— The cybersecurity community during the COVID-19 emergency
()
Sweden’s Coronavirus Strategy Will Soon Be the World’s (Foreign Affairs) Herd Immunity Is the Only Realistic Option—The Question Is How to Get There Safely
Is the Virus China’s Sputnik? (Foreign Affairs) What a Pandemic Reveals About Two Systems
Trump administration plans to issue alert that Chinese hackers are targeting vaccine research (Washington Post) Officials said there is no indication that any attempt to steal information has succeeded.
()
18 State Attorneys General Urge Congress to Investigate Beijing's Pandemic Coverup (Epoch Times.) Attorneys general for 18 U.S. states have urged congressional leaders to investigate the Chinese regime's role in the ...
Iran’s continuing cyber-mischief during the coronavirus crisis (AIJAC) Iranian hackers and propaganda networks have been working overtime during the novel coronavirus pandemic.
Facebook and other companies are removing viral ‘Plandemic’ conspiracy video (Washington Post) Conspiracy theories have flourished during the pandemic.
Twitter launches labels, warnings on misleading COVID-19 information (Rueters) Twitter Inc will add labels and warning messages on some tweets with disputed or misleading information about COVID-19, the company said on Monday, as part of a new approach to misinformation that will eventually extend to other topics.
Conspiracy theories slow public 5G adoption (but private 5G gets a boost) (InsiderPro) When radio waves, viruses and tin foil hats collide. How the coronavirus crisis is changing how, where and why 5G is being deployed.
Gov. Whitmer becomes target of dozens of threats on private Facebook groups ahead of armed rally in Lansing (Detroit Metro Times) Dozens of angry Michiganders, fueled by conspiracy theories and disinformation about the coronavirus, are promoting violence and mobilizing armed rallies against Gov. Gretchen Whitmer on...
UK said to be on verge of major technology shift for Covid-19 contact-tracing app (ComputerWeekly) Technology community awash with reports of potential sea change in much-publicised and much-criticised app away from controversial centralised database
UK contact-tracing app developers hit back at effectiveness and privacy doubts (ComputerWeekly) Pre-eminent scientists continue to defend NHS contact-tracing app from criticism of its effectiveness and the use of centralised data-gathering.
Contact-tracing app hits teething troubles as minister confirms changes could be made (ComputerWeekly) UK contact-tracing saga continues as UK government releases details of impact assessment on the app and admits that adaptations and even total change in form are not off the table.
NHS contact-tracing app ethics board kept in the dark over trial (The Telegraph) Members of an Ethics Board designed to scrutinise the app are frustrated at communications from NHSX
In the US, Support for Privacy Trumps Fear of Pandemic (CyberNews) We asked Americans how they feel about giving up privacy during the coronavirus lockdown. Their answers were surprising, to say the least.
Secureworks warns of cybercriminals targeting US stimulus funds - (Enterprise Times) Secureworks Counter Threat Unit researchers have seen an increase in tax identity theft as threat actors seek to steal stimulus checks
Trend Micro: COVID-19 related malware and spam on the rise (SecurityBrief) “The shift to remote working has been a huge change for many businesses, as they have had to quickly adopt new technology and processes, which in turn has made many vulnerable to cyber-attacks.
NetSTAR Sees Rise in Phishing Scams Related to COVID-19 (PR Newswire) At NetSTAR (https://www.netstar.io), we continually scan the internet to identify and categorize web threats. Over the past 3 months we have...
Banks failing to protect customers from coronavirus fraud (ComputerWeekly) Just 13 of the 64 banks accredited for the government’s Coronavirus Business Interruption Loan Scheme have implemented Dmarc protection.
COVID-19's channel impact in eight graphs: Demand levels slump in third CRN snapshot poll (CRN) Although respondents less worried than they were…
CIOs highlight lockdown positives, citing improved collaboration, productivity and innovation (Computing) 'We've seen more innovation in six weeks than in the past 10 years,' says one CIO, as Computing speaks to some of the UK’s top IT leaders to find out what they’ll be bringing from the COVID-19 pandemic into the post-lockdown world
The Global Cyber Center by Sosa joins C5 Capital’s international cyber defence Alliance to support the healthcare sector through COVID-19 (Sosa) The Global Cyber Center operated by SOSA is proud to join the Cyber Alliance to Defend our Healthcare, uniting with luminaries in the cybersecurity world to help combat the unprecedented series of cyberattacks that the healthcare sector has experienced in recent months.
Healthcare Providers to Receive Cyber Incident Response Services at No Cost from Atlantic Data Forensics (PR Newswire) In response to an unprecedented increase in ransomware and data breach activity during the COVID-19 pandemic, Atlantic Data Forensics, Inc., a...
Cyber Attacks, Threats, and Vulnerabilities
Iran reports failed cyber-attack on Strait of Hormuz port (ZDNet) Iranian officials said hackers infiltrated and damaged a small number of computers at the port of Shahid Rajaei in the city of Bandar Abbas.
Cyber attack targets Iranian port near Strait of Hormuz (The Jerusalem Post) The Iranian official stated that he did not have any information about the origin of the cyber attack
Security cabinet: Israel didn't expect Iran cyberattack on water system (The Jerusalem Post) 'This was an attack that goes against all codes, even in war. This is an attack that cannot be done.'
Is a cyber war brewing in the Middle East? (The Jerusalem Post) In the Middle East there has been an increased role of cyber war and cyber security, much as the region is also at the forefront of experiments with new weapon systems.
US to call out another round of North Korean hacking (CyberScoop) The report drops on the third anniversary of the WannaCry attack, which the U.S. blamed on North Korea.
Astaroth malware hides command servers in YouTube channel descriptions (ZDNet) Astaroth continues to evolve into a dangerous threat. Luckily, it's only spreading in Brazil only, right now.
Researcher finds 1,236 domains infected with credit card stealers (BleepingComputer) A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure web shops.
Chatbooks, a reported 'Shiny Hunters' hacking victim, confirms breach (CyberScoop) Chatbooks, a photo-printing startup is alerting its users about a data breach in which hackers stole some customers’ personal information.
PerSwaysion phishing attack now uses legitimate accounts to bypass blocklists and filters (SC Magazine) Sophisticated “PerSwaysion” phishing attack sent from a legitimate but compromised vendor account allows emails to bypass any mass blocklists and filters.
Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks (SecurityWeek) A researcher has identified several Thunderbolt vulnerabilities, dubbed Thunderspy, that expose millions of laptops and desktop computers to evil maid attacks
Texas court systems hit by cyberattack (TheHill) The information technology office supporting the Texas judicial system was hit by a ransomware attack that took down websites and interrupted legal proceedings.
Texas courts slammed by ransomware attack (ZDNet) Officials say they will not bow to any blackmail or ransom demands.
Texas Courts Latest Victim Of Inevitable Ransomware Crush (Law360) Cybersecurity insiders were not surprised Monday by Texas' state judiciary becoming the latest U.S. institution to be hit by ransomware, while early reports of the attack's limited impact suggest that court officials had prepared for such a scenario.
Data likely stolen as Stadler IT system hit by cyber-attack (International Railway Journal) Stadler's IT system was targeted with a cyber-attack last week, the company has announced, with malware used to steal information.
Hacked Law Firm Informs Clients Like Lady Gaga and Bruce Springsteen of Data Breach (Variety) Major media and entertainment law firm Grubman Shire Meiselas & Sacks said that after its internal data systems were hacked — and a vast trove of information on its clients was stolen…
Pitney Bowes hit by Maze in second ransomware attack in a year (ComputerWeekly) Shipping services firm falls victim to Maze ransomware just seven months after a previous major attack
ATM Maker Diebold Nixdorf Hit by Ransomware (SecurityWeek) ATM maker Diebold Nixdorf confirmed that some IT systems were infected with ransomware, but the company said ATMs or customer networks were not impacted.
Ransomware Hit ATM Giant Diebold Nixdorf (KrebsOnSecurity) Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations.
Ransomware attack will cost $50 - $70 million this quarter alone, Cognizant says (Computing) Attack, which came as firm was preparing for Covid measures, was a 'perfect storm' CEO says
Cyber Bureau urges cautiousness in sharing personal information (The Himalayan Times) The Cyber Bureau of Nepal Police has urged the public to be careful regarding fraudulent calls and emails that claim to be from 'Cyber Crime' and 'Cyber Security'.
Rowhammer memory attacks close in on the real world (InsiderPro) This theoretical security problem is becoming all too real. Expect to see a major Rowhammer security exploit within the next year as attackers tap GPUs, FPGAs and more to accelerate the process. Here's how to protect yourself.
No, this Virginia Beach sailor doesn’t want your love or money. It’s a scam, and he’s a victim too. (Virginian-Pilot) Thirty-year-old Mike Sency is the victim of a long-running series of scams that steal photos of service members and use them to swindle money out of people online. And with the coronavirus pandemic keeping people inside, it’s gotten even worse.
Vulnerability Summary for the Week of May 4, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
34 CISCO security updates issued, 12 being rated as a high priority (SC Magazine) Of 34 CISCO security updates, eight impact the company’s Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defence Software.
Slack now strips location data from uploaded images (TechCrunch) Metadata, including location data, can out sources and deanonymize whistleblowers.
Cyber Trends
SiteLock’s 2020 Annual Security Review: The Top Website Threats Impacting Your Business (SiteLock) Cybercrime is on the rise, and attacks don’t show any signs of slowing down. In 2019, the world witnessed some of the largest-scale cyberattacks in history, including the First American breach that exposed almost 900 million customer transaction records and the Facebook database leak that revealed nearly 500 million personal records.
2020 Open Source Security and Risk Analysis (OSSRA) Report (Synopsys) The 2020 OSSRA report offers an in-depth look at the state of open source security, compliance, and code quality risk in commercial software.
()
Nearly 70% of Financial Services Companies Globally Have Experienced a Cyberattack (PR Newswire) Keeper Security, provider of the leading cybersecurity platform for preventing password-related data breaches and cyberthreats, today revealed...
Attacks on cloud storage double while phishing website blockages soar by 230% (SC Magazine) Group-IB uncovers ‘tremendous increase’ of phishing resource blockages in the second half of 2019 as the duration of attacks grows.
Ransomware costs double if you pay up (SC Magazine) New report finds average cost of recovery is US$ 1.4 million (£1.1 million) if organisations pay the ransom, but US$ 730,000 (£593,000) if they do not. A quarter of victims admit paying up.
Marketplace
Darktrace primed for huge IPO (Business Weekly) Cambridge-based cyber security world leader Darktrace continues to work towards an IPO – possibly in the US and UK – next year after growing its market capitalisation to more than $2 billion. Sources close to the company say Darktrace would have hit the markets by now had it not been for the coronavirus pandemic. Ironically, while frustrating the projected float, the crisis
Ontic Raises $12 Million in Series A Funding Round Led (AiThority) Ontic, the protective intelligence software platform developed to help businesses proactively address physical safety
ForAllSecure Awarded $45 Million Contract to Deploy Mayhem Across Branches of U.S. Department of Defense (PR Newswire) ForAllSecure, a NEA portfolio company, today announced that Mayhem, its next-generation fuzzing solution, is being deployed across multiple...
Semiconductor companies consider new plants in the US (Defense News) A spokesman for the biggest American chip maker says it is in discussions with the U.S. Defense Department about improving domestic technology sources.
Huawei Struggles to Get Along Without Google (Wall Street Journal) Chinese smartphone giant Huawei, barred by the U.S. from buying American technology, has found a lot of workarounds—but is having a hard time replacing Google, on which it has relied for a decade.
Microsoft opens IoT bug bounty program (Naked Security) Microsoft really wants to secure the Internet of Things (IoT), and it’s enlisting citizen hackers’ help to do it.
vArmour’s Kate Kuehn Recognized as One of CRN’s 2020 Women of the Channel (Yahoo) vArmour, the leader in Continuous Application Relationship Management, today announced that CRN®, a brand of The Channel Company, has named Kate Kuehn, Senior Vice President, to its 2020 Women of the Channel list. Kate was brought on to the vArmour
Mike Kelly defends new role with Palantir after quitting Parliament due to health issues (The Canberra Times) Former member for Eden-Monaro Mike Kelly has defended taking a role with a US technology company, after resigning from Parliament due to ongoing health issues.
KnowBe4 Promotes Colin Murphy to Chief Information Officer (MarketScreener) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has promoted special...
ThreatX Names Software Executive Tom Hickman as Chief Product Officer (businessWire) ThreatX has appointed Tom Hickman to its leadership team as the Chief Product Officer
Products, Services, and Solutions
HID’s IdenTrust and Keyfactor Collaborate to Solve Enterprise Digital Certificate Procurement and Lifecycle Management Challenges (BusinessWire) HID Global, a worldwide leader in trusted identity solutions, and Keyfactor, a provider of secure digital identity management solutions, today announc
Exostar Releases Risk Mgmt Suite for Cybersecurity Audits (ExecutiveBiz) Exostar has unveiled a risk management tool that will help organizations under the Defense Industrial Base that intend to independently conform to the National Institute of Standards and Technology's Special Publication 800-171 security controls.
IDIQ Launches DataBreachIQ Services to Help Businesses Prepare, Manage Data Breaches (PR Newswire) IDIQ, the company behind the credit and identity theft monitoring IdentityIQ® brand, today launched DataBreachIQ® services to help businesses...
Mission Secure Launches First Look OT Cybersecurity Reconnaissance for Remote ICS Cybersecurity Intelligence and Risk Management (PR Newswire) Mission Secure, an industry-leading industrial control system (ICS) cybersecurity company, announced the launch of its First Look OT...
Avanan Introduces First-of-its-kind Cloud-Based Security for Slack (Globe Newswire) Avanan, the leading security solution for cloud-based email and collaboration suites, announced today new security protocols to protect Slack.
MITRE ATT&CK Framework Addition (Bricata) Bricata's latest product release includes support for the MITRE ATT&CK framework, support for high-density data nodes, and workflow improvements.
KPMG LLP Intelligent Data Privacy Offering Addresses California Consumer Privacy Act (Appian) With the help of Appian, KPMG makes it possible for companies to act quickly and streamline the process as they respond to new privacy regulations.
Onfido and Sidehide to bring immunity passports to the travel industry (Onfido) Swiss-based travel tech startup Sidehide teams up with AI-based identity company Onfido to develop technology that enables safe return to travel
Gigamon ThreatINSIGHT Delivers Rapid Threat Detection and Risk Mitigation During Times of Unprecedented Change (BusinessWire) Gigamon announces latest version of its ThreatINSIGHT Network Detection and Response solution during times of unprecedented change.
802 Secure Announces Wireless IT and IoT Cybersecurity Protection for Remote Office Worker (PR Newswire) 802 Secure, an industry-leading provider of Wireless IT and IoT Security solutions today announced it has released a solution to help protect...
Onapsis Expands Mission-Critical Application Offerings to Cover Operational Resiliency, Audit Efficiency and Cyber Risk Assessments (BusinessWire) Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced expanded assessments for its Business Risk Illustrat
New Sudo Features Integrate Popular Privileged Access Application Into Enterprise Security and IT Strategies (One Identity) Nearly ubiquitous across Linux deployments, Open Source Sudo software allows a user to act as another user...
Asigra Partners with Priseda to Power Private Cloud DRaaS and Cybersecurity (IT News Online) Asigra Partners with Priseda to Power Private Cloud DRaaS and Cybersecurity
Bitglass Integrates CrowdStrike’s Machine-Learning Technology to Provide Zero-Day Advanced Threat Protection in the Cloud (BusinessWire) Bitglass, the Next-Gen Cloud Security Company, announced today that it has partnered with CrowdStrike®, a leader in cloud-delivered endpoint protectio
Portshift Achieves Red Hat Container Certification for Cloud-Native Workload Protection Platform (Benzinga) Certification Helps Drive Application Resiliency and Deployment Agility for Container-Based Workloads on Red Hat Platforms
'Channel-First' IoT Security Startup Ordr Launches Partner Program (CRN) IoT security startup Ordr, led by former Aruba Networks execs, has launched its global partner program, which provides "maximum flexibility for a variety of partner business models."
Technologies, Techniques, and Standards
What If the Pentagon Skipped 5G? (Defense One) The answer to the headaches and security risks of next-generation mobile communications just might be a technological leap past them.
Build a Culture of Holistic Risk Awareness Throughout Your Workforce (Security Intelligence) Here are several strategies for building a culture of risk awareness throughout your workforce in such a way that workers aren't just looking for specific threats, but are also thinking holistically about risk at all times.
Reactive security no longer works: Crowdstrike CTO (ETCIO.com) Every single enterprise compromised by ransomware attacks had next generation firewalls and other security in place. Yet that’s not enough, says Cro..
Securely Deploying IPv6 in 2020 Part 1: Internet Facing Perimeter (Black Hills Information Security) Joff Thyer // Introduction If there is anything that the start of 2020 has taught us, it is that Internetworking services are in higher demand than ever before. IPv4 is exhausted, and by that I mean there is none, it is tired, worn out, overused, abused, and beyond its end of life. Besides our heroic …
Design and Innovation
Why a single online name and social cards will be the new norm (Help Net Security) Single online names and social cards: what exactly are these tools, and how do they empower consumers that want to take back control of their data?
Microsoft, Intel Introduce 'STAMINA' Approach to Malware Detection (SecurityWeek) Microsoft and Intel have been working together on a new approach to malware detection that involves deep learning and the representation of malware as images.
Twitter to label 'misleading' virus content (France 24) Twitter to label 'misleading' virus content
()
Research and Development
Trend Micro Research Identifies Critical Industry 4.0 Attack Methods (BusinessWire) Trend Micro today released research describing how advanced hackers could leverage new attack vectors to sabotage smart manufacturing environments.
Legislation, Policy, and Regulation
What’s preventing a respite from the broken US-Russia relationship? (Defense News) Arms control is a natural starting point for U.S.-Russia rapprochement. However, three main challenges hinder any headway.
Govt commits $37 million for telco resilience against natural disasters (CRN Australia) Upgrades to mobile base stations, backup comms facilities and more.
()
US Risks Losing 5G Standard Setting Battle To China, Experts Say (Breaking Defense) "We need some coherency around what we're actually doing on the public policy front, and we need some more technical coordination ... so we could at least be at the stage where we're still on the field, versus sitting on the sidelines trying to figure out how to catch up," said Brookings fellow Nicol Turner Lee.
DHS Acting Secretary Wolf Announces New Homeland Security Advisory Council Members (Security Magazine) Acting Secretary of Homeland Security Chad F. Wolf introduced seven new members to the Homeland Security Advisory Council (HSAC).
Impartial reviews needed if Congress to solve its Ligado problem (C4ISRNET) Congress must select a technically competent and impartial entity such as the National Academy of Sciences to help solve confusion over whether a plan from Ligado Networks will cause GPS interference.
USCYBERCOM Documents Timeline (National Security Archive Cyber Vault) For the past few years the National Security Archive Cyber Vault project has been identifying and collecting records on USCYBERCOM through several methods including
Analysis | The Cybersecurity 202: Florida becomes hot spot in the election security wars (Washington Post) The perennial swing state is the only state that hasn’t said it will accept federal election money.
Democrats move to allow remote voting or a virtual summer convention (Washington Post) Party leaders have not decided how the event in Milwaukee will be conducted but are expanding their options.
CMMC: A strategic perspective (Federal News Network) Exostar’s Stuart Itkin he gives a nuanced perspective on several aspects of Cybersecurity Maturity Model Certification.
Litigation, Investigation, and Law Enforcement
The Confessions of the Hacker Who Saved the Internet (Wired) At 22, Marcus Hutchins put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.
In 2013, Edward Snowden leaked top-secret National Security Agency documents showing how the U.S. was spying on its citizens. Here’s what happened next. (Washington Post) Reporter Barton Gellman on how he met NSA whistleblower Edward Snowden and broke the explosive news about the American government's surveillance program.