Twitter will remove dubious 5G tweets that could potentially cause harm’
techcrunch.com/2020/04/22/twitter-will-remove-dubious-5g-tweets-that-could-potentially-cause-harm/ “We’re prioritizing the removal of COVID-19 content when it has a call to action that could potentially cause harm, “
First version of Apple and Google’s contact tracing API should be available to developers next week
techcrunch.com/2020/04/23/first-version-of-apple-and-googles-contact-tracing-api-should-be-available-to-developers-next-week/ The first version of Apple and Google’s jointly developed, cross-platform contact tracing API should be available to developers as of next week, according to a conversation between Apple CEO Tim Cook and European Commissioner for internal market Thierry Breton.
Coronavirus: Israel halts police phone tracking over privacy concerns
www.bbc.com/news/technology-52395886 The use by Israel’s police of mobile-phone location data to enforce quarantine has been halted because of privacy concerns.
Get your free work-from-home IT security awareness training kit, courtesy of SANS
Creative Skype phishing campaign uses Google’s.app gTLD
www.bleepingcomputer.com/news/security/creative-skype-phishing-campaign-uses-googles-app-gtld/ Attackers have deployed a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service.
Security firm details how hackers stole $1.3 million in wire transfers
www.engadget.com/hackers-steal-1-3-million-wire-transfer-100039219.html The group created lookalike domains and manipulated email messages. The story started when a cybercrime gang known as the “Florentine Banker” targeted three UK private equity companies for a potential wire transfer heist.
When in Doubt: Hang Up, Look Up, & Call Back
krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/ Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10, 000 in an elaborate, weeks-long ruse.
Scam Everything – Opioids, NetFlix, Phish, Covid Charities, and Government Refunds in one network neighborhood
garwarner.blogspot.com/2020/04/scam-everything-opioids-netflix-covid.html There was a nice cluster that revealed itself, consisting of six websites all on the same Class C NetBlock
Google will make all advertisers prove their identities, so people can see who they are and which country they’re in
Fake Skype, Signal Apps Used to Spread Surveillanceware
threatpost.com/fake-skype-signal-apps-used-to-spread-surveillanceware/155053/ Threat groups are increasingly relying on trojanized apps pretending to be legitimate such as Skype or Signal but are really spreading surveillanceware.
Threat Spotlight: MedusaLocker
blog.talosintelligence.com/2020/04/medusalocker.html MedusaLocker can encrypt the contents of mapped network drives that may be present on infected systems
Customer complaint phishing pushes network hacking malware
www.bleepingcomputer.com/news/security/customer-complaint-phishing-pushes-network-hacking-malware/ A new phishing campaign is underway that targets a company’s employees with fake customer complaints that install a new backdoor used to compromise a network.
ESET takes down VictoryGate cryptomining botnet
www.zdnet.com/article/eset-takes-down-victorygate-cryptomining-botnet/ More than 35, 000 computers believed to have been infected, according to ESET’s sinkhole data.
Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug
threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/ The rapidly evolving Hoaxcalls botnet is exploiting an unpatched vulnerability in the ZyXEL Cloud CNM SecuManager in a bid to widen its spread.
WHO, CDC and Bill and Melinda Gates Foundation Victims of Credential Dump, Report
threatpost.com/who-cdc-and-bill-and-melinda-gates-foundation-victims-of-credential-dump-report/155081/ Hackers have used credentials allegedly stolen from the WHO, CDC and other notable groups to spread coronavirus misinformation online.
Public Sector Ransomware Attacks Rage On: Can Your Organization Repel Them?
Hankkija kamppailee kyberiskua vastaan viidettä päivää: “Mitään lunnaita ei näille rikollisille makseta”
www.is.fi/digitoday/tietoturva/art-2000006484357.html Hankkijan tanskalaiseen emoyhtiön sunnuntaina kohdistunut kyberisku on lamauttanut kauppaa Suomessa.
Amid Its Covid-19 Crisis, China Was Still Hacking Uighurs’ iPhones
www.wired.com/story/amid-covid-19-crisis-china-hacking-uighur-iphones/ Security researchers reveal a months-long, indiscriminate campaign targeting the iPhones of Chinese Muslims.
Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak
www.zdnet.com/article/security-researcher-identifies-new-apt-group-mentioned-in-2017-shadow-brokers-leak/#ftag=RSSbaffb68 NEW NAZAR APT BELIEVED TO BE OPERATING OUT OF IRAN
NSA: Hackers exploit these vulnerabilities to deploy backdoors
www.bleepingcomputer.com/news/security/nsa-hackers-exploit-these-vulnerabilities-to-deploy-backdoors/ The NSA has a dedicated GitHub repository containing tools that companies can use to detect and block web shell threats, and to prevent web shell deployment including:
iOS Mail bug allows remote zero-click attacks
blog.malwarebytes.com/mac/2020/04/ios-mail-bug-allows-remote-zero-click-attacks/ On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version of iOS, 13.4.1, is vulnerable.
GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps
www.theregister.co.uk/2020/04/23/gcc_openssl_vulnerability/ Static analyzer proves its worth with discovery of null-pointer error