The Love Bug virus is 20 years old. It was also known as ILOVEYOU because it spewed itself out in emails with those three words, jammed together as one, in the subject line. This was one of the first mass mailing worms I had to deal with at the start of my IT career. A fascinating look at the technical underpinning of the infamous worm. Ah the memories…
Original release date: May 5, 2020
CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. This joint alert highlights ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses. It describes some of the methods these actors are using to target organizations and provides mitigation advice.
APT actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.
APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities. Read the complete report
More information at SecureWorld
Password protection, user authentication, and keeping software patched are a few ways you can keep video conferencing secure. Tom Merritt suggests five things to do to ensure safer video meetings.
Original release date: May 12, 2020
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.
This alert provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats. Click click to read the complete and extensive article from CISA
And a related article from Sophos Naked Security.
Here’s a ransomware story with a difference. Some of your files can be recovered without paying, while others get wiped out forever.
Five alleged members of hacking group InfinityBlack got some unexpected visitors last week when Polish law enforcement arrested them.
New open source standards are coming that can help technologies such as edge computing and IoT achieve greater security. Technology has evolved to such a state that the transmission of data comes in many forms and from many sources. No longer is user data only transmitted via the traditional network connection—from client-to-server, or client-to-client. The new world order includes IoT, hybrid clouds, artificial intelligence, and edge computing. The complications inherent in these technologies makes it even more crucial that universal security and privacy protocols are developed and put into place.
Original release date: May 13, 2020
My comment: The Chinese lit the fire, and now want to steal information about how water works. With friends like China….
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and FBI encourage COVID-19 research organizations to review and apply the announcement’s recommended mitigations to prevent surreptitious review or theft of COVID-19-related material.
For more information on Chinese malicious cyber activity, see https://www.us-cert.gov/china.
The Wordfence Threat Intelligence Team has just published details of a critical vulnerability in Google Site Kit, a plugin used by 300,000 WordPress sites. This vulnerability allows attackers to access Google Search Console. The impact of a compromise in Search Console is profound. We cover the full story and how to protect your site on the official Wordfence blog.