Kaspersky has identified a tactic dubbed Holy Water, in which hackers infect a popular site, dubbed a "watering hole" and often owned by a celebrity or organization, with malicious code that infects the computers of people who visit it. Site visitors are prompted to download a fake Adobe Flash update that sets up a backdoor giving hackers remote access.
Chief information security officers and IT departments are coping with sudden changes in priorities and tasks as the coronavirus pandemic has upended the workplace. The need to secure networks and the devices of remote workers has sped to the top of the list, while longer-term projects have in many cases been delayed indefinitely, writes Jon Oltsik, who examines what the changes mean for interdepartmental operations, endpoint security and startups hoping to sell IT services.
Many Americans will be getting payments from the government to help cover costs associated with coronavirus business impacts, and scammers are ready to pounce. The IRS advises Americans to protect their personal information, avoid clicking on links in suspicious emails, not download software advertised in pop-up ads and use strong passwords, among other measures that will help guard against identity theft.
Business email compromise attacks, which the FBI says have cost businesses $26 billion in the past three years, are skyrocketing because they are easy, profitable and difficult to prosecute. One such operation, Nigeria-based SilverTerrier, conducted an average of nearly 93,000 attacks a month in 2019 on customers of Palo Alto Networks alone.
Hackers using the REvil (Sodinokibi) variant are searching for vulnerable health care systems using virtual private networks for ransomware attacks, Microsoft reports. The company is advising hospitals to monitor remote access, patch vulnerabilities, use AMSI for Office VBA in Office 365 environments and switch on attack surface reduction rules in Windows.
Cyberinsurance companies are referring businesses that have been hit by ransomware to "breach coaches" -- attorneys specializing in dealing with such attacks. One breach coach, John Mullen of Mullen Coughlin, describes himself as a general contractor who coordinates the response while providing confidential legal advice.
Italy's social security website has been shut down because of cyberattacks just as hundreds of thousands of people are trying to apply for benefits related to the coronavirus. Italy is one of the nations hit hardest by the pandemic, which has locked down the country.
Slack is rolling out the Microsoft Teams Calls beta app to integrate Teams calling features, as well as VoIP phone integrations with Zoom, Cisco's Jabber, RingCentral and Dialpad. Slack is also rolling out the overhaul of its user interface over the coming weeks.
Cloudflare is bringing its WARP VPN service to macOS and Windows in public beta. The desktop software will be available first to WARP+ subscribers, with invitations sent through the existing mobile apps over the next few weeks.
The Labor Department has posted a series of fact sheets and Q&A documents addressing how the recently enacted Families First Coronavirus Response Act will affect American workers and employers. The postings address employee paid leave rights and laws regarding family and medical leave.
- Page 1