FREE COVID-19 Threatlist from DOMAINTOOLS

- We know bad guys are creating fake COVID-19 related domains to lure us. To battle this , DomainTools is providing a free, curated list (updated everyday) of high-risk COVID-19-related domains to support the community during the Coronavirus crisis.

https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats

Zero Trust Security Model is the new rage - How much do we know about it. Here is a timely doc from Microsoft that can help

https://www.microsoft.com/en-us/security/business/zero-trust

(US Residents) Beware of these COVID-19 relates emails:

1. Emails purporting to contain helpful information from the Centers for Disease Control and Prevention (CDC)
2. Medical sources, and phishing emails that ask to provide their personal information in order to receive an economic stimulus check.
(3. Free pass to entertainment services like Netflix)

https://www.scmagazine.com/home/security-news/cybercrime/fbi-warns-of-covid-19-phishing-scams-promising-stimulus-checks-vaccines/

Security vendors are in the business of selling security they don't have to care about securing their own environment (Remember RSA, Symantec)

- British security outfit Keepnet Labs exposed a massive database (without any password protection) on the internet, containing more than five billion records.

https://www.grahamcluley.com/security-firm-five-billion-records-exposed-unsecured-database/

In case you missed it due to everything happening around COVID-19 - Microsoft has issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities

This could let hackers remotely take complete control over targeted computers.  No Patch Yet Available; Apply Workaround ( Disable the Preview Pane and Details Pane in Windows Explorer)

https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html

Another free service during the Coronavirus outbreak - Emsisoft and Coveware will be offering their ransomware decryption and negotiation services for free to healthcare providers

https://www.bleepingcomputer.com/news/security/emsisoft-coveware-offer-free-ransomware-help-during-coronavirus-outbreak/

Bookmark this page/ link, it has a list of free software - Never know we might need one of them during this COVID-19 outbreak

https://www.bleepingcomputer.com/news/software/list-of-free-software-and-services-during-coronavirus-outbreak/

If you use whatsapp (who doesn't) then , spend a few minutes to review your privacy settings.

https://privacycrypts.com/blog/whatsapp-privacy-settings-should-know-about/

Can this be true? - CIA's password for its top-secret hacking tools? 123ABCdef. The passwords were shared

 The passwords were shared by the entire team and posted on the group’s intranet. IRC chats published during the trial even revealed team members talking about how terrible their infosec practices were, and joked that CIA internal security would go nuts if they knew.


https://www.theregister.co.uk/2020/03/05/cia_leak_trial/

Free Anti Virus and smart phone protection Software from Sophos

https://www.sophos.com/en-us/products/free-tools.aspx?cmp=30726

FREE Cybersecurity Law Casebook.

Thanks to Bobby Chesney,Professor at University of Texas at Austin for publishing this FREE Cybersecurity Law Casebook.
Who should use it: The book is designed to be valuable not just to beginners but also those who may have experience in one area but would like to see how their corner of the puzzle relates to the larger whole.
About this book: This is an interdisciplinary “eCasebook,” designed from the ground up to reflect the intertwined nature of the legal and policy questions associated with cybersecurity.

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103

If you think any subdomain with "microsoft.com" is safe, think again

Researchers were able to grab more than 670 subdomains that had previously been used by Microsoft but subsequently FORGOTTEN about it.

https://nakedsecurity.sophos.com/2020/03/06/researcher-finds-670-microsoft-subdomains-vulnerable-to-takeover/

Ransomware Evolution #5 - Steal data from backups and delete it. We thought good backups are important (they still are) but, what happens when ransomware authors can gain control of the Backup Software

Evolution:
1. Encrypt local data
2. Worm
3. Threaten to expose sensitive pictures
4. Threaten to expose data (leading to breach)

https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/

CCTV footage from a Fake Call Center involved in Tech support scams.

https://youtu.be/le71yVPh4uk

Must Watch - (Sad and touching,) How a 13 year old girl is cheated by a scammer from a Fake Call Center in India.

https://youtu.be/kFwt-_svg_0

Smart Speaker or Smart Snooper, maybe we whould call it "Smart Sneaker" - Forget big brother , your own pet electronics might be spying on you. Study estimates that activations of smart speakers when it wasn't you who uttered any wake word occur between 1.5 and 19 times a day. The average time of activation is 43 seconds.

https://www.zdnet.com/article/dont-worry-alexa-and-friends-only-record-you-up-to-19-times-a-day/