Security News

Digital and human rights groups have joined in a rare worldwide appeal to governments to respect privacy when handling the COVID-19 crisis. Signatories included technology-focused groups such as AI Now, Algorithm Watch, and the World Wide Web Foundation, along with human rights groups like Amnesty International and Human Rights Watch.

Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure. Instead, it sends an attachment that unleashes the infostealer LokiBot if downloaded and executed, according to a blog post published Thursday by threat analyst Val Saengphaibul.

Bona fide IRS agents wouldn't do any of those things, IRS Commissioner Chuck Rettig said. Taxpayers who don't have their refunds direct-deposited should beware of what the IRS and its Criminal Investigation Division say is a wave of new and evolving phishing schemes that target them in particular.

Akamai researchers have seen recycled phishing kits from as far back as July being used in coronavirus-based phishing attacks now. While most of these URLs are new, the phishing kits that operate in the background are not.

Have you come up with hardware or software that can help solve a problem that arose from COVID-19 and its worldwide spread? Mozilla is offering up to $50,000 to open source technology projects that are responding to the pandemic in some way. Online "Hackatons" - launched/sponsored by governments and various organizations in Poland, Estonia, China, the UK, Switzerland, India, Malaysia, and so on - are gathering participants from different sectors and with different skills to collaborate and come up with IT-based open source solutions to COVID-19-related medical, social and other problems.

In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the ageing and insecure Transport Layer Security 1.0 and 1.1 protocols. While a temporary delay, it's still an unexpected retreat for an industry which had showed unity in collectively deciding to banish TLS 1.0 and the lesser used TLS 1.1 by early 2020.

With so many millions of people working from home, the value of voice control during the pandemic will ensure that this year, voice control device shipments will grow globally by close to 30% over 2019-despite the key China market being impacted during the first quarter of 2020, according to global tech market advisory firm, ABI Research. Last year, 141 million voice control smart home devices shipped worldwide, the firm said.

The Cofense Phishing Defense Center discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver's local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi. "While these secure email gateways are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack we recently observed," Mahdavi wrote in the post.

Both tested positive for COVID-19 after attending RSA in San Francisco. The two Exabeam employees who were diagnosed with coronavirus after attending the RSA tech conference, which ran from Feb. 24-28 at the Moscone Center in San Francisco, are on the road to recovery.

One in four respondents to a Threatpost reader poll said they were okay with sacrificing a portion of their personal privacy in exchange for some form of cellphone tracking that could - in theory - reduce coronavirus infection rates and save lives. When asked, "For coronavirus tracking, do you think public-health benefits outweigh privacy risks?" approximately 27 percent voted "Yes - Privacy and data-protection laws should not get in the way of saving lives." Sixty-nine percent said, "No - A pandemic doesn't give authorities the right to strip citizens of their privacy rights."