The Daily 📅 CyberSecurity 🛡️ Brief 📓 [Friday, March 27, 2020]
— prepared by @jeanbsu, intelligence briefer & principal analyst 🕵️
Here’s Everything You Need To Know Today — In 10 Minutes Or Less — About The World’s Most Important News, Events & Trends in CyberSecurity.
But before you read on, please like today’s 🛡️ CyberSecurity Brief 📓 by clicking the ❤️ below the headline so it will appear in clever algorithms and more people will read it!
Today’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale
What’s News 📰
FTC Warns VoIP Providers To Stop Facilitating Coronavirus Scams
The U.S. Federal Trade Commission warned 9 VoIP service providers against assisting and facilitating illegal robocalls designed to capitalize on public anxiety surrounding the Coronavirus pandemic. Until March 30, the nine companies are required to email the FTC the specific actions taken to ensure that their services are not used in Coronavirus-related telemarketing schemes breaking the Telemarketing Sales Rule (TSR)—BleepingComputerThe U.S. Plans To Dig Up The Dead For New Cyber-Defense Building
The United States government is planning to relocate a family cemetery in Maryland to make way for a new 418-square-foot site cyber-defense facility—InfoSecurity Magazine
CyberDeal 💸
Will Coronavirus Stall DoD’s Silicon Valley Outreach Efforts?
While DoD funds may continue to move, VC funding is the lifeblood for many of the technology firms that the Pentagon is interested in. Given the sharp economic downturn of the past two weeks, will VC firms still look to invest in companies whose payout from the Pentagon may take significantly longer than the normal turnaround sought by venture capital?—DefenseNewsLORCA Launches Open Call For Fifth Cohort Of Cyber-Scaleups
A global open call has been launched by the London Office for Rapid Cybersecurity Advancement (LORCA) for its fifth cohort of cyber-scaleups. The selection criteria will be focused on companies which aim to solve issues brought to the fore by the COVID-19 pandemic, such as tackling disinformation and improving the security of remote working—InfoSecurity Magazine
CyberAttacks ⚔️
Hong Kong Targeted In New Sweeping Mobile Malware Campaign
A new spate of iOS and Android mobile malware attacks capable of taking control of devices, and tracking GPS location, phone call history, contacts, and text messages have been unleashed on targets in Hong Kong in the last several months, according to multiple cybersecurity companies—CyberScoopU.S. Small Business Administration Grants Used as Phishing Bait
Attackers are attempting to deliver Remcos remote access tool (RAT) payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA). Despite using broken English within the phishing emails, the malicious actors made sure that the overall layout is as close as possible to the real thing, using the official U.S. SBA logo and footer info as IBM X-Force Threat Intelligence researchers found—BleepingComputerCybercriminals Attack KEEN Shoe Drive For People Affected By Coronavirus Pandemic
KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots—TechRepublicWhy Microsoft's Office 365 Has Become An All-Access Pass For Phishers To Exploit
Cybercriminals are tapping into the widespread use of Office 365 to spread malware in an attempt to steal account credentials, according to email security provider Vade Secure—TechRepublic
DataBreaches 🗃️
Virgin Media Could Pay Over $4.5 Billion For Leak Affecting 900,000 Customers
Between April 2019 and late February 2020, a misconfigured database exposed customer information including full names, email addresses, birthdates, and contact phone numbers. For some users, it exposed requests to block or unlock pornographic or explicit content. If accessed, the data could give cybercriminals the means to launch phishing attacks of blackmail customers—Dark ReadingToronto Residents’ Data Improperly Shared With Councilor’s Office In Privacy Breach
More than 7,000 Torontonians are being told their personal information was improperly disclosed to a city councilors’ office, the Star has learned—The Star
CyberThreats 😈
A Mysterious Hacker Group Is Eavesdropping On Corporate Email And FTP Traffic
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today—ZDNetA Network Of Fake QR Code Generators Will Steal Your Bitcoin
A network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks. The 9 websites provided users with the ability to enter their Bitcoin address, a long string of text where Bitcoin funds are stored, and convert it into a QR code image they could save on their PC or smartphone—ZDNet
CyberVulnerabilities 🔓
Acros Micropatches Block Exploitation Of Microsoft Windows Zero-Days Under Attack
While we wait for Microsoft to provide fixes for the 2 new Windows RCE zero-days that are being exploited in “limited targeted Windows 7 based attacks,” ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws—HelpNet Security
Privacy 🔐
Who Is Listening To Your Zoom Call? Concerns Grow Over App's Security
When Boris Johnson hosted the country’s first-ever videoconferenced Cabinet meeting on Tuesday, the event took place not through secret military video calling technology, but through Zoom. That is the same app being used around the world for everything from virtual exercise classes to choir rehearsals.—The Telegraph
In-Depth Cyber 👨💻
Be Extra Vigilant About Cybersecurity During a Crisis
Cybercriminals love a crisis. With many more people working remotely, they are undoubtedly poised to capitalize on security flaws, but there are several things you can do to protect yourself and your company—HBRQuantum Entanglement Breakthrough Could Boost Encryption, Secure Communications
Researchers at the University of Glasgow have published details of a new way to reliably create particles that are well-suited to use in quantum communications, which could lead to the unhackable communication protocols that have long been pitched as one of the most useful applications of the technology—ZDNetWho Should Be Responsible For Critical Infrastructure’s Cybersecurity?
New research from industrial cybersecurity company Claroty found that 87% of U.S. respondents said that it’s the federal government’s responsibility to ensure the security of critical infrastructure, the lowest number among the five countries polled—Fifth Domain
Today’sToday’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale