The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn. In particular, students and…
Capitalizing on a Canadian government announcement pertaining to the development of a nationwide, voluntary Covid-19 contact tracing app, malicious actors this month created a fake version of such an app that in reality infects Android users with mobile ransomware. According to a new blog post from ESET, the ransomware, dubbed CryCryptor, was found being distributed…
Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…
Wi-Fi networks, whether in public or private, are by their very nature dirty. Security professionals warn that every network carries inherent risk to our devices, data and resources, because they are exposed a myriad of attacks, including these “Dirty Half Dozen” Wi-Fi risks: eavesdropping; exploits; evil-twin Wi-Fi; lateral network infections; DNS hijacking; and scanning, enumerating…
Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…
As phishing scammers actively impersonate institutions like the World Health Organization and Centers for Disease Control and Prevention in order to capitalize on Covid-19 fears, government bodies and state-run health care organizations continue to make themselves vulnerable to email spoofing by failing to employ DMARC email validation protections, a new report states. An investigation by…
Kentucky has become the sixth state to disclose a data leak related to unemployment-related forms that has taken place during the Covid-19 pandemic. The Kentucky Education & Workforce Development Cabinet (EWDC) on Thursday acknowledged that a vulnerability in its Unemployment Insurance Portal caused a data leak that allowed insurance claimants to view the identity verification…
Bank of America has disclosed that it briefly exposed certain business clients’ Paycheck Protection Program (PPP) applications to outside parties after uploading the documents onto a test platform. The incident bears similarities to the recent news of at least states mistakenly exposing application information related to the Pandemic Unemployment Assistance (PUA) program. Both the PPP…
The CyberPeace Institute and dozens of international leaders and dignitaries on Tuesday collectively urged the world’s governments in an open letter to help put an end to cyberattacks on hospitals and health care institutions that are already under the incredible strain of combatting the Covid-19 pandemic. “Over the past weeks, we have witnessed attacks that…
The shelter-in-place orders and closure of non-essential businesses that have been implemented to slow the spread of COVID-19 have brought the need for business continuity to the forefront. Most enterprises have shifted to a work-from-home model that allows employees to continue working while adhering to social distancing measures. However, the massive shift to remote work…
