— The cybersecurity community during the COVID-19 emergency
Russian hackers may be behind cyber attacks on Czech hospitals, says ESET - Prague, Czech Republic (Expats.cz) The malware CoViper that attacked some Czech hospitals in the past week could be the work of Russian hackers, the antivirus firm ESET said
China’s Coronavirus Information Offensive (Foreign Affairs) Beijing Is Using New Methods to Spin the Pandemic to Its Advantage
Chinese Agents Spread Messages That Sowed Virus Panic in U.S., Officials Say (New York Times) American officials were alarmed by fake text messages and social media posts that said President Trump was locking down the country. Experts see a convergence with Russian tactics.
Opinion | Pandemic Propaganda Is Coming. Be Ready for It. (New York Times) Americans will have to choose what to believe in a swelling sea of disinformation.
Vietnam-linked hackers targeted Chinese government over coronavirus response: researchers (Reuters) Hackers working in support of the Vietnamese government have attempted to break into Chinese state organisations at the centre of Beijing's effort to contain the coronavirus outbreak, U.S. cybersecurity firm FireEye said on Wednesday.
China should come forward with real evidence about where coronavirus developed: NSA O'Brien (Business Insider) China should come forward with "real evidence" and tell the world about where and how the deadly coronavirus developed,
House Set to Vote on Stimulus With Plans to Dole Out Still More (Bloomberg) Senate passes more aid for small businesses, hospitals. Democrats prevail in drive for added coronavirus testing money.
Senate approves $310 billion in new SBA PPP loan money. What you should know (Fortune) The deal would provide an additional $310 billion for the PPP, earmarking $60 billion for smaller banks.
SBA's coveted PPP is set to receive another $310 billion. But that still might not be enough. (Washington Business Journal) The program is poised to get another infusion of federal funding, but it's unclear how long it will last.
Tech groups call on Congress to boost state funds for cybersecurity during pandemic (TheHill) A coalition of major tech groups on Monday demanded that Congress send funds to state and local governments to defend against cyberattacks as part of the next coronavirus stimulus bill.
COVID-19 stalls Australia's Data Availability and Transparency Act (ZDNet) National Data Commissioner instead releases draft data sharing agreement template to help agencies share data in a way that is 'safe, timely, and transparent'.
Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers (CyberScoop) A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic.
U.S. senators urge cybersecurity officials to defend health sector (Reuters via Nasdaq) A handful of U.S. senators have called on top cybersecurity officials to aggressively protect health and research organizations from potential hacking and other attacks as the country battles the coronavirus pandemic.
Hackers are using coronavirus-themed phishing lures to go after DOD networks (CyberScoop) Cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes, the Department of Defense said Monday.
US sends 32x more COVID-19 related spam emails than Russia (Atlas VPN) According to data extracted and analyzed by Atlas VPN, coronavirus-related spam emails sent from the US outnumber spam emails from Russia by more than 32 times. Currently, scammers are abusing the pandemic to lure unsuspecting victims into their phishing scams. Mostly, these email subject lines contain keywords such as “Coronavirus Vaccine,” “Covid-19 supplies discount,” “Order …
Spike in Company Compromises Correlates With Lockdowns (SecurityWeek) Finland-based Arctic Security detected a spike in the number of firms potentially compromised each week as COVID-19 (coronavirus) related lockdowns were put into place.
Foiling content-borne attacks against a remote workforce (Help Net Security) What can organizations do in order to protect their remote workforce? Liron Barak, CEO at BitDam offers insight and techniques for security leaders.
How Hackers Take Advantage of a Crisis (Entrepreneur) The threats are real, especially in today's climate.
Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online (Washington Post) Thousands of alleged email addresses and passwords linked to prominent organizations battling the coronavirus pandemic have been dumped on the Internet, where they almost immediately were used to foment hacking attempts and harassment by far-right extremists.
Why disinformation and misinformation are thriving in the COVID-19 pandemic (LancasterOnline) As the freight train rumbled eastward, a man on the city’s South Side noticed, among the boxcars and tank cars, eight flatbeds hauling military vehicles.
Yes, there's lots of COVID-19-themed scuminess around – but otherwise the level of cybercrime is the same (Register) A shift in badness doesn't mean more badness overall, says Secureworks
Are businesses prepared for a surge in cybercrime and fraud? (Help Net Security) Although fraud and cybercrime to increase faster during a recession, this downturn means organizations face an accelerated threat from fraud and cybercrime.
How To Recognize And Stop SIM Swapping Fraud (PYMNTS.com) SIM swapping fraud is impossible for victims to avoid, and John Prideaux, CEO of Boku, talks about how to spot and kill it at the root before it can bloom.
Coronavirus Worries Allow New Scams To Take Hold (Forbes) We’re seeing a lot of phishing campaigns taking advantage of the fear and uncertainty
At last – a use for all those phishing emails you’ve been getting! (Naked Security) Here’s something officially useful you can do with all those phishing scams – and the cost to you is approximately zero!
Facebook to alert us if we’ve been exposed to fake coronavirus news (Naked Security) Drinking bleach does NOT cure coronavirus: it’s just one dangerous myth that Facebook will alert us to if we’ve interacted with it.
Will Google/Apple Api Apps fighting Covid-19 result in permanent loss of privacy? (SC Magazine) Unless we believe that the coronavirus threat is permanent then the public interest test to allow Covid-19 tracking apps surveillance capabilities is only passed for so long as the threat remains.
Privacy concerns hit Western plans for contact tracing apps (The Telegraph) While contact tracing was rapidly deployed in Asian countries like China, in the West its rollout has been less than straightforward
Sen. Asks Tech CEOs To Take Liability For Virus Tracing App (Law360) The Senate's youngest member has qualms about Apple and Google's joint venture to help governments trace the contacts of those who have been infected by the novel coronavirus precipitated by Google's "poor record on privacy."
New Coronavirus screenlocker malware is extremely annoying (BleepingComputer) A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.
NFL Draft: 5 Things Teams Need to Do Now to Guard Against Hackers (Critical Start) Your security teams should be all hands on deck not only this week but daily. Implementing these best practices are good not only now, but moving forward for your organization.
NFL Tackles Cybersecurity Concerns Ahead of 2020 Draft Day (Threatpost) Researchers weigh in on potential security concerns surrounding the 2020 NFL Draft.
Virtual army rising up to protect healthcare groups from hackers (TheHill) As the world continues to grapple with the COVID-19 pandemic, a related crisis has emerged.
Volunteer cybersecurity pros say they've stymied hacks against health care organizations (CyberScoop) A volunteer group of cybersecurity professionals formed to protect computer networks during the coronavirus pandemic says it has helped dismantle nearly 3,000 malicious internet domains and identified more than a 2,000 software vulnerabilities in health care institutions around the world.
For the Navy’s hospital ships, networking is yet another challenge (C4ISRNET) The Navy's hospital ships provide health care to individuals, but they must also ensure the cyber wellness of the devices onboard.
Five contingency best practices for SOCs to handle uncertainty (Help Net Security) In pursuing an assessment and other proactive contingency planning, here are five best practices for SOCs to consider, courtesy of Alert Logic.
Covid-19 Offer: Free Continuous Authentication for Remote Workers through July 2020 (TWOSENSE.AI) In response to the unprecedented increase of remote and work-from-home workers due to the COVID-19 crisis, we are taking proactive steps to provide companies across the globe with the tools necessary to enable their employees to be immediately productive as they work remotely while ensuring that company resources and data stay protected. Effective immediately, we are offering free, no-obligation use of our continuous authentication products for four months.
Dell provides US$9B in financing with new DFS payment program (CRN Australia) Includes zero-percent interest rates and payment deferrals.
Cyber Attacks, Threats, and Vulnerabilities
New iOS exploit discovered being used to spy on China's Uyghur minority (ZDNet) New "Insomnia" exploit works on iOS versions 12.3, 12.3.1, and 12.3.2; was patched in iOS 12.4 last year.
Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant (Volexity) In September 2019, Volexity published Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs, which described a series of attacks against Uyghurs from multiple Chinese APT actors.
Data breach may have exposed personal information of thousands of SBA emergency loan applicants (Washington Post) Nearly 8,000 applicants may have seen identifiable details of other applicants before the Small Business Administration fixed and relaunched the site.
Small Business Administration reports data breach in disaster loan website (PBS NewsHour) The Small Business Administration has reported it had a potential data breach last month in its website handling disaster loan applications.
Researcher discloses four IBM zero-days after refusal to fix (BleepingComputer) Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC.
Security researcher discloses four IBM zero-days after company refused to patch (ZDNet) Zero-days impact the IBM Data Risk Manager (IDRM), one of IBM's enterprise security tools.
IBM Tells Researcher It Will Not Patch Serious Data Risk Manager Flaws (SecurityWeek) IBM has told a researcher it will not patch several Data Risk Manager vulnerabilities that can be chained by a remote, unauthenticated hacker to execute arbitrary code as root
RCE Exploit Released for IBM Data Risk Manager, No Patch Available (Threatpost) Three separate flaws can be chained to achieve full system compromise.
IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report (Register) IT giant admits it made 'a process error, improper response' to flaw finder
High-Severity Vulnerability in OpenSSL Allows DoS Attacks (SecurityWeek) The latest OpenSSL update patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks
Hackers could manipulate Azure agent, using skeleton key to attack cloud infrastructure (SC Magazine) Skeleton key could unlock Azure environment for cyber-criminals - not a vulnerability, but a new way to exploit an Azure synced environment so no patch expected.
'The Netherlands overheard other countries for years after cracking encryption' (Teller Report) The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia.
Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC (SecurityWeek) Microsoft says it will not patch a DLL side-loading vulnerability related to its MSTSC remote desktop client that can be leveraged to bypass security controls
Chinese Hackers Target South Korean Gaming Company (SecurityWeek) South Korean video gaming company Gravity is the latest victim of the China-linked threat actor tracked as the Winnti Group
Cognizant's ransomware attack is making peers like TCS and Infosys nervous — and they are beefing up security (Business Insider) The Maze ransomware attack on Cognizant workers will have an impact on its revenue and operations in the coming year, according to the company filings with
Hackers are now targetting stock markets (The Economic Times) Generally, these fraudsters sell penny stocks from their account and buy them from the compromised account. Investors of the compromised account will lose money while counter-party to the scam orders will gain. They also trade on illiquid option contracts or just buy penny stocks to be sold later, said brokers.
Smart IoT home hubs vulnerable to remote code execution attacks (ZDNet) IoT hubs used in homes and offices were found to be susceptible to exploit due to critical bugs in their firmware.
Tax Phishing Campaign Reminds of DMARC Limitations (SecurityWeek) DMARC works where it is designed to work, but phishers will simply put more social engineering effort into masquerading as an associated domain that could be accepted as genuine.
Here's a list of all the ransomware gangs who will steal and leak your data if you don't pay (ZDNet) Ransomware gangs are getting more aggressive these days about pursuing payments and have begun stealing and threatening to leak sensitive documents if victims don't pay the requested ransom demand.
Nintendo owners urged to secure accounts (BBC News) Switch owners report an apparent surge in attempts to buy expensive items through Nintendo accounts.
dForce Hacker Returns Almost All of Stolen $25M in Crypto (CoinDesk) The hacker had drained $25 million in cryptocurrency from decentralized finance protocol dForce over the weekend.
Hacker returns $25 million after their IP address is exposed (HackRead) Yesterday, Hackread.com reported how a Chinese lending platform named Lendf.me using a lending protocol by dForce was hacked resulting in a loss of $24.36 million worth of Ethereum, Bitcoin and USD Stablecoins. Now, in a shocking twist of events, the entire sum has been returned back by the hacker.
New Malware Swaps Out Crypto Wallet Addresses as You Type Them (Sunriseread) A brand new little bit of malware referred to as Masad Stealer can change pockets addresses as you kind them because of malicious code injected into your browser. In line with Juniper Networks, it additionally steals: PC and system infoCredit score Card Browser InformationBrowser passwordsPut in software program and processesDesktop InformationScreenshot of DesktopBrowser cookiesSteam recordsdataAutoFill browser …
Supreme Court warns of rise in scam calls, phishing email impersonating court officers (TODAYonline) There has been a recent spate of phone calls and phishing email messages from scammers impersonating court officers, the Supreme Court warned in a statement on Wednesday (April 22).
Inductive Automation Ignition (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Inductive Automation
Equipment: Ignition 8 Gateway
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.
Bluffton Township Fire District returning to normalcy following cyber attack on servers (Bluffton Today) A spokesman from the Bluffton Township Fire District said the department’s day-to-day operations have returned to relative normalcy, one month removed from a cyber attack on its internal online servers.
Congressional Primary Candidate Condemns Cyber Attack On His Virtual Town Hall (WAMC) One of the Democratic primary candidates in a New York congressional district says his recent virtual town hall to discuss COVID-19 relief efforts was
Chippy apologises after HACKER plunges click and collect into chaos (Lincolnshirelive) They have apologised and refunded their customers
Frippin' heck: Watch out, chin-stroking prog rock fans. King Crimson distributor Burning Shed says it's been hacked (Register) Crims slope off with a slice of dabatase including emails and encrypted passwords but no credit card deets
Security Patches, Mitigations, and Software Updates
Vivaldi browser now can block ads and trackers (CNET) Also, Vivaldi for Android is out of beta testing.
2020 Data Threat Report: Federal government ahead of businesses when it comes to cloud adoption (Thales) Research shows government agencies potentially positioned for benefits in the cloud in the current remote workplace environment.
New Trustwave Report Reveals Cybersecurity Threats Becoming Pervasive and Attacks More Targeted (Trustwave) As Organizations Move to Cloud Environments and Embrace Digital Transformation, Adversaries are Quickly Adapting According to Breach Investigations and Threat Intelligence Analysis
Aryaka’s Fourth Annual State of the WAN Report Reveals 2020 Insights From 1000+ Global Enterprises (BusinessWire) Aryaka’s State of the WAN Report Reveals Application Performance as Top Concern for Organizations Implementing SD-WAN
Data breach report (Omnisend) Since 2005, the US has seen over 10 billion data breaches take place. This study has revealed the US companies and States that have had the largest number of data breaches across America. Making up the biggest portion was a 2016 breach of Yahoo! where over 3 billion pieces of data were leaked. At theRead more
Recycled tools allow cybercriminals to attack like nation-states, and we need to change our defence (teiss) Marcus Fowler, Director of Strategic Threat, Darktrace, discusses how hackers are recycling nation state tools to evolve their attack methods and what businesses should be doing to prevent falling victim to these highly sophisticated attacks.
Confluent lands another big round with $250M Series E on $4.5B valuation (TechCrunch) The pandemic may feel all-encompassing at the moment, but Confluent announced a $250 million Series E today, showing that major investment continues in spite of the dire economic situation at the moment. The company is now valued at $4.5 billion. Today’s round follows last year’s $125 m…
NAVAIR Digital Department Awards $77.7M Contract to Sabre Systems, Inc. (BayNet) Sabre Systems, Inc. was selected for a $77.7M contract by the NAVAIR Digital Department to provide technology acceleration and integration, information technology, information management and cyber security support services.
Zerto Named in JMP Securities Elite 80 List for Sixth Consecutive Year (Zerto) Annual List Highlights Hottest Privately Held Cybersecurity and IT Infrastructure Companies
Google's Head of Quantum Computing Hardware Resigns (Wired) John Martinis brought a long record of quantum computing breakthroughs when he joined Google in 2014. He quit after being reassigned to an advisory role.
Cyber Security 1 AB: Change of non-executive Chairman of the Board of Directors of CYBER1 (Globe Newswire) Change of non-executive Chairman of the Board of Directors of CYBER1
Tenured Financial Services experts join Breach Clarity advisory board (CUInsight) Two financial services experts have joined the advisory board of fraud prevention and detection technology firm Breach Clarity. David Eads and Ben Wallach bring versatile and experienced perspective to a growing dialogue around the need for new strategies to combat threats posed by mounting data breaches. This month, Eads and Wallach will join the now …
Products, Services, and Solutions
Odix is disarming the growing malware threat (Help Net Security) Odix uses content disarm and reconstruction for disarming malware. Odix can be deployed at various parts of an organization's infrastructure.
Trustonic Security to be Implemented in LG Mobile Smartphones (BusinessWire) Mobile device and app security leader Trustonic has extended its partnership with LG Electronics Mobile Communications Company.
Nozomi Networks teams up with Cyber Partners to Deliver Advanced MSSP Services to Critical Industrial Networks in Australia (PRWire) Milestone MSSP agreement Targets Australia mining, energy and transport sectors
Aqua Security Introduces Dynamic Threat Analysis for Containers, Mitigating Risks of Sophisticated Malware Attacks (Aqua) First ‘Sandbox’ for Containerized Applications is Integrated into Aqua’s Cloud Native Security Platform and Cloud Security Posture Management (CSPM) Solutions BOSTON – 22 April, 2020 – Aqua Security, the leading platform provider for securing cloud native applications and infrastructure, announced today Aqua Dynamic Threat Analysis (DTA), a new product offering that protects container-based environments against …
NordVPN becomes the first VPN to integrate WireGuard on all platforms (Android Central) WireGuard is a new VPN protocol that promises better connectivity and faster speeds. NordVPN has now integrated the standard on all platforms via the NordLynx standard, and you can start using it from today.
Axis Security Unveils Partner Program to Help Enterprises Gain Better Control over Private App Access; BlackLake Security First to Join Program (Axis Security) Channel to represent significant distribution avenue for fast-growth cyber start-up that offers secure application access for remote workforce, partners using Zero Trust approach SAN MATEO, California – April 22, 2020 – Axis Security, the private application access company, today unveiled the Axis Security Partner Program (ASPP) for VARs, systems integrators, MSSPs, OEM partners and distributors....
Avanan Launches Canadian Datacenter (Globe Newswire) Helps customers comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
Avanan Introduces First-Ever Consumption-Based Email Security Licensing Program (Globe Newswire) Avanan, the leader in securing cloud email and collaboration platforms, is introducing a first-of-its-kind for the email security industry: an automatic consumption-based licensing program.
Technologies, Techniques, and Standards
Deepfakes and AI: Fighting Cybersecurity Fire with Fire (Threatpost) To successfully mitigate evolving attacks, security teams must use the exact same AI tools that create those attacks in the first place.
Training Employees to Be Smarter Than AI-Powered Phishing Messages (Interesting Engineering) Avoiding online threats that may stem from cleverly disguised phishing messages is possible through trained employees and AI tools.
Kids and social media: Online safety tips every parent should know (Norton) Social media safety for kids is a concern for parents. Here are a few online safety tips to help teens and parents navigate social media.
Containers Are Not VMs, and Other Misconceptions (Container Journal) The adoption rate of containers has been steadily growing as organizations begin to see the benefits container technology provides. This adoption also
Design and Innovation
Riot Offers Hackers Up to $100,000 Reward to Expose Valorant Anti-Cheat Exploits (IGN) Hack the (first-person shooter) planet!
Research and Development
Researchers train AI to spot difference between bots and human users on Twitter based on their activity patterns (Computing) Real users tend to respond more frequently to tweets from other users compared to bots
Legislation, Policy, and Regulation
UK made a firm decision on Huawei in 5G: foreign ministry's top official (Reuters) Britain's government made a firm decision to allow China's Huawei to have a role in building the country's 5G phone network and as far as the foreign ministry's top official understands it is not being reopened, he said on Tuesday.
Analysis | The Cybersecurity 202: Senate Russia report may inspire last push for election security changes before November (Washington Post) All eyes are on the next coronavirus stimulus bill.
GAO reveals lack of cybersecurity strategies at four agencies (Fifth Domain) New reports from the Government Accountability Office detail the current status of agencies' work implementing GAO recommendations from 2019 reports.
Essye Miller to retire after 35 years in the Cyber Workforce (US Black Engineer) Essye Miller, principal deputy chief information officer (CIO) at the Department of Defense (DoD), is retiring in June. (Photo courtesy of Federal Computer Week/Federal Times, Alan Lessig) “Essye has been a trusted advisor to me, especially as I came onboard the DoD,” Chief Information Officer Dana Deasy said in a statement. “Essye is without a … Continue reading "Essye Miller to retire after 35 years in the Cyber Workforce"
Litigation, Investigation, and Law Enforcement
Senate Intel report confirms Russia aimed to help Trump in 2016 (POLITICO) The report represents a confidence-booster to the country’s intelligence community.
Judge dismisses parts of Hy-Vee data breach lawsuit, allows others to proceed (KCRG) A judge in United States District Court in Illinois has ruled on motions to dismiss a class-action lawsuit against a major Iowa-based supermarket chain, handing victories to both sides, according to new court documents.
DOJ opposes early release for Reality Winner, jailed NSA leaker seeking reprieve during pandemic (The Washington Times) Reality Leigh Winner, an Air Force veteran in prison for leaking classified information about Russian election interference, encountered objections Monday to being released early.
Something a bit phishy in your inbox? You can now email suspected frauds straight to Blighty's web takedown cops (Register) National Cyber Security Centre publishes scam-busting address