Cyber-crime, Malware, Phishing

Spotting and blacklisting malicious COVID-19-themed sites

April 7, 2020

Via: Help Net Security

Since last December, over 136,000 new COVID-19-themed domains have popped up and, while many host legitimate websites, others have been set up to serve malware, phishing pages, or to scam visitors. SpyCloud researchers have also discovered that existing community threat […]

Mobile, Mobile security, Threats & Malware, Vulnerabilities

Official Government COVID-19 Mobile Apps Hide a Raft of Threats

April 7, 2020

Via: Threat Post

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers […]

Email security, Hacker, Security, Threats & Malware

Italian email provider hacked, data of 600k users available for sale

April 7, 2020

Via: Security Affairs

The Italian email provider has been hacked, the company admitted the incident while a hacker group named NN Hacking Group is offering the stolen data for sale on the dark web. The group shared a series of snapshots on […]

Mobile, Privacy protection

Rights groups appeal to governments over COVID-19 surveillance

April 6, 2020

Via: Naked Security

Digital and human rights groups have joined in a rare worldwide appeal to governments to respect privacy when handling the COVID-19 crisis. As the number of known COVID-19 cases around the world exceeds 1.2m and the number of deaths reaches […]

Data loss, Threats & Malware

Data Leak: Private information of 14 million Key Ring users exposed

April 6, 2020

Via: Hot for Security

Five misconfigured Amazon Web Services (AWS) S3 buckets revealing private data of Key Ring users were discovered by vpnMentor researchers in January. Like many similar apps, Key Ring lets users store digital copies of their loyalty cards, create a shopping […]

Cyber-crime, Malware

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

April 6, 2020

Via: Security Affairs

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. Then the attackers break into the installs and deploy a […]

Threats & Malware, Vulnerabilities

Security Think Tank: Why and how cyber criminals exploit world events

April 6, 2020

Via: Computer Weekly

Cyber criminals, APT actors and others who pose a threat to businesses and individuals are impacted and influenced by world events just like the rest of us. However, they will also use these events, as well as cultural events, to […]

Application security, Mobile, Privacy protection, Security

Thousands of Android Apps Are Silently Accessing Your Data

April 3, 2020

Via: Wired

MORE THAN 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found. The apps use an […]

Cloud security, Security

Want to Improve Cloud Security? It Starts with Logging

April 3, 2020

Via: Dark Reading

When using event logs to monitor for security violations and incidents, the quality of output is determined by the quality of the input. Much of the logging being used is subpar, and there has been little industry incentive to fix […]

Threats & Malware, Vulnerabilities

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

April 3, 2020

Via: Security Affairs

Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue admins or taking over admin sessions. The ‘Contact […]