Facebook Small Business Grants Spark Identity-Theft Scam

The Threat Post reported on the theft of Facebook identities because of grants program.

Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts.

The perpetrators are trying to dupe people into thinking that the social network is handing out free money to any user affected by COVID-19, according to a Kaspersky analysis. It’s using messaging platforms to proliferate.

Read further on Threat Post

Cybersecurity lessons learned from data breaches and brand trust matters

Help Net Security published a report on conclusions to be done by cybersecurity experts following the COVID developments.

Your brand is a valuable asset, but it’s also a great attack vector. Threat actors exploit the public’s trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile apps. These engagements are obviously crucial to your business.

Something else should be obvious as well: guarding your digital trust – public confidence in your digital security – is make-or-break for your business, not just part of your compliance checklist.

Read further on Help Net Security

Information Security Forum launches Aligned Tools Suite 2020 to help ensure compliance standards

Security Magazine published an article on Aligned Tools Suite 2020.

“Cybercrime flourishes in an economic downturn, and as more organizations adopt digitalization and move operations online, their need to protect data and critical assets increases,” said Steve Durbin, Managing Director, ISF. “We live in an uncertain world where budgets and resources are tight, yet the need to manage information risk and establish resilience has never been more important. The ISF Aligned Tools Suite 2020 has been designed to help organizations of all sizes be agile and confident when making decisions on meeting the challenges of this new world.”

Read more on Security Magazine

Security Takeaways from the Great Work-from-Home Experiment

The TreatPost reports on essential cybersecurity discoveries made during pandemic.

As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600 new phishing attacks a day when the pandemic started.

Read more on the ThreatPost

Shift to remote work and heavy reliance on service providers for security leaves blind spots

Help Net Security published an article studying how remote work revealed many weak points in cybersecurity of respective tools and technologies.

83% of C-level executives expect the changes they made in the areas of people, processes, and applications as a response to the COVID-19 pandemic to become permanent (whether significant or partial), according to Radware​.

Read more on Help Net Security

U.S. House Passes IoT Cybersecurity Bill

SecurityWeek reported that the U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices.
First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.

The bipartisan legislation is backed by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). There are also several major cybersecurity and tech companies that support the bill, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable.

Read further on SecurityWeek

DDoS Attacks Skyrocket as Pandemic Bites

The Threatpost published an article on how lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

The first half of 2020 saw a significant uptick in the number of distributed denial-of-service (DDoS) attacks compared to the same period last year — a phenomenon that appears to be directly correlated to the global coronavirus pandemic.

Neustar’s Security Operations Center (SOC) saw a 151 percent increase in DDoS activity in the period, including one of the largest and longest attacks that Neustar has ever mitigated – that attack came in at 1.17 terabits-per-second (Tbps), and lasted five days and 18 hours.

Read more on Threatpost

QR Codes Serve Up a Menu of Security Concerns

The Threatpost reported on how QR-codes are becoming a bigger cybersecurity concern in pandemic era.

Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks.

The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus and leaflets that could accelerate the spread of COVID-19. Instead they are turning to QR codes as an alternative.

Read more on the Threatpost

Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

The Threatpost reported on critical vulnerabilities in industrial component used by top ICS vendors like Rockwell Automation and Siemens.

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical systems.

Read more on the Threatpost

Cryptobugs Found in 300+ Google Play Store Apps

The Threatpost reported on a new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.

Researchers have discovered more than 300 apps on the Google Play Store breaking basic cryptography code using a new tool they developed to dynamically analyze it.

Academics from Columbia University developed a custom tool, CRYLOGGER, that analyzes Android applications for unsafe use of cryptographic code according to 26 basic cryptography rules. Those rules include avoiding the use of: broken hash functions, bad passwords, reusing passwords multiple times, HTTP URL connections or a “badly-derived” key for encryption.

Read more on the Threatpost