IT Security Newsletter - 3/19/2020
Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map
It's not just opportunistic, financially-motivated criminals who are seizing on the novel coronavirus pandemic to conduct cyberattacks. Operators of spyware are also exploiting the health crisis to boost their surveillance efforts. Mobile security firm Lookout has traced a malicious Android application to what it says is a long-running campaign to spy on people in Libya. READ MORE...
Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book
The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we've been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected. Yesterday, we observed a phishing campaign similar to malspam previously discovered by MalwareHunterTeam, which impersonates the World Health Organization (WHO) and promises the latest on "corona-virus." READ MORE...
Cisco Patches Several Vulnerabilities in SD-WAN Solution
Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a "high severity" rating. The high-severity vulnerabilities - all of them reported to Cisco by Orange Group - are caused by insufficient input validation. They can be exploited to make unauthorized changes to the system, escalate privileges to root, and inject arbitrary commands that are executed with root permissions. READ MORE...
Emsisoft, Coveware Offer Free Ransomware Help During Coronavirus Outbreak
Emsisoft and Coveware have announced that they will be offering their ransomware decryption and negotiation services for free to healthcare providers during the Coronavirus outbreak. With medical facilities, hospitals, and labs already being over capacity and employees working in stressful and dangerous environments, they need all the help they can get. READ MORE...
New TrickBot tool targets telecommunications in U.S., Hong Kong
The criminals behind the TrickBot banking trojan have retooled it for targeting telecommunications organizations in the U.S. and Hong Kong, according to new research from BitDefender. The new module, a malicious .dll file "rdpScanDll" allow attackers to run brute-forcing operations against Remote Desktop Protocols (RDPs). It's just the latest update to TrickBot, which by design is built to be enhanced over time. READ MORE...
Microsoft Edge branded as 'worrisome' for user privacy
Microsoft Edge is one of the least private web browsers, as it sends back device identifiers and web browsing telemetry to back-end servers, according to new research. An analysis of the browser, which comes bundled in Windows 10 by default, conducted by Trinity College Dublin found that Edge sends "persistent identifiers" to back-end services, as well as the URLs typed into the browser's pages. READ MORE...