Cyber Bites

I’ve already reported on the dangers online, as hackers hide behind our coronavirus obsession to target us with malicious malware. Well, here’s another variation on that theme, with a warning that tempting “Coronavirus Maps” are now being used to plant malware on victims’ computers. Reason Labs delved into this particular threat, albeit warnings about the map’s website had been issued before, cautioning users that such downloads will “steal credentials such as user names, passwords, credit...

Private details of around 900 million people have been exposed after an online database containing information of Whisper app users was left online without password protection. Whisper's core focus is to allow users to anonymously share secrets and has around 30 million monthly active users. Since it was launched in 2012, people have used it to post confessions and discuss private matters like sexuality, unwanted pregnancies and domestic abuse. Source: Independent

 WASHINGTON — A yearlong congressional study of American cyberspace strategy concludes that the United States remains ill-prepared to deter attacks, including from Russia, North Korea and Iran. It calls for an overhaul of how the United States manages its offensive and defensive cyberoperations. The report, mandated by Congress and led by a bipartisan group of lawmakers, says the military needs far more personnel trained for cyberoperations. It also says Congress needs to dedicate committees to...

US radio giant Entercom reported a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored third-party cloud hosting services and containing Radio.com user credentials. Entercom's national network is comprised of more than 235 radio stations broadcasting news, sports, and music across the country and live the Radio.com online live streaming service to over 170 million people each month. Source: Bleeping Computer

Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data. Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure. Source: Threatpost

It’s March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. The good news is that none of them under active attack. For the time being, Adobe seems to be skipping this Patch Tuesday and there’s no indication whether the customary security updates are just delayed or there won’t be any at all in the coming days. Source: Help Net Security

The University of Hertfordshire has avoided an investigation by the ICO into its data-sharing practices after exposing student information. The security incident took place in November 2019, in which a bulk email promoting an art lecture also included an attachment containing the names and email addresses of approximately 2,000 students. Source: ZD Net

Google has removed today an Android app from the official Play Store that was developed by the Iranian government to test and keep track of COVID-19 (coronavirus) infections. Before being removed from the Play Store, controversy surrounded the app, and several users accused the Iranian government of using the COVID-19 scare to trick citizens into installing the app and then collecting phone numbers and real-time geo-location data. Source: ZD Net

  Hackers of "Russian" origin targeted the city and county governments of Durham, N.C., over the weekend, hampering computer and communications networks with ransomware, according to local officials. The attack, which used the infamous Ryuk malware strain typically spread through malicious attachments in phishing emails, was carried out late Friday by a Russian hacking group, according to the North Carolina State Bureau of Investigations, one of the agencies looking into the attack. Source: Government Technology

  The global pandemic of Coronavirus, and the concerns of people traveling and gathering indoors at large events, has hit the cybersecurity events calendar with events now being canceled. Initially Mobile World Congress was canceled, after being due to take place in late February, with a statement claiming that this was due to “the global concern regarding the coronavirus outbreak, travel concerns and other circumstances,” whilst San Francisco’s RSA Conference did go ahead despite exhibitors...