Security News

During January and February APT41's attacks were concentrated against Cisco devices using previously revealed vulnerabilities and what FireEye speculated was a pre-compiled list of vulnerable devices connected to the internet. In early March the Chinese hackers picked up on CVE-2020-10189, a zero-day remote code execution vuln in Zoho ManageEngine Desktop Central.

Bullguard recently surveyed more than 3,000 SMB owners on the topic of cybersecurity and found that many are not prepared for a security breach. In addition to doing a general security check, SMB leaders should remind employees of security best practices for end users, review and update disaster recovery plans, and establish strong lines of communication among all remote teams.

Since February, the community has been working on the computationally heavy work of figuring out how the virus's proteins bind to cells. Infection in both COVID-19 and its close cousin, the SARS coronavirus, first happens in the lungs when a protein on the surface of the virus binds to a receptor protein on a lung cell.

The office of New York Attorney General Letitia James sent letters - here's one sent to GoDaddy - to six of the internet's largest domain name registrars, asking them how they plan to protect New Yorkers and others across the country from these scams by making it tougher to register a domain that's likely to be selling snake oil, inflicting malware or setting up whatever other trap the crooks have been rushing to put into place. Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints.

As the coronavirus pandemic accelerates, authorities worldwide are plotting ways to flatten the curve of infection rates using potentially privacy-busting measures such as phone tracking, facial recognition and other tech. In this Threatpost poll, we want your take on whether sacrificing personal privacy for the public good is worth it.

The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: "The targeting infrastructure seems to focus on certain types of healthcare and humanitarian organizations that are uncommon for cybercriminals," Costin Raiu, researcher at Kaspersky, told Threatpost. As for the "Why" of the attack, which was thwarted, Raiu said that information about remediation for coronavirus - such as cures, tests or vaccines - would be invaluable to any nation-state's intelligence officials.

"Elite" hackers have tried - and failed - to breach computer systems and networks of the World Health Organization earlier this month, Reuters reported on Monday. The Canadian Centre for Cyber Security has also been warning Canadian health organizations about cyber criminals and spies.

On Sunday, the US Department of Justice announced that it shut down what it called a wire fraud scheme being carried out by the operators of a site in order to squeeze profit from the confusion and widespread fear surrounding COVID-19 - by promising to ship coronavirus vaccine kits that don't actually exist. There are currently no legitimate COVID-19 vaccines and the WHO is not distributing any such vaccine.

"As the COVID-19 crisis disrupts organizations across the globe, HR leaders must respond quickly and comprehensively, considering both immediate and long-term talent consequences," said Brian Kropp, chief of research for the Gartner HR practice. A greater percentage of organizations plan to reduce work for external partners rather than employees - one-fifth of organizations plan to stop or limit consultant spend and/or reduce the number of contract workers.

Authorities in the United States and Europe have issued warnings of increased malicious cyber-activity related to the ongoing COVID-19 pandemic. The attacks, FBI says, may come in the form of fake Centers for Disease Control and Prevention emails, phishing emails asking for personal information to receive money or encouraging people to donate for various causes, and offers for counterfeit treatments.