We might not be up-to-date on current events but, cybercriminals are and they are quick to capitalize on them. The latest being "CoronaVirus"

One important behaviour pattern cybercriminals depend on is that if, an email sounds scary / urgent then we might click on the link or attachment. The new botnet campaign targets geographic regions that may be more impacted by the outbreak given their locations in Asia to spread Emotet trojan.IBM X-Force warned that Emotet operators will probably expand their targeting beyond Japan soon.

https://threatpost.com/coronavirus-propagate-emotet/152404/

Trickbot trojan gets dangerous as it can now run in stealth mode

. It uses Wsreset.exe , which when executing a command it will not display a UAC prompt and users will have no idea that a program has been executed.


https://www.bleepingcomputer.com/news/security/trickbot-uses-a-new-windows-10-uac-bypass-to-launch-quietly/

Finally, UK has an IoT Law

The Law Mandates:

1. IoT device passwords must be unique. 
2. Manufacturers must also provide a public point of contact so that anyone can report a flaw. 
3. Manufacturers must also explicitly state the minimum length of time for which devices will receive security updates.

https://threatpost.com/mandatory-iot-security-uk-proposal/152217/

Interesting Attack Technique - Ransomware can now infect any Active directory connected windows system if the user profile is setup to execute a login script when a user logs in.

The attacker weaponized AD by putting not Trickbot, but Ryuk, into the AD [roaming] login script. So anybody who logged into that AD server was immediately infected.
So as soon as an engineer, for example, logged in from his or her workstation, the payload would drop, execute, and lock the user out of the machine.

https://www.darkreading.com/threat-intelligence/ryuk-ransomware-hit-multiple-oil-and-gas-facilities-ics-security-expert-says-/d/d-id/1336865

I am dumbstruck - Microsoft exposed (in clear-text) 14 years worth of data with 250 million CSS records

. This means records from 2005 to December 2019 were leaked online and left without any security authentication allowing the public to access it with just a web browser.


https://www.hackread.com/250-million-microsoft-customer-support-records-leaked-plain-text/

Extortionists find new victims - "Plastic surgery patients"

Hackers not only know their personal information, but also might have photographs of their “before” and “after”. One can easily imagine that things become even more uncomfortable if it’s other parts of your body that you’ve had “tweaked”.

The Center for Facial Recognition says that within three weeks of being threatened by the extortionists, up to 20 patients have been contacted by the criminals with individual demands for payment.

https://www.grahamcluley.com/plastic-surgery-patients-ransomware/

Remember - Patch all windows computers (Corp / Personal) with 01/2020 MS Updat

e. An attacker can spy on your web browsing, even on encrypted sites, as well as altering the content you get back or modifying the data you upload.

https://nakedsecurity.sophos.com/2020/01/14/serious-microsoft-crypto-vulnerability-patch-right-now/

Microsoft starts 2020 patch Tuesday with a BANG - Brian Krebs calls one of the vulnerability (fixed) as "extraordinarily serious security vulnerability". So, if we don't patch then, "Shame on Us".

It could have wide-ranging security implications for a number of important Windows
functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools


Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.


https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

Hidden Camera Risk (Airbnb or anywhere other than home), What can we do aboutit ?. This article has some recommendation (Tools like Angry IP Scanner, Nmap, and Network Scanner)

https://getpocket.com/explore/item/how-to-scan-your-airbnb-for-hidden-cameras?utm_source=pocket-newtab

Official statement "We have now contained the virus and are working to restore our systems". The reality was that it was a Ransomware attack and Britain's largest retail banks have been forced to halt processing foreign currency.

https://www.cnbc.com/2020/01/09/british-banks-hit-by-hacking-of-foreign-exchange-firm-travelex.html

Upgrade Firefox NOW !!! - Mozilla, has identified (and patched) a zero-day vulnerability in Firefox that could allow an attacker to take control of users’ computers.

The vulnerability was detected in exploits seen in-the-wild. United States

Cybersecurity and Infrastructure Security Agency (CISA) has also issued an advisory


https://www.grahamcluley.com/stop-everything-update-firefox-now/