The second most popular message of the entire quarter was a fake CDC alert about Coronavirus cases. Social media messages are another area of concern when it comes to phishing. The past quarter's top-clicked social media email subjects reveal new login alerts, password resets and someone may have accessed your account messages are coming onto the radar. (By Stu Sjouwerman, KnowBe4)
The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform). Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. The FBI has released this guidance in response to an increase in reports of VTC hijacking. (By CISA)
Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations. (By CISA)
The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it. (By Ravie Lakshmanan, The Hacker News)
With the healthcare sector being at the forefront of the global response to the disease, delivering uninterrupted care to patients is essential. But despite the claims of some criminal gangs, who pledged not to target healthcare, the sector will enjoy no magical cybercrime immunity. (By Mathew J. Schwartz, BankInfo Security)