How Criminals Profit From The Covid-19 Pandemic

https://www.europol.europa.eu/newsroom/news/how-criminals-profit-covid-19-pandemic

Excerpt:

ìDuring this unprecedented crisis, governments across Europe are intensifying their efforts to combat the global spread of the coronavirus by enacting various measures to support public health systems, safeguard the economy and to ensure public order and safety.î


Credit Card Skimmer Found on Tupperware Website

Eduard Kovacs

https://www.securityweek.com/credit-card-skimmer-found-tupperware-website

Excerpt:

ìPeople who made purchases from the official Tupperware website over the past couple of weeks may have had their payment card information stolen, cybersecurity firm Malwarebytes warned on Wednesday.î


Russian-Speaking Hackers Attack Pharma, Manufacturing Companies in Europe

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/russian-speaking-hackers-attack-pharma-manufacturing-companies-in-europe/

Excerpt:

ìMalware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries.î


COVID-19: Jangan terjebak sebar berita palsu

Nor Azizah Mokhtar dan Faris Fuad

https://www.bharian.com.my/berita/nasional/2020/03/669293/covid-19-jangan-terjebak-sebar-berita-palsu

Excerpt:

ìPolis sudah membuka 94 kertas siasatan berhubung penyebaran berita palsu berkaitan dengan wabak COVID-19, setakat hari ini.î


As consumers turn online for purchases, many are targeted by pandemic-related digital fraud

https://www.helpnetsecurity.com/2020/03/26/pandemic-related-digital-fraud/

Excerpt:

ìThere has been a spike in digital commerce since social distancing became widespread globally, according to a TransUnion research.î


COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online

Davey Winder

https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#41c0a4fc18e5

Excerpt:

ìA medical facility on standby to help test any coronavirus vaccine has been hit by a ransomware group that promised not to target medical organizations.î


Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike

Raphael Satter, Jack Stubbs, Christopher Bing

https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN

Excerpt:

ìElite hackers tried to break into the World Health Organization earlier this month, sources told Reuters, part of what a senior agency official said was a more than two-fold increase in cyberattacks.î


It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

Shaun Nichols

https://www.theregister.co.uk/2020/03/23/microsoft_issues_red_alert/

Excerpt:

ìHackers are commandeering victims' Windows PCs by exploiting at least one remote-code-execution flaw in the Adobe Type Manager Library included with the Microsoft operating system. No patches are available right now.î


COVID-19 Scam Roundup ñ Week of 3/16/20

David Bisson

https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-week-of-3-16-20/

Excerpt:

ìMalicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdomís national fraud reporting center collected 38 reports alone.


Unprotected Database Exposed 5 Billion Previously Leaked Records

Ionut Arghire

https://www.securityweek.com/unprotected-database-exposed-5-billion-previously-leaked-records

Excerpt:

ìAn Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports.î


Hacker selling data of 538 million Weibo users

Catalin Cimpanu

https://www.zdnet.com/article/hacker-selling-data-of-538-million-weibo-users/

Excerpt:

ìThe personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media.î


Cyber crooks continue to exploit COVID-19 for their malicious schemes

Zeljka Zorz

https://www.helpnetsecurity.com/2020/03/20/exploit-covid-19/

Excerpt:

ìA time of chaos is a time for opportunity for unscrupulous individuals and groups, and COVID-19 is seemingly an unmissable boon for cyber crooks.î


Coronavirus Tracking App is ransomware; locks phones for ransom

Waqas

https://www.hackread.com/coronavirus-tracking-app-ransomware-scam-locks-phones-ransom/

Excerpt:

ìCoronavirus or COVID-19 is taking over the world by storm and curiosity to learn about this disease is what hackers are exploiting these days ñ In the latest; a malicious website has been identified offering Coronavirus tracking app for smartphones which in reality is ransomware aiming at your wallet.î


WHO Chief Impersonated in Phishing to Deliver HawkEye Malware

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-phishing-to-deliver-hawkeye-malware/

Excerpt:

ìAn ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.î


Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map

Sean Lyngaas

https://www.cyberscoop.com/covid-19-spyware-libya-lookout-johns-hopkins-map/

Excerpt:

ìItís not just opportunistic, financially-motivated criminals who are seizing on the novel coronavirus pandemic to conduct cyberattacks. Operators of spyware are also exploiting the health crisis to boost their surveillance efforts.î


France warns of new ransomware gang targeting local governments

Catalin Cimpanu

https://www.zdnet.com/article/france-warns-of-new-ransomware-gang-targeting-local-governments/

Excerpt:

ìFrance's cyber-security agency issued an alert this week warning about a new ransomware gang that's been recently seen targeting the networks of local government authorities.î


Is APT27 Abusing COVID-19 To Attack People ?!

Pierluigi Paganini

https://securityaffairs.co/wordpress/99977/apt/apt27-abusing-covid-19.html

Excerpt:

ìSecurity researcher Marco Ramilli analyzed a new Coronavirus (COVID-19)-themed attack gathering evidence of the alleged involvement of an APT group.î


Healthcare cybersecurity in the time of coronavirus

Zeljka Zorz

https://www.helpnetsecurity.com/2020/03/18/healthcare-cybersecurity-coronavirus/

Excerpt:

ìBrno University Hospital, in Brno, Czech Republic, which is one of the countryís Covid-19 testing centers, has recently been hit by a cyberattack. The nature of the attack has yet to be shared, but looks like it might be ransomware. The result? Some surgeries have been postponed and some patients redirected to nearby hospitals.î


New Nefilim Ransomware Threatens to Release Victims' Data

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/new-nefilim-ransomware-threatens-to-release-victims-data/

Excerpt:

ìA new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.î


Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Ravie Lakshmanan

https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html

Excerpt:

ìAs the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns.î


FBI Warns of Human Traffickers Luring Victims on Social Networks

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/fbi-warns-of-human-traffickers-luring-victims-on-social-networks/

Excerpt:

ìFBI's Internet Crime Complaint Center (IC3) today issued a public service announcement on human traffickers' continued usage of online platforms like dating sites and social networks to lure victims.î


Most ransomware attacks take place during the night or over the weekend

Catalin Cimpanu†

https://www.zdnet.com/article/most-ransomware-attacks-take-place-during-the-night-or-the-weekend/

Excerpt:

ìThe vast majority of ransomware attacks targeting the enterprise sector occur outside normal working hours, during the night or over the weekend.î


APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Threat Intelligence Team

https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/

Excerpt:

ìSince the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteriaóall while compromising victims with scams or malware campaigns.î


Can 5G make you more vulnerable to cyberattacks?

https://www.helpnetsecurity.com/2020/03/16/5g-security-vulnerabilities/

Excerpt:

ìMany enterprises and sectors are unaware of the 5G security vulnerabilities that exist today. Choice IoT says itís critical for businesses to have a plan for discovering and overcoming them at the outset of a 5G/IoT platform rollout to avoid future cybersecurity disasters.î


Fake Covid-19 tracker app delivers ransomware, disinformation abounds

Zeljka Zorz

https://www.helpnetsecurity.com/2020/03/16/fake-covid-19-tracker/

Excerpt:

ìAs Covid-19 spreads across the globe and countries do their best to slow down the infection rate, cybercriminalsí onslaught against worried users is getting more intense by the day. The latest scheme includes a malicious Android tracker app that supposedly allows users to keep an eye on the spread of the virus, but locks victimsí phone and demands money to unlock it.î


Employers are a trusted source of information about COVID-19 but face competition from disinformation

Forrester Research

https://www.zdnet.com/article/employers-are-a-trusted-source-of-information-about-covid-19-but-face-competition-from-disinformation/

Excerpt:

ìAccording to new data from Forrester's PandemicEX survey, employees trust their employers as a source of information about COVID-19 and the coronavirus more than they trust governments and social media sites. The takeaway for employers is that infrequent communication about this rapidly changing issue can leave employees anxious and more vulnerable to disinformation campaigns.î


Cybercriminals leveraging coronavirus outbreak to execute ransomware attacks

https://www.helpnetsecurity.com/2020/03/11/coronavirus-ransomware-attacks/

Excerpt:

ìCybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses, according to RiskIQ.î


Hackers are using coronavirus maps to infect your computer

Ivan Mehta

https://thenextweb.com/security/2020/03/11/hackers-are-using-coronavirus-maps-to-infect-your-computer/

Excerpt:

ìAs coronavirus threatens to become a global pandemic, everyoneís keeping a close eye on how itís spreading across the world. Several organizations have made dashboards to keep track of COVID-19. But now, hackers have found a way to use these dashboards to inject malware into computers.î


AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

Lindsey O'Donnell

https://threatpost.com/amd-downplays-cpu-threat-opening-chips-to-data-leak-attacks/153516/

Excerpt:

ìAMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019.î


Hackers are getting hacked via trojanized hacking tools

Zeljka Zorz

https://www.helpnetsecurity.com/2020/03/10/trojanized-hacking-tools/

Excerpt:

ìSomeone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed.î


Coronavirus-themed scams and attacks intensify†

Zeljka Zorz†

https://www.helpnetsecurity.com/2020/03/09/coronavirus-scams/

Excerpt:

ìScammers and other criminals are always quick to take advantage of crises, and this latest ñ centered around the spread of the deadly Covid-19 coronavirus around the world ñ is no exception.î


Data-Stealing FormBook Malware Preys on Coronavirus Fears

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/data-stealing-formbook-malware-preys-on-coronavirus-fears/

Excerpt:

ìAnother email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO) is distributing a malware downloader that installs the FormBook information-stealing Trojan.î


The City of Durham shut down its network after Ryuk Ransomware attack

Pierluigi Paganini

https://securityaffairs.co/wordpress/99193/malware/durham-city-ryuk-ransomware.html

Excerpt:

ìThe City of Durham, North Carolina was forced to shut down its network after its systems have been infected with the Ryuk Ransomware during the weekend.î


Unsecured databases continue leaking millions of records

https://www.helpnetsecurity.com/2020/03/06/unsecured-databases-continue-leaking-millions-of-records/

Excerpt:

ìUK ISP and telecom provider Virgin Media has confirmed on Thursday that one of its unsecured marketing databases had been accessed by on at least one occasion without permission (though the extent of the access is still unknown)î


Brazilian security firm leaks more than 25 GB of client and staff data

Angelica Mari

https://www.zdnet.com/article/brazilian-security-firm-exposes-more-than-25-gb-of-client-and-staff-data/

Excerpt:

ìA configuration failure on a server belonging to Orsegups ParticipaÁıes, a large Brazil-based holding company that controls seven businesses active in the property security sector, exposed a series of tax documents revealing clients' contract values and staff information.í


Virgin Media confirms 'misconfigured database' left personal data of 900,000 people exposed

Caroline Donnelly

https://www.computerweekly.com/news/252479642/Virgin-Media-confirms-misconfigured-database-left-personal-data-of-900000-people-exposed

Excerpt:

"Virgin Media has confirmed a system configuration error in one of its marketing databases allowed an unauthorised third-party to gain access to the personal information of 900,000 peopleî


CIA Hacking unit APT-C-39 hit China since 2008

Pierluigi Paganini

https://securityaffairs.co/wordpress/98885/apt/cia-hacking-china.html

Excerpt:

ìChinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. According to the firm, the US cyber spies are targeting various industry sectors and government agencies.î


Voice assistants can be hacked with ultrasonic waves

Amer Owaida

https://www.welivesecurity.com/2020/03/04/voice-assistants-hacked-ultrasonic-waves/

Excerpt:

ìIf Siri, Google Assistant or any other voice assistant are part of your daily routine, you may be unnerved to find out that attackers, too, could activate it ñ all the while you wouldnít hear a thing. A group of US and Chinese researchers conducted a number of experiments, proving that under the right conditions the voice assistants on your smartphone could be fooled into spilling sensitive information or carrying out certain tasks.î


Online payment fraud attempts see 73% increase

https://www.helpnetsecurity.com/2020/03/04/online-payment-fraud-attempts/

Excerpt:

ìOnline payment fraud attempts increased by 73 percent in 2019, according to a report from Sift.î


Soon, your password will expire permanently

Ben Goodman

https://www.helpnetsecurity.com/2020/03/03/password-malpractices/

Excerpt:

ìPasswords have been around since ancient times and they now serve as the primary method for authenticating a user during the login process. Individuals are expected to use unique username and password combinations to access dozens of protected resources every day ñ their social media accounts, banking profile, government portals and business resources.î