Cyber Bites

  The COVID-19 crisis will likely result in the postponement of the go-live date for Brazil's general data protection regulations. According to industry observers, the pandemic is seen as a fair justification to delay the go-live date for the regulations, which are due to be enforced in August 2020. A bill authored by congressman Carlos Bezerra presented in November 2019 had already proposed pushing the go-live date for the rules to August 15, 2022. In...

  An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking related to the novel coronavirus. Called the COVID-19 CTI League, for cyber threat intelligence, the group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp. and Amazon.com Inc. One of four initial managers of the effort, Marc Rogers, said the top priority would be working to combat hacks...

Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers. GE is a multinational operating in a wide range of tech segments including aviation, power, healthcare, and renewable energy, and it is currently ranked by Fortune 500 as the 21st-largest company in the U.S. by revenue. Source: Bleeping Computer

  As per Trend Micro’s research, since May 2019, a Russian state-sponsored notorious cyber espionage threat group called Pawn Storm (also known as Fancy Bear or APT28) has been scanning servers for reusing previously compromised emails. The compromised email addresses are used to carry out phishing campaigns, targeted mainly at defense firms from the Middle East with an intent of cyber espionage. Source: Ciso Mag  

Hospitals in Spain have been targeted with coronavirus-themed phishing lures by attackers looking to lock-down their systems with Netwalker ransomware. Local reports indicate that medical centres have been receiving emails purporting to offer "information on COVID-19", but with PDF attachments that activate the ransomware, commonly associated with computer crime groups in Eastern Europe. Source: Computing.com

MICROSOFT has warned of hackers exploiting a new vulnerability that can be found in all supported versions of Windows. If successfully manipulated by a cyber-criminal, it would be possible for them to run malware on a victim's device. Source: The Sun

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP GET request allow for information that will redirect a user to a new website without any validation of the target...

UK health chiefs are being urged to safeguard people's privacy as they develop an app to help tackle the coronavirus pandemic. An open letter published by a group of "responsible technologists" warns that if corners are cut, the public's trust in the NHS will be undermined. And it urges those in charge to be more open about their data-collection plans. Source: BBC

Twitter has emphasised that while it attempts to curb any misinformation about COVID-19, it is unable to take "enforcement action on every tweet". "As we communicated last week, COVID-19 is affecting our content moderation capacities in unique ways, and we're adjusting to meet the challenge. Right now, we're focused on content that has the highest potential of directly causing physical harm," the company tweeted. Source: ZD Net

Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Source: SC Magazine