The Daily 📅 CyberSecurity 🛡️ Brief 📓 [Monday, March 30, 2020]
— prepared by @jeanbsu, intelligence briefer & principal analyst 🕵️
Here’s Everything You Need To Know Today — In 10 Minutes Or Less — About The World’s Most Important News, Events & Trends in CyberSecurity.
But before you read on, please like today’s 🛡️ CyberSecurity Brief 📓 by clicking the ❤️ below the headline so it will appear in clever algorithms and more people will read it!
Today’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale
What’s News 📰
Ransomware Attacks Are The Last Things Hospitals Need Now
In response to coronavirus-related cybercrime, a number of ad hoc, informal volunteer networks of cybersecurity first responders have sprung up to help health care organizations deal with online threats during this crisis—SlateAir Force Ramps Up Use Of White-Hat Hackers To Test Its IT Networks
The U.S. Air Force is going beyond traditional bug bounty programs and ramping up its use of ethical hackers to simulate wartime attacks on its IT networks signing a $75 million contract with cybersecurity firm Dark Wolf in an effort to strengthen its IT enterprise by penetration testing internal networks—FedScoop
Thales, Telstra, Microsoft, And Arduino Working On Scalable IoT Security With GSMA Standard
Thales and Telstra have collaborated with Microsoft and Arduino to implement a GSMA solution that would allow trusted and secure end-to-end communication between device and cloud in order to pave way for scalable security for connected IoT devices—IoT NewsCybersecurity Pro Who Contracted COVID-19 After Attending The RSA Conference Has Returned Home After Weeks At The Hospital On A Ventilator
Chris Tillett, who works for the security company Exabeam, got sick after attending the cybersecurity conference RSA, the last major tech trade show before large gatherings were canceled due to the virus and is now home with his wife and twin babies after several weeks in a Connecticut hospital on a ventilator. —Business InsiderHackerOne Drops Mobile Voting App Vendor Voatz
Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne—Dark ReadingCoronavirus-Themed Spam Surged 14,000% In 2 Weeks Says IBM
Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group—TechRepublic
CyberDeal 💸
Houseparty App Offers $1 Million rewards To Unmask Entity Behind Hacking Smear Campaign
The video conferencing desktop and mobile application denies getting hacked after multiple reports in British media and said it would pay a $1 million bounty to anyone who could unmask the entity behind what the company described as "a paid commercial smear campaign"—ZDNet
CyberAttacks ⚔️
Phishing Attack Says You're Exposed to Coronavirus, Spreads Malware
A new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been in contact with a colleague, friend, or family member who has tested positive for the COVID-19 virus—BleepingComputerA Mysterious Hacker Group Is Eavesdropping On Corporate Email And FTP Traffic
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today—ZDNetBanking Malware Spreading Via COVID-19 Relief Payment Phishing
The Zeus Sphinx (also known as Zloader and Terdot) is a malware strain that was initially spotted back in August 2015 when its operators used it to attack several British financial targets and it is almost entirely based on the Zeus v2 Trojan's leaked source code (just as Zeus Panda and Floki Bot)—BleepingComputer
DataBreaches 🗃️
Personal Details For The Entire Country Of Georgia Published Online
A file containing personal information for 4,934,863 Georgians has been published on a hacker forum over the weekend—ZDNet
CyberThreats 😈
FBI: Watch Out For 'Zoom-Bombings' On Online Video Meeting Apps
The FBI’s Boston field office is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions, recounting 2 hijacking incidents involving local schools that were using Zoom to conduct online classes—PCMagThere's "An Uptick In Cybersecurity & Cyberthreats" With Remote Work: Okta Co-Founder
Okta Co-Founder & COO Frederic Kerrest joins Yahoo Finance’s Zack Guzman and Brian Cheung to discuss the outlook on cybersecurity as more people turn to work at home amid the coronavirus outbreak—Yahoo FinanceHacker Hijacks YouTube Accounts To Broadcast Bill Gates-Themed Crypto Ponzi Scam
A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates—ZDNet
CyberVulnerabilities 🔓
Vulnerabilities Expose Lexus, Toyota Cars To Hacker Attacks
Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same system is also used in other models, including LS and ES series — has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car—SecurityWeek
Privacy 🔐
UK's ICO Says Mobile Tracking Is Legal During COVID-19 Crisis
UK's Information Commissioner's Office (ICO) has announced over the weekend that the government can use anonymized mobile phone tracking data to help fight the current coronavirus pandemic—BleepingComputerZoom To iPhone Users: We're No Longer Sending Your Data To Facebook
Zoom removes the feature from its iOS app after finding it wasn't necessary for delivering its service—ZDNetGo Google-Free: We Pick Privacy-Friendly Alternatives To Every Google Service
As privacy concerns grow, companies like Google and Facebook that rely on data collection and advertising for revenue are increasingly in the spotlight. But is it really possible to give up Google's vast range of services? Here are my recommended alternatives—ZDNet
CyberTech ⚙️
Instantly Secure Your Entire Home Network With Syfer’s VPN Router
The best way to protect your personal data is to use a VPN. Setting up such services can be a hassle, but not with SYFER. This small device hooks up to your home Wi-Fi network to provide instant protection—including a robust firewall. It raised over $745k on Indiegogo, and you can get it now for $169.99 at the XDA Developers Depot—XDA DevelopersMicrosoft Edge To Warn Of Credentials Leaked In Data Breaches
Microsoft is introducing a new feature in its latest Web browser called "Password Monitor" that will alert users if their login credentials have been leaked in data breaches, as long as a user is using login auto-fill—BleepingComputerLinux's WireGuard VPN Is Here And Ready To Protect You
Linus Torvalds has released the newest version of the Linux 5.6. It includes many new and neat features like USB4 support, a fix for the 32-bit Epoch problem, multi-path TCP, and numerous driver patches. The biggest news of all is that Linux now has the popular open-source Virtual Private Network (VPN) WireGuard baked in—ZDNet
In-Depth Cyber 👨💻
Organizations Are Not Properly Set Up To Manage Risk, Coronavirus Pandemic Reveals
Organizations’ current approach to risk governance is not sufficient to tackle the complex risk environment organizations are facing today, according to Gartner. The COVID-19 pandemic is just the latest in a line of recent risk events showing how organizations are not properly set up to manage risk, especially fast-moving ones—HelpNet SecurityResearchers Spot Sharp Increase In Zoom-Themed Domain Registrations
Cybercriminals are setting up numerous fake Zoom domains to try and take advantage of users who want to use the videoconferencing tool to connect with friends, family, and colleagues during the ongoing COVID-19 crisis—Dark ReadingRDP And VPN Use Skyrocketed Since Coronavirus Onset
The use of remote access technologies like RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) has skyrocketed 41% and 33%, respectively, since the onset of the coronavirus (COVID-19) outbreak—ZDNetA Computer Weekly Buyer’s Guide To Zero-Trust Security
Zero-trust is a conceptual architectural model that uses micro-perimeters and micro-segmentation to secure corporate networks. In this 12-page buyer’s guide, Computer Weekly looks at why trust should be considered a security risk and the need for additional authentication strategies to ensure all data and devices have an appropriate level of security—Computer WeeklyEfficient Cybersecurity Response Requires Profiling Of Data Breaches
Much like police officers follow the clues to find the culprits and arrest them, cyber investigators must follow the breadcrumbs to identify the source of a data breach and measure the scope of data impacted. But that’s only part of the job – and hopefully not the most frequent one!—DigitalistHow To Pick The Right Cybersecurity Vendor For Your Business
In this new environment, you should enlist the services of trusted cybersecurity organizations to help you maintain the best security practices. Before you engage with a cybersecurity vendor, you need to ask the following questions: Are they reputable?; Are they qualified?; Are they accessible?; Do they understand your business?; Are they offering a deal?; What is their plan if something goes wrong?—Inc MagazineHow To Protect Yourself From Cyberattacks When Working From Home During COVID-19
Many cybercriminals are seeking to exploit our thirst for information as a vector for attacks: Attackers are using COVID-19-themed phishing e-mails, which purport to deliver official information on the virus, to lure individuals to click malicious links that download Remote Administration Tools (RATs) on their devices—World Economic ForumSecuring Your Remote Workforce: A Coronavirus Guide For Businesses
In response to the coronavirus pandemic, organizations worldwide are implementing work-from-home policies. Yet for many businesses, managing an entirely remote workforce is completely new, which means they may lack the processes, policies, and technologies that enable employees to work from home safely and securely—Dark ReadingCybersecurity In The Time Of COVID-19
The COVID-19 pandemic overlaps the fields of public health and cybersecurity in ways never observed before, generating sobering reminders of underlying problems and unheeded warnings that have continued to characterize both fields in the United States for decades—Council on Foreign RelationsShould You Hire A Specialized Cybersecurity Recruiter?
Steve Velasco, a senior cybersecurity recruiter at NinjaJobs, a community of information technology veterans devoted to helping companies find vetted, experienced cybersecurity professionals, says that while there certainly seems to be a shortage in cyber talent, that shortage is usually tied to geography—and especially so when it comes to incident response, DevSecOps, threat intelligence, and penetration testing—HelpNet Security
Today’sToday’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale