— The cybersecurity community during the COVID-19 emergency
DHS report: China hid virus' severity to hoard supplies (AP NEWS) U.S. officials believe China covered up the extent of the coronavirus outbreak — and how contagious the disease is — to stock up on medical supplies needed to respond to it,...
DHS report accuses China of hiding coronavirus info so it could hoard supplies (POLITICO) The report says that in January of this year, Beijing dramatically increased its imports and decreased its exports of medical supplies.
US intel believes China hid severity of coronavirus epidemic while stockpiling supplies (ABC News) The coronavirus death toll continues to climb in several states, even as some plan reopening.
Inside the Early Days of China’s Coronavirus Coverup (Wired) The dawn of a pandemic—as seen through the news and social media posts that vanished from China’s internet.
Majority of US spy agencies believe the coronavirus escaped from Wuhan lab (Washington Examiner) A majority of the U.S. Intelligence Community's 17 spy agencies believe the coronavirus likely originated with an accidental lab escape from a laboratory in Wuhan, China, a senior intelligence official told the Washington Examiner.
US intel: Coronavirus not manmade, still studying lab theory (WCVB) In recent days, the Trump administration has sharpened its rhetoric on China.
Pompeo: 'Enormous evidence' connects coronavirus outbreak to Wuhan lab (Washington Examiner) Secretary of State Mike Pompeo said he has seen “enormous evidence” indicating the coronavirus pandemic originated in the Wuhan Institute of Virology in China.
Hackers are targeting UK universities to steal coronavirus research, NCSC warns (ZDNet) State-sponsored hackers from Russia, Iran, and China are suspected.
Hostile states trying to steal coronavirus research, says UK agency (the Guardian) Experts say Russia, Iran and China likely to be behind cyber-attacks on universities
Iran and Russia launch cyber attacks on universities desperately searching for COVID cure (Express) State-sponsored computer hackers from Russia and Iran have launched cyber-attacks on British research institutions fighting COVID-19, it has emerged.
Iran, Russia try to hack UK universities to steal vaccine secrets (Mail Online) Hackers from Russia and Iran have been attempting to gain access to British universities that are developing vaccines for the coronavirus. Pictured: Stock image of a hacker.
Analysis | The Cybersecurity 202: Security pros form alliance to help hospitals facing hacking threats during pandemic (Washington Post) They also plan to protect labs working on coronavirus vaccines and other treatments.
On viral infections online and in the real world (Atlantic Council) The world has witnessed multiple pandemics in cyberspace and could learn more about response to exponential events by studying them.
How Reuters journalists reported on cyber-intel firms pitching governments on spy tools to track coronavirus (Reuters) This week, a Reuters special report revealed how a cyber-intelligence company from Israel and other firms are pitching governments to use spy tools to help trace coronavirus.
The New United Nations Coronavirus Social Distancing App Doesn’t Even Work (Vice) On Wednesday the UN announced its app 1point5 to help people social distance. But it doesn’t perform the most basic of tasks.
Cliqz pulls the plug on a European anti-tracking alternative to Google search (TechCrunch) Cliqz, a Munch-based anti-tracking browser with private search baked in that has sought to offer a local alternative to Google powered by its own search index, is shutting down — claiming this arm of its business has been blindsided by the coronavirus crisis. Today was not great. We closed pa…
Research institutes warn of necessity for UK contact-tracing app to link to testing (ComputerWeekly) BCS and Cass Business School call for proposed UK contact-tracing app not to be launched without alignment to tracing and warns that without this link, NHS will not be able to “big data” its way out of no data situation.
Treasury gives Gov.uk Verify 18-month reprieve due to coronavirus (ComputerWeekly) The Treasury has agreed to allow the government's troubled digital identity system, Gov.uk Verify, to continue receiving funding for a further 18 months due to the coronavirus crisis.
Home affairs data breach may have exposed personal details of 700,000 migrants (the Guardian) Exclusive: Privacy experts say the breach in the SkillsSelect platform, which affects data going back to 2014, was ‘very serious’
How Well Can Algorithms Recognize Your Masked Face? (Wired) Makers of facial-recognition technology scramble to adapt to a world where people routinely cover their faces to avoid spreading disease.
Why you should think before you Zoom (ComputerWeekly) Zero-day exploits are big business. As with the sale of guns; the sale of drugs; and hacking, not all sales or use of zero day exploits are malign, although many may be.
Latest growing pains for Zoom: 500,000 logins are being sold on the dark web (Phone Arena) Zoom has seen the number of people participating in a chat daily rise from 10 million to 300 million users. But it has had a number of issues related to user privacy.
It's Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too. (Consumer Reports) In this report on videoconferencing service privacy issues, Consumer Reports asks Google, Microsoft, and Webex to improve their privacy policies. The services may collect more data than consumers realize.
FGCU virtual graduation derailed by cyber attack (WINK NEWS) Cyber hackers didn’t exactly make graduation day a happy one for the FGCU Class of 2020. Because of the restrictions caused by the coronavirus pandemic, the spring commencement was scheduled to be held online. But it didn’t go as planned. A cyberattack caused a delay during Florida Gulf Coast University’s virtual commencement ceremony Sunday. The …
Microsoft Teams Impersonation Attacks Flood Inboxes (Threatpost) Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.
Beware This New Microsoft Teams Password Hacking Threat To 75 Million Users (Forbes) Security researchers have observed thousands of cloned Microsoft Team login pages being used in an attempt to harvest account credentials.
Exam anxiety: how remote test-proctoring is creeping students out (The Verge) Students described their experiences as "uncomfortable," "intrusive," and "sketchy"
CISA Reminds Federal Agencies to Use Its DNS Service (SecurityWeek) A memorandum sent by CISA to CIOs at federal agencies reminds them to use EINSTEIN 3 Accelerated’s DNS sinkholing capability for DNS resolution
CISA Launches Telework Product Line (MeriTalk) With the COVID-19 pandemic forcing both Federal agencies and the private sector to make a rapid shift to telework, the Cybersecurity and Infrastructure Security Agency (CISA) launched a dedicated telework product line.
The Federal Reserve just expanded a $600B program to more small businesses: Here’s what you need to know (Washington Business Journal) The changes come just a few weeks after the Fed first announced the program.
How the CARES Act is Defining a 'National Security' Company (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "How the CARES Act is Defining a 'National Security' Company ".
Corporate Ransomware Payments Up Amid Telework (PYMNTS.com) Ransomware payments increased by 33 percent, to $111,605, as larger companies were targeted.
5 ways COVID-19 is reshaping the cyber-crime economy (SC Magazine) The virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to capitalise on global fears, as well as dramatic shifts in supply and demand.
COVID-19: Alert Issued For Scam Involving Blackmail Threat Over Release Of Private Video (Harrison Daily Voice) With more and more people working from home during the novel coronavirus (COVID-19) crisis, law enforcement agencies are warning of a new online blackmailing scheme.There have been reports of a new scam that involves an email from a scam...
Beware! Fake email campaign prowling in Indian cyberspace (Deccan Herald) While there is "nothing to worry" about such emails, users should update or change their passwords, used to log in any of their social media or other online platforms, if they find them compromised.
Security lapse exposed Jio coronavirus self-test records (TechCrunch) Exclusive: The database contains answers to Jio's coronavirus symptom checker and optional location data.
7 Cybersecurity tips for small businesses - especially those with remote workers (ZDNet) SMBs must adapt their security practices for remote workers, but implementing these cybersecurity tips are a good idea even when people go back into the office.
Best Practices for Managing a Remote SOC (Dark Reading) Experts share what it takes to get your security analysts effectively countering threats from their home offices.
How the coronavirus crisis sealed Big Tech's domination (The Telegraph) Despite temporary turbulence, the tech giants are likely to emerge from the pandemic richer, more powerful and more dominant than ever
Partners need to protect customers from cyber attack during Covid-19 (MicroscopeUK) Managed service player ECS says remote workforce is vulnerable to attackers
'I've never seen buy-in like this on any project' - the IT solution providers making a difference amid COVID-19 (CRN) Resellers and MSPs are lending their expertise and resources to some groundbreaking projects during the pandemic. CRN catches up with two of them in this Zoom In special
Providing our automated network control service for free to companies hit hard by COVID-19 (Zero Networks) Zero Networks will be offering for free through 2020 their automated network control service to companies in industries hit hard by COVID-19.
Fortinet’s Scalable and Secure Teleworker Solution in AWS (Fortinet Blog) Explore how organizations can leverage FortiGate-VM in AWS to provide teleworkers with secure remote connectivity.…
Generali Global Assistance Launches New Webinar Series (PR Newswire) Generali Global Assistance ("GGA"), a leading provider of identity and cyber protection solutions as well as other assistance services, today...
Cyber Attacks, Threats, and Vulnerabilities
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use (Forbes) Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
Xiaomi tracks private browser and phone usage, defends behavior (BleepingComputer) New research claims that China-based Xiaomi is tracking sensitive information and sending it to their servers if you use the Mi browser, which is bundled with all Redmi and Mi phones.
Is Automotive CyberSecurity A National Defense Issue ? (Forbes) With over-the-air software updates, one can turn a fleet of cars into destructive robots. Does this rise to the level of national defense ?
Oracle warns of attacks against recently patched WebLogic security bug (ZDNet) Oracle patched the bug last month but attacks began after proof-of-concept code was published on GitHub.
What Is Fleeceware, and How Can You Protect Yourself? (Wired) Sneaky developers are charging big bucks for basic apps. Here's how to spot a scam in sheep's clothing.
Android ransomware found extorting credit card details from users (HackRead) Ransomware has long been one of the infamous malware types out there, perhaps due to the payday that it brings in.
Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store (ZDNet) The Tokopedia data has been published on a well-known hacking forum.
French daily Le Figaro database exposes users’ personal info (BleepingComputer) French daily newspaper Le Figaro exposed roughly 7.4 billion records containing personally identifiable information (PII) of reporters and employees, as well as of at least 42,000 users.
Home affairs data breach may have exposed personal details of 700,000 migrants (the Guardian) Exclusive: Privacy experts say the breach in the SkillsSelect platform, which affects data going back to 2014, was ‘very serious’
French company Tarkett hit by cyberattack, shares fall (Reuters) French floor surfaces company Tarkett said on Monday that it had been the victim of a cyberattack, which had resulted in an ongoing disruption to its operations, causing its shares to fall.
In Interview, Epiq CEO Addresses Ransomware Attack, Layoffs, and Company’s Future (LawSites) Following a ransomware attack that took down the company’s servers for nearly a month and then layoffs resulting from the coronavirus pandemic, the chief
Cybersecurity Expert Reaction On Fingerprints Exposed By OnePlus Vulnerability (Information Security Buzz) A OnePlus 7 security flaw could have exposed users’ fingerprints to hackers, according to Trusted Reviews. Although the vulnerability has now been fixed, it has not yet been revealed how long it was present for, meaning that bad actors may have been able to gain access to bitmap fingerprint images. This technology has previously proven to be …
Microsoft catches cybercriminals adding malware to "John Wick 3," "Contagion" torrents (TechRepublic) In a Twitter thread, Microsoft warned people in Spain and South America to watch what they torrent.
Those Facebook 'challenges' can expose you to hackers (Futurity) Sharing photos and information as part of a game or challenge can threaten your social media security, an expert warns.
Council back online after cyber attack, but can't say how much it cost (Gazette Live) Redcar and Cleveland Council were targeted in a ransomware attack that took the website offline for weeks
Security Patches, Mitigations, and Software Updates
WhatsApp Suddenly Gets Powerful New Security Boost: Here’s Why It Affects You (Forbes) WhatsApp has been seriously boosted this week—and from two very unlikely sources.
Google fights spammy extensions with new Chrome Web Store policy (Naked Security) The policies are specifically meant to fight spam, but they outlaw tactics taken by malicious extensions as well, including fake reviews.
5 of the Biggest Phishing Scams of All Time (INKY) Hundreds of millions of dollars are lost each year to preventable phishing scams. Learn about some of the largest phishing attacks and what you can do to prevent them.
Cyber Trends
4 in 5 users removing private information from social media apps globally (ETTelecom.com) The Internet consumers are becoming more aware of their personal data and 82 per cent users have tried to remove private information from websites or ..
We Don’t Need More Cybersecurity, We Need Better Cybersecurity (Infosecurity Magazine) Why are data breaches becoming more frequent and more costly?
Marketplace
Raytheon seeks $957M deal that would create local work (Orlando Business Journal) The Army's $957 million Cyber TRIDENT contract requires the management of a cybersecurity training platform known as Cyber Mission Force.
CGI Wins $267M Deal to Improve Federal Cybersecurity (WashingtonExec) IT and business consulting services firm CGI has been awarded a 6-year, $267 million task order to provide cybersecurity consulting services under the
CloudGenix Key to Palo Alto Networks SASE Play (SDxCentral) The acquisition of SD-WAN vendor CloudGenix has solidified Palo Alto Networks’ position as a secure access service edge (SASE) provider, while also serving to address the needs of branch and retail customers.
This Startup Allows Consumers to Take Back Control of Their Data (Colorado Inno) Data breaches are becoming an all-too common occurrence in today’s world.
Forget Google—Huawei Plans A Killer New Update To Make Millions Switch Phones (Forbes) Is this enough to make you switch away from Google?
Why Investors Should Worry About FireEye's Q1 Results (The Motley Fool) The cybersecurity specialist's shift to growth areas is materializing, but significant challenges remain.
DEVCON Names Former Microsoft Startup GM, Chad Fowler New VP of Technology (Yahoo) DEVCON announced Chad Fowler to take the helm as Vice President of Technology.
Tanium Snags Channel Vet Todd Palmer To Drive Partner Sales (CRN) Tanium has hired Palo Alto Networks and NetApp veteran Todd Palmer to lead the company’s global channel sales team and support reseller and distributor relationships.
Defense Innovation Board Director Moves to Google (Defense One) It’s another sign of the healing relationship between the Defense Department and big tech.
Products, Services, and Solutions
Lookout Mobile Endpoint Security Achieves FedRAMP Joint Advisory Board Provisional Authorization to Operate (PR Newswire) Lookout, Inc., the leader in mobile security, today announced that its Lookout Mobile Endpoint Security offering achieved a Federal Risk and...
Technologies, Techniques, and Standards
Space Is Cybersecurity's New Frontier (SIGNAL Magazine) Amid growing fears about U.S. military reliance on civilian space infrastructure, two organizations seek to improve cybersecurity in the satellite industry.
If You Get Hacked, Avoid the Temptation to Pay Ransomware, Says Kaspersky Exec (CTECH) Costin Raiu, the director of the global research and analysis team at cybersecurity and anti-virus provider Kaspersky spoke to CTech about the coronavirus (Covid-19). The number of brute force attacks on remote desktops in quarantined countries increased from around 30 million in February to almost 100 million in March, according to Kaspersky’s data
Design and Innovation
Meet the ex-Google engineer on a campaign against social media algorithms (The Telegraph) Social media algorithms continue to promote harmful content by 'optimising watch time at any cost', says Guillaume Chaslot
Academia
This new cybersecurity school will teach kids to crack codes from home (ZDNet) Online initiative looks to inspire a new generation of cybersecurity talent to bring out their 'digital Sherlock Holmes' while schools remain closed.
Legislation, Policy, and Regulation
North Korea's Kim did not have surgery, South says, as shots fired at DMZ (Reuters) North Korean leader Kim Jong Un did not undergo surgery during almost three weeks of absence from public life, a South Korean official said on Sunday, as the two Koreas exchanged gunfire at the Demilitarized Zone (DMZ) separating the two sides.
Citing Cyber Threats, Trump Orders Ban on Buying Energy Sector Equipment from Foreign Adversaries (Nextgov.com) Some stakeholders say Commerce Department rules to implement a similar order about telecommunications equipment from last May are “impossible” to comply with.
Trump signs order to protect the U.S. electricity system: Energy Department (Reuters) President Donald Trump signed an executive order on Friday that seeks to protect the U.S. electricity system from cyber and other attacks in a move that could eventually put barriers on some imports from China and Russia.
Trump Declares National Emergency As Foreign Hackers Threaten U.S. Power Grid (Forbes) President Trump declares cyber-attacks against U.S. power grid a national emergency
Executive Order on Securing the United States Bulk-Power System (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic
The U.K. Should Abandon Plans to Collaborate with Huawei (National Review) The Chinese company, with its ties to the Communist regime, would put British interests at risk.
Pakistan’s anti-India cyber warfare goes unchallenged (The Sunday Guardian Live) Pak-based groups have bought hundreds of domains with the ‘.in’ suffix. New Delhi:For almost the last two weeks, Pakistan-based groups, backed by its spy agency the ISI, have been carrying out a new wave of cyber warfare against India, where they are creating fake Twitter handles and impersonating members of the
Our need to protect cyberspace (SecurityInfowatch) Three takeaways from the Cyberspace Solarium Commission Report
Analysis | The Cybersecurity 202: County election officials detail massive costs of remote voting (Washington Post) Congressional money will cover less than one-fifth of costs in some states.
Litigation, Investigation, and Law Enforcement
Acting Intelligence Chief says he's "increasingly concerned" over handling of sensitive U.S. person information among agencies and orders broad review (CBS News) CBS News has exclusively reviewed the April 29 memo mandating the review.
ODNI’s 2019 Statistical Transparency Report: The FBI Violates FISA…Again (Just Security) Buried in the ODNI's 2019 statistical transparency report—released Thursday—is information about a major instance of non-compliance with the law that ODNI hasn’t previously reported.
Spyware slinger NSO to Facebook: Pretty funny you're suing us in California when we have no US presence and use no American IT services... (Register) Malware maker urges judge to dump lawsuit over WhatsApp phone snooping
NSO Group is disputing claims it used U.S.-based servers to spy on WhatsApp users (CyberScoop) NSO Group is claiming in court that WhatsApp's allegations it used U.S.-based infrastructure to spy on WhatsApp users is false.
WhatsApp warning: How a single phone call hacked phones worldwide (Express) NEWLY published documents have revealed how a single call led to "unauthorised" access of the WhatsApp servers - leaving hundreds of users at risk. Here's what you need to know about this latest WhatsApp hack.
Why an Intelligent Machine Can't Be an Inventor, at Least for Now (National Law Journal) Hogan Lovells partner Celine Crowson says the USPTO's recent inventorship decision was compelled by the patent statutes. In time, Congress may need to rethink them, she says.
FCC Must Cough Up Data On Net Neutrality Rulemaking Fraud (Law360) The New York Times has won its court battle over access to Federal Communications Commission data on possible Russian interference in the agency's rulemaking process that culminated in the controversial rollback of net neutrality.
VW set for Dieselgate legal showdown (Euractiv) Germany's main court for civil and criminal matters will hear a diesel emissions scandal case for the first time next week. The ruling is expected the same day and it could impact proceedings across Europe. EURACTIV Germany reports.
Grand Jury: county, cities and special districts ‘ill prepared’ for cyber attacks (Santa Barbara News-Press) As many workplaces throughout the nation have shifted to video conferencing and online communications as a…
Love Bug's creator tracked down to repair shop in Manila (BBC News) Two decades after the world's first major computer virus, an author finds the perpetrator in Manila.
Remembering ILOVEYOU Virus during the Coronavirus Pandemic (Tech Times) On May 4 will be the 20th anniversary of one of the most destructive viruses in history.