Table of Contents

  1. Privacy
    1. Research Finds Microsoft Edge Has Privacy-Invading Telemetry
    2. Emergency Surveillance During COVID-19 Crisis
    3. Google Says It Doesn’t 'Sell' Your Data. Here’s How the Company Shares, Monetizes, and Exploits It.
  2. Digital rights
    1. Guinea blocks social media on eve of elections
  3. Politics
    1. Putin’s Secret Intelligence Agency Hacked: Dangerous New ‘Cyber Weapons’ Now Exposed
  4. Ransomware
    1. PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware
    2. Ransomware Gangs to Stop Attacking Health Orgs During Pandemic
    3. Most Ransomware Gets Executed Three Days After Initial Breach
  5. Scams
    1. Extortion Emails Threaten to Infect Your Family With Coronavirus
    2. Europol Dismantles SIM Swap Criminal Groups That Stole Millions
    3. FBI sees rise in fraud schemes related to the coronavirus (COVID-19) pandemic
  6. Malware
    1. Fake Coronavirus tracking app exploiting our fear and vulnerable social situation
    2. WHO Chief Impersonated in Phishing to Deliver HawkEye Malware
    3. Trickbot, Emotet Malware Use Coronavirus News to Evade Detection
  7. Vulnerabilities
    1. Zyxel Flaw Powers New Mirai IoT Botnet Strain
    2. Multiple vulnerabilities found in Zyxel CNM SecuManager
    3. CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server
  8. Leaks
    1. Rogers Data Breach Exposed Customer Info in Unsecured Database

Privacy

Research Finds Microsoft Edge Has Privacy-Invading Telemetry

While Microsoft Edge shares the same source code as the popular Chrome browser, it offers better privacy control for users. New research, though, indicates that it may have more privacy-invading telemetry than other browsers. According to Microsoft, telemetry refers to the system data that is uploaded by the Telemetry components or browser's built-in services. Telemetry features aren't new to Microsoft and the company has been using Telemetry data from Windows 10 to identify issues, analyze and fix problems. Professor Douglas J Leith, Chair of Computer Systems at Trinity College in Ireland, tested six web browsers to determine what data they were sharing. In his research, he pitted Chromium-based Microsoft Edge, Google Chrome, Brave, Russia's Yandex, Firefox and Apple Safari. Unfortunately, Microsoft Edge didn't perform well in various privacy tests.

Emergency Surveillance During COVID-19 Crisis

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. With that in mind, the EFF has some good thinking on how to balance public safety with civil liberties.

Google Says It Doesn’t 'Sell' Your Data. Here’s How the Company Shares, Monetizes, and Exploits It.

EFF published an article explaining how google profits from its users' data, while at the same time claiming it doesn't sell this data.

Digital rights

Guinea blocks social media on eve of elections

Network data from the NetBlocks internet observatory confirm that social media has been blocked in the Republic of Guinea beginning 8:00 p.m. Saturday evening, 21 March 2020 ahead of Sunday's parliamentary elections and constitutional referendum. Twitter, Facebook and Instagram were blocked while WhatsApp servers have been partially restricted. The restrictions continued through election day, 22nd March, limiting global visibility into events as they took place. Social media platforms were finally unblocked the morning after polls closed at 8:00 a.m. UTC Monday morning 23rd March, with a recorded incident duration of 36 hours.

Politics

Putin’s Secret Intelligence Agency Hacked: Dangerous New ‘Cyber Weapons’ Now Exposed

Reports have emerged from Russia of another shocking security breach within the FSB ecosystem. This one has exposed a new weapon ordered by the security service, one that can be used to execute cyberattacks on IoT devices. The goal of the so-called "Fronton Program" is to exploit IoT security vulnerabilities en masse - remember, these technologies are fundamentally less secure than other connected devices in homes and offices. The security contractors highlight retained default "factory" passwords as the obvious weakness, one that is easy to exploit. The intent of the program is not to access the owners of those devices, but rather to herd them together into a botnet that can be used to attack much larger targets -think major U.S. and European internet platforms, or the infrastructure within entire countries, such as those bordering Russia. But the article also notes that targeted devices for the exploits include cameras, adding that compromising such devices in foreign countries by a nation-state agency carries other surveillance risks as well. It also points out that the FSB is the successor to the KGB and reports directly to Russia's President Vladimir Putin, and its responsibilities include electronic intelligence gathering overseas.

Ransomware

PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware

PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created. "They targeted a handful of servers. Not sure how they got in (yet) but I can see quite a few keygens and cracking tools on the network, probably just end up being an exposed RDP though :-)," Peter stated in a Tweet.

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic

Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Most Ransomware Gets Executed Three Days After Initial Breach

Ransomware gets deployed three days after an organization's network gets infiltrated in the vast majority of attacks, with post-compromise deployment taking as long as 299 days in some of the dozens of attacks researchers at cybersecurity firm FireEye examined between 2017 and 2019. In 75% of all ransomware incidents, as they found, the attackers will delay encrypting their victims' systems and will use that time to steal Domain Admin credentials that they can later use to distribute the ransomware payloads throughout the compromised environment.

Scams

Extortion Emails Threaten to Infect Your Family With Coronavirus

Sextortion scammers are now also attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets". If you have received such an email, it is important to know that this is just a scam and that no hacker has stolen your passwords or can infect you or your family with an actual real-life virus.

Europol Dismantles SIM Swap Criminal Groups That Stole Millions

Europol arrested suspects part of two SIM swapping criminal groups in collaboration with local law enforcement agencies from Spain, Austria, and Romania following two recent investigations. SIM swap fraud happens when a scammer takes control over a target's phone number via social engineering or by bribing mobile phone operator employees to port the number to a SIM controlled by the fraudster. Subsequently, the attacker will receive all messages and calls delivered to the victim onto his own phone, thus being able to bypass SMS-based multi-factor authentication (MFA) by gaining access to one-time password (OTP) codes, to steal credentials, and to take control of online service accounts.

FBI sees rise in fraud schemes related to the coronavirus (COVID-19) pandemic

As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other cybercriminal scams targeting a largely at-home workforce. Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don't let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits.

Malware

Fake Coronavirus tracking app exploiting our fear and vulnerable social situation

As the Coronavirus spreads across countries creating fear across the globe, everybody wants to stay on top of any information related to it wanting to remain safe and away from infected people. Malware authors are also taking advantage of this situation. According to policies, Google proactively removed many applications from Playstore to stop malware authors to take advantage of this situation. But malware authors have used another way to enter into the user's phone. They are using their sites to publish malicious apps developed by hackers themselves.

WHO Chief Impersonated in Phishing to Deliver HawkEye Malware

An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. "HawkEye is designed to steal information from infected devices, but it can also be used as a loader, leveraging its botnets to fetch other malware into the device as a service for third-party cybercrime actors," IBM X-Force's research team said.

Trickbot, Emotet Malware Use Coronavirus News to Evade Detection

The TrickBot and Emotet Trojans have started to add text from Coronavirus news stories to attempt to bypass security software using artificial intelligence and machine learning to detect malware. Before malware is distributed in phishing campaigns or other attacks, developers commonly use a program called a 'crypter' to obfuscate or encrypt the malicious code. This is done in the hopes that it makes the malware appear to be harmless and thus FUD (Fully UnDetectable) to antivirus software.

Vulnerabilities

Zyxel Flaw Powers New Mirai IoT Botnet Strain

As soon as the Proof-of-Concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel Network-Attached Storage (NAS) devices with a new Mirai variant -- Mukashi. This vulnerability has a critical rating (i.e CVSS v3.1 score of 9.8) due to its trivial-to-exploit nature. It's not surprising that the threat actors weaponize this vulnerability and start wreaking havoc on the Internet of Things (IoT) realm. It was initially discovered via the sale of its exploit code as a 0-day i.e. while it was still unreported to the vendor. This initial discovery also mentioned "the exploit is now being used by a group of bad guys who are seeking to fold the exploit into Emotet".

Multiple vulnerabilities found in Zyxel CNM SecuManager

A bunch of critical vulnerabilities have been found in Zyxel CNM SecuManager by a security researcher. The attack surface is very large and many different stacks are being used making it very interesting. Furthermore, some daemons are running as root and are reachable from the WAN. Also, there is no firewall by default.

CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server

Microsoft recently released a patch for CVE-2020-0796, a critical SMB server vulnerability that affects Windows 10. An unauthenticated attacker can exploit this vulnerability to cause memory corruption, which may lead to remote code execution. FortiGuard Labs performed an analysis of this vulnerability, and they explained how a compressed data packet with a malformed header can cause an integer overflow in the SMB server. This overflow results in the kernel allocating a buffer that's far too small to hold the decompressed data, which leads to memory corruption. Multiple proof of concept exploits have been published.

Leaks

Rogers Data Breach Exposed Customer Info in Unsecured Database

Canadian ISP Rogers Communications has begun to notify customers of a data breach that exposed their personal information due to an unsecured database. In a data breach notification posted to their site, Rogers states that they learned on February 26th, 2020 that a vendor database containing customer information was unsecured and publicly exposed to the Internet.