April, 2020

COVID-19: Stages of Re-Entry Planning

Data Breach Today

Pandemic Expert Regina Phelps on How to Strategize for Life After Quarantine As politicians and protesters argue about the merits and timing of emerging from COVID-19 quarantine, crisis management expert Regina Phelps lays out a 10-step re-entry plan. Her word of counsel: "Caution

201
201

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

The Last Watchdog

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fresh COVID-19 Phishing Scams Try to Spread Malware: Report

Data Breach Today

Organizations Targeted With Ransomware, Infostealer Two recently uncovered phishing campaigns used COVID-19 themes as a lure in an attempt to spread ransomware and information stealers, according to Palo Alto Networks' Unit 42 division

TikTok Content Could Be Vulnerable to Tampering: Researchers

Data Breach Today

Video-Sharing Service Does Not Always Use TLS/SSL Encryption TikTok, a video-sharing service, has been delivering video and other media without TLS/SSL encryption, which means it may be possible for someone to tamper with content, researchers say.

Apple Rushes to Patch iOS Zero-Day Flaws

Data Breach Today

Vulnerabilities Have Likely Been Exploited for Years, Researchers Warn Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages

Access 215

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Security Affairs

Group-IB’s CERT-GIB analyzed hundreds of coronavirus -related phishing emails and discovered top malware strains in COVID-19 campaigns. Group-IB’s Computer Emergency Response Team ( CERT-GIB ) analyzed hundreds of coronavirus-related phishing emails between February 13 and April 1, 2020.

More Trending

Another Story of Bad 1970s Encryption

Schneier on Security

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday.

Attackers Increasingly Using Web Shells to Create Backdoors

Data Breach Today

NSA, Australian Signals Directorate, Offer Mitigation Tips The U.S. National Security Agency and the Australian Signals Directorate offer guidance on how to mitigate the growing threat posed by attackers using web shells to create backdoors

A Tale of 3 Breaches: Incident Response Challenges

Data Breach Today

Recent Healthcare Incidents Spotlight Problems That May Worsen Amid COVID-19 Crisis Three recently disclosed health data security incidents - including the discovery of a large email hack that happened nearly a year ago - serve as reminders of the ongoing incident response challenges facing healthcare organizations.

Cybercriminals Using Zoom, WebEx as Phishing Lures: Report

Data Breach Today

Campaigns Aimed at Stealing Credentials, Distributing Malware Cybercriminals are using spoofed messages and images from Zoom and Cisco WebEx as lures in new phishing campaigns that are designed to steal credentials or distribute malware, according to the security firm Proofpoint

New COVID19 wiper overwrites MBR making computers unusable

Security Affairs

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR.

CISA Warns Patched Pulse Secure VPNs Still Vulnerable

Data Breach Today

Hackers Using Stolen Active Directory Credentials to Access Networks CISA issued a warning to organizations running Pulse Secure VPN servers that their networks may still be vulnerable to hacking even if they applied patches for a previous flaw.

Access 200

Microsoft Buys Corp.com So Bad Guys Can’t

Krebs on Security

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million.

Sales 246

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

We’ve come to rely on our smartphones to live out our digital lives, both professionally and personally. When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy.

MDM 162

WHO Confirms Email Credentials Leak

Dark Reading

Washington Post had identified the group as one among several whose passwords and emails were dumped online and abused

Contact Tracing COVID-19 Infections via Smartphone Apps

Schneier on Security

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Details, such as we have them, are here.) It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere.

Paper 114

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild.

Genetic Testing Lab Hack Affects 233,000

Data Breach Today

Second Largest Health Data Breach So Far This Year A California-based genetic testing laboratory has reported an email hacking incident that may have exposed medical information on nearly 233,000 individuals.

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom.

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019.

White-Hat Hackers Help 'Fold' COVID-19 Proteins

Dark Reading

A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease

114
114

How Apple and Google Are Enabling Covid-19 Bluetooth Contact-Tracing

WIRED Threat Level

The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy. Security Security / Privacy

267 Million Facebook identities available for 500 euros on the dark web

Security Affairs

Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords.

Sales 114

Ransomware: Average Business Payout Surges to $111,605

Data Breach Today

When in Doubt: Hang Up, Look Up, & Call Back

Krebs on Security

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening.

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

The Last Watchdog

Application programming interface. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world.

Microsoft Warns of Malware Hidden in Pirated Film Files

Dark Reading

An active campaign inserts malicious VBScript into ZIP files posing as downloads for "John Wick 3," "Contagion," and other popular movies

113
113

Security and Privacy Implications of Zoom

Schneier on Security

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for having both lousy privacy and lousy security.

500,000+ Zoom accounts available for sale on the Dark Web

Security Affairs

Zoom accounts are flooding the dark web, over 500 hundred thousand Zoom accounts are being sold on hacker forums. Over 500 hundred thousand Zoom accounts are available for sale on the dark web and hacker forums.

Sales 114

Cognizant: Ransomware Attack Disrupting Services

Data Breach Today

SEC Filing Shows Company Still Assessing Maze Attack IT services and consulting giant Cognizant is still assessing the damage from a ransomware attack on Friday. And it's warning that the incident is disrupting services to some of its clients and could affect the company's revenue

Would You Have Fallen for This Phone Scam?

Krebs on Security

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable.

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

The Last Watchdog

It can be argued that we live in a cloud-mobile business environment. Related: The ‘shared responsibility’ burden Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure. Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones.

Risk 151

4 Cybersecurity Lessons from the Pandemic

Dark Reading

An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus

The Zoom Privacy Backlash Is Only Getting Started

WIRED Threat Level

A class action lawsuit. Rampant zoombombing. And as of today, two new zero-day vulnerabilities. Security Security / Security News