China-linked Electric Panda hackers seek U.S. targets, intel agency warns
www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday.
Hacking against corporations surges as workers take computers home
Does Covid-19 Contact Tracing Pose a Privacy Risk? Your Questions, Answered
www.wired.com/story/apple-google-contact-tracing-strengths-weaknesses/ Apple and Google’s Bluetooth-based system isn’t perfect. But many of the biggest concerns have solutions.
NHS in standoff with Apple and Google over coronavirus tracing
www.theguardian.com/technology/2020/apr/16/nhs-in-standoff-with-apple-and-google-over-coronavirus-tracing Tech firms place limitations on how tracing apps may work in effort to protect users’ privacy
Europe publishes draft rules for coronavirus contact-tracing app development, on a relaxed schedule
www.theregister.co.uk/2020/04/17/european_contact_tracing_app_spec/ No phone numbers needed but you’ll need Notifications and Bluetooth on all the time
Coronavirus scams: This is how much people have lost to online fraudsters so far
www.zdnet.com/article/coronavirus-scams-this-is-how-much-people-have-lost-to-online-fraudsters-so-far/ Over £2 million has been lost to coronavirus themed scams, phishing emails and other fraud in the UK alone as cyber criminals look to exploit the COVID-19 pandemic for their own gain.
Google to Gmail users: Coronavirus phishing is targeting you. This is how we hit back
www.zdnet.com/article/google-to-gmail-users-coronavirus-phishing-is-targeting-you-this-is-how-we-hit-back/ The company says it blocked 18 million COVID-19 themed phishing emails last week. The blocked COVID-19 phishing emails targeting Gmail users would represent about 2.5% of the 100 million phishing emails Google said in 2019 it blocks daily. Google is also blocking 240 million COVID-related daily spam messages each day.
India says ‘Zoom is a not a safe platform’ and bans government users
Half a million Zoom accounts for sale on the dark web
www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/ Even accounts belonging to banks and educational institutions were found on lists plastered across various hacker forums
Leading accounting firm MNP hit with cyberattack
www.bleepingcomputer.com/news/security/leading-accounting-firm-mnp-hit-with-cyberattack/ A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.
Threat Roundup for April 10 to April 17
blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 10 and April 17. As with previous roundups, this post isn’t meant to be an in-depth analysis.
Clipboard hijacking malware found in 725 Ruby libraries
www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby-libraries/ The malware would replace Bitcoin addresses copied to the clipboard with one controlled by the attacker.
PoetRAT Trojan targets energy sector using coronavirus lures
www.zdnet.com/article/poetrat-trojan-targets-energy-sector-using-coronavirus-lures/ Wind turbine operators are the focus of a new data-stealing campaign.
Hackers Update Age-Old Excel 4.0 Macro Attack
threatpost.com/hackers-update-age-old-excel-4-0-macro-attack/154898/ XLS files sent via emails appear password protected but aren’t, opening automatically to install malware from compromised macros, according to researchers.
Weaponized RTF Document Generator & Mailer in PowerShell
isc.sans.edu/diary/rss/26030 Like many malicious activities that occur in those days, it is related to the COVID19 pandemic. Its purpose of simple: It checks if Outlook is used by the victim and, if it’s the case, it generates a malicious RTF document that is spread to all contacts extracted from Outlook. Let’s have a look at it.
A Brand New Ursnif/ISFB Campaign Targets Italian Organizations
yoroi.company/research/a-brand-new-ursnif-isfb-campaign-targets-italian-organizations/ Ursnif is one of the most and widespread threats, it is delivered through malspam campaigns aimed at multiple industries across Italy and Europe.
You’re a botnet, you’ve got a zero-day, so where do you go? After fiber, because that’s where the bandwidth is
www.theregister.co.uk/2020/04/16/fiber_routers_under_fire/ Two-step attack seen on core systems. Researchers are warning owners of fiber routers to keep a close eye on their gear and check for firmware updates following the discovery an in-the-wild zero-day attack.
That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed
Critical ‘starbleed’ vulnerability in FPGA chips identified
www.eurekalert.org/pub_releases/2020-04/rb-cv041620.php FPGA chips are part of many safety-critical applications; they have one particular valuable feature: they are individually reprogrammable – — but with this feature also comes a risk
ICANN delays.org sell off after California’s attorney general intervenes at last minute, tears non-profit a new one over sale
Using AppLocker to Prevent Living off the Land Attacks
You Can Now Check If Your ISP Uses Basic Security Measures
www.wired.com/story/cloudflare-bgp-routing-safe-yet/ “Is BGP Safe Yet” is a new site that names and shames internet service providers that don’t tend to their routing.