News for the cybersecurity community during the COVID-19 emergency
At a glance.
- Contact tracing blues.
- Economic effects of the pandemic on the IT and security sectors.
For more, see our daily update on COVID-19 and the cybersecurity community.
Most companies aren’t prepared to secure data and assets for a surge of remote employees. Whether your VPN is over capacity, new cloud services are coming on-board, or new devices need protection, we have you covered during this critical time. McAfee is offering 3-month subscriptions for Endpoint Protection, Unified Cloud Edge, and CASB to help you scale security to your remote employees. Learn more about these offers at mcafee.com/workfromhome.
For more, see our daily update on COVID-19 and the cybersecurity community.
Thousands of Israeli websites hosted on uPress were defaced early this morning with messages calling for the destruction of Israel. Israel and Iran have been swapping cyberattacks recently, but Haaretz says there's no evidence of a direct Iranian connection to the campaign. The group claiming responsibility calls itself "Hackers of Saviour."
Iranian hackers have been active against government agencies and transportation targets (especially airports), in Saudi Arabia and Kuwait. Bitdefender reports on the activity of the "Chafer" APT, whose goals appear to have been reconnaissance and data exfiltration. The operators relied on social engineering for initial deployment of their payloads.
Malwarebytes today released a report on the recent evolution of the ZeuS banking Trojan, which the researchers call with some justification "the most famous banking Trojan ever released." They've observed a new family built on the old ZeuS framework. It emerged in November of last year, and it's currently being hawked in Russian-speaking criminal-to-criminal markets as "Silent Night." The seller and developer (nom-de-hack "Axe") says it took him much time and many pains to pull together, and he's charging a premium. A "general build" goes for $2000 a month, a "unique build" for $4000. The researchers regard this version as clean and well-made, but not particularly innovative. They expect it to become a product catering to high-end criminals.
Researchers at ESET have an update on the Winnti Group, which continues its practice of using backdoors to attack online gaming companies. The goal is usually theft and monetization of in-game commodities.
Today's issue includes events affecting Australia, Austria, China, Germany, Iran, Ireland, Kuwait, Netherlands, Norway, Saudi Arabia, Switzerland, United Kingdom, and United States.
What the CISOs are saying during the time of the pandemic: notes from a recent ISSA CISO Advisory Council meeting on the improvisation of remote work.
"Everyone kind of across the board agreed, we're moving so quickly that we're probably not making fully understood risk decisions here, that the CISOs are trying to get in front of it, trying to understand, what are the implications of every risk. But we're not able to go fast enough: when you shift from one way of doing work to another basically at the drop of a hat. So one of my favorite recommendations I heard coming out of this is make sure that you're documenting each of the decisions you make as a part of this. And come back and just really consider, is it the right thing to do? If you now are allowing BYOD because you don't have enough laptops across your enterprise, OK, maybe that's the right thing, but maybe it's not. Or maybe you need to put some kind of new mitigation controls in place to allow you to do that BYOD."
—Robb Reck, chief information security officer at Ping Identity, on the CyberWire Daily Podcast, 5.19.20.
Haste and improvisation needn't be thoughtless.
Staying one step ahead of your adversaries is more challenging than ever. Fortunately, deception technology can give new visibility and intelligence in combating threat actors who seek to infiltrate your network.
Join our webinar on May 27 at 12pm EDT to learn how to optimize your deception technology investments to enhance your day-to-day security threat detection and mitigation activities.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CynergisTek, as Caleb Barlow talks about how GDPR may have unintended consequences for stopping COVID-19 scammers. Our guest is Gabriel Bassett from Verizon, on the 2020 Data Breach Investigations Report (DBIR).
And Hacking Humans is up. In this episode, "How scammers fill the gap," Joe has a follow up for a listener, Dave has a story on a possible Disney-styled phishing email, Joe has the skinny on a circular pyramid scheme, The Catch of the Day is a YouTube verification badge for you, and later in the show our interview with Neill Feather from SiteLock. He joins us to explain how scammers fill the gap when popular retail items are sold out.
In this week's episode of CSO Perspectives, "Cybersecurity first principles." the CyberWire's CSO Rick Howard continues his discussion of first principles with an account of zero trust, the next infosec building block.
NCSC discloses multiple vulnerabilities in contact-tracing app (ComputerWeekly) National Cyber Security Centre has received mountains of feedback on the security of the government’s Covid-19 contact-tracing app, and has now taken the step of making multiple disclosures.
Coronavirus: NHSX enlists military innovation hub for Covid-19 app project (ComputerWeekly) Organisations will work together to gather and share coronavirus symptom data from third-party tracker apps.
Prime Minister promises contact tracing by June to support opening of schools (The Telegraph) Unions welcome 'real progress' but say teachers must not be forced back
Apple releases final iOS 13.5 with coronavirus exposure alert support (VentureBeat) Apple's latest iPhone OS release is now available to the general public with COVID-19-inspired features, along with Apple Watch, TV, iPad, and Mac updates.
Apple-Google contact tracing tech draws interest in 23 countries, some hedge bets (ETCIO) Using apps to accelerate contact tracing, in which authorities identify and test people who were recently near a virus carrier, has emerged as a tool ..
New Contact Tracking to Assist in Pandemic (PR Newswire) EnGenius Technologies Inc., a multinational wireless networking company, known for delivering future-proof Wi-Fi solutions for consumers and...
Coronavirus Contact-Tracing Apps Face Another Challenge: Designing a Great User Experience (Wall Street Journal) Health officials consider tracing the contacts of people who test positive for the coronavirus an essential tool for controlling its spread, particularly as states across the U.S. loosen their lockdowns. Developers have rushed to answer the need with apps meant to measure users’ proximity to people with the virus.
Bank of America blames PPP applications leak on faulty SBA test server (ZDNet) BofA says SBA test platform allowed others to view details for its customers' PPP loan applications.
Security problem could affect 130K Ohio unemployment seekers (Dayton Daily News) Deloitte Consulting fixed the problem and has agreed to take immediate steps to prevent unauthorized access in the future, the state said.
Shelter-in-Place Orders Pose Challenges for Government Probes (Wall Street Journal) The novel coronavirus could slow investigations into corporate wrongdoing by prosecutors, regulators and federal agents as shelter-in-place orders and other restrictions force delays to crucial steps in their work.
Cybersecurity Leadership: What's Your 180-Day Plan? (BankInfo Security) Business and security leaders accept that a hybrid workforce is the new norm - some staff members based in a central office and many others permanently working at
Post-COVID-19 security predictions: Where are we heading? (Includes interview) (Digital Journal) What will the future of work look like? One thing appears certain is that the future of work has changed, particularly with remote working and security. A number of experts provide their thoughts to Digital Journal. This is the first in a series.
Covid-19 has proven that Internet needs complete rehaul (ETCIO.com) There is a need for temporary prioritization policies and adhoc networks, so that utilization of the network is maximized as per the given crisis.
IT is the unsung hero of the remote work revolution (1Password Blog) We’ve spoken a lot lately about our experiences as a remote-first company and hope they’ve been useful to others making the change. Today I want to take a different tack, and provide an outward look at how companies are adapting to the sudden changes thrust upon them by COVID-19.
Strong cybersecurity can be a revenue generator – here is why and how (Silicon Valley Business Journal) BRAVE (brāv/) adjective: Ready to face and endure danger or pain; showing courage. “a brave soldier”
Large Tech Companies Prepare for Acquisition Spree (Wall Street Journal) After pushing the pause button during the coronavirus pandemic, big enterprise-technology companies later this year are expected to go on a shopping spree for smaller tech firms, industry analysts say.
WhiteHat Security Offers Free Application Scanning Services to Education Sector for Secure Online Learning (WhiteHat Security) SAN JOSE, Calif., May 21, 2020 – WhiteHat Security, an independent, wholly owned subsidiary of NTT Ltd. and a leading application security provider, today announced that it will offer free application scanning services to any education institution to support secure online learning. When shelter-in-place orders were received, the majority of universities and school districts were …
Post-COVID-19, Coinbase will be a remote-first company (Medium) I sent the note below to employees earlier today. I’m sharing it publicly here in case others find it helpful.
Thousands of websites defaced in cyberattack calling for the 'destruction of Israel' (Haaretz) Hack into website hosting service's server comes a day before Iranian Quds Day, but no link to Iran identified
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia (Bitdefender) Chafer APT is a threat group with an apparent Iranian link. It is known to be active since 2014, focusing on cyber espionage campaigns. Bitdefender has spotted the group targeting critical infrastructure from the Middle East, presumably for intelligence gathering.
Shining a light on “Silent Night” Zloader/Zbot - Malwarebytes Labs (Malwarebytes Labs) In our new paper with HYAS, we dive deep into “Silent Night," a new banking Trojan recently tracked as Zloader/Zbot, and reminiscent of ZeuS.
The “Silent Night” Zloader/Zbot (Malwarebytes) ZeuS is probably the most famous banking Trojan ever released. Since its source code leaked, various new variants are making the rounds. In the past we wrote about one of its forks, called Terdot Zbot/Zloader.
Video game developers under siege by cyberattacks seeking to plunder in-game cash (ZDNet) The Winnti Group is targeting gaming vendors once more with a new backdoor.
No “Game over” for the Winnti Group (WeLiveSecurity) ESET researchers have discovered a new, modular backdoor that they named PipeMon and that was used by the Winnti Group against several South Korea- and Taiwan-based companies that develop MMO (Massively Multiplayer Online) games.
ShinyHunters Is a Hacking Group on a Data Breach Spree (Wired) In the first two weeks of May, they've hit the dark web, hawking 200 million stolen records from over a dozen companies.
Crooks Tap Google Firebase in Fresh Phishing Tactic (Threatpost) Cybercriminals are taking advantage of the Google name and the cloud to convince victims into handing over their login details.
Beware of phishing emails urging for a LogMeIn security update (Help Net Security) LogMeIn users are being targeted with fake security update requests via email, which lead to a spoofed phishing page that looks like the real deal.
Home Chef confirms 8 million user records stolen in breach (TechCrunch) The home delivery service's customer database is listed for sale on a dark web marketplace.
BlockFi discloses failed hack attempt after SIM swapping incident (ZDNet) BlockFi says a hacker SIM swapped an employee to gain access to its platform, but the hacker failed in their attempt to steal BlockFi customer funds.
Could EV charging stations pose a security risk to the grid? (FierceElectronics) The rise in use of electric vehicles could unwittingly expose the grid to vulnerabilities, NYU researchers find.
Powys Council apologises after residents' names and addresses published on its website (Hereford Times) Powys Council has apologised to people whose personal data was published on the authority's web page.
Chrome 83 released with massive security and privacy upgrades (BleepingComputer) Google has released Chrome 83 today, May 19th, 2020, to the Stable desktop channel, and it includes massive security and privacy overhaul changes for its users.
Signal to move away from using phone numbers as user IDs (ZDNet) Signal launches profile PINs, the first step in supporting Signal user accounts that are not tied to phone numbers.
Signal fixes location-revealing flaw, introduces Signal PINs (Help Net Security) Signal PINs will, eventually, allow users not to use their phone number as their user ID. Users will be able to backup important data.
Facebook Messenger Adds Safety Alerts—Even in Encrypted Chats (Wired) By using metadata instead of content to spot suspicious behavior, the social network can keep privacy intact.
NTT’s 2020 GTIR shows attack volumes up as cyber criminals innovate faster, automate attacks (Digital News Asia) Attackers using Covid-19 pandemic to launch attacks on vulnerable organizations Tech tops most attacked industry list for first time, toppling finance with 25% of attacks NTT Ltd, a global technology services provider, yesterday, launched its 2020 Global Threat Intelligence Report (GTIR), which reveals that despite efforts by organisations to layer up their cyber defences, attackers are continuing to innovate faster than ever before and automate their attacks.
Here are the four verticals most targeted by bad bots (iTWire) The data sought by cybercriminals vary from one vertical to another, whether banking credentials, medical records, pricing information or confidential research, to name just a few. In some cases, cybercriminals write and deploy very sophisticated bots to overc...
Checkmarx to Lay Off Dozens of Workers, Proving Even Unicorns Aren’t Immune to Covid-19 (CTECH) A month after completing a $1.15 billion exit, the Israeli-based cybersecurity company is “restructuring”
Deep Instinct Vies With McAfee And CrowdStrike For $17B Market (Forbes) CrowdStrike faces a formidable challenger in Manhattan-based Deep Instinct. Which can save companies the most money by fending off cyberattacks before they happen?
DigiCert Names Jason Sabin as CTO (Security Boulevard) Sabin brings decades of experience creating best-in-class technology, as well as a passion for engineering and innovation. LEHI, UT (May 19, 2020) —
Top 25 Cyber Execs to Watch in 2020: Splunk's Juliana Vida (WashingtonExec) In the spring of 2019, Juliana Vida became Splunk's first-ever chief technical adviser, a position created to leverage her extensive military and
Cybereason and Wandera Partner to Empower Customers in Detecting Cross (PRWeb) Cybereason, a leader in endpoint protection, and Wandera, a leader in mobile threat defense and zero trust network access, today announced a partnership that will prov
Jamf Adds macOS Malware Prevention and Unified Log Forwarding to Help Organizations Keep Users, Devices and Company Data Secure (Jamf) In the current environment, more organizations are examining their remote employee and work-from-home policies. With employees using their computers at home, new security risks emerge.
Latest Update to StackRox Kubernetes Security Platform Augments Runtime Security with Streamlined Analysis and Incident Response (StackRox: Kubernetes and container security solution) New capabilities developed in collaboration with enterprises and federal government customers enable accurate analysis and faster incident response for containers and Kubernetes environments
AttackIQ Simulations Now Available in Microsoft Defender ATP Evaluation Lab (BusinessWire) AttackIQ announces the availability of its simulations in the Microsoft Defender ATP evaluation lab.
Cellebrite Rebrands Digital Intelligence Solutions Suite (Inside NoVa) Cellebrite, the global leader in Digital Intelligence (DI) solutions for public and private sectors, today announced it has rebranded the industry's most
Your data is *your* data: Our approach to creating privacy-conscious antivirus software (Security Boulevard) Emsisoft is a privacy-conscious antivirus company. We’ve developed our software to provide excellent malware protection without infringing on your privacy. The post Your data is *your* data: Our approach to creating privacy-conscious antivirus software appeared first on Emsisoft | Security Blog.
CyberArk expert on taking a proactive approach to risk management (Intelligent CIO Middle East) CIOs and CISOs at organisations across the globe are currently dealing with an unprecedented challenge as they look for the best way possible to keep employees secure and productive. David Higgins, EMEA Technical Director, CyberArk, talks to Jess Phillips about how IT leaders can best adopt a proactive approach to cybersecurity to reduce their risk […]
How DDoS protection is like a car’s airbags (Security Brief) Just as someone would never remove the airbags from their car simply because they have never had a serious accident, so they should not cut back on cyber defences just because they hadn’t had a major attack in a while.
Twitter is testing a feature that limits who can reply to your tweets (TechCrunch) Twitter today acknowledged that it has begun testing a new setting that lets users limit who can reply to tweets. The setting was first noted earlier this year. Similar to Facebook’s post view settings, the current implementation features a small glove icon in the corner. Tapping on it brings up a …
This platform will help train AI algorithms for the military (C4ISRNET) Labelbox has already won a contract to study how their machine learning training data platform can be integrated with U.S. Air Force efforts.
Tech's Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite (Register) AV maker denies allegation, says researcher is 'looking for attention'
Is the Brain a Useful Model for Artificial Intelligence? (Wired) Thinking machines think just like us—but only up to a point.
Patented technology designed to stop tiny errors from crashing large health care, supply chain systems (Purdue University) The COVID-19 pandemic has forced public health, supply chain, transportation, government, economic and many other entities to interact in real time. One of the challenges in large systems interacting in this way is that even tiny errors in one system can cause devastating effects across the entire system chain.
Illinois Students Advance to National Finals in Cybersecurity Challenge (MyRadioLink) For Immediate Release Illinois Students Advance to National Finals in Cybersecurity Challenge Springfield, IL ...
White House report blasts Chinese ‘malign activities’ (Washington Post) The White House has issued a broad-scale attack on Beijing’s predatory economic policies, military buildup, disinformation campaigns and human rights violations
Executive order boots “foreign adversaries” from US electric grid over security concerns (CSO Online) White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.
The connection between the ISA84 Annex H on process sensor cyber security and Presidential Executive Order 13920 (Control Global) On Thursday May 14th, 2020 Simon Clarke, Herman Storey, and I presented “Annex H Smart Field Devices – Digital Interface Security” to about 40 members of the joint ISA84 (process safety- Safety Instrumented Systems-SIS)/ISA99 (control system cyber security) working group for their review.
Huawei says US is only hurting itself with sanctions (Telecoms.com) Huawei has said US aggression will only hurt its own economic prospects as the risk of two distinct markets becomes much clearer
Commander Discusses a Decade of DOD Cyber Power (U.S. DEPARTMENT OF DEFENSE) While the U.S. Cyber Command's mission has evolved over the last decade, defense of the nation in cyberspace remains as important as ever.
Reexamining the Solarium Commission’s Proposal for a National Cyber Director (Lawfare) The recent Cyberspace Solarium Commission Report recommended establishing a national cyber director and accompanying office. But if enacted as described, the proposal will set up this important office to fail.
Security Clearance Flagged After Cybersecurity Phishing Scam Snagged Real Estate Funds (ClearanceJobs) The second and third order effects and the idea that this literally can happen to anybody, just goes to show you the importance of cybersecurity in today’s business world.
PM won’t face criminal investigation over Hacker House (Prolific North) Boris Johnson and the Greater London Authority (GLA) won’t face a criminal investigation into their dealings with an American businesswoman.
Suspect arrested for stealing €1.1 million through phishing SMS (NL Times) The police arrested a 21-year-old man from Groningen on Monday morning on suspicion of various cases of online payment fraud. Among other things, he is suspected of scamming a Noord-Holland man out of 1.1 million euros with a phishing SMS last year.
Equifax finally coughs up the money for its 2017 monster hack… to the banks for having to cancel your cards (Register) What did happen to the $125 everyone was promised?
Taiwan Cyber-Attack Mystery Makes Legal Punishment Unlikely (Bloomberg Law) A cyberattack against a state-owned energy company in Taiwan is unlikely to spur legal punishment because of difficulties identifying the culprit.
Warner asks intel chief to fork over underlying 'unmasking' intel on Michael Flynn (POLITICO) It’s not clear whether Republicans will endorse any aspects of Warner’s request, though the Senate intel panel has operated on a relatively bipartisan basis.
Graham announces vote on subpoenas for Comey, Obama-era intel officials (TheHill) Senate Judiciary Committee Chairman Lindsey Graham (R-S.C.) announced Monday evening that his panel will vote June 4 on a subpoena authorization to review documents and communications and solicit testimony from an array of senior Obama-era officia
Michael Flynn’s name was never masked in FBI document on his communications with Russian ambassador (Washington Post) The ‘unmasking’ of Flynn’s name mostly relates to calls other than his conversations with Sergey Kislyak.
Investigation into Russia probe origins reaching 'tipping point,' says former top Trump adviser (Fox News) Former Deputy National Security Adviser K.T. McFarland said that she believes that the U.S. is reaching a "tipping point" in the investigation into the origins of the Russia probe.
Supreme Court blocks House from Mueller grand jury material (Washington Post) The Supreme Court is temporarily preventing the House of Representatives from obtaining secret grand jury testimony from special counsel Robert Mueller’s Russia investigation
Cybersecurity Firm Sues Advent Over Nixed $1.9B Takeover (Law360) Forescout Technologies Inc. launched a lawsuit in Delaware state court Wednesday alleging that Advent International violated the terms of its planned $1.9 billion takeover of the cybersecurity firm by pulling out of the deal, and asking the court to compel the private equity firm to complete the transaction.
US Puts More Telecoms On Notice For Routing Virus Scams (Law360) The U.S. government has shot off a second wave of warning letters to telecoms routing coronavirus-related phone scams into the country after federal regulators successfully put a stop to similar bogus calling campaigns last month.
Facebook Beats Texas TCPA Suit Over Unwanted Texts (Law360) A Texas federal judge on Wednesday tossed a proposed class action alleging Facebook Inc. violated the Telephone Consumer Protection Act by sending text messages to consumers who were on the National Do Not Call Registry, finding that the messages at issue aren't solicitations.
Facebook Wants Door Shut On UK Users In US Privacy Suit (Law360) Facebook has urged a California federal judge not to allow some of its users in the United Kingdom to join U.S. multidistrict litigation over the Cambridge Analytica data privacy scandal, saying U.K. users already agreed to bring claims against the social media giant elsewhere.
Chicagoland Used Car Dealer Hit With Fingerprint Privacy Suit (Law360) A Chicago-area used luxury car dealer was hit Tuesday with proposed class claims in Illinois state court that it violated the state's biometric privacy law by requiring workers to scan their fingerprints for timekeeping without obtaining informed consent.
Sued Cybereason Employee says Company Lied About him to Prevent Move to Competitor (CTECH) After resigning from his position at cybersecurity company Cybereason, Yonni Shelmerdine had to see his former employer in court, facing allegations of trade secret and intellectual property theft that he says sullied his good name
210 days prison for crypto CEO who held 13k child abuse & beastiality files (HackRead) A Crypto firm’s CEO got around just 6 months in prison for possessing 13,000 Child abuse & beastiality files depicting infant/child and animal sexual abuse.
For a complete running list of events, please visit the Event Tracker.
Georgetown Law 2020 Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2020) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don’t know what they don’t know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
Techno Security & Digital Forensics Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private sectors. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. Educational sessions cover topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, Forensics, Investigations, Information Security, and Sponsor Demos. Learn from industry experts, connect with leading suppliers, and discover the latest innovations in cybersecurity and digital forensics.