News

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP GET request allow for information that will redirect a user to a new website without any validation of the target...

UK health chiefs are being urged to safeguard people's privacy as they develop an app to help tackle the coronavirus pandemic. An open letter published by a group of "responsible technologists" warns that if corners are cut, the public's trust in the NHS will be undermined. And it urges those in charge to be more open about their data-collection plans. Source: BBC

Twitter has emphasised that while it attempts to curb any misinformation about COVID-19, it is unable to take "enforcement action on every tweet". "As we communicated last week, COVID-19 is affecting our content moderation capacities in unique ways, and we're adjusting to meet the challenge. Right now, we're focused on content that has the highest potential of directly causing physical harm," the company tweeted. Source: ZD Net

Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Source: SC Magazine

 FireEye security researchers warn that the proliferation of hacking tools with capabilities for targeting industrial control systems (ICS) is lowering the entry bar for attackers and increasing risks for organizations operating in the industrial sector. In a study published today, the US cybersecurity firm said it analyzed all the hacking tools with ICS targeting capabilities that were released in recent years. Source: ZD Net

Finastra, a bank technology company in London that has more than 9,000 customers, including 90 of the top 100 global banks, was working Monday to bring servers back online that were hit by a ransomware attack late last week. Some U.S. bank customers are affected by the incident, which occurred Friday. The company says it took some of its servers offline while it investigated the incident. Source: American Banker

New data from NordVPN Teams shows a massive spike since March 11 in business VPN usage worldwide in the wake of the global coronavirus pandemic. This directly correlates with the mass increase in remote work globally. The fundamental shift in work location will have enormous ramifications on digital business, the economy, and cybersecurity. Key numbers: NordVPN Teams has seen a 165% usage spike and an almost 600%increase in sales overall. People are working longer than...

  Huge data breach included personal information on more than 200 million Americans. Equally as bad, it's unclear where the data came from. Researchers have noticed that detailed personal information of more than 200 million Americans was exposed in a data breach. This is the latest in a long list of data security incidents over recent months and years. Source: Screenrant https://cybernews.com/security/report-unidentified-database-exposes-200-million-americans/

  The world's third largest cruise line, Norwegian Cruise Line, has suffered a data breach, the British security firm DynaRisk says, adding that the email addresses and passwords of nearly 27,000 travel agents had been exposed as a result. DynaRisk said its researchers had found a breached database from the NCL travel agents' portal on a hacking forum on 13 March. After first verifying that the data records were authentic, it then contacted a representative...

  The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media. In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a dump of the company's user database. Source: ZD Net