What happens if a pandemic hits?

What happens if a Covid-19 coronavirus pandemic hits? It’s time to at least start asking that question. What will the repercussions be, if the virus spreads worldwide? How will it change how we live, work, socialize, and travel?

China Roundup: Amid coronavirus, tech firms offer ways to maintain China’s lifeblood

Hello and welcome back to TechCrunch’s China Roundup, a digest of recent events shaping the Chinese tech landscape and what they mean to people in the rest of the world. The coronavirus outbreak is posing a devastating impact on people’s life and the economy in China, but there’s a silver lining that the epidemic might have benefited a few players in the technology industry as the population remains indoors.

Threat Hunting – A proactive Method to Identify Hidden Threat

According to ISO 27005, a threat is defined as a potential cause of an incident that may cause harm to systems and organization. Software attacks, theft of intellectual property, identity theft, sabotage, and information extortion are examples of information security threats. As a result, most of the organization chose active threat hunting practice to defend their organization from the network’s unknown threat.

Are APIs Putting Financial Data At Risk?

We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as “credential stuffing”, reports CSO Online. And it’s being made easier by APIs: New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. According to a report released today, between December 2017 and November 2019, Akamai observed 85.4 billion credential abuse attacks against companies worldwide that use its services. Of those attacks, around 16.5 billion, or nearly 20%, targeted hostnames that were clearly identified as API endpoints.

However, in the financial industry, the percentage of attacks that targeted APIs rose sharply between May and September 2019, at times reaching 75%.

A Ransomware Attack Shut a US Natural Gas Plant and Its Pipelines

Long-time Slashdot reader Garabito writes: The Department of Homeland Security has revealed that an unnamed U.S. natural gas compression facility was forced to shut down operations for two days after becoming infected with ransomware.

The plant was targeted with a phishing e-mail, that allowed the attacker to access its IT network and then pivot to its Operational Technology (OT) control network, where it compromised Windows PCs used as human machine interface, data historians and polling servers, which led the plant operator to shut it down along with other assets that depended on it, including pipelines.

Simple but Efficient VBScript Obfuscation, (Sat, Feb 22nd)

Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonates it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first idea about the code behaviour. In parallel, many obfuscation techniques exist to avoid detection by AV products and/or make the life of malware analysts more difficult. Personally, I like to find new techniques and discover how imaginative malware developers can be to implement new obfuscation techniques.

This morning, I spotted a very simple VBSscript based on only 50 lines of code. It gets an excellent VT score: 1/60[1] but it was spotted by my hunting rule!

Basically, all suspicious keywords that could trigger a bell are random strings and replaced during the execution. Example:

x010 = Replace(x010,"OXentrew","Executionpolicy") x010 = Replace(x010,"BCijaMA","bypass")

Benefits Of Cloud Integration In Business

You may not believe it, but there are still thousands of businesses around the world that have yet to fully integrate with Cloud technologies.  Cloud integration in business is an invaluable tool for visibility and seamless operations.  

US Defense Agency That Secures Trump’s Communications Confirms Data Breach

An anonymous reader quotes a report from Forbes: The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach. Here’s what is known so far. The U.S. Defense Information Systems Agency (DISA) describes itself as a combat support agency of the Department of Defense (DoD) and is tasked with the responsibility for supporting secure White House communications, including those of President Trump. As well as overseeing Trump’s secure calls technology, DISA also establishes and supports communications networks in combat zones and takes care of military cyber-security issues. It has also confirmed a data breach of its network, which exposed data affecting as many as 200,000 users.

First picked up by Reuters, disclosure letters dated February 11 have been sent out to those whose personal data may have been compromised. Although it is not clear which specific servers have been breached, nor the nature of the users to whom the letters have been sent, that an agency with a vision to “connect and protect the war-fighter in cyberspace” should suffer such an incident is concerning, to say the least. While many of the details surrounding this breach are likely to remain, understandably, confidential, given the nature of the DISA work, the letter itself has already been published on Twitter by one recipient. Signed by Roger S. Greenwell, the chief information officer at DISA, the letter revealed the breach took place between May and July last year, and information including social security numbers may have been compromised as a result. It also stated that there is no evidence that any personally identifiable information (PII) has been misused as a result. The letter does, however, confirm that DISA will be offering free credit monitoring services to those who want it.

Slickwraps Data Breach Exposing Financial and Customer Info

Slickwraps, a mobile device case retailer, has suffered a major data breach exposing employee resumes, personal customer information, API credentials, and more. Bleeping Computer reports: In a post to Medium, a security researcher named Lynx states that in January 2020 he was able to gain full access to the Slickwraps web site using a path traversal vulnerability in an upload script used for case customizations. Using this access, Lynx stated that they were allegedly able to gain access to the resumes of employees, 9GB of personal customer photos, ZenDesk ticketing system, API credentials, and personal customer information such as hashed passwords, addresses, email addresses, phone numbers, and transactions.

After trying to report these breaches to Slickwraps, Lynx stated they were blocked multiple times even when stating they did not want a bounty, but rather for Slickwraps to disclose the data breach. “They had no interest in accepting security advice from me. They simply blocked and ignored me,” Lynx stated in the Medium post. This post has since been taken down by Medium, but is still available via archive.org. Since posting his Medium post, Lynx told BleepingComputer that another unauthorized user sent an email to 377,428 customers using Slickwraps’ ZenDesk help desk system. These emails begin with “If you’re reading this it’s too late, we have your data” and then link to the Lynx’s Medium post. […] In a statement posted to their Twitter account, Slickwraps CEO Jonathan Endicott has apologized for the data breach and promises to do better in the future. In the statement, though, Endicott says they first learned about this today, February 21st, while Lynx stated and showed screenshots of attempts to contact both Endicott via email and Slickwraps on Twitter prior to today.