Security News

The number of COVID-19-themed attacks has increased significantly over the past couple of months, but they represent only a fraction of daily threats, security firms say. At the moment, the tech giant is seeing roughly 60,000 phishing emails that carry COVID-19 related malicious attachments or malicious URLs each day.

Since January, the two longtime cybersecurity experts have looked at how cybercriminals, ransomware groups, and several nation state actors quickly became involved in coronavirus-themed attacks, leveraging fears about the virus to steal money and information from thousands of people. Cybercriminals have also expanded attacks to take advantage of the fact that most countries are under quarantine, forcing millions to now work from home.

In an effort to stem what it says is misinformation being spread on its platform, WhatsApp is limiting the number of recipients to which its users can forward certain messages about the COVID-19 pandemic. Now, users of the Facebook-owned messaging app can only forward messages with double arrows - i.e., those that did not originate from a close contact - to one person rather than multiple WhatsApp contacts, according to a company post published Tuesday.

The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through this noise, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.

Governments worldwide have released COVID-19 mobile apps to provide citizens with useful information and, in some cases, to track individuals in an effort to contain the coronavirus outbreak. An analysis of dozens of nation and government-sponsored mobile applications for Android released to help with the current COVID-19 pandemic has revealed the existence of privacy risks, vulnerabilities and backdoors, ZeroFOX says in a post highlighting three of the analyzed apps.

One, employees are working from their home networks and sometimes from their home computers. Employees working from home are going to save data on their own computers, where they aren't protected by the organization's security systems.

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. Researchers analyzed dozens of COVID-19 apps - which continue to emerge with the spread of the coronavirus, paving the way for related security threats across the globe.

A type of fraud targeting those in charge of performing legitimate funds transfers for a company, BEC scams aim to trick unsuspecting victims into sending money to the attackers. In BEC attacks, the victim typically receives an email apparently arriving from a company they normally conduct business with, requesting payments be made to a new account, or demanding a change in the standard payment operations.

SpyCloud researchers have also discovered that existing community threat intelligence feeds such as Google Safe Browsing, OpenPhish or ThreatsHub flag only a small percent of the domains as malicious. After gathering a list of of over 136,000 hostnames and fully qualified domain names with COVID-19 or coronavirus themes from a variety of open-source feeds, they "Parsed, deduplicated, and enriched the data with HTTP, additional DNS analysis, and WHOIS data that was manually collected" and found that many of the domains have active web content, but some merely display "Placeholder" content indicating they've been purchased and "Parked" at the registrar.

Here we have a new "CISO Checklist for Secure Remote Working" that has been built to assist CISOs in navigating through this noise, providing them with a concise and high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. An organization with a high maturity level that routinely monitors its user's behavior to detect anomalies must now alter its policies to adjust to the mass remote workload. On the other hand, organizations with lesser maturity that could contain the risk of not placing advanced protection on their email systems and endpoints now realize that they have a critical security gap that must be addressed.