Updated: Mar 27, 2020
This week our news feed was inundated with Coronavirus (Covid-19), both inside and outside the Cyber Security world. Additionally, numerous important disclosures were made public, including vulnerabilities and patches in which we all need to be aware. Here's our round-up.
1. Experts have identified a new backdoor malware that pretends to provide information about the new Coronavirus outbreak. With the name "BlackWater" the newly discovered malware is being delivered thought a weaponised Word file, supposedly containing COVID-19 information. One interesting fact is that, during its execution, the malware connects to a Cloudflare Worker that acts as a command and control server, something that could potentially allow Blackwater to evade detection. This is another situation where to be safe; you need to be careful of phishing emails from untrusted sources.
2. Shadowserver Foundation, a non-profit security organisation loses its primary fund contributor, the networking giant Cisco Systems. Shadowserver gathers and analyses malicious internet activity and provides free information about systems that are infected or that are in danger. Moreover, they are cooperating with law enforcement agencies and organisations in cybercrime investigations. Now they lost their principal investor; they are in dire need of funding to keep providing their services.
3. As reported from KrebsonSecurity, fake coronavirus donation sites like "Vasty Health Care Foundation" are roping people into money laundering schemes. This is a widespread practice in periods of natural catastrophe where people want to help as much as they can through donations. We recommend the public be very careful as crooks taking advantage of people's good nature during natural catastrophes, like the current situation, for personal gain is a widespread practice amongst cybercriminals and we recommend that the public be very careful at this time. For more advice on staying secure whilst working from home at this time please read this SANS article.
4. In other news, Adobe released a massive bundle of software updates for six of its products to patch a total of 41 security vulnerabilities. A massive 29 of those vulnerabilities are critical in severity. The patched software are Photoshop, Bridge, ColdFusion, ExperienceManager, Genuine Integrity Service and Acrobat and Reader. We recommend Adobe users to download and install the latest versions of the affected software to protect their systems and organisations from potential exploits of those vulnerabilities.
5. Malicious actors are taking advantage of the coronavirus epidemic as much as they can, making this event perhaps the most significant cybersecurity threat ever. One of the many examples of this is the use of Coronavirus news text to obfuscate the malicious code of malware like Trickbot and Emotet trojan. This technique supposedly makes the malware appear harmless and undetectable; something proved to be particularly useful on deceiving machine-learning and AI security software. As mentioned before you should be wary of emails that you receive as they can carry malicious attachments, deliver malware on your systems or contain links to malicious websites.
6. To finish, researchers from the University of York discovered multiple security vulnerabilities in some of the most popular password managers. Vulnerable applications include the Android forms of Dashlane and Roboform as well as Lastpass and 1Password. The vendors of those applications are now fully aware of these vulnerabilities, and they have, or they are going to release updates to patch them. Even though vulnerabilities in applications like these will not cease to exist, password managers are one of the most secure ways to handle personal and business accounts, and their use is highly recommended.