AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/3/2020

Cybercriminals targeting Zoom, Google and Teams domains

Popular video conferencing applications such as Zoom, Teams and Google are seeing their names used by malicious actors to create newly registered fake domains with Zoom seemingly being singled out at this time. Since January 1 the security firm has seen about 1,700 new domains registered using the word “zoom” in some fashion with 25 percent of these new registrations happing in the last seven days. Cyber gangs have also noted and are taking advantage of the increase in online learning with K-12 and universities opting to continue teaching remotely. This has resulted in domains using Google Classroom in some manner being created replacing googleclassroom.com with googloclassroom\.com and googieclassroom\.com.


Coronavirus: Microsoft directly warns hospitals, ‘Fix your vulnerable VPN appliances’

Microsoft says it has issued its first-ever targeted warning to several dozen hospitals, alerting them to vulnerabilities in their virtual private network (VPN) appliances after spotting a ransomware gang targeting them.  The warning follows the recent discovery that Iranian hackers have been targeting vulnerabilities in VPN servers from Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.  Now, with COVID-19 coronavirus outbreak lockdowns in full swing, companies are relying on VPN servers more than ever to support remote workers, making that part of the network a soft spot for ransomware attackers to hit – in particular at hospitals with already strained resources. 


U.S. Government: Update Chrome 80 Now, Multiple Security Concerns Confirmed

CISA, a standalone federal agency under the U.S. Department of Homeland Security (DHS) oversight, is responsible for protecting “the Nation’s critical infrastructure from physical and cyber threats.” In an April 1 posting, CISA confirmed that Google Chrome version 80.0.3987.162 “addresses vulnerabilities that an attacker could exploit to take control of an affected system,” be that Windows, Mac or Linux. It went on to state that it “encourages” users and administrators to apply the update.


Ransomware strikes biotech firm researching possible COVID-19 treatments

In a financial disclosure form filed to the U.S. Securities and Exchange Commission Wednesday, 10x Genomics Inc. said it experienced an attempted ransomware attack that also involved the theft of company data. The firm restored normal operations “with no material day-to-day impact,” and said it is working with law enforcement to investigate the breach. The company currently is part of an international alliance that is sequencing cells from patients who have recovered from COVID-19 as part of an effort to understand possible treatments for the disease.


Google’s new coronavirus update: Location data reveals impact on people’s habits in your area

Google has released smartphone location data that reveals the impact the coronavirus outbreak has had on travel to work, transit stations, parks, retail outlets, and grocery stores. The new global Community Mobility Reports are intended to help public health officials understand how populations are responding to social-distancing rules designed to slow the spread of coronavirus COVID-19.  The first reports, covering 131 countries and regions, include a graph that takes Sunday, February 16, as the baseline for normal activity and tracks changes in movements through to Sunday, March 29. 

Related Posts