— The cybersecurity community during the COVID-19 emergency
Exclusive: She's been falsely accused of starting the pandemic. Her life has been turned upside down (CNN) Maatje Benassi, a US Army reservist and mother of two, has become the target of conspiracy theorists who falsely place her at the beginning of the coronavirus pandemic, saying she brought the disease to China.
Man cured of Covid-19 faces cyber attack (The New Indian Express) In an attempt to exploit the Covid-19 fears, a couple of unhealthy ‘attacks’ are doing the rounds on social media to tarnish the image of people who were cured of the infection.
()
Chinese COVID-19 detection firm hacked; source code sold on dark web (HackRead) The IT security researchers at Cyble have identified hackers who have allegedly hacked Huiying Medical, a Chinese company with a worldwide presence. The hackers claim to have stolen a trove of data that is currently being sold on the dark web.
Australia and US call out cyber attacks on hospitals during COVID-19 pandemic (ZDNet) As China pushes Huawei-inspired supply chain freedoms at the United Nations, Australia reminds the world that a cyber legal framework already exists and attacking hospitals is not on.
()
Revealed: Palantir commits 45 engineers to NHS coronavirus data project, earns £1 (NS Tech) <p>Palantir has committed 45 engineers to a government data project designed to help the NHS manage a potential surge in demand during the coronavirus outbreak, NS Tech can reveal. The pledge is likel
Contact tracing as COVID-19 aid. (The CyberWire) Successful containment of the Coronavirus pandemic rests on the ability to quickly and reliably identify those who have been in close proximity to a contagious individual. Mayank Varia from Boston University describes how his team suggests an approach based on using short-range communication mechanisms, like Bluetooth, that are available in all modern cell phones.
Two Million Australians Download Coronavirus Contact-Tracing App (Bloomberg) Software records digital handshake between smartphones. Tracking app needs to overcome privacy concerns to succeed.
More than two million Australians download COVID-19 app, testing expands (CRN Australia) More than two million Australians have downloaded the app.
Analysis | The Cybersecurity 202: Companies join governments in rush to launch coronavirus tracking apps (Washington Post) The scramble is outpacing privacy and security efforts.
Contact tracing apps unsafe if Bluetooth vulnerabilities not fixed (ZDNet) With governments increasingly looking to use contact tracing apps to help contain COVID-19, such initiatives are likely to spark renewed interest in Bluetooth attacks which means there is a need for assurance that these apps are regularly tested and vulnerabilities patched.
How COVID-19 Is Set To Reshape Federal Privacy Law Debate (Law360) While the coronavirus pandemic has derailed most nonurgent lawmaking efforts, pressure continues to mount for Congress to enact uniform privacy legislation that factors in the growing concerns over moves by companies such as Apple and Google to harness the troves of personal information they hold to track the virus and contain its spread.
Half of cybersec staff taken off security, incidents double during pandemic: ISC(2) study (SC Magazine) The global pandemic has seen cyber attacks grow and overall security stances slip, according to a survey from (ISC)² which says 47% of cybersec staff have been taken off security duties
42% CFOs have zero contingency plans for COVID-19 second wave globally (ETCIO.com) Nearly 42 per cent chief financial officers (CFOs) are not prepared for the second wave of COVID-19 and only 8 per cent of them have a second wave fac..
Coronavirus Cybersecurity Concerns Could Add Hurdles to Dealmaking (Wall Street Journal) The new coronavirus has thrown dealmaking into disarray, and cybersecurity experts say the workplace upheaval caused by the pandemic will complicate mergers and acquisitions when activity picks up.
Data governance and COVID-19 data security challenges (SearchDataManagement) The current pandemic has changed a lot in the world, but maintaining data governance and security best practices remains a top priority. Remote work has led to many issues with data governance and COVID-19 data security challenges. Here's how to address them.
We all want high-performance, multi-gigabit switching. So, too, do hackers trying to siphon your corporate data... (Register) Security and privacy are critical pillars – while the sheer volume and diversity of devices pose enormous challenges
Small business loan program restarts, runs into snags (AP NEWS) The second round of loan applications for the government's small business relief program has been slowed by computer issues at the Small Business Administration.
How INKY Caught a Coronavirus Stimulus Check Thief (INKY) For the many Americas awaiting coronavirus stimulus checks, this phishing attack could cost them a lot more money than what Uncle Sam is sending. Learn how INKY caught this cybercriminal out to harvest banking credentials.
Brazil Targeted by Phishing Scam Harnessing COVID-19 Fears (Akamai) Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming...
Lancashire Police advise to beware of phishing emails during Covid-19 pandemic (Lancaster Guardian) There’s a variety of emails at the moment offering vaccines, home testing kits, facemasks, hand sanitiser, tax refunds and other coronavirus-related subjects.
()
Zoom looks to give some users control of encryption keys (SearchUnifiedCommunications) Zoom plans to hand over encryption key controls to large customers. The move is part of a security overhaul that follows a rash of criticism.
Obsidian Security lets security teams monitor Zoom usage (Help Net Security) Obsidian Security announced protection for Zoom, enabling organizations to safely embrace the leading video communications service as a business-critical
'Zoom-bomber' hijacks Gilroy meeting (Gilroy Dispatch) Gilroy’s virtual town hall was disrupted April 27 by a hacker who displayed images of child pornography during a meeting that was being viewed by more than 100 people.
()
Cyber fraudsters target solicitors working at home on sensitive client accounts (Law Society Gazette) Law firms with staff working from home are being specifically targeted by cybercriminals who have spotted an opportunity in lower levels of remote work security.
Ransomware gangs are changing targets again. That could make them even more of a threat (ZDNet) It's still business as usual for cyber criminals - and some are now paying more attention to hospitals than ever before.
Coronavirus forces delay in U.S. extradition case against Assange (Reuters) Hearings in the U.S. extradition case against WikiLeaks founder Julian Assange will not go ahead next month as scheduled because of the coronavirus lockdown which prevents lawyers from attending court, a British judge decided on Monday.
Judge denies Fort Gordon NSA leaker Reality Winner early release from prison (Augusta Chronicle) A judge has denied a request for early prison release from Reality Winner, who leaked classified information while working for a National Security Agency contractor at Fort Gordon.
Real Estate Cyber Threats Increasing During COVID-19 (Denver, CO Patch) Check out the latest community post from one of your neighbors. (The views expressed in this post are the author’s own.)
Ashley Madison says cyber affairs have surged under coronavirus quarantine (New York Post) Cyber affairs are thriving during the coronavirus pandemic as people in sexless marriages are quarantined at home with their spouses. Married couples locked inside together are in desperate need of…
Covid-19 promotes cyber connectivity in south Punjab (The News) We have started dissemination of class work through WhatsApp to our students in all grades as a solution to closure of schools due to Covid-19 pandemic, Samina Khan, a school head,...
Scottish Tech Army seeks out IT experts to combat Covid-19 (ComputerWeekly) Tech workers who find themselves out of work are being asked to volunteer their time to help build digital technology to support coronavirus efforts.
Inside Dell’s COVID-19 relief package (CRN Australia) What offers are the most attractive to partners?
Cyber Attacks, Threats, and Vulnerabilities
Israel Says Hackers Targeted SCADA Systems at Water Facilities (SecurityWeek) The Israeli government has alerted organizations in the water sector following a series of cyberattacks aimed at SCADA systems
Israel government tells water treatment companies to change passwords (ZDNet) Israel cyber-security agency reported intrusion attempts last week.
Cyber Attack Targets Israel’s Water Supply – Analysis & Mitigation (Radiflow) On April 26 the leading Israeli news site YNET reported that water and wastewater facilities in Israel were subject to cyber attacks during the previous week.
DoppelPaymer Ransomware Attacks California City; Hackers Steal Data (MSSP Alert) DoppelPaymer ransomware attacks City of Torrance, California. Hackers may have stolen more than 200 GB of files, report indicates.
Hackers publish pharma giant’s data after ransomware attack (TechCrunch) A ransomware group known as CLOP was behind the March attack.
Shade (Troldesh) ransomware shuts down and releases decryption keys (ZDNet) The Shade ransomware gang have published more than 750,000 decryption keys on GitHub. Kaspersky is working on a decryption app.
Shade Ransomware shuts down, releases 750K decryption keys (BleepingComputer) The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.
()
‘Smart’ parking meter vendor had data stolen in ransomware attack (StateScoop) CivicSmart, which sells parking meters and software to cities around the world, appears to have paid a ransom after some of its files were published by hackers.
“Asnarök” Trojan targets firewalls (Sophos News) Customized malware used to compromise physical and virtual firewalls
GDPR Compliance Site Leaks Git Data, Passwords (Threatpost) Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.
Vulnerability Summary for the Week of April 20, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
'Secret Church' Experiences Possible 'Cyber Attack,' Prevents Users from Viewing Live Event (CBN News) David Platt's "Secret Church" event suffered an apparent cyber attack Friday night, preventing many participants from viewing the SC20 simulcast.
Security Patches, Mitigations, and Software Updates
()
Cyber Trends
New KnowBe4 Study Finds Leaders Value Strong Security Culture But Struggle to Define and Implement It (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced the results of a new...
Q2 2020 Fraud and Abuse Report (Arkose Labs) With a spike in digital traffic, fraudsters have used this unexpected opportunity to target new industries and come up with creative new attacks.
Cybercrime Damages to Reach $27 Billion by 2025, New Estimation Reveals (Atlas VPN) According to Atlas VPN estimations, damages caused by cybercrime are expected to reach more than $27 billion by 2025. Throughout the last 6-years, cybercrime damages increased by an average of 37,44% per year. Atlas VPN expects that in 2020, financial losses growth caused by hacker attacks will exceed the 6-year average due to the COVID-19 …
39% of Spam Emails Offer Fake Medical Products (Atlas VPN) According to data collected and analyzed by Atlas VPN, health-related spam emails was the most common category of spam last year. In 2019, 39% of spam emails were promoting fake pharmaceuticals and health cures.
Marketplace
Hanover Study Finds Most Businesses Insured Against Traditional Cyber Insurance Risks - But Vulnerable to Emerging Risks (WFMZ.com) A new study commissioned by The Hanover Insurance Group, Inc. (NYSE: THG) found the majority of business decision makers are insured against traditional
79% of Businesses Have Rejected a Job Candidate Based on Social Media Content; Job Seekers Should Post Online Carefully (PR Newswire) Most businesses have rejected a potential employee after looking at their social media profiles, according to a new survey from The Manifest, a...
The Strange Story of a Las Vegas Radio Station Co-Opted by China (Washington Free Beacon) At first glance, Las Vegas Public Radio (LVPR) looks like any other local FM radio station. It has local community sponsors, vaguely right-wing talk show hosts.
Veteran Tech Executive Gene Fay Named CEO at ThreatX (BusinessWire) Veteran Tech Executive Gene Fay Named CEO at ThreatX, the leading provider of SaaS-based web application and API protection (WAAP) solutions.
Products, Services, and Solutions
Imperva Launches General Availability of Advanced Bot Protection Solution (BusinessWire) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced the general availa
Intel Provides Trusted Foundation for Azure Confidential Computing (Intel Newsroom) What’s New: Today, Microsoft Azure DCsv2-Series featuring a hardware-based trusted execution environment (TEE) built on Intel® Software Guard Extensions
Test Your ATT&CK Before the Attack With Guardicore Infection Monkey (Guardicore) The Monkey now maps its actions to the MITRE ATT&CK knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
New Version of Guardicore Infectionmonkey Uses MITRE ATT&CK Techniques to Test Network Preparedness | Guardicore (Guardicore) The latest version of Guardicore Infection Monkey now maps its actions to the MITRE ATT&CK knowledge base, providing a new report with the utilized techniques and recommended mitigations.
Bugcrowd Enables Companies to Increase the Speed, Scale and Quality of Pen Testing with Launch of Platform-Powered Classic Pen Test (Bugcrowd) Bugcrowd harnesses the power of the Crowd in a pay-per-test model enabling organizations to launch pen tests in less than 72 hours instead of waiting for up to
Snyk and Red Hat Collaborate To Enhance Security for OpenShift and Kubernetes Workloads (PR Newswire) Snyk, the leader in developer-first open source security, and Red Hat, Inc., the world's leading provider of open source...
SYSGO integrates wolfSSL Security Technologies into its PikeOS Real-Time Operating System (SYSGO) SYSGO, the European leader in real-time operating systems (RTOS) and hypervisors for certifiable embedded systems, and wolfSSL, the leading provider of TLS and cryptography, have announced that they joined forces to integrate wolfSSL security technology into SYSGO's PikeOS real-time operating system (RTOS) that includes a type 1 hypervisor or Separation Kernel.
CIAM Certification: The Fastest Growing Professional Certification in Identity and Access Management Which Is the Most Critical Component of Cybersecurity (Yahoo) Certified Identity and Access Manager (CIAM) is a registered certification which is designed for global professionals who deal with identity and access management. Recognized as the Gold Standard certification for identity and access management (IAM), earning the CIAM designation increases one's
Technologies, Techniques, and Standards
Challenges and Obstacles to Application of GDPR to Big Data (Infosecurity Magazine) Enforcing data minimizations will limit the success to Big Data
What is International Cyber Benchmarks Index TM? (Neustar) The International Cyber Benchmarks Index is an initiative of the Neustar International Security Council which assesses the international cybersecurity landscape from the vantage point of security professionals across the EMEA and US regions.
Howard County, MD National Guard Team Up For Cyber Protection (Columbia, MD Patch) "Our team recognized the potential of increased cyber threats and worked swiftly with the National Guard to evaluate vulnerabilities..."
Webcast: How to Build a Home Lab (Black Hills Information Security) This is a joint webcast from Black Hills Information Security and Active Countermeasures. How many of us have tried some new configuration option, utility, or hardware on a production environment, only to crash a critical piece of the business? (me raising hand…) It’s amazing how quickly we learn not to do that! Now we have …
Legislation, Policy, and Regulation
Kim Jong Un’s train spotted at coastal resort, intelligence reports scotch death rumors (Washington Post) U.S. and South Korean officials skeptical that Kim is dead, believe he is in Wonsan.
5 Things to Know If Kim Jong Un Dies (Foreign Policy) Hereditary dictatorships rarely last past three generations, and collapse may be in the cards for North Korea.
Cross-Pollination in Cyberspace and the Internet Governance (CircleID) In mid-May 2020, UN-Secretary General Antonio Guterres will present a "Roadmap for Digital Cooperation". This will be another milestone in the discussion on the future of cyberspace, pushed further forward by the UN High Level Panel on Digital Cooperation (HLP), co-chaired by Jack Ma (AliBaba) und Melinda Gates (Microsoft Foundation) The HLP Final Report presented five groups of recommendations. Discussion started during the 14th IGF in Berlin...
China Toughens Procurement Rules for Tech Equipment (Wall Street Journal) Foreign suppliers worry that national-security assessments of equipment deals will put them at a disadvantage in the Chinese market.
How the US became a no-go zone for Huawei (South China Morning Post) The rural carrier market was one of Huawei’s few successes in the US but a new law, driven by Washington’s national security concerns, means telcos will have to rip out Huawei gear or lose government subsidies.
FACT: Huawei Can't Do 5G in U.S. (But Can Sell Wi-Fi Routers?) (The National Interest) Does that make sense? Would you buy one?
One Year In, Administration Names First Lead Office In New Shared Services Regime (Nextgov.com) The Homeland Security Department is the first to designate a Quality Service Management Office to lead its shared services marketplace.
States Expand Internet Voting Experiments Amid Pandemic, Raising Security Fears (NPR) Voters with disabilities, as well as those who serve in the military and live overseas could cast ballots via their phone or home computer even as security experts warn the technology can't be trusted.
Analysis | The Cybersecurity 202: Ohio primary marks a major test for mail-in voting (Washington Post) The state shifted to a nearly all-mail vote in about six weeks.
Litigation, Investigation, and Law Enforcement
Iran Paper Accuses US of Stealing Its .Com (SecurityWeek) The government newspaper Iran has lost its .com website, with its publisher accusing the United States of "stealing" the domain name.
Analysis | The Cybersecurity 202: There's finally a Supreme Court battle coming over the nation’s main hacking law (Washington Post) Narrowing the law would be a huge win for cybersecurity pros.
Facebook’s $5 Billion Privacy Settlement Wins Court Approval (Wall Street Journal) A judge approved Facebook Inc.’s $5 billion settlement with the Federal Trade Commission over privacy violations, the agency says—overruling objections that the deal didn’t adequately punish the company.
Calif. Privacy Law Takeaways From 9th Circ. Facebook Case (Law360) Although we are months away from the California Consumer Privacy Act's enforcement date, the Ninth Circuit's recent revival of a Facebook privacy class action demonstrates how proper CCPA compliance can establish a defense to other privacy-based claims and highlights certain CCPA shortcomings, say attorneys at Troutman Sanders.
Law Firm Can't Sue Citigroup After Email Hack Heist (Law360) A Washington, D.C., law firm can't sue Citigroup Inc. after a thief allegedly hacked into the firm's managing partner's email and diverted $60,000 meant for the firm into a Citibank account, because it has not shown the bank knew about or helped with the crime, a D.C. federal judge said.
Breaking Down Illinois' Biometric Privacy Litigation Boom (Law360) Biometric privacy litigation was already steady in Illinois when the state high court established a low threshold for plaintiffs to bring suit, creating a boom of cases that puts both small businesses and deep-pocketed tech giants on the defensive without a clear out. Here, Law360 breaks down the landscape of BIPA litigation in Illinois today.