E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F
-
The Internet is drowning in COVID-19-related malware and phishing scams [Dan Goodin, Ars Technica / Condé Nast]
- see also: Fighting Coronavirus-Themed Ransomware and Malware
- Phishing Attack Says You’re Exposed to Coronavirus, Spreads Malware
- Fake Corona Antivirus Software Used to Install Backdoor Malware
- CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware
- coronavirus-covid-19-SARS-CoV-2-IoCs
-
Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps [Lawrence Abrams, Bleeping Computer]
-
Free Cyber Safety Resources during COVID-19 [Guest Authors, Tripwire]
- see also: Stay Healthy, Stay Secure
-
Hackers Take Advantage of Zoom’s Popularity to Push Malware [Sergiu Gatlan, Bleeping Computer]
- see also: Zoom Cancels All Work On New Features After Latest Security Alerts
- and: Zoom, the video conferencing app everyone is using, faces questions over privacy
- Who’s Zooming Who? Guidelines on How to Use Zoom Safely
-
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic [Kristen Setera, FBI Boston]
-
Security and Microsoft Teams – Addressing Threats to Teams Meetings [Microsoft]
-
Public health vs. personal privacy: Choose only one? [Tony Anscombe, WeLiveSecurity / ESET]
-
Unauthorised Data Access Alert [University of Utah Health]
-
Integrating Cybersecurity and Enterprise Risk Management (ERM) [draft] [NIST]
- see also: Untangling Third-Party Risk
- and: Quantifying Cyber Risk: Why You Must & Where to Start
-
Three More Ransomware Families Create Sites to Leak Stolen Data [Lawrence Abrams, Bleeping Computer]
-
Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant [Eric Saraga, Varonis]
-
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits [FireEye]
-
6 ways attackers are exploiting the COVID-19 crisis [Dan Swinhoe, CSO / IDG Communications]
-
SANS Security Awareness Work-from-Home Deployment Kit [SANS Institute]
- see also: Working from Home during COVID-19? What You and Your Organization Need to Consider
-
COVID-19: With everyone working from home, VPN security has now become paramount [Catalin Cimpanu, Zero Day / CBS Interactive]
- see also: Alert (AA20-073A) – Enterprise VPN Security
-
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings [Jeff Greene, NIST NCCoE]
- see also: List of Free Software and Services During Coronavirus Outbreak
-
How coronavirus COVID-19 is accelerating the future of work [Larry Dignan, Zero Day / CBS Interactive]
-
They Come in the Night: Ransomware Deployment Trends [Kelli Vanderlee, FireEye]
- see also: Human-operated ransomware attacks: A preventable disaster
-
There Are Plenty of Phish in the Sea [Alastair Paterson, SecurityWeek / Wired Business Media]
- see also: Phishing Victims From a CDN’s Point of View
-
RiskSense Spotlight Report Finds WordPress and Apache are Most Weaponized Web and Application Frameworks [RiskSense]
- see also: WordPress to add auto-update feature for themes and plugins
-
Shadowserver 2020 Urgent Need – Just The Summary [Shadowserver]
-
Making the case for hardware 2FA in the enterprise [J.M. Porup, CSO / IDG Communications]
- see also: Enroll security keys on more devices
-
Hacking a network, using an ‘invisibility cloak’ – Is it that simple? [Pierluigi Paganini / Sepio Systems, Security Affairs]
-
The Biggest Gap in Cybersecurity is Empathy [Jack Danahy, Alert Logic]
-
University of Kentucky Defeats Month-Long Cyber-Attack [Sarah Coble, Infosecurity / Reed Exhibitions]
- see also: Inside a massive cyber hack that risks compromising leaders across the globe
-
Top cybersecurity facts, figures and statistics for 2020 [Josh Fruhlinger, CSO / IDG Communications]
-
Ransomware Attackers Use Your Cloud Backups Against You [Lawrence Abrams, Bleeping Computer]
- see also: Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft
-
Coronavirus-themed scams and attacks intensify [Zeljka Zorz, Help Net Security]
- see also: How Threat Actors are Abusing Coronavirus Uncertainty
-
How Security Leaders at Starbucks and Microsoft Prepare for Breaches [Kelly Sheridan, Dark Reading / Informa]
-
How to write an effective information security policy [Mary K. Pratt, CSO / IDG Communications]
-
Securing Content Management Systems [Australian Cyber Security Centre]
-
Microsoft: 99.9% of compromised accounts did not use multi-factor authentication [Catalin Cimpanu, Zero Day / CBS Interactive]
-
Time to Stop Overlooking DNS Security [Mark Fieldhouse, NS1 / Infosecurity / Reed Exhibitions]
-
The War of Passwords: Compliance vs NIST [Rita Nygren, Tripwire]
-
Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef [Kieren McCarthy, The Register]
-
Personal information of students, faculty at B.C. university exposed in recent data breach [Carly Yoshida-Butryn, CTV News / Bell Media]
- see also: Names, birthdays, email addresses of thousands potentially exposed in SFU data breach
-
Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices [Lawrence Abrams, Bleeping Computer]
- see also: DoppelPaymer Ransomware Launches Site to Post Victim’s Data
- and: Ransomware victims are paying out millions a month. One particular version has cost them the most
-
Ransomware Response: Mature Cybersecurity Must Involve Data Analytics [James Stanger, CompTIA]
-
Hackers are actively exploiting zero-days in several WordPress plugins [Catalin Cimpanu, Zero Day]
- see also: Critical Bugs in WordPress Plugins Let Hackers Take Over Sites
-
Hackers Use Windows 10 RDP ActiveX Control to Run TrickBot Dropper [Ionut Ilascu, Bleeping Computer]
-
‘Cloud Snooper’ Attack Bypasses Firewall Security Measures [Sergei Shevchenko, Sophos]
-
Educating Educators: Microsoft’s Tips for Security Awareness Training [Kelly Sheridan, Dark Reading]
-
CWE list now includes hardware security weaknesses [Zeljka Zorz, Help Net Security]
- find it here: cwe.mitre.org/
-
Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves [Katyanna Quach, The Register]
-
Introducing Dispatch [Kevin Glisson, Marc Vilanova and Forest Monsen, Netflix]
-
Chrome 80 update cripples top cybercrime marketplace [Catalin Cimpanu, Zero Day]
- see also: New Deep-Linking Feature in Google Chrome 80 Sparks Privacy Concerns
- and: Web Browser Privacy: What Do Browsers Say When They Phone Home?
-
Russian spies are attempting to tap transatlantic undersea cables [Pierluigi Paganini, Security Affairs]
-
How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer [Lily Hay Newman, WIRED / Condé Nast]
-
Zim hacker granted bail to attend Swiss hackathon [Samuel Mungadze, IT Web]
-
Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security [Sergiu Gatlan, Bleeping Computer]
- see also: Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
-
8.4 million: Number of DDoS attacks researchers saw last year alone [Help Net Security]
-
5 Strategies to Secure Cloud Operations Against Today’s Cyber Threats [Chris Christou and Brad Beaulieu, Dark Reading]
-
Admins beware! Microsoft gives heads-up for ‘disruptive’ changes to authentication in Office 365 email service [Tim Anderson, The Register]
-
Are CISOs ready for zero trust architectures? [Vladimir Jirasek, Foresight Cyber / Help Net Security]
- see also: To Rank or Not to Rank Should Never Be a Question
-
Top 10 web hacking techniques of 2019 [James Kettle, PortSwigger Research]
-
Whodat? Enumerating Who “owns” a Workstation for IR [Rob VandenBrink, SANS ISC]
-
The Ecosystem of Phishing: From Minnows to Marlins [Photon Research Team / Digital Shadows]
-
Up close and personal with Linux malware [Tomáš Foltýn, WeLiveSecurity / ESET]
- see also: The Linux Foundation identifies most important open-source software components and their problems
-
Cybersecurity alliance launches first open source messaging framework for security tools [Charlie Osborne, Zero Day]
-
New Mozart Malware Gets Commands, Hides Traffic Using DNS [Lawrence Abrams, Bleeping Computer]
-
Is your phone listening to you? [Jake Moore, WeLiveSecurity / ESET]]
-
Data Encryption on Android with Jetpack Security [Jon Markoff, Google Security Blog]
-
Jon Callas: Encryption is a technology that rearranges power [Mirko Zorz, Help Net Security]
-
Dutch university paid $220,000 ransom to hackers after Christmas attack [Graham Cluley]
- see also: TA505 Hackers Behind Maastricht University Ransomware Attack
- and: Response of Maastricht University to FOX-IT report
-
Denver’s Regis University paid ransom to “malicious actors” behind campus cyberattack [Elizabeth Hernandez, The Denver Post]
- and at least one with a slightly more positive spin: A week on from the cyber attack, Dundee and Angus College has made excellent progress in re-establishing business as normal.
-
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events [NIST NCCoE]
-
Battling online coronavirus scams with facts [David Ruiz, Malwarebytes Labs]
-
Cybersecurity in 2020: From secure code to defense in depth [Eric Knorr, CSO / IDG Communications]
-
The future of DNS security: From extremes to a new equilibrium [Mirko Zorz, Help Net Security]
-
Protecting Organizations from Customized Phishing Attacks [Alethe Denis (guest author), Tripwire]
-
Cisco Patches Critical CDP Flaws Affecting Millions of Devices [Sergiu Gatlan, Bleeping Computer]
-
Unit 42 CTR: Leaked Code from Docker Registries [Jay Chen, Palo Alto Networks]
-
RobbinHood – the ransomware that brings its own bug [Paul Ducklin, Sophos]
-
Safer Internet Day [CISA]
- see also: Social Robots Teach Cyber Safety
-
The intelligence coup of the century [Greg Miller, The Washington Post]
-
Ransomware attacks are causing more downtime than ever before [Danny Palmer, Zero Day]
-
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events [NIST National Cybersecurity Center of Excellence (NCCoE)]
-
New web service can notify companies when their employees get phished [Catalin Cimpanu, Zero Day]
-
How to protect your privacy from Facebook [Steven J. Vaughan-Nichols, Zero Day]
-
Cybersecurity: A guide for parents to keep kids safe online [Charlie Osborne, Zero Day]
-
Microsoft discloses security breach of customer support database [Catalin Cimpanu, Zero Day]
-
Travelex recovering from ransomware, but more firms at risk of VPN exploit [Bradley Barth, SC News / CyberRisk Alliance]
-
ProtonVPN apps handed to open source community in transparency push [Charlie Osborne, Zero Day]
-
Self-driving cars: The hunt for security flaws steps up a gear [Daphne Leprince-Ringuet, Zero Day]
-
Network Security Perspective on Coronavirus Preparedness [Johannes B. Ullrich, SANS ISC]
-
Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats [Stephen Hilt et al, Trend Micro research]
-
University Hit by Ransomware, Almost All Windows Systems Compromised [Bogdan Popa, SoftNews]
- see also: Cyber attack – a summary
-
Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following ‘cyber attack’ [Shaun Nichols, The Register]
- see also: University of Giessen offline for security reasons
- and: Open letter of Justus Liebig University Giessen
-
Proof-of-concept exploits published for the Microsoft-NSA crypto bug [Catalin Cimpanu, Zero Day]
- see also: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
- and: Microsoft Patch Tuesday crypt32.dll Vulnerability Overview
-
Another reason to hurry with Windows server patches: A new RDP vulnerability [Sean Gallagher, Ars Technica]
-
Windows 7 end of life: Security risks and what you should do next [Danny Palmer, Zero Day]
- see also: How To Restrict Internet Access Using Group Policy
-
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up [Brian Krebs, Krebs on Security]
- see also: Sodinokibi Ransomware Publishes Stolen Data for the First Time
-
From DNS hijacking to domain fronting – SANS security pros offer retrospective on 2019 threat predictions [Emma Woollacott, The Daily Swig/PortSwigger]
-
Cyber security world first as unique guide is launched [UK NCSC]
- Get it here: www.cybok.org/resources/
-
Are universities prepared for cyberattacks? [Study International]
-
Former Twitter CISO shares his advice for IT security hiring and cybersecurity [Bill Dewiler, Zero Day]
-
OUT OF CONTROL – How consumers are exploited by the online advertising industry (from: https://www.forbrukerradet.no/out-of-control/) [Forbrukerrådet]