercriminals are taking advantage of the Covid19 pandemic. From selling fake Coronvirus vaccines and testing kits to setting up malware-infected fake live maps of the infection, crooks can go to any level to make cheap and quick bucks on hacker forums.

Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys (ZDNet) The Chrome extensions were mimicking cryptocurrency wallet apps like Ledger, MyEtherWallet, Trezor, Electrum, and others, but, in reality, they were stealing users' private keys and mnemonic phrases.

Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store (Register) Ongoing Chrome Web Store security saga deftly straddles tragedy and farce

New Stealth Magecart Attack Bypasses Payment Services Using Iframes (PerimeterX) New stealthy Magecart attack bypasses payment services using iframe hosted fields protection to skim credit cards while allowing successful transactions.

WordPress WooCommerce sites targeted by card swiper attacks (Naked Security) Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files.

Analysis of a WordPress Credit Card Swiper (Sucuri) While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection.

Slack phishing attacks using webhooks (AT&T Cybersecurity) Slack is a cloud-based messaging platform that is commonly used in workplace communications. It is feature-rich, offering additional functionality such as video calling and screen sharing in addition to a marketplace containing thousands of third-party applications and add-ons.

Nemty ransomware operation shuts down (ZDNet) Another ransomware operation bites the dust. Good riddance!

Attackers are using a Brazilian hacking tool against Spanish banks (CyberScoop) An easy-to-use hacking tool has made its way from Brazil’s criminal underworld to Spain, where it’s being used to try to steal from the customers of major banks, researchers said this week.

Grandoreiro Banking Malware Expands in Spain Cyberattacks (Threatpost) Researchers warn that the Grandoreiro banking malware has broadened in its targeting from Brazil to Spain.

Grandoreiro Malware Now Targeting Banks in Spain (Security Intelligence) A familiar malware threat called Grandoreiro, a remote-overlay banking Trojan that typically affects bank customers in Brazil, has spread to attack banks in Spain.

Siemens IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote attackers to affect the availability of the devices under certain conditions.

Siemens SIMOTICS, Desigo, APOGEE, and TALON (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: SIMOTICS, Desigo, APOGEE, and TALON Vulnerability: Business Logic Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to affect the availability and integrity of the device.

Siemens SCALANCE & SIMATIC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability can result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCALANCE are affected:

Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: KTK, SIDOOR, SIMATIC, and SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition.

Siemens TIM 3V-IE and 4R-IE Family Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: TIM 3V-IE and 4R-IE Family Devices Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access to gain full control over the device.

Siemens SIMATIC S7 (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Uncontrolled Resource Consumption (Resource Exhaustion) 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-05 Siemens SIMATIC S7 (Update A) that was published March 10, 2020, to the ICS webpage on us-cert.gov.

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC Vulnerability: Incorrect Calculation of Buffer Size 2.

Siemens TIA Portal (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TIA Portal Vulnerability: Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-014-05 Siemens TIA Portal that was published January 14, 2020, to the ICS webpage on us-cert.gov.

Siemens PROFINET Devices (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update D) that was published March 10, 2020, to the ICS webpage on us-cert.gov.

Siemens Industrial Products (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Triangle MicroWorks DNP3 Outstation Libraries (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Triangle MicroWorks Equipment: DNP3 Outstation Libraries Vulnerability: Stacked-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could possibly allow remote attackers to stop the execution of code on affected equipment.

Triangle MicroWorks SCADA Data Gateway (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Triangle MicroWorks Equipment: SCADA Data Gateway Vulnerabilities: Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion 2.

Siemens Climatix (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Climatix Vulnerability: Cross-site Scripting, Basic XSS 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code to access confidential information without authentication.

Eaton HMiSoft VU3 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Eaton Equipment: HMiSoft VU3 (HMIVU3 runtime not impacted) Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution or information disclosure.

Security Patches, Mitigations, and Software Updates

Microsoft April 2020 Patch Tuesday fixes 3 zero-days, 15 critical flaws (BleepingComputer) With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low. Three of these vulnerability are classified as zero-days as they were publicly disclosed or exploited.

Microsoft patches 113 vulnerabilities, including three zero-days, in April 2020 Patch Tuesday update (Computing) Two of the three zero-days were disclosed by Microsoft last month

April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit (Threatpost) Microsoft issued 113 patches in a big update, unfortunately for IT staff already straining under WFH security concerns.

Adobe Patches Flaws in ColdFusion, After Effects, Digital Editions (SecurityWeek) Adobe has patched five vulnerabilities in its ColdFusion, After Effects and Digital Editions products, but none of the flaws appear too serious

Google Keeps Support for FTP in Chrome (SecurityWeek) Google has decided to keep support for the File Transfer Protocol (FTP) in Chrome a bit longer, after initially saying it would completely remove it in Chrome 82

The Vulcan Vulnerability Digest - Top Threats Roundup - April 9th (Vulcan) With all the buzz around the latest campaigns and exploits, it might seem hard to know what really demands your attention. That’s why we’ve decided to round up the top security threats from the past couple of weeks that really require your attention.

Cyber Trends

278% Rise in Leaked Government Records During Q1 of 2020 (Infosecurity Magazine) There were 17 million leaked government records in Q1 of 2020

Number of leaked government records increases by 278% in Q1, 2020 (Atlas VPN) According to Atlas VPN research compiled from various publicly available sources, the number of exposed government and individual politician records increased by 278% when comparing the first quarters of 2019 and 2020. During the first quarter of 2019, there were over 4.5 million breached records of individual politicians or government bodies globally. Meanwhile, in 2020 …

How much is the phish? Underground market of phishing kits is booming – Group-IB (Security Affairs) The report focuses on phishing kits – the driving force of the phishing industry, which is hard to detect but extremely valuable in terms of fight against phishing. Group-IB, a Singapore-based cybersecurity company, has found out that phishing kits are the new bestsellers of the underground market, with the number of phishing kit ads on underground forums and their […]

Check Point: Dridex Banking Trojan Ranks on Top Malware List for First Time (IT News Online) According to Check Point Research's Global Threat Index, the well-known banking trojan Dridex, which first appeared in 2011, has entered the top ten malware list for the first time, as the third most prevalent malware in March.

Marketplace

Silicon Valley Icons Jim Clark and Tom Jermoluk Launch “Beyond Identity” (Beyond Identity) $30 Million Round led by KDT and NEA to Fund Groundbreaking Innovation that Eliminates Passwords and Replaces them with a Chain of Trust™

Awake Security Raises Series C Investment to Fuel Expansion and Adoption of its Advanced Network Traffic Analysis Platform (BusinessWire) Awake Security announced a $36 million Series C financing led by Evolution Equity Partners with Energize Ventures and Liberty Global Ventures.

Onfido Secures $100 Million to Set New Identity Standard for Digital Access (Onfido) Led by TPG Growth, new funds to service global demand for identity verification and authentication

Lightspeed Boosts Three Funds With $4B (Crunchbase News) Latest fund is focused on Series A and B rounds, a larger fund primarily for later stage, and a third that will focus on investing internationally.

Capstone Headwaters advises Revolutionary Security on its Sale to Accenture LLP (Capstone Headwaters) Capstone Headwaters, a leading international investment banking firm, advised Revolutionary Security LLC (“RevSec” or “The Company”) on the sale of 100% of its membership interests to Accenture LLP.

With new vulnerability management tools, NeuVector aims to strengthens container security (SiliconANGLE) With new vulnerability management tools, NeuVector aims to strengthens container security - SiliconANGLE

Roger Hale Joins BigID as Chief Security Officer (Security Magazine) BigID, data-centric personal data privacy and protection company, announced the appointment of Roger Hale to Chief Security Officer. As CSO, Roger brings more than 35 years of information security experience spanning venture capital, cloud, data management and more.

Products, Services, and Solutions

Heficed Introduces a Service to Combat IP Address Abuse (Heficed) Press release from Heficed: Cyber-Threat Ready: Heficed Introduces a Service to Combat IP Address Abuse.

IronNet Enhances Platform with Innovative Threat Landscape Visualization to Operationalize Collective Defense (IronNet Cybersecurity) New IronDome Detection Dashboard delivers unmatched real-time visibility, collaboration and knowledge sharing to drive cyber defense

Growing Cybercrime Sophistication Inspires New Security Strategies (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today introduced its proprietary Threat Modeling and Attack Simulation...

iProov Brings Biometric Authentication to the Web Browser (BusinessWire) iProov, the world’s leading provider of biometric authentication technology, today announced the launch of iProov Web, bringing genuine presence assur

Tencent Taps HackerOne’s Global Community of White Hat to Boost Cybersecurity (HackerOne) Leading Internet Services Provider Invites Ethical Hackers to Join in their Bug Bounty Program

Click Armor launches gamified assessment that tests business phishing vulnerability (Help Net Security) "Can We Be Phished?" is a new, freely available gamified cybersecurity awareness training from Click Armor, the Continuous Cybersecurity Awareness Platform.

Technologies, Techniques, and Standards

Power station brought down by cyber-attack - simulation lessons (SC Magazine) Siemens: The most important action you can take to make operations resilient is to develop and implement an IR playbook. Resiliency is based on 3 key concepts: visibility, relationships, & speed.

AI and Machine Learning Survey 2020 (Webroot) In the last several years, the use of artificial intelligence (AI) and machine learning (ML) has grown consistently among businesses. And yet, nearly 7 out of 10 of IT pros worldwide report they do not fully understand the benefits of these tools.

Backup or Disaster Recovery for Protection Against Ransomware? (SecurityWeek) Is data backup alone enough, or is q full disaster recovery plan required to mitigate the risk of ransomware attacks on business?

Are we doing enough to protect connected cars? (Help Net Security) In this interview, Moshe Shlisel, CEO at GuardKnox, explores if we're doing enough to protect connected cars and talks about pressing cybersecurity issues.

Threat modeling explained: A process for anticipating cyber attacks (CSO Online) Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.

Storage at scale: picking the right options for Kubernetes (Computing) Managing storage for large, complex distributed containerised applications is a whole different game; industry insiders discuss how the options stack up

Application security: Getting it right, from the start (Help Net Security) In a world where time is money, convincing people that application security is important is not always easy, but it's vital.

Research and Development

Netography Awarded AFWERX Small Business Innovation Research Grant from the U.S. DoD and Air Force (Netography, Inc) Netography announces it has been awarded an AFWERX Phase 1 SBIR grant from the U.S. Department of Defense (DOD) and Air Force.

Research Innovations, Inc. wins $21M prototype agreement to provide Cyber Situational Understanding (SU) capability to the U.S. Army (The Breeze) Research Innovations, Inc. (RII), a technology innovator with a focus on multi-domain C2 systems, big data analytics, and advanced cyber engineering, announced its

Legislation, Policy and Regulation

China’s thirst for Western tech is yet to be quenched (The Telegraph) Push to acquire western technology has faltered in recent times, but coronavirus provides a new opportunity for the Red Dragon

British MP David Davis urges the government to block Chinese attempts to seize control of Imagination Technologies (Computing) The government should try to bring about a purchase of the firm by somebody else in a Western country, Davis suggests

China is using coronavirus as a cover to seize control of Imagination Technologies (The Telegraph) Senior executives including Ron Black, the chief executive, stepped down late last week

Imagination renews hunt for investors after Chinese boardroom coup is abandoned (The Telegraph) China Reform Holdings had sought to appoint four new members of Imagination's board, igniting a row with management

Ex-BT chair Mike Rake joins Huawei’s UK board (The Telegraph) It comes as Conservative MPs renew anti-Huawei sentiment

()

LILLEY: Don’t trust China on COVID-19 or 5G, says top Trump official (Toronto Sun) The Chinese government can’t be trusted when it comes to sharing information on COVID-19 or pretty much anything else, including building Canada’s next-generation wireless system.That w…

Never mind Covid-19, Washington is still fixated on Huawei (South China Morning Post) The US obsession with Huawei can only be understood in light of its national security goals – it means to thwart China’s rise as a world power by means fair or foul.

New Leader of IT Sector Coordinating Council Wants Alignment on Key CISA Initiative (Nextgov.com) The new chairman of the Information Technology Sector Coordinating Council aims to be more involved in the agency’s work to protect industrial control systems.

()

Litigation, Investigation, and Enforcement

ACSC called in on 427 fed govt security incidents last year (iTnews) But posture and reporting systems improving.

Planning For Calif. Privacy Law Compliance Amid Uncertainty (Law360) Companies preparing for enforcement of the California Consumer Protection Act in July should look to the law's most recent modifications to devise a compliance plan that includes an assessment of what needs to be scaled back or temporarily changed in light of COVID-19, say Ana Tagvoryan and Ana Amodaj at Blank Rome.

New CCPA, GDPR Third Party Risk Management Privacy Guidelines and Checklists from Shared Assessments Help Organizations Assess and Address Privacy Risk Across Relationships (AP NEWS) The Shared Assessments Program today issued “ CCPA Privacy Guidelines & Checklists, ” the security and risk industry’s first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act (CCPA).

Hacked Crypto Investor Says AT&T Is Distorting His Claims (Law360) Investor Michael Terpin told a California federal judge that AT&T has distorted his claims in its bid to dismiss a suit lodged against the telecommunications giant after cellphone hackers stole $24 million worth of cryptocurrency.

Facebook Still Skirting Political Ad Rules, Wash. AG Says (Law360) Washington's attorney general is again suing Facebook for allegedly failing to make public certain information about political ads sold in the state, claiming that the company is continuing to flout the state's campaign finance law despite reaching a deal with the regulator in 2018 to settle similar allegations.

Reality Winner seeks to complete sentence in home confinement amid coronavirus concerns (CyberScoop) A former U.S. government contractor who pleaded guilty to leaking a classified intelligence report on Russian government interference is asking a federal judge to allow her to serve the remainder of her prison sentence at home over concerns about contracting COVID-19.

Australian court says raid at center of press freedom row 'unlawful' (The Japan Times) A search warrant used to raid a prominent Australian journalist's home in an operation that sparked wide-ranging debate over press freedom was overturned b

Energetic Bear left its heart in San Francisco. Ransomware hits power utility. Patch Tuesday notes. COVID-19 updates.

At a glance.

Bring your own context.

CSO Perspectives, now available to CyberWire Pro subscribers.