The Daily 📅 CyberSecurity 🛡️ Brief 📓 [Wednesday, March 25, 2020]
— prepared by @jeanbsu, intelligence briefer & principal analyst 🕵️
Here’s Everything You Need To Know Today — In 10 Minutes Or Less — About The World’s Most Important News, Events & Trends in CyberSecurity.
But before you read on, please like today’s 🛡️ CyberSecurity Brief 📓 by clicking the ❤️ below the headline so it will appear in clever algorithms and more people will read it!
Today’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale
What’s News 📰
Senator Sounds Alarm On Cyber Threats To Internet Connectivity During The Coronavirus Crisis
Sen. Mark Warner (D-Va.) who serves as the vice-chairman on the Senate Intelligence Committee on Wednesday expressed serious concerns about cyber threats to internet connectivity for Americans working from home during the ongoing coronavirus pandemic and wrote letters to network device vendors including Google asking that they shore up the security of their products and bolster defenses against potential attacks—The HillFireEye Sees Recent Spike In Chinese Digital Espionage
U.S. cybersecurity firm FireEye has detected a surge in new cyberspying by suspected Chinese group “APT41” dating back to late January when coronavirus was starting to spread outside China, which was aimed at more than 75 of FireEye’s customers, which include media firms, healthcare organizations, manufacturers and nonprofits—ReutersZoom Is Worth Almost $38 Billion As Video Calls Explode, But Experts Worry About Its Security And Privacy
Zoom is enjoying a record performance as the novel coronavirus forces millions of workers around the world to switch to videoconferencing. But cybersecurity experts have told Business Insider the firm has questions to answer over past security issues, questionable in-app features, and the way it handles user data—Business InsiderRare Cybercrime Enforcement In Russia Yields 25 Arrests, Shutters 'BuyBest' Marketplace
Russian authorities arrested more than two dozen people as part of a law enforcement operation against an alleged network of illicit websites where users bought and sold stolen payment cards and personal data—CyberScoopInfosec Experts Come Together To Fight Wave Of Cyber Threats
Called the COVID-19 CTI League, for cyber threat intelligence, the group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp and Amazon—ARNCanadian Volunteers To Form Cyber Civil Defense Brigade
The mission of the all-volunteer cyber-defense team led by the SecDev Group will be to defend Canada's health-care providers, municipalities, and critical infrastructure from cyber-attacks launched amid the COVID-19 health crisis—InfoSecurity Magazine
DealBook 💸
Impact of Coronavirus Outbreak on Early Stage Venture Investment in Cybersecurity
Last week, Washington, D.C.-based cybersecurity venture capital firm and incubator DataTribe released a brief report on early-stage venture investment in the past decade. Using data from Pitchbook, the company analyzed investment activity for all early-stage ventures and separately for early-stage cybersecurity deals. The analysis covered accelerators, angel investors up to Series A, and venture capital seed and Series A funding rounds—SecurityWeekSepio Systems Announces $4 Million Additional Funding From Munich Re Ventures And Hanaco Ventures
The Rockville, Maryland-based startup Sepio Systems, a rogue device mitigation firm, raised $4 million that supplements the Series A round of $6.5 million announced in November 2019 bringing the total raised to $15 million. In parallel to the investment, Sepio has worked with Munich Re's New Technologies and AI Underwriting team, where the reinsurance leader has validated Sepio's innovative approach to rogue device mitigation to decrease the customer's overall hardware security risk. Sepio will provide a performance guarantee to its customers backed by a subsidiary of Munich Re—Sepio
CyberAttacks ⚔️
EssilorLuxottica Targeted By A Cyberattack
EssilorLuxottica said on Wednesday that it had been targeted by a cyberattack on March 21 which disrupted access to some of its group servers and computers but refused to say if industrial operations had been affected—ReutersTupperware Hit By Card Skimmer Attack
Researchers at Malwarebytes Labs discovered a malicious code hidden inside graphics files on the storage container of the maker's e-commerce website—Dark ReadingDark Web Hosting Provider Hacked Again—7,600 Sites Down
Daniel's Hosting (DH), the largest free web hosting provider for dark web services, has shut down today after getting hacked for the second time in 16 months, ZDNet has learned. Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal's entire database—ZDNet
Data Breaches 🗃️
GE Employees Lit Up With Sensitive Document Breach
In a data-breach notice filed with the State of California, General Electric (GE) noted that it contracts with Canon Business Process Services to process various documents related to human resources matters suffered a data breach in February exposing a wide-ranging number of personally identifiable information (PII) including divorce, death and marriage certificates; benefits information (beneficiary designation forms and applications for benefits such as retirement, severance and death benefits); and even medical child support orders. Other hacked info includes direct-deposit forms, driver’s licenses, passports, tax withholding forms, names, addresses, Social Security numbers, bank account numbers, dates of birth and other information—ThreatPostCincinnati Firm Faces $5 Million Data Breach Lawsuit
Cincinnati freight brokerage company Total Quality Logistics (TQL) is facing a $5 million lawsuit over a data breach that took place on February 23 and leaked customer and carrier information. Carrier data compromised in the attack included tax ID numbers, bank account numbers, and in some cases Social Security numbers. Breached customer data included email addresses, phone numbers, first and last names, and TQL customer ID numbers—InfoSecurity Magazine
CyberThreats 😈
TrickBot App Bypasses Non-SMS Banking 2FA
The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication (2FA) security method used by banks – by fooling its victims into downloading a malicious Android app—ThreatPostMalware Disguised As Google Updates Pushed Via Hacked News Sites
Hacked corporate sites and news blogs using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans. After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites—BleepingComputer
Vulnerabilities 🔓
Apple Update Fixes WebKit Flaws In iOS, Safari
Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS, and iTunes. The most serious flaw in this latest security update, released Tuesday, exists in the WebKit and could enable remote code execution—ThreatPost
Privacy 🔐
Safari Is Now the Best Browser for Blocking Third-Party Tracking
Apple’s default web browser is now the best choice for stopping third-party trackers, and the first browser—beating Chrome to the punch—to block third-party cookies outright—LifeHacker
Technology ⚙️
HP Unveils Advanced Security For Remote Workers—And Shows How To Disinfect Your Laptop
HP has unveiled advanced security for businesses and their remote workforces and disclosed an extensive guide to disinfecting your laptop and other computer equipment. The new offerings include HP Pro Security Edition, HP Proactive Security, and HP Sure Click Enterprise—VentureBeatChrome 83 Offers An Option To See Full URL In Address Bar
Google Chrome browser by default doesn’t show https://, WWW and http:// prefixes for Website URLs in its address bar, if a site is fully secure it shows a padlock icon in place of https://, similarly, Chrome shows “Not secure” text for unencrypted websites—TechDowsMozilla Firefox Gets An HTTPS Only Mode For More Secure Browsing
Mozilla Firefox 76 is getting a new 'HTTPS Only' mode that automatically upgrades all HTTP requests to HTTPS when browsing the web and blocks all connections that can't be upgraded—BleepingComputer
In-Depth 👨💻
Cybersecurity Warning: 10 Ways Hackers Are Using Automation To Boost Their Attacks
Cybercriminals and hackers are also increasingly turning towards automation to help conduct malicious campaigns, making it easier for them to scale up their operations. In fact, almost all of the tools and services used in active hacking campaigns or traded on dark-web forums now have some level of automation – and researchers at security company Recorded Future have analyzed underground economies and detailed 10 of the most common automation services used by hackers to facilitate campaigns—ZDNetInfrastructure Cyberattacks Biggest Concern For Global IT Security Leaders
The study "The Global State of Industrial Cybersecurity" conducted in the fourth quarter of 2019 for OT and IT cybersecurity firm Claroty found that 74% of the 1,000 IT security pros surveyed were more concerned about a cyberattack on critical infrastructure than an enterprise data breach within business IT systems. While 51% of the US respondents said they believe that today's industrial networks are not properly safeguarded and need more protection, another 55% believe that US critical OT infrastructure is vulnerable to a cyberattack—TechRepublicDo DevOps Teams Need A Company Attorney on Speed Dial?
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers—Dark ReadingPassword Vulnerability At Fortune 1000 Companies
Despite often repeated advice of using unique passwords for online accounts—or at least the most critical ones—password reuse continues to be rampant. And, according to breach discovery firm SpyCloud, employees of the Fortune 1000 are just as bad about reusing passwords as the rest of us—HelpNet SecurityYour Social Security Number Costs $4 On The Dark Web, Atlas VPN Report Finds
A new investigation conducted by Atlas VPN based on Flashpoint Intelligence research findings between 2017 and 2019 has uncovered the approximate cost of popular goods and services on the dark web. Social Security Numbers, despite being widely regarded as outdated and insecure, particularly in the wake of the 2018 Equifax hack, are still used as the primary means of identity verification which helps explain why any individual SSN can retail for as little as $4 on the darknet—ForbesCloud-Native Security Considerations For Critical Enterprise Workloads
Johnnie Konstantas, Senior Director, Security Go to Market at Oracle, says that the main reason we are seeing so many headlines around sensitive data leaks and loss is that there are almost too many security tools offered by public cloud providers—HelpNet SecurityOrganizations Are Moving Their Security To The Cloud, But Concerns Remain
Based on a survey of 130 security practitioners, Exabeam's report found that 52% of the respondents started moving to cloud-based security products during or before 2018. Some 18% waited until 2019, 3% began in 2020, 13% haven't yet started, and the rest don't know when they'll migrate. Among those that have kicked off their migrations, more than half have moved at least 25% of their security tools to the cloud, while about one third have moved more than half of their security tools—TechRepublicMissing Patches, Misconfiguration Top Technical Breach Causes
Less than half of businesses surveyed by Automox can patch critical vulnerabilities within 72 hours. Why does the process take so long?—Dark ReadingDeal With Ransomware The Way Police Deal With Hostage Situations
When faced with a ransomware attack, a person or company or government agency finds its digital data encrypted by an unknown person, and then gets a demand for a ransom. As that type of digital hijacking has become more common in recent years, there have been two major ways people have chosen to respond: pay the ransom, which can be in the hundreds of thousands of dollars, or hire computer security consultants to recover the data independently. Those approaches are missing another option that we have identified in our cybersecurity policy studies—The ConversationPython Backdoor Attacks And How To Prevent Them
Python backdoor attacks are increasingly common. Iran, for example, used a MechaFlounder Python backdoor attack against Turkey last year. Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region—HelpNet SecurityBoost Security Defenses Against Kwampirs RAT Malware With New List Of IOCs
ReversingLabs did a forensic analysis of attacks from the Kwampirs remote access trojan (RAT) trojan to understand the malware control structure—TechRepublicLegal Industry At Great Risk From Insider Data Breaches
A staggering 96% of IT leaders in the legal sector say insider breach risk is a significant concern, according to Egress. 77% think employees have put data at risk accidentally in the past 12 months and 78% think employees have put data at risk intentionally. When asked about the implications of these breaches, 36% say financial damage would be the area of greatest impact—HelpNet Security
Today’s CyberSecurity Brief is sponsored by Mostly AI, The World's Most Advanced Synthetic Data Engine That Anonymizes Personal User Data At Scale