IT Security News Daily Summary 2020-04-06

• AFGE head: Federal managers are exacerbating pandemic risks

• A Brisk Private Trade in Zero-Days Widens Their Use

• Mozilla plugs two Firefox browser holes exploited in the wild by hackers to hijack victims’ computers

• 5 ways to prevent Zoom bombing

• Building a blockchain to verify COVID-19 data

• FBI Threatens ‘Zoom Bombing’ Trolls With Jail Time

• Vulnerability Summary for the Week of March 30, 2020

• How to sync Firefox containers across devices

• Census 2020 will protect your privacy more than ever — but at the price of accuracy

• How to enable 2FA for groups in Nextcloud

• NIST Recognizes RASP as Critical to Lowering Risk

• Robotic 5G car can ID faces, check for fevers, and make deliveries

• Maze ransomware group hacks oil giant; leaks data online

• Mozilla scrambles to plug two Firefox holes exploited in the wild by hackers to hijack victims’ computers

• Best antivirus software and apps in 2020: Keep your PCs, smartphones, and tablets safe

• Coronavirus-related cyberattacks surge in Brazil

• FBI Warns of BEC Dangers

• HHS tech official warns feds, contractors on virtual meeting risks

• Apple Reportedly Acquiring NextVR for $100 Million

• Facebook Says It’s Blocking A Million Accounts Per Day To Safeguard Election

• How Hackers Are Exploiting COVID-19 and What Organizations Can Do About It

• Vulnerabilities Detected in Government-sanctioned COVID-19 App

• Magecart Hackers Continue Improving Skimmers

• Password Protected Malicious Excel Files, (Mon, Apr 6th)

• Supporting remote workers in your pandemic response plan

• ENISA released a Tool to map dependencies to International Standards

• Apple Safari Flaws Enable One-Click Webcam Access

• School Districts Reportedly Ban Use Of Zoom Over Security Issues

• Data Watchdog Calls For Single EU Coronavirus App

• Comparison of WebEx Security Versus Zoom Shady Practices

• South Korea-Linked Hackers Targeted Chinese Government via VPN Zero-Day

• Cryptocurrency Issuers, Exchanges Face U.S. Class Action Lawsuits

• Roaring trade in zero-days means more vulns are falling into the hands of state spies, warn security researchers

• Key Ring digital wallet exposes data of 14 Million users in data leak

• What is a Data Breach and How to Prevent One

• Certified Information Security Manager (CISM)

• Critical Chrome Cyber Bugs: Update NOW

• FBI warns again of BEC scammers exploiting cloud email services

• Quantum encryption: How it works

• The Challenge of Software Liability

• A week in security (March 30 – April 5)

• Data Thieves Hit California Property Management Company

• Stay Connected from Edge-to-Core-to-Cloud with NetApp HCI

• Patched Safari Flaws Allowed Silent Webcam Access

• Researchers Discover Ten New TrickBot Modules

• Australians Arrested Over $2.6m Email Scam

• Emotat Malware Causes Physical Damage

• Learn Morse Code in 30 minutes on your smartphone with Google

• SASE identity policies enhance security and access control

• Cyber criminals are trying a new trick to cash in on Zoom’s popularity

• Anonymous’ OpIsrael Likely to be Much Smaller This Year

• Full Lifecycle Cloud Security, Part II

• The foundation of a Zero Trust architecture

• PSA: Fake Zoom installers being used to distribute malware

• Common focal points of DoS attacks

• Women in Cyber Podcast Series: Delving Into Digital Forensics and Incident Response Industry by Cindy Murphy

• US Warns People that Zoom-bombing Is a Crime

• The Bitglass Blog

• Telework, the New Normal

• Azure ATP now detects SMBGhost

• Hacker earns $75k for finding 3 critical vulnerabilities in Apple Safari Browser

• VPN: 5 reasons business pros should always use one

• Protecting your data and maintaining compliance in a remote work environment

• Some Users Experiencing System Crashes on macOS 10.15.4, Especially During Large File Transfers

• Mozilla Patches Two Critical Zero-Days in Firefox

• Government VPN Servers Targeted in Zero-Day Attack

• SANS@MIC Schedule

• Interpol: Ransomware attacks on hospitals are increasing

• A Culture of Drive, Work Ethic, and Attention to Detail

• Mozilla Fixes Two Firefox Critical Vulnerabilities Exploited in the Wild

• Introducing New SANS 3MinMax Series with Certified Instructor Kevin Ripa

• Will Apple’s “microphone switch” stop your iPad getting bugged?

• How the government should regulate cybersecurity

• 8,000 Unprotected Redis Instances Accessible From Internet

• What do narcissists do to team performance?

• How to Strengthen Your Security in 2020

• Perception Point Receives Top Overall Ranking in SE Labs Independent Testing

• How US cities are hacked by other countries

• Simple and Scalable Digital Pathology Analysis with AI on NetApp E-Series

• How the US hacks other countries

• Microsoft Launches Free Zero Trust Assessment Tool

• These are the countries trying to hack US critical infrastructure

• Staying home? Here are 5 best Java learning platforms

• Helping Companies Meet US Government Guidance on Securing Remote Workforces

• AMA Recap: Top 10 Tips to Secure Your Remote Workforce

• iCyber-Security Rebrands to Become BlockAPT

• The Defense Production Act Won’t Fix America’s N95 Face Mask Shortage

• Data Leak: Private information of 14 million Key Ring users exposed

• Why Humans Will Always Be Phishing’s Weakest Link

• Privitar raises $80 million to let companies use big data without compromising privacy

• How to keep your Apple devices updated automatically

• New York City Schools Ban Zoom over Security and Privacy Woes

• DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

• APT Hackers Abusing Microsoft Crypto API to Drop Backdoor on Windows Using Weaponized Shellcode

• Why Glass-Box Reporting beats Black-Box Reporting in the Boardroom

• NCSA Small Business Webinar Series

• Kinsing Linux Malware Deploys Crypto-Miner in Container Environments

• Windows 10: How to track down that irritating bug with DTrace

• Hack the Box (HTB) machines walkthrough series — Postman

• Expert Comment: Key Ring App Data Leak Exposes Millions

• Cyber Threats Are Spiking as Remote Worker Ranks Soar

• Web server security: Command line-fu for web server protection

• Expert Response On DarkHotel Hackers Use VPN Zero-day To Breach Chinese Government Agencies

• Beware of Coronavirus-themed Attack that Attacks Windows Computer to Install’s Lokibot Malware

• Apple Pays $75,000 To Hacker Who Hijacked iPhone Camera

• Misconfigured Docker API Ports Targeted by Kinsing Malware

• Deals: Amazon Discounts Numerous Apple Watch Series 5 Models by $50 (Starting at $349)

• Rights groups appeal to governments over COVID-19 surveillance

• The Afghanistan Investigation and the International Legal Order

• Huawei, ZTE Take Largest Contracts As China Mobile Speeds 5G Rollout

• Analysis: Suspicious “Very Hidden” Formula on Excel 4.0 Macro Sheet

• Zoom Caught in Cybersecurity Debate — Here’s Everything You Need To Know

• Google To Lift Ban On Coronavirus-Related Advertisements

• Windows 10 VPN Flaw Gets Emergency Fix Amidst Coronavirus Crisis

• Vendor Onboarding 101: Balancing Security and Speed

• Google Rolls Back Recently Introduced Chrome CSRF Protection

• Corona crimes: Suspect behind €6 million face masks and hand sanitisers scam arrested thanks to Europol intervention

• Can the Internet keep up with the surge in demand?

• Common Flaws Discovered in Penetration Tests Persist

• Kaspersky cleans up poisoned watering hole, Google presses pause on cookie crackdown

• More References to Apple’s Upcoming Low-Cost iPhone Appear Online

• This Map Shows the Global Spread of Zero-Day Hacking Techniques

• BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

• Zoom vs Skype: Microsoft pushes its Meet Now feature for ‘hassle-free’ video calls

• Hackers’ forum hacked, OGUsers database dumped (again)

• Warning!! Firefox Fixes 2 Zero-Day Bugs That Exploited in Wide By Executing Arbitrary Code Remotely

• DoJ: Zoombombing Could Land You Behind Bars

• UK government slams ‘crackpot’ 5G-coronavirus theories following mast arson attacks

• Truth, Trust and Cybersecurity Risk

• Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

• Millions of Digital Wallets Exposed by Key Ring

• DarkHotel hackers use VPN zero-day to breach Chinese government agencies

• Leaker Claims New 13-inch MacBook Pro Coming as Soon as Next Month

• 425 GB of financial companies’ data exposed

• Citizen Lab pokes holes in Zoom encryption

• Data breaches as files sent to wrong address in Ireland

• VPN zero-day used by DarkHotel hackers

• Two critical Firefox vulnerabilities exploited by attackers, patch now!

• What to do you if your phone is lost or stolen

• How one healthcare CISO is navigating the COVID-19 crisis

• Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

• A Round-up of Data Breaches in March 2020

• White House strategy paper to secure 5G envisions America leading global 5G development

• Kinsing Malware Attacks Misconfigured Open Docker Daemon API Ports

• Docker Users Targeted with Crypto Malware Via Exposed APIs

• FCW Insider: April 6

• How to Protect Your Enterprise Data from Leaks

• Zoom Blow as Thousands of User Videos Are Found Online

• Mozilla Patches Two Firefox Vulnerabilities Exploited in Attacks

• 5 Questions with… CybSafe CEO Oz Alashe

• Smartphone Scheme Aims To Track Coronavirus While Protecting Privacy

• British Airways and Marriott UK data protection fines deferred again as coronavirus shutdown hits business

• Researchers Find ‘Weaknesses’ In Zoom Encryption

• Europol: Coronavirus Crisis Spurs Rise In Ransomware, DDoS Attacks

• Monday review – the hot 24 stories of the week

• Australian government advice on how to avoid coronavirus-related scams and cyber threats

• COVID-19 Scam Roundup – April 6, 2020

• Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

• [Panel Discussion] Presenting Security to Your Board and Managing Your Stakeholders

• Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools

• Amid a Major Skills Shortage, CISOs Are Turning to Security Analytics and Threat Intelligence

• Keeping Up With Encryption in 2020

• YARA webinar follow up

• The Adventures of Microservice – The Birth of Microservice

• Apple Inc acquires AI Voice Startup to improve SIRI

• COVID-19: China and Russia Disinformation and Shenanigans

• Interpol warns healthcare providers against Maze Ransomware spread

• Threat detection and the evolution of AI-powered security solutions

• TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys

• HTC Mania – 1,488,089 breached accounts

• Cybercrime and disinformation during the pandemic

• ISC Stormcast For Monday, April 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6940, (Mon, Apr 6th)

• Total end-user spending on IT infrastructure products recovers

• The New York Times, IFTTT, Medium, and Other Apps Adopt Sign in With Apple Ahead of June 30 Deadline

• Lightstep’s observability solution helps developers better understand the health of systems and services

• Shubham “Sam” Maheshwari joins SiFive as Chief Financial Officer

• Zoom concedes custom encryption is substandard as Citizen Lab pokes holes in it

• Azure AD versus Ping Identity

• Pan-European group plans cross-border contact-tracing app – and promises GDPR compliance

• The remote working rush is creating a playground for spies and cybercrooks

• Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others

• Apple Donating Over 20 Million Masks to Healthcare Professionals, Producing Face Shields With Suppliers

• The Internet Infrastructure Industry Is Protecting Digital Trust and Fighting COVID-19 Related Fraud

• IT Security News Weekly Summary – Week 14

• IT Security News Daily Summary 2020-04-05

• New Microsoft Edge features will make you more productive

• Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)

• Firefox zero day in the wild: patch now!

• Popular OGUsers hacking forum breached for the second time in a year

• Digital wallet app leaks millions of users’ credit cards & Govt IDs

• Shmoocon 2020 – Roger Piqueras Jover’s ‘5G Protocol Vulnerabilities And Exploits’

• XKCD ‘Scenario 4’

• Microsoft Edge is now 2nd most popular desktop browser, beats Firefox

• Benefits of JIT Provisioning

• Shmoocon 2020 – Rae Baker’s ‘Using OSINT For Human Rights And Victim Support’

• The future of cybersecurity for connected cars

• Zoom Recordings Exposed

• Keeping to the Conditions of the U.S.-Taliban Agreement

• Going Beyond

• Experts uncovered hidden behavior in thousands of Android Apps

• Zoombombing: what is it and how you can prevent your conference calls from being zoombombed

• How to Keep Your Zoom Chats Private and Secure

• Security Affairs newsletter Round 258

• Coronavirus-themed attacks March 29 – April 04, 2020

• Mozilla Patch Two Zero-day Bugs That Were Under Exploit With Firefox 74.0.1

• Security Affairs newsletter Round 257

• Week in review: Zoom security, Marriott breach, MS SQL servers under attack

• Facebook, Twitter and Telegram will stop working in Russia due to the weak Runet

• 10 tips for working remotely

• Docker servers targeted by new Kinsing malware campaign

• 3 Ways a DNS Lookup Tool Can Help Prevent DNS Attacks

• Find and Eliminate Malicious Browser Extensions

• New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)

Generated on 2020-04-06 23:55:10.937656