Security News > 2020 > March

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant - dubbed Mukashi - on Mar. 12.

Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week. Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones.

In Red Canary's 2020 Threat Detection Report, the company analyzed six million investigative leads from January 2019 to December 2019, honing in on the most prevalent cyberattack techniques faced by organizations worldwide. Malware strains like TrickBot and Emotet were widespread according to threat detection and response specialists at Red Canary.

We've already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily. "BEC attacks are often delivered in stages. The first email sent is typically innocuous, meaning that they do not contain the attacker's end goal. The attackers craft plausible scenarios in hopes the recipient will reply. Once they're on the hook, the attacker will send their true ask.," the researchers explained.

In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus' spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and storage, user consent, and surveillance will be brushed under the rug. "While facial recognition technology provides a fast and zero-contact method for identifying individuals, the technology is not without risks. Primarily, individuals scanned by facial recognition services need to be aware of how their data is being used."

In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus' spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and storage, user consent, and surveillance will be brushed under the rug. "While facial recognition technology provides a fast and zero-contact method for identifying individuals, the technology is not without risks. Primarily, individuals scanned by facial recognition services need to be aware of how their data is being used."

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection vulnerability found in Zyxel NAS storage devices, according to researchers at Palo Alto Networks' Unit 42 global threat intelligence team.

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection vulnerability found in Zyxel NAS storage devices, according to researchers at Palo Alto Networks' Unit 42 global threat intelligence team.

Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. Today, we must ensure that any automated data systems used to contain COVID-19 do not erroneously identify members of specific demographic groups as particularly susceptible to infection.