DNS hijacking victims are being steered toward spoofed WHO sites that contain malware. (Source: Bitdefender)

Hijacked Routers Steering Users to Malicious COVID-19 Sites

Apurva Venkat • March 27, 2020

Cybercriminals are waging brute-force attacks that enable them to change DNS settings on home and small business routers to redirect victims to fake COVID-19-themed websites that push infostealer malware, according to the security firm Bitdefender.

Cybercrime

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Latest

Electronic Healthcare Records

Coalition Formed to Address COVID-19 Crisis

Marianne Kolbasuk McGee • March 27, 2020

More than two dozen healthcare organizations and technology firms have formed a coalition to help address the COVID-19 crisis by using secure information sharing and data analysis. But observers warn the group must devote enough attention to privacy and security issues.

Business Continuity Management / Disaster Recovery

Analysis: Russia's COVID-19 Disinformation Campaign

Nick Holland • March 27, 2020

The latest edition of the ISMG Security Report analyzes how and why Russia is spreading disinformation about the COVID-19 pandemic. Plus: the latest CCPA regulation updates; a CISO's tips on securely managing a remote workforce.

Cybercrime

Chinese Cyber Espionage Continues Despite COVID-19

Akshaya Asokan • March 26, 2020

Despite the global COVID-19 pandemic, which started in China, Chinese cyber espionage campaigns are continuing, with a new campaign from one APT group targeting at least 75 enterprises in 20 countries, according to the security firm FireEye.

Governance & Risk Management

Microsoft to Pause Non-Essential Software Updates

Mathew J. Schwartz • March 26, 2020

Microsoft has announced that it will pause all non-essential updates for Windows, while both Google and Microsoft have said their Chrome and Edge browsers will, for now, receive only stability and security updates. The moves come as IT teams are continuing to respond to the ongoing fallout of the COVID-19 pandemic.

Endpoint Security

The Best of RSA Conference 2020

Information Security Media Group • March 25, 2020

At RSA Conference 2020 in San Francisco, Information Security Media Group's editorial team conducted more than 130 video interviews with industry thought leaders. Here are the highlights.

3rd Party Risk Management

COVID-19 and the CISO: Jim Routh on Leadership

Tom Field • March 25, 2020

At its core, cybersecurity is about applying scarce resources to the highest risk. And nothing quite puts that tenet to the test like the COVID-19 pandemic. Jim Routh, CISO of MassMutual, discusses the challenges of managing a remote workforce and third-party relationships during this crisis.

Cybercrime

FBI Shutters Alleged Russian Cybercriminal Forum

Scott Ferguson • March 25, 2020

The FBI this week seized the domain of Deer.io, which federal authorities describe as a clearinghouse for stolen data and cybercriminal services operating from Russia. The alleged administrator of the now-shuttered site has been arrested and charged.

Endpoint Security

Symantec's Strategy as a Broadcom Unit

Varun Haran • March 25, 2020

Innovation, consolidation and integration will be key areas of focus for Symantec's enterprise security business following its acquisition by Broadcom, says CTO Paul Agbabian.

Cybercrime

Hackers Targeted World Health Organization

Scott Ferguson , Apurva Venkat • March 24, 2020

A hacking group targeted the World Health Organization earlier this month with an apparently unsuccessful spear-phishing campaign designed to harvest credentials as the United Nations organization was grappling with the global COVID-19 pandemic.

Business Continuity Management / Disaster Recovery

New Mirai Variant Exploits NAS Device Vulnerability

Ishita Chigilli Palli • March 24, 2020

Security researchers are tracking a variant of the prolific Mirai botnet called Mukashi, that's taking advantage of vulnerabilities in network-area storage devices made by Zyxel and giving its operators the ability to launch DDoS attacks. Zyxel has issued a patch for the vulnerability.

Governance & Risk Management

Microsoft Alert: Fresh Zero-Day Flaws Found in Windows

Akshaya Asokan • March 24, 2020

Microsoft is warning that attackers are exploiting a pair of critical, zero-day flaws in Windows that allow for remote code execution, which could enable a threat actor to take over an infected device. Although a patch for the flaws is not expected until April, the company described workarounds.

Cyberwarfare / Nation-State Attacks

Election Integrity in COVID-19 Era

Nick Holland • March 24, 2020

Matt Barrett and Joe Drissell of U.S. Cyberdome discuss the new initiative to foster cross-campaign cybersecurity collaboration and the ramifications of potentially holding an election during social distancing as a result of the COVID-19 pandemic.