— The cybersecurity community during the COVID-19 emergency
Here's the blunter version of the EU's watered-down report on China's coronavirus disinformation (CyberScoop) A publicly-released European Union report on disinformation campaigns related to the novel coronavirus is watered down and less detailed in describing Chinese government activity compared to an internal assessment, according to a copy of the document obtained by CyberScoop.
EEAS denies toning down China disinformation report under pressure (Euractiv) The European External Action Service (EEAS) has hit out at reports that it toned down allegations made against China as part of a report into state-led disinformation campaigns, following pressure from Beijing.
China rejects calls for inquiry into virus origins (BBC News) Beijing's deputy ambassador to the UK tells the BBC the demands are politically motivated.
China denies virus disinformation claim (SBS News) China's foreign ministry has denied claims in an EU report saying there's evidence of covert Chinese operations spreading virus disinformation on social media.
China says it is a victim not initiator of COVID-19 disinformation (CGTN) A Chinese Foreign Ministry spokesperson said on Monday that the country is a victim not an initiator of COVID-19 disinformation while responding to a question about a European Union report that alleges China of spreading disinformation about the pandemic.
As the West Fights Coronavirus, Its Enemies Wage Cyberwar (Bloomberg) Teleconferencing and other remote technologies are here to stay, but security hasn’t kept pace with ubiquity.
Don't Be Taken Advantage of by Foreign Coronavirus Scams, Disinformation Warns NJ Homeland Security (TAPinto) As health care workers combat the spread of COVID-19, the New Jersey Office of Homeland Security and Preparedness (NJOHSP) is leading New Jersey's leading the fight against...
NYDFS Issues New Guidance Regarding COVID-19 Cybersecurity Risks (JD Supra) The New York Department of Financial Services (“NYDFS”) recently issued new guidance to regulated entities regarding cybersecurity awareness during...
Norway: 1.4 Million People Download Coronavirus Tracking App Despite Security Concerns (Forbes) 1.4 million people have downloaded Norway's new coronavirus tracker app, but controversy on the security, privacy and procurement process for the app dominates Norwegian media.
NHSX reveals full details of UK Covid-19 contact-tracing strategy (ComputerWeekly.com) National Health Service’s digital innovation unit aims to allay fears over privacy and confidentiality in forthcoming contract-tracing app.
What to know before using PeduliLindungi surveillance app, according to cybersecurity expert (The Jakarta Post) Following the launch of the government’s PeduliLindungi surveillance app, which aims to trace and track suspected patients as well as confirmed cases of COVID-19, questions arose over the safety of the users’ personal data stored in the app.
Coronavirus app: will Australians trust a government with a history of tech fails and data breaches? (the Guardian) The contact tracing app could work well to slow the spread of Covid-19, but will need to be accepted by a sceptical public
People-tracking wristbands put to the test (BBC News) Several nations are testing people-tracking wristbands to make sure citizens stay at home.
Germany flips to Apple-Google approach on smartphone contact tracing (Reuters) Germany changed course on Sunday over which type of smartphone technology it wanted to use to trace coronavirus infections, backing an approach supported by Apple and Google along with a growing number of other European countries.
Apple and Google add new tech specs for coronavirus tracking tool to boost user privacy (Android Police) Getting over the novel coronavirus outbreak, health experts and officials say, will take an extensive contact tracing regime in order to determine who
Facebook and Google Survey Data May Help Map Covid-19's Spread (Wired) Researchers from Carnegie Mellon hope to use the data to observe and predict surges in the spread of the virus.
Pakistan Using Spy Agency – ISI To Trace Covid-19 Infected Patients: Imran Khan (EurAsian Times) Inter-Services Intelligence (ISI) is Pakistan’s infamous and notorious spy agency responsible for detecting, analyzing and warding-off national security threats. In a sudden turn of events due to the COVID-19 pandemic, Islamabad has put the ISI in charge of tracing coronavirus infected patients.
How Virus Surveillance And Civil Liberties Could Collide (Law360) After weeks of social distancing in isolation, public health experts say widespread public health surveillance is the next stage of America’s COVID-19 pandemic response. Court battles are likely to follow over the balance between preventing new outbreaks and protecting privacy rights, especially for phone-generated data.
Spy agencies and human rights in the era of coronavirus (The Jerusalem Post) Can the public’s right to privacy coexist with the government’s fight to curb the pandemic?
COVID-19 Scam Roundup – April 27, 2020 (The State of Security) It's important to know what the latest coronavirus-themed attacks look like. Let's take a look at a few COVID-19 scams that made headlines this past week.
Exclusive: Scammers using fake WHO Bitcoin wallet to steal donation (HackRead) If there’s one thing we have learned from Coronavirus or Covid19 pandemic is that cybercriminals seek to turn every disaster into an opportunity to make quick bucks.
World Health Organization Sees Dramatic Uptick in Cyber Attacks (Security Today) Nearly 450 active email addresses and passwords used by WHO staff have been leaked online, and the public has received email scams from people posing as staff.
SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT (Security Intelligence) As the ongoing COVID-19 pandemic impacts small businesses in the U.S., cybercriminals are trusting that people will be more likely to open unsolicited emails purporting to come from relevant entities.
Hackers set up fake NHS website to spread malware (HackRead) Over the past few months, we’ve seen the rise of crooks using the COVID-19 crisis to their advantage. Some have been doing so through selling fake goods such as fake vaccines on the dark web whereas some have been using dedicated phishing and typosquatting campaigns in conjunction with trojans to lure innocent users.
Faked Websites Promote Pandemic Survival Book (Avast) Coronavirus scam promoted through malvertising on faked U.S. news sites and via emails
The Covid-19 crisis is resulting in a growing wave of small business cybercrime (TechRadar) Cybersecurity experts warn attacks on small and medium-sized businesses will increase with the release of aid packages
Ransomware attacks against key sectors fall amidst coronavirus outbreak (TechRepublic) Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected, says security firm Emsisoft.
Margrethe Vestager: ‘If tech firms do something illegal we will pursue them’ (The Telegraph) The EU’s leading monopoly enforcer says tech titans will not exploit the coronavirus pandemic on her watch
Capacity in crisis: Key factors that determine hosting providers’ service capability during COVID-19 - VanillaPlus - The global voice of Telecoms IT (VanillaPlus) Internet infrastructure is under immense pressure, as it has to accommodate the increased reliance on the network, affecting end-users and businesses alike
Routers Pose Remote Working Risk (Infosecurity Magazine) VPNs are a great security asset, but don't forget to check your employees' router security too
Third-party compliance risk could become a bigger problem (Help Net Security) More than half of legal and compliance leaders believe that cybersecurity and data breach is the most-increased third-party risk their organizations face.
Zoom announces 90-day security plan to earn back user trust (Phone Arena) Zoom has announced a 90-day security plan to earn back user trust, alongside the release of Zoom 5.0.
Phishing uses lay-off Zoom meeting alerts to steal credentials (BleepingComputer) Zoom users are targeted by a new phishing campaign that threatens those who work in corporate environments that they're contracts will either be suspended or terminated during a Zoom meeting.
Zoom’s Biggest Rivals Are Coming for It (New York Times) Facebook, Google and other behemoths are training their sights on Silicon Valley’s company of the moment.
Hackers deface church service on Zoom with child abuse content (HackRead) Just yesterday it was reported that a critical Zoom vulnerability lets hackers record meetings anonymously even if the host has disabled the recording feature.
Google Releases Security Measures To Help Users Fight COVID-19 Scams (Digital Information World) Going into further depth, the company also shared details regarding one notable campaign which was targeted at phishing the personal accounts of US government employees by impersonating the names of American fast-food franchises and COVID-19 messages as well.
Google takes on stronger measures to tackle covid related phishing emails (Livemint) In G Suite, advanced phishing and malware controls are turned on by default, ensuring that all G Suite users automatically have these proactive protections in place
Messenger Rooms are Facebook’s answer to Zoom and Houseparty for the pandemic (The Verge) Facebook is introducing new products to fend off competition
Netskope's security controls and protection now available for Microsoft Teams (Help Net Security) Netskope, a leading security cloud, announced the availability of its security controls and protection for Microsoft Teams.
Mcafee Mvision Cloud Provides Secure And Compliant Way To Manage Data And User Activity In Microsoft Teams (Security Boulevard) McAfee MVISION Cloud Enhances Sensitive Data Detection, Collaboration Controls, Threat Protection and Activity Monitoring Capabilities in Microsoft Teams
Warning over DPD delivery phishing scam fooling Irish customers (Extra.ie) Warnings are being shared online regarding a phishing scam disguised as an email from courier company DPD. Irish customers, in particular, are receiving emails from the scam artists asking for further payment for a package to be redelivered to their address.
Cybersecurity Amid The Pandemic: Protect The Crown Jewels (Forbes) Few corporate computer systems were designed to manage a large remote workforce.
COVID-19 Set To Create Wave Of UK Fraud, Graft Prosecutions (Law360) While British enforcers are already warning of a jump in small-scale fraud amid the pandemic, COVID-19 is poised to set off a wave of bigger investigations, ensuring coronavirus-related crime will be a focus of white collar prosecutors for years to come.
SBA's coveted PPP is set to receive another $310 billion. But that still might not be enough. (Washington Business Journal) The program is poised to get another infusion of federal funding, but it's unclear how long it will last.
With $320B in new PPP funds available, Business Journals readers offer 5 takeaways from Round 1 (Washington Business Journal) Nearly nine in 10 surveyed said they applied for a PPP loan in an effort to staunch the coronavirus fallout, with hundreds already having eliminated or furloughed workers as revenue evaporated.
Microsoft Explains Windows Password Resets for Remote Workers (Redmondmag) Microsoft this week explained how the password mechanism for Windows systems works, both for client machines and via Active Directory, and its effects when people have shifted to working remotely.
Venafi Cloud OutagePREDICT COVID offer (Venafi) Helping you avoid certificate-based outages of your important applications
A CISO’s Perspective on Dealing with the Current Crisis [May 5, 2020] (SINET) A CISOs Perspective on How Are They Dealing With the Current Crisis, Securing a Work From Home Environment, Managing Bandwidth, Sick Employees and Re-Prioritizing Budgets and the Type of Tools that Fall Into the Must Have Verses the Nice to Have and Others Areas of Interest
Cyber Attacks, Threats, and Vulnerabilities
Poland Targeted by Disinformation Attack, Suspects Russia (New York Times) A Polish government official says Poland has been hit by a “complex disinformation operation” that appears aimed at weakening the Polish-U.S. alliance and is consistent with previous Russian cyberattacks.
Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities (Proofpoint) Hupigon is a remote access Trojan (RAT) that has been around since at least 2006.
Israel Thwarts Major Coordinated Cyber-Attack on Its Water Infrastructure Command and Control Systems (Algemeiner) The Kinneret in Tiberias. Photo: Andreas Fjellmann via Wikimedia Commons. Israel thwarted a major cyber-attack on its water infrastructure over …
Cyber attack targeted Israel's water supply, internal report claims (ynetnews) Unclear if attackers managed to take control of any systems; memo sent by Water Authority officials ordered all personnel to immediately change passwords, 'with emphasis on operational system and chlorine control in particular'
BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware (BleepingComputer) A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
Google Just Gave Millions Of Users A Reason To Quit Windows 10 (Forbes) Google has revealed an unfixable problem which may force you to pick between Windows 10 and Chrome.
Cyber Criminals Are Hacking Ad Servers, Luring Victims to Malware-Infected Sites (BeInCrypto) Cybersecurity firm Confiant has exposed the operation of a hacker group that breaks into ad servers with the intent of running malicious ads straight from the networks.
South Korean and US payment card details worth nearly $2M up for sale in the underground (Group-Ib) Group-IB, a Singapore-based cybersecurity company, has detected a dump containing details for nearly 400,000 payment card records uploaded to a popular darknet cardshop on April 9.
Hackers are exploiting a Sophos firewall zero-day (ZDNet) Sophos releases emergency patch to fix SQL injection bug exploited in the wild, impacting its XG Firewall product.
Emotet banking trojan possibly being prepped for a new attack (SC Media) Security researchers are seeing signs that the Emotet banking trojan is about to awaken from its latest hiatus by deploying newly improved credential and email stealing modules.
SeaChange video platform allegedly hit by Sodinokibi ransomware (BleepingComputer) A video delivery platform company is the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.
SafeBreach Hacker’s Playbook Updated for Maze Ransomware (SafeBreach) The SafeBreach Labs is a dedicated offensive team that ensures the SafeBreach platform has all the latest attacks to test your defenses aagainst Maze Ransomware.
Three firmware blind spots impacting security (Help Net Security) Many organizations are still suffering from firmware blind spots that prevent them from adequately protecting systems and data.
We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit (Register) Proof-of-concept vuln patched a week ago
CERT warns of a phishing scam through Google Docs (Sri Lanka News - Newsfirst) Sri Lanka's cybersecurity institute has warned the public against entering details in a google document circulating under the name - Get the latest breaking news and top stories from Sri Lanka, the latest political news, sports news, weather updates, exam results, business news, entertainment news, world news and much more from News 1st, Sri Lanka's leading news network.
Simple loopholes in Facebook and PayPal helping victims to lose millions in scam (CyberNews) A big scam involving security loopholes in Facebook and PayPal is making its rounds, causing victims to lose millions every month in the UK.
Urvashi Rautela's Facebook account compromised, hackers ask for money (The Statesman) Former Miss World and actress Urvashi Rautela is an avid social media user. The actress keeps on treating her fans with the latest updates.
Million-dollar whisky sale targeted in cyber attack, says auctioneer (CNN) The second phase of a million-dollar online whisky auction has been postponed after it became the target of a cyber attack, auctioneers have said.
Auction Featuring World’s Most Expensive Whisky Bottle Hacked (Forbes) The auction, now indefinitely postponed, featured 1,900 bottles from what has been called The Perfect Collection, which included a Macallan Fine and Rare 1926, the world's most expensive bottle of whisky.
Parkview Medical Center confirms cyber attack (KOAA) News 5 has learned on Friday night that Parkview Medical Center in Pueblo was the target of a cyber attack.
Security Patches, Mitigations, and Software Updates
Microsoft Teams fixes funny Gifs cyber-attack flaw (BBC News) Security researchers found a way to infiltrate accounts by making people look at Gif images.
Sophos releases emergency patch for its enterprise firewall product (ETCIO.com) Cybersecurity firm Sophos has released an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product that hacke..
Exclusive: Netatmo Patches Security Hole in Indoor Camera (PCMAG) The Internet of Things team at Bitdefender found a security problem with this smart indoor camera. Fortunately, the Netatmo team moved fast and put a fix in place.
Ransomware-stricken Travelex up for sale (ComputerWeekly) Travelex’s parent Finablr is washing its hands of the ransomware-stricken forex provider as it struggles with the twin shocks of the Covid-19 pandemic and a developing fraud scandal
Accenture buys tech companies in France, Germany and UK (Consultancy) Global consulting and technology giant has in the past month closed three acquisitions in Europe.
How Recorded Future Sees What's Ahead (The Cipher Brief) Recorded Future's CEO Christopher Ahlberg on what threats will look like in the future and how private companies can help provide protection.
AT&T CEO Randall Stephenson to step down, COO Stankey to take over (CNBC) The transition comes at a tough time for AT&T as it deals with a mass loss of TV subscribers and enters the crowded streaming video market.
Baker & Hostetler Hires Norton Rose Cyber Chief to Co-Lead New Data Economy Practice | The American Lawyer (The American Lawyer) Jeewon Kim Serrato in San Francisco is working with partners in Atlanta and Philadelphia to build the group, as the firm doubles down on its new data focus and aims to help more clients monetize data and IP.
Cybrella Announces New Advisory Board Members Company Announces the Appointment of Moshe Ferber and Yoni Ramon (AiThority) Mr. Ferber will help Cybrella’s management team identify innovative solutions and market opportunities, as well as promote strategic business partnerships.
Products, Services, and Solutions
Privitar Data Privacy Platform is now available in AWS Marketplace (Help Net Security) Privitar, the leading data privacy platform provider, announced that the Privitar Data Privacy Platform is now available in AWS Marketplace.
Blue Prism Teams Up with SailPoint to Deliver New Governance and Security Capabilities (New Kerala) Looking to extend its industry leading security capabilities, Blue Prism AIM: PRSM today announced a partnership with SailPoint, a market leader in enterprise ide...
IronNet Cybersecurity enhances platform to combat threats through collective defense (SiliconANGLE) IronNet Cybersecurity enhances platform to combat threats through collective defense - SiliconANGLE
Investment Association unveils new platform to address cyber crime (Private Banker International) The Investment Association (IA) has launched a new intelligence platform to enable investment managers to combat cyber risks.
NTT and Tanium Announce Intent for Strategic Partnership to Deploy Security Solutions for the Smart World (BusinessWire) NTT Corporation (“NTT”) and Tanium Inc. (“Tanium”) announced their intention to enter into a strategic partnership.
Technologies, Techniques, and Standards
NCC Group A Blueprint for Secure Smart Cities whitepaper (Mynewsdesk) In this paper we present a high-level blueprint for secure smart cities which includes principles of security by design, threat modelling, secure...
Using the Power of Machine Learning to Detect Cyber Attacks (CXOToday.com) By Chandni Naidu As the world becomes increasingly digital, we are unlocking more value and growth than ever before. However, a challenge that governments,
Design and Innovation
AI helps experts find thousands of child sexual abuse imagery keywords (Naked Security) For years, abusers have used complex keywords to covertly talk about imagery, but analysts have sussed out much of the secret code.
UK spy agencies need to adopt AI technology to fight emerging threats, government report suggests (Computing) AI technology can help British security community to strengthen efficiency and effectiveness of existing processes
Research and Development
£1m innovation funding to predict and counter cyber attacks (GOV.UK) DASA awards further funding to develop novel approaches to defend UK military systems and networks from cyber threats
Legislation, Policy, and Regulation
Internet governance body RIPE opposes Chinese proposal to change core internet protocols (Computing) The proposal appears to favour authoritarian regimes
Amid mounting speculation, South Korea says Kim Jong Un is 'alive and well' (CNN) South Korea continued to pour water on mounting speculation about the health of North Korea's leader Kim Jong Un, telling CNN he is "alive and well."
South Korean officials caution against reports that North Korean leader Kim is ill (Reuters) South Korean officials are emphasising that they have detected no unusual movements in North Korea and are cautioning against reports that North Korean leader Kim Jong Un may be ill or is being isolated because of coronavirus concerns.
Kim Jong-un’s Absence and North Korea’s Silence Keep Rumor Mill Churning (New York Times) Rumors about the North Korean leader’s health — and speculation over his possible death — have only increased over the past two weeks.
Exclusive: China sent team including medical experts to advise on North Korea's Kim - sources (Reuters) China has dispatched a team to North Korea including medical experts to advise on North Korean leader Kim Jong Un, according to three people familiar with the situation.
Where Is Kim Jong-un? How Experts Track North Korea’s Leader (New York Times) Rumors are swirling about Kim Jong-un’s location and health. These North Korea experts showed us how they collect information about his secretive regime.
As Kim Jong Un Disappears, North Korea Watchers Advise Caution (Wall Street Journal) The guessing game began when Mr. Kim missed the country’s most important holiday April 15, then ratcheted higher after a South Korean publication reported he had heart surgery.
What If Kim Jong Un Dies? (Defense One) Improvements in U.S.-North Korean relations would still largely be up to Washington.
Meet Kim Yo Jong, Kim Jong Un’s Sister—And Possible Successor In North Korea (Forbes) If she succeeds her brother, she’ll be the first woman to lead North Korea. And she’s already forging a relationship with Trump.
Tech experts concerned by lack of notice in International Production Orders Bill (ZDNet) Collection of technology experts and civil liberties groups state the Administrative Appeals Tribunal does not constitute judicial review.
Taiwan's new eID card rollout postponed due to COVID-19 (Focus Taiwan) Taipei, April 27 (CNA) The rollout of Taiwan's new national electronic identification cards (eIDs) originally slated for October is to be postponed due to the COVID-19 coronavirus pandemic, a Ministry of the Interior (MOI) official said Monday.
The US Restricts Huawei In 5G, But Wi-Fi Is Up For Grabs (Forbes) If we don’t want Huawei in 5G, it shouldn’t be in Wi-Fi either.
FCC Signals Likely Revocation of Four Chinese Telecom Firms’ Licenses (Wall Street Journal) The Federal Communications Commission ordered four Chinese state-owned telecommunications operators to explain why it shouldn’t withdraw permission for them to operate in the U.S., paving the way for likely license revocations.
FCC Says Chinese Telecoms Must Defend US Licenses (Law360) The Federal Communications Commission on Friday gave four Chinese telecoms a month to explain why they shouldn't be banned from operating in the U.S., responding to a call to arms from a coalition of executive branch agencies that say Beijing-backed firms present a risk to U.S. networks.
CISO MAG: Exclusive interview with Brian Harrell, CISA (CISO MAG | Cyber Security Magazine) In an exclusive e-mail interview with CISO MAG, Brian Harrell, Assistant Director for Infrastructure Security, CISA, DHS speaks about the role of CISA and its recent accomplishments in protecting organizations across industries from cyberattacks.
Utility Commissioners Briefed on Cyberspace Solarium Report Recommendations to Boost Security of Critical Infrastructure (PR Newswire) State utility commissions can strengthen the cybersecurity of U.S. critical infrastructure – particularly the electric grid – by advancing...
Litigation, Investigation, and Law Enforcement
Watchdog finds White House and DHS lack adequate plans for cybersecurity workforce (Fifth Domain) DHS and OMB have partially implemented several cybersecurity workforce reforms, according to the GAO, but they also lack clarity on which agency is in charge of what efforts.
Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address (ZDNet) Facebook fights to keep the lawsuit on track after NSO filed a motion to dismiss the case earlier this month.
NSO Group used U.S.-based servers to run WhatsApp spying, WhatsApp alleges (CyberScoop) NSO Group has used American-based servers to spy on WhatsApp users, Facebook and WhatsApp lawyers allege in court documents filed Thursday.
Spyware maker NSO can't claim immunity, Facebook lawyers insist – it's time to face the music (Register) Software developers aren't nation states, antisocial giant points out
Senior official cited by Trump is subject of investigation (KATV) The senior Department of Homeland Security official who was thrust into the spotlight by President Donald Trump to describe the effects of temperature on COVID-19 has been the subject of misconduct allegations for his previous government work.
The curious case of Ravio Patra: Why Indonesian cyberspace is a dystopian nightmare (The Jakarta Post) His arrest will likely go down in history as one of the worst blunders made by the National Police in their war against fake news and online hate speech, the ailments of the digital world that activists say are used by the powers that be as a pretext to undercut civil rights.
Facebook's Record $5B FTC Settlement Approved By Judge (Law360) A D.C. federal judge approved a record-breaking $5 billion settlement between the U.S. Federal Trade Commission and Facebook, slamming the social media giant’s alleged privacy practices as “unscrupulous” but deeming the settlement fair and appropriate.
Optus hit with class action over data breach impacting 50k Aussies (Lawyers Weekly) Maurice Blackburn has hit the nation’s second-largest telco with a class action lawsuit with the firm saying it will be “an important test of Australia’s privacy laws”.