Security News

India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.

Industry experts say robocalls are way down - scam calls as well as nagging from your credit-card company to pay your bill. In recent months, federal agencies have focused on going after the small telecom providers that were allowing calls from COVID-19 scammers, citing the urgency of the pandemic.

Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince victims to execute the RAT. Researchers with Microsoft's security intelligence team said this week that that the ongoing campaign started on May 12 and has used several hundred unique malicious Excel 4.0 attachments thus far - a trend that researchers said they've seen steadily increase over the past month. The emails are titled "WHO COVID-19 SITUATION REPORT" and claim to give an update on the confirmed cases and deaths related to the ongoing pandemic in the U.S. The attached malicious Excel 4.0 document opens with a security warning and shows a graph of supposed coronavirus cases in the U.S. If a victim enables it, the macro is downloaded and the NetSupport Manager RAT is executed.

Healthcare organizations can also be lucrative targets as criminals are aware of the value of patient information and medical data on the dark web. A report published Thursday by global threat intelligence firm IntSights explains why healthcare organizations are vulnerable to attack and how they can better defend themselves.

Nearly 70% of major organizations plan to increase cybersecurity spending due to the effects of the coronavirus pandemic, a LearnBonds report found. The increase in cybersecurity spending means cutting in other areas of the IT budget, according to the research.

We think of the dark web as an underground marketplace where cybercriminals buy and sell malicious tools and stolen information to scam innocent victims. Since the arrival of the coronavirus, people on the dark web have been sharing news, information, and concerns via underground communities.

The spread of the coronavirus has triggered a surge in templates that spoof government agencies and health organizations in an effort to capture personal information from people. In a blog post published Thursday, security provider Proofpoint looks at several virus-themed templates that have been used in phishing attacks.

Counter-coronavirus masks may thwart London police plans to deploy creepy facial-recognition cameras across the capital, senior managers have admitted. Two London Assembly members, Caroline Pidgeon and Sian Berry, wrote to Metropolitan Police commissioner Cressida Dick, asking whether the "Unreliable, unregulated" technology would be withdrawn during the COVID-19 pandemic.

TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for Indian outlet Medianama titled "Internet Lessons from COVID19", Cerf - a Google vice-president and chief internet evangelist - opens by pointing out that networks have more than proven their worth by facilitating interactions and economic activity that would otherwise have had to be conducted face-to-face and therefore may not have been conducted at all.

There are three major categories of risk presented by third-party apps and vendors: Operational risk resulting from errors or failures in the system; Transaction risks related to problems with the service or delivery, and Compliance risks which put the organization in the crosshairs of liability for security breaches or other regulatory failings. While these risks are not unique to the use of third parties, involving them considerably amplifies the risk opportunities.