Kaspersky has identified a tactic dubbed Holy Water, in which hackers infect a popular site, dubbed a "watering hole" and often owned by a celebrity or organization, with malicious code that infects the computers of people who visit it. Site visitors are prompted to download a fake Adobe Flash update that sets up a backdoor giving hackers remote access.
Chief information security officers and IT departments are coping with sudden changes in priorities and tasks as the coronavirus pandemic has upended the workplace. The need to secure networks and the devices of remote workers has sped to the top of the list, while longer-term projects have in many cases been delayed indefinitely, writes Jon Oltsik, who examines what the changes mean for interdepartmental operations, endpoint security and startups hoping to sell IT services.
Zoom, which has seen explosive growth in use of its videoconferencing service in recent weeks, will stop adding features for three months as it addresses privacy and security issues, CEO Eric Yuan wrote in a blog post Wednesday. Yuan also promised to be more transparent regarding law enforcement data requests.
Many Americans will be getting payments from the government to help cover costs associated with coronavirus business impacts, and scammers are ready to pounce. The IRS advises Americans to protect their personal information, avoid clicking on links in suspicious emails, not download software advertised in pop-up ads and use strong passwords, among other measures that will help guard against identity theft.
Allied Market Research analysts predict that mobile banking will grow 12.2% during the next five or six years, becoming a $1.82 billion market. More banks and tech companies are introducing the apps and improving their security, and customers are drawn to them for convenience, as well as the way they enable social distancing during the coronavirus outbreak.
Business email compromise attacks, which the FBI says have cost businesses $26 billion in the past three years, are skyrocketing because they are easy, profitable and difficult to prosecute. One such operation, Nigeria-based SilverTerrier, conducted an average of nearly 93,000 attacks a month in 2019 on customers of Palo Alto Networks alone.
Hackers using the REvil (Sodinokibi) variant are searching for vulnerable health care systems using virtual private networks for ransomware attacks, Microsoft reports. The company is advising hospitals to monitor remote access, patch vulnerabilities, use AMSI for Office VBA in Office 365 environments and switch on attack surface reduction rules in Windows.
Cyberinsurance companies are referring businesses that have been hit by ransomware to "breach coaches" -- attorneys specializing in dealing with such attacks. One breach coach, John Mullen of Mullen Coughlin, describes himself as a general contractor who coordinates the response while providing confidential legal advice.
Italy's social security website has been shut down because of cyberattacks just as hundreds of thousands of people are trying to apply for benefits related to the coronavirus. Italy is one of the nations hit hardest by the pandemic, which has locked down the country.
The unveiling of a Ring device called the Doorbox is thought to be imminent, and it might happen before the Ring Video Doorbell 3 is rolled out. Little information is available beyond a leaked photo showing a boxy device whose uses could include storing spare keys.
- Page 1