The Daily 📅 CyberSecurity 🛡️ Brief 📓 [Thursday, March 26, 2020]
— prepared by @jeanbsu, intelligence briefer & principal analyst 🕵️
Here’s Everything You Need To Know Today — In 10 Minutes Or Less — About The World’s Most Important News, Events & Trends in CyberSecurity.
But before you read on, please like today’s 🛡️ CyberSecurity Brief 📓 by clicking the ❤️ below the headline so it will appear in clever algorithms and more people will read it!
Today’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale
What’s News 📰
Commission Suggests Creating Reserve Force Of Civilian Cybersecurity Experts
The new congressional “Inspired to Serve” report completed by the National Commission on Military, National, and Public Service suggests piloting a reserve corps for federal civilian cybersecurity, along with several other recommendations to support the government’s effort to attract and retain cybersecurity talent—Fifth DomainAmid Pandemic, Expert Says U.S. Election Is 'Trivially Hackable'
The plot could make for a gripping action film: a pandemic overwhelming the world's last superpower as it prepares for a high-stakes election. But as the coronavirus sweeps the U.S., cybersecurity expert Harri Hursti — who stars in a new HBO documentary on election hacking — says the pandemic is being used by adversaries like Russia to sow confusion and ultimately weaken democracy—NewsyCybersecurity Experts Say Hacking Risk Is High For Mobile Voting
While Senators Amy Klobuchar and Ron Wyden push to expand vote-by-mail programs, a small group of companies argues for an alternative, one they claim will boost voter participation nationwide: mobile voting—Bloomberg LawWork Continues On The Cybersecurity Maturity Model Certification Rollout Amidst Coronavirus Disruption
The rollout of the Department of Defense‘s new cybersecurity standards and certification process will continue on-track despite the coronavirus’ disruptions to the Pentagon’s workforce, top program officials said Thursday—FedScoopState-Sponsored Hackers Are Trying To Pose As Journalists In Phishing Attacks
On Thursday, Google shared new findings on how government-backed attackers have been trying to target Google users in recent months. “Upon reviewing phishing attempts since the beginning of this year, we’ve seen a rising number of attackers, including those from Iran and North Korea, impersonating news outlets or journalists,” wrote Google security engineering manager Toni Gidwani in the post—PCMagAs Zoom Booms, Incidents Of ‘ZoomBombing’ Become A Growing Nuisance
Officials at Zoom have released tips for users of their video-conferencing platform to help avoid getting “Zoom-bombed” by trolls and even more serious threat actors during online meetings—ThreatPost
CyberDeal 💸
Cybersecurity Investors Take Varying Approaches Amid Market Turmoil
Amid falling valuations and opportunity created by the pandemic, strategies for investing in cybersecurity startups are varying widely with approaches ranging from pullbacks to ramped up investing, venture investors say—WSJHumio Raises $20 Million In Series B Funding
The Danish-based company provides a real-time observability solution for DevOps, ITOps, and security professionals, enabling data aggregation, exploration, reporting, and analysis from various sources. The platform aggregates log data from a company’s applications, desktops, servers, and devices—SecurityWeek
CyberAttacks ⚔️
Ryuk Ransomware Keeps Targeting Hospitals During The Pandemic
The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Just this morning PeterM of Sophos tweeted that a U.S. health care provider was attacked and encrypted overnight by Ryuk—BleepingComputer
DataBreaches 🗃️
AMD Confirms Hacker Stole Information On Graphics Products
A hacker who uses the online moniker “Palesa” claims to have obtained source code files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden, the codename for the GPUs that will power Microsoft’s upcoming Xbox Series X consoles—SecurityWeekMedical And Military Contractor Kimchuk Hit By Data-Stealing Ransomware
The Danbury, Conn.-based manufacturer, which builds electronics for medical equipment, telecoms systems, and energy grids, and also makes nuclear modules for the Navy—work that often requires security clearance—was infected and knocked offline earlier this month by DoppelPaymer, a newer strain of ransomware that exfiltrates data out of an infected network before encrypting user files. If a victim doesn’t pay the ransom to decrypt their files, the DoppelPaymer group will begin publishing the contents of their victim’s network. When the company did not pay, the hackers began publishing portions of Kimchuk’s network including the company’s payroll records, broker approvals, and purchase orders—TechCrunchCyber Insurer Chubb Had Data Stolen In Maze Ransomware Attack
Major cybersecurity insurance provider for businesses hit by data breaches, has itself become a target of a data breach. Chubb told TechCrunch it was investigating a “security incident” involving the unauthorized access to data belonging to an unnamed third-party—TechCrunch4 Ways To Prevent Data Breaches
When it comes to breaches, there are no big fish, small fish, or hiding spots. Almost every type of organization – including yours – has critical personally identifiable information (PII) stored. Storing PII makes you a target regardless of size, industry, or other variables, and all it takes is one employee thinking a phishing attempt is legitimate. That means everyone’s at risk. Here are four ways (plus one) your organization can beef up its data security barriers and prevent data breaches: Train employees; Simulate phishing attacks; Evaluate accounts; Review your user account lifecycle processes—HelpNet Security
CyberThreats 😈
More Telework Also Means More Porn—And That's Good News For Hackers
Porn is one of hackers' favorite tools, and it may be more effective if a company's employees decide that what's typically NSFW— not safe for work—is safe for working from home during the coronavirus outbreak—GPBFake Google Chrome Update Contains Nasty Malware: Avoid This Right Now
Cybercriminals have created fake Google Chrome browser updates that infect Windows users with many kinds of malware in a multi-step but relentless process, Russian antivirus firm Dr. Web has found—Tom’s GuideIf You Get A 'Best Buy Gift Card' On A USB Drive In The Mail, Don't Plug It Into Your PC
Security firm Trustware has uncovered a rare attempt to hack a Windows computer that involved mailing the user a malware-laden USB thumb drive, part of a $50 gift card offer from Best Buy—PCMagApple iOS users served mobile malware in Poisoned News campaign
Apple iOS smartphone users in Hong Kong are being targeted in a new campaign dubbed Operation Poisoned News which uses links posted on a variety of forums popular with Hong Kong residents that to lead to news stories but also infects with malicious code, according to Trend Micro researchers—ZDNet
CyberVulnerabilities 🔓
Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic
A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses—BleepingComputerCritical CODESYS Bug Allows Remote Code Execution
A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code—ThreatPost4G Networks Vulnerable To Denial Of Service Attacks, Subscriber Tracking
We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, on occasion, security problems in these protocols rear their heads -- and Positive Technologies (PT)'s latest Diameter networks' report reveals a serious issue in 4G networking—ZDNet
CyberTech ⚙️
Google Says No Advanced Protection Program Users Have Been Phished To Date
Google touted today the impressive features of its Advanced Protection Program (APP), that includes extra security protections that are not available to regular Gmail users, revealing that no user who signed up for the program has been phished to date, even if repeatedly targeted—ZDNet
In-Depth Cyber 👨💻
Booz Allen Analyzed 200+ Russian Hacking Operations To Better Understand Their Tactics
The largest private contractor for the U.S. intelligence community has published a comprehensive report this week detailing 15 years (2004 to 2019) of cyber operations carried out by Russia's military hackers finding that Russia’s GRU military hackers follow predictable patterns based on a public military doctrine—ZDNetCyber Incidents Call For Privacy Counsel And Litigation Counsel
Many companies, especially large ones, now have experienced and certified in-house privacy counsel devoted to cybersecurity and privacy. However, if a cyber incident or breach occurs or is suspected, these in-house experts often rely on outside counsel to help them navigate the scenario—Bloomberg LawAs Coronavirus Fear Grips The World, Email Attacks Related To The Pandemic Shoot Up By 667%
The number of coronavirus COVID-19-related email attacks has increased by 667% since the end of February, according to a new report by Barracuda Networks: A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. Between March 1 and March 23, Barracuda detected 467,825 spear-phishing email attacks, and 9,116 of those detections were related to COVID-19, representing about 2% of attacks—News18Across-The-Board Increase In DDoS Attacks Of All Sizes
There has been a 168% increase in DDoS attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall in 2019 vs. 2018, according to Neustar—HelpNet SecurityHow Hospitals Can Be Proactive To Prevent Ransomware Attacks
The coronavirus is putting a strain on healthcare facilities and increasing cybersecurity risks. Here are steps hospital IT admins can take to prevent ransomware and safeguard patient data—TechRepublic3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Even as enterprises begin to allow more and more access to sensitive information via mobile devices, there remain 3 mobile security problems that most security teams have yet to fix: Allowing malware to be a distraction, when the real threat is mobile phishing; Misunderstanding application security; Trusting your mobile operating systems—Dark ReadingSingapore Is Most Exposed, But Also Most Prepared In Cybersecurity: Deloitte
Singapore faces the highest cybersecurity risk in Asia-Pacific due to its high internet adoption rate, but it is also the most prepared to deal with it in terms of policies and organizational readiness. On the other end of the spectrum, Indonesia faces the least risk exposure and is also the least prepared to handle cybersecurity incidents—ZDNetCybersecurity: This Attack Is The Most Common Threat You Will Face
Almost half of businesses have experienced a cyberattack or data breach in the past year – and almost all of the organizations that know they've been on the receiving end of attacks have reported being targeted by phishing and other fraudulent emails as the volume of these attacks continues to rise—ZDNetSecurity Not A Priority For SAP Projects, Users Report
A vast majority (68.8%) of SAP users believe their business placed an inadequate focus on IT security during SAP implementations, Turnkey Consulting reports in a new study on SAP security. More than half (53.4%) said it was "very common" to find SAP security flaws in the audit process—TechRepublic
Today’sToday’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale
