One Identity released a global survey that reveals attitudes of IT and security teams regarding their responses to COVID-19-driven work environment changes. The results shed insight into IT best practices that have emerged in recent months, and how organizations rushed to adopt them to maintain a secure and efficient virtual workplace. Cloud computing has been a lifesaver 99% of IT security professionals said their organizations transitioned to remote work because of COVID-19, and only a … More
The post As offices emptied and remote work became the norm, security teams struggled appeared first on Help Net Security.
Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia. IoT devices most infected The report found that internet-connected, or IoT, devices now make up roughly 33% of infected devices, up from about 16% in 2019. The report’s findings are based on data aggregated from monitoring network traffic on more than 150 million devices globally. Adoption … More
Dr. Reddy’s, the Indian contractor for Russia’s “Sputinik V” COVID-19 vaccine was hit with a cyber-attack that forced the company to close its plants.
Indian COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories was hit with a cyber attack that forced it to shut down its plants in Brazil, India, Russia, the U.K., and the U.S..
According to The Economic Times the company suffered a data breach.
The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, recently the Drug Control General of India (DCGI) gave it the authorization to enter Phase 2 human trials.
In response to the security breach, the COVID-19 vaccine manufacturer has isolated all data center services.
“In the wake of a detected cyber-attack, we have isolated all data center services to take required preventive actions,” CIO Mukesh Rathi said in a media statement. “We are anticipating all services to be up within 24 hours, and we do not foresee any major impact on our operations due to this incident.”
According to the media, the attack is likely the result of a cyber espionage operation aimed at stealing info on the COVID-19 vaccine development.
At the time it is not clear whether the attack was carried out by a nation-state actor or a cyber crime gang.
In July, the British National Cyber Security Centre revealed that Russia-linked group APT29 is conducting cyberespionage campaigns targeting UK, US, and Canadian organizations working of the development of a COVID-19 vaccine.
In the same period, the US Justice Department accused two Chinese hackers of stealing trade secrets from companies worldwide and recently involved in attacks against firms developing a vaccine for the COVID-19.
In September, the El Pais newspaper reported that Chinese hackers have stolen information from Spanish laboratories working on a vaccine for COVID19.
(SecurityAffairs – hacking, COVID-19)
CIOs and IT leaders who use composability to deal with continuing business disruption due to the COVID-19 pandemic and other factors will make their enterprises more resilient, more sustainable and make more meaningful contributions, according to Gartner. Analysts said that composable business means architecting for resilience and accepting that disruptive change is the norm. It supports a business that exploits the disruptions digital technology brings by making things modular – mixing and matching business functions … More
The post Enterprises should strive for composability to be resilient during uncertainty appeared first on Help Net Security.
The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals. Attacks growing increasingly sophisticated and destructive As eCrime groups grow more powerful, these attacks have grown increasingly sophisticated and destructive – respondents reported that 82 percent of attacks now involve instances of counter incident response (IR), and 55 percent involve island hopping, where an attacker infiltrates an organization’s network to … More
The post Cybercrime capitalizing on the convergence of COVID-19 and 2020 election appeared first on Help Net Security.
CISOs are conflicted about how their companies can best reposition themselves to address the sudden and rapid shift to remote work caused by the pandemic, a Hysolate research reveals. The story emerging from the data in the study is clear: COVID-19 has accelerated the arrival of the remote-first era. Legacy remote access solutions such as virtual desktop infrastructure (VDI), desktop-as-a-service (DaaS), and virtual private networks (VPN), among others, leave much to be desired in the … More
SOCs across the globe are most concerned with advanced threat detection and are increasingly looking to next-gen automation tools like AI and ML technologies to proactively safeguard the enterprise, Micro Focus reveals. Growing deployment of next-gen tools and capabilities The report’s findings show that over 93 percent of respondents employ AI and ML technologies with the leading goal of improving advanced threat detection capabilities, and that over 92 percent of respondents expect to use or … More
The post SecOps teams turn to next-gen automation tools to address security gaps appeared first on Help Net Security.
Cybercriminals are targeting vulnerabilities created by the pandemic-driven worldwide transition to remote work, according to Secureworks. The report is based on hundreds of incidents the company’s IR team has responded to since the start of the pandemic. Threat level is unchanged While initial news reports predicted a sharp uptick in cyber threats after the pandemic took hold, data on confirmed security incidents and genuine threats to customers show the threat level is largely unchanged. Instead, … More
The post Is poor cyber hygiene crippling your security program? appeared first on Help Net Security.
As many business leaders look to close the skills gap and cultivate a sustainable workforce amid COVID-19, an IBM Institute for Business Value (IBV) study reveals less than 4 in 10 human resources (HR) executives surveyed report they have the skills needed to achieve their enterprise strategy. COVID-19 exacerbated the skills gap in the enterprise Pre-pandemic research in 2018 found as many as 120 million workers surveyed in the world’s 12 largest economies may need … More
The post Is the skills gap preventing you from executing your enterprise strategy? appeared first on Help Net Security.
The confirmation that US President Donald Trump has been infected by the Coronavirus, and had to spend time this weekend in hospital, has – understandably – made headlines around the world. And there are plenty of people, on both sides of the political divide, who are interested in learning more about his health status. It’s […]… Read More
The post Hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness appeared first on The State of Security.
A threat actor named Emotet Trojan has been in the wild for more than 5 years, and now it is back after a 5 months break. It has spread globally, infecting new as well as old targets. It is re-launched with multiple Malspam Campaigns to distribute in all sectors. We…
It’s been a crazy 2020 so far. The COVID-19 pandemic has ravaged the entire world, changing the nature of how human beings live and interact with each other. There have been other natural disasters that have caused tremendous loss of life and devastation. But that didn’t mean cybercriminals remained quiet….
UK information commissioner ‘must ensure government uses public’s data safely and legally’
A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme.
The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications.Continue reading...
The upheaval of 2020 has forced us all to reimagine familiar pathways, and parents are no exception. Cautious about sending their kids back into the classroom, families across the country are banding together to form remote “learning pods.”
Learning pods are small groups of families with like-aged children that agree to educate their kids together. Parents also refer to learning pods as micro-schools, pandemic pods, and bubbles. According to parents, a pod environment will allow students to learn in a structured setting and safely connect with peers, which will also be a boost to their mental health following months of isolation.
According to media reports, each pod’s structure is different and designed to echo the unique distance learning challenges of each family. In some pods, parents will determine the curriculum. In others, a teacher or tutor will. As well, parents have set some pods up so they can take turns teaching and working. Some will have a cost attached to cover teacher fees and materials. Working parents are also creating “nanny share” pods for pre-school aged children.
Facebook is the place to connect for families seeking pod learning options. There are now dozens of private Facebook “pod” groups that enable parents to connect with one another and with teachers who have also opted out of returning to the classroom.
While parents may structure pods differently, each will need to adopt standard digital security practices to protect students and teachers who may share online resources. If pod learning is in your family’s future, here are a few safeguards to discuss before the pod-based school year begins.
To keep the family discussion about online safety fun, here are 6 Flashcard Tips from MBot to print out and discuss with your kids.
Digital Safety & Learning Pods
Be on the lookout for malware. Malware attempts, since COVID, continue to rise. Pod learners may use email, web-based collaboration tools, and outside home networks more, which can expose them to malware risks. Advise kids never to click unsolicited links contained in emails, texts, direct messages, or pop-up screens. Even if they know the sender, coach them to scrutinize the email or text. To help protect your child’s devices against malware, phishing attacks, and other threats while pod learning, consider updating your security solutions across all devices.
Use strong passwords. Back-to-school is a great time to review what makes a strong password. Opt for two-factor authentication to add another layer of protection between you and a potential attacker.
Consider a VPN. Your home network may be safe, but you can’t assume other families follow the same protocols. Cover your bases with a VPN. A virtual private network (VPN) is a private network your child can log onto safely from any location.
Filter and track digital activity. One digital safeguard schools usually have that a home environment may not, are firewalls. Schools erect firewalls to keep kids from accessing social networks and gaming sites during school hours. For this reason, families opting for pod learning might consider parental controls. Parental controls allow families to filter or block web content, log daily web activity, set time limits, and track location.
Learning pods are still taking shape at the grassroots level, and there are still a lot of unknowns. Still, one thing is clear: Remote education options also carry an inherent responsibility to keep students safe and secure while learning online.
(Download some fun, free content for kids. Here are 6 online safety flashcard tips from MBot. Just print out and discuss with your kids).
The post How to Keep Remote Learning Pod Students Safe Online appeared first on McAfee Blogs.
Australian students who have raised privacy concerns describe the incident involving a Canadian student as ‘freakishly disrespectful’
The chief executive of an exam monitoring software firm that has raised privacy concerns in Australia has apologised for publicly posting a student’s chat logs during an argument on the website Reddit.
Mike Olsen, who is the CEO of the US-based Proctorio, has since deleted the posts and apologised, saying that he and Proctorio “take privacy very seriously”.Continue reading...
‘Sophisticated’ identity theft attack leads to Australian Tax Office stopping early super withdrawals until Monday
- Sign up for Guardian Australia’s daily coronavirus email
- Download the free Guardian app to get the most important news notifications
Allegations of identity theft involving 150 Australians have forced the government to pause the early release of superannuation, after police froze $120,000 believed to have been ripped off from retirement savings.
On Friday the assistant treasurer, Michael Sukkar, announced the Australian Tax Office would pause requests for early access of superannuation until Monday “out of an abundance of caution” to consider further anti-fraud protection.Continue reading...
Smartphones can be used to digitally trace Covid-19. But not if the public don’t download an app over privacy fears – or find it won’t work on their device
The idea of the NHS tracing app is to enable smartphones to track users and tell them whether they interacted with someone who had Covid-19. Yet this will work only if large proportions of the population download the app. No matter how smart a solution may appear, mass consent is required. That will not be easy. Ministers and officials have failed to address the trade-offs between health and privacy by being ambiguous about the app’s safeguards.
Instead of offering cast-iron guarantees about the length of time for which data would be held; who can access it; and the level of anonymity afforded, we have had opacity and obfuscation. It is true that we are dealing with uncertainties. But without absolute clarity about privacy the public is unlikely to take up the app with the appropriate gusto.Continue reading...
An app that logs movements and contacts might seem like a fair trade now but we risk giving away our privacy for good
Even when the lockdown is lifted, there is no guarantee that life will ever return to normal. To prevent a future outbreak of coronavirus, the UK will need to roll out mass testing, maintain some social distancing measures and closely monitor communities to curb future flare-ups.
In pursuing that last aim, governments across the world are developing technology to track our movements. When lockdown ends, technology could be a valuable means of controlling future outbreaks, alerting people to cases of Covid-19 in their area and hopefully preventing future shutdowns.Continue reading...
The sudden and dramatic shift to a mobile workforce has thrust video conferencing into the global spotlight and evolved video conferencing vendors from enterprise communication tools to critical infrastructure.
During any major (and rapid) technology adoption, cyberattackers habitually follow the masses in hopes of launching an attack that could lead to a pay day or give them a competitive advantage. This has not been lost on global organisations’ security and IT teams, who are quickly working to make sure their employees’ privacy and data remains secure.
Here are some high-level tips to help keep video conferencing secure.
Update the Application
Video conferencing providers are regularly deploying software updates to ensure that security holes are mitigated. Take advantage of their diligence and update the app prior to using it every time.
Lock meetings down and set a strong password
Make sure that only invited attendees can join a meeting. Using full sentences with special characters included, rather than just words or numbers, can be helpful. Make sure you are not sharing the password widely, especially in public places and never on social media. Waiting room features are critical for privacy as the meeting host can serve as a final triage to make sure only invited participants are attending. Within the meeting, the host can restrict sharing privileges, leading to smoother meetings and ensuring that uninvited guests are not nefariously sharing materials.
Discussing sensitive information
If sensitive material must be discussed, ensure that the meeting name does not suggest it is a top-secret meeting, which would make it a more attractive target for potential eavesdroppers. Using code words to depict business topics is recommended during the cyber crime wave we are experiencing.
Restrict the sharing of sensitive files to approved file-share technologies, not as part of the meeting itself
Using an employee sharing site that only employees have access to (and has multi-factor authentication in place) is a great way to make sure sensitive files touch the right eyes only. This should be mandated as this is a huge Achilles heel.
Use a VPN to protect network traffic while using the platform
With so many employees working remotely, using a virtual private network (VPN) can help better secure internet connections and keep private information private via encryption. Public WiFi can be a gamble as it only takes one malicious actor to cause damage. Do not use public WiFi, especially in airports or train stations. Cyber criminals lurk in those locations.
If you can, utilise two networks on your home WiFi router, one for business and the other for personal use.
Make sure that your work computer is only connected to a unique network in your home. All other personal devices – including your family’s – should not be using the same network. The networks and routers in your home should be updated regularly and, again, should use a complex password. Additionally, you should be the only system administrator on your network and all devices that connect to it.
All of us have a role to play in mitigating the cyber crime wave. Please remember these best practices the next time you connect. Stay safe online
Also related - How Safe are Video Messaging Apps such as Zoom?
The company has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a ‘privacy disaster’
As coronavirus lockdowns have moved many in-person activities online, the use of the video-conferencing platform Zoom has quickly escalated. So, too, have concerns about its security.
In the last month, there was a 535% rise in daily traffic to the Zoom.us download page, according to an analysis from the analytics firm SimilarWeb. Its app for iPhone has been the most downloaded app in the country for weeks, according to the mobile app market research firm Sensor Tower. Even politicians and other high-profile figures, including the British prime minister, Boris Johnson, and the former US federal reserve chair Alan Greenspan, use it for conferencing as they work from home.Continue reading...
Studying the past is futile in an unprecedented crisis. Science is the answer – and open data is paramount
Wherever we look, there is a demand for data about Covid-19. We devour dashboards, graphs and visualisations. We want to know about the numbers of tests, cases and deaths; how many beds and ventilators are available, how many NHS workers are off sick. When information is missing, we speculate about what the government might be hiding, or fill in the gaps with anecdotes.
Data is a necessary ingredient in day-to-day decision-making – but in this rapidly evolving situation, it’s especially vital. Everything has changed, almost overnight. Demands for food, transport, and energy have been overhauled as more people stop travelling and work from home. Jobs have been lost in some sectors, and workers are desperately needed in others. Historic experience can no longer tell us how our society or economy is working. Past models hold little predictive power in an unprecedented situation. To know what is happening right now, we need up-to-date information.Continue reading...
The UK went into lockdown in March due to the coronavirus pandemic, these are unprecedented and uncertain times. Unfortunately, cybercriminals are taking full advantage of this situation, both UK citizens and businesses have been hit with a wave of COVID-19 themed phishing emails, and scam social media and text messages (smishing). Which prompted warnings by the UK National Cyber Security Centre and UK Banks, and a crackdown by the UK Government.
I have not had the opportunity to analyse a copy of the above scam text message (smishing), but it looks like the weblink displayed is not as it appears. My guess is the link is not part of the gov.uk domain, but the attacker has used an international domain name homograph attack, namely using foreign font characters to disguise the true address of a malicious website that is linked.
I was privileged to be on The Telegraph Coronavirus Podcast on 31st March, where I was asked about the security of video messaging apps, a transcript of what I advised is here. Further coronavirus cybersecurity advice was posted on my blog, on working from home securely and to provide awareness of coronavirus themed message scams. It was also great to see the UK payment card contactless limit increased from £30 to £45 to help prevent coronavirus spread.
March threat intelligence reports shone a light to the scale of the cybercriminal shift towards exploiting COVID-19 crisis for financial gains. Check Point Global Threat Index reported a spike in the registration of coronavirus themed domains names, stating more than 50% of these new domains are likely to be malicious in nature. Proofpoint reports for more 80% of the threat landscape is using coronavirus themes in some way. There has been a series of hacking attempts directly against the World Health Organisation (WHO), from DNS hijacking to spread a malicious COVID-19 app to a rather weird plot to spread malware through a dodgy anit-virus solution.
International hotel chain Marriot reported 5.2 million guest details were stolen after an unnamed app used by guests was hacked. According to Marriots online breach notification, stolen data included guest name, address, email address, phone number, loyalty account number and point balances, employer, gender, birthdays (day and month only), airline loyalty program information, and hotel preferences. It was only on 30th November 2018 Marriott disclosed a breach of 383 million guests. Tony Pepper, CEO at Egress said “Marriott International admitted that it has suffered another data breach, affecting up to 5.2 million people. This follows the well-documented data breach highlighted in November 2018 where the records of approximately 339 million guests were exposed in a catastrophic cybersecurity incident. Having already received an intention to fine from the ICO to the tune of £99m for that, Marriott will be more than aware of its responsibility to ensure that the information it shares and stores is appropriately protected. Not only does this news raise further concerns for Marriott, but it also serves as a reminder to all organisations that they must constantly be working to enhance their data security systems and protocols to avoid similar breaches. It will be interesting to see if further action is taken by the ICO”
March was another busy month for security updates, patch Tuesday saw Microsoft release fixes for 116 vulnerabilities and there was an out-of-band Microsoft fix for 'EternallDarkness' bug on 10th March, but a zero-day exploited vulnerability in Windows remained unpatched by the Seattle based software giants. Adobe released a raft of security patches, as did Apple (over 30 patches), Google, Cisco, DrayTek, VMware, and Drupal.
Stay safe, safe home and watch for the scams.
- How Safe are Video Messaging Apps?
- Working from Home Cybersecurity Guidance
- Coronavirus Cybersecurity: Scams To Watch Out For
- Payment Card Transactions in the UK will be increased from £30 to £45 due to Coronavirus
- Cyber Security Roundup for March 2020
- UK Banks warn on Wave of COVID-19 Themed Text Message ‘Smishing’ Scams
- UK Government Cracks Down on Fake Coronavirus Advice on Social Media and WhatsApp
- Virgin Media leaves Database Open, Thousands of Records Exposed
- T-Mobile Email Vendor Breach Exposes Info on Customers and Employees
- Five Billion Records Exposed in Open ‘Data Breach Database’ by UK-based Security Company’
- New Marriott Data Breach Impacts 5.2 Million Guests
- 8 Million EU Retail Sales Records Exposed on AWS MongoDB
- Blisk Browser left open, 2.9 Million Records Exposed
- Boots halts Advantage Card Payments after Credentials Stuffing Cyber-Attack
- Huawei: Government wins vote after Backbench Rebellion
- Unpatched Windows Zero-Day Flaws exploited according to Microsoft
- Drupal, Google and Cisco Post Security Advisories
- Adobe Patches 41 Vulnerabilities, 22 in Photoshop
- Adobe Patches Critical Flaw in Creative Cloud
- Cisco Fixes Three High-Level bugs, but a Fourth Remains Unpatched
- Apple Releases more than 30 Security Patches
- Zero-day vulnerabilities used against DrayTek Routers and Switches
- VMware Fixed Critical Code Execution Bug in Hypervisors
- MicrosoftIssues Out-of-Band Fix for Leaked ‘EternalDarkness’ Bug
- Hijacked Routers and attempted WHO hacks highlight latest COVID-19 attacks
- Thousands of New Coronavirus-Themed Domains Registered, more than 50% likely to be Malicious
- APT41 Activity Down during China COVID-19 Quarantines; Massive Campaign Undeterred
- Coronavirus Tracking App Locks up Android Phones for Ransom
- Russian Cybercrime Forums have seen selling Malware-Sabotaged COVID-19 map
- TrickBot Banking Trojan introduces RDP Brute Forcing Module
- Necurs Botnet Operation Dismantled; Millions of Malicious Domains Disabled
- Foreign APT groups use Coronavirus Phishing Lures to drop RAT Malware
Our increased use of video messaging apps has not gone unnoticed by cybercriminals, who are seeking to exploit the increase of use by sending phishing emails, social media scam messages and even scam text messages, with fake invitations to video messaging app meetings.
Typically, these scam messages will entice you into either opening a malicious attachment or click a web link which directs to a malicious website. The ultimate aim of these cyberattacks is to deliver malicious software, such as ransomware which locks your PC and demands a ransom payment to unlock, scam a payment, or steal your personal information which can be resold to other cybercriminals on the dark web.
So, never open an attachment or click on any links within any unexpected or suspicious emails, social media messages and text messages.
The next piece of advice is to ensure your video messaging app is always kept up-to-date. Luckily most modern smartphones and computer operating systems will automatically update your apps, but it is always worth double-checking and not to suppress any app updates from occurring, as often the app updates are fixing security flaws.
And finally, on home computers and laptops, when not using video messaging apps, either cover your webcam with a piece of tape or face your webcam towards a wall or ceiling, just in case your computer is covertly compromised and a malicious actor gains access to your computer's webcam.
One tip I didn't have time to say on the podcast, is always ensure your video chats are set to private, using a strong password to prevent ZoomBombing. Recent reportshave shown a series of “Zoombombing” incidents lately, where unwanted guests have joined in on open calls.
Bharat Mistry, Principal Security Strategist at Trend Micro on Zoom advises “Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe.
It’s all about taking advantage of unsecure settings in the app, (and possibly using brute-force tools to crack meeting IDs). With access to a meeting, hackers could harvest highly sensitive and/or market-critical corporate information, or even spread malware via a file transfer feature.
Hackers know users are looking en masse for ways to communicate during government lockdowns. By creating legitimate-looking Zoom links and websites, they could steal financial details, spread malware or harvest Zoom ID numbers, allowing them to infiltrate virtual meetings. One vendor discovered 2,000 new domains had been registered in March alone, over two-thirds of the total for the year so far.
- Ensure Zoom is always on the latest software version
- Build awareness of Zoom phishing scams into user training programmes. Users should only download the Zoom client from a trusted site and check for anything suspicious in the meeting URL when joining a meeting
- Ensure all home workers have anti-malware including phishing detection installed from a reputable vendor
- Ensure you also generate a meeting ID automatically for recurring meetings
- Set screen-sharing to “host only” to prevent uninvited guests from sharing disruptive content
- Don’t share any meeting IDs online
- Disable “file transfers” to mitigate risk of malware
- Make sure that only authenticated users can join meetings
- Lock the meeting once it’s started to prevent anyone new joining
- Use waiting room feature, so the host can only allow attendees from a pre-assigned register
- Play a sound when someone enters or leaves the room
- Allow host to put attendees on hold, temporarily removing them from a meeting if necessary”