Recently, Chinese cybersecurity companies have reported an intrusion campaign targeting government networks and health-care systems during the COVID-19 pandemic. A campaign of this magnitude threatens to degrade international norms for the protection of health systems that are already under unprecedented pressures. However, there is reason to question the narrative from Beijing and these companies.
The public are being warned of another scam related to coronavirus doing the rounds, this time attempting to fool people into believing they have been in contact with someone who has tested positive for the virus. It comes as a trial of the UK’s contact tracing app continues on the Isle of Wight, ahead of a roll-out to the rest of the country expected in mid-May.
Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996. The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations. The service can send data to be printed to a USB/parallel port for physically connected printers; to a TCP port for printers residing on a local network or the internet; or to a local file, in the rare event the user wants to save a print job for later.
Magellan Health, a Fortune 500 healthcare company, has begun notifying some employees that their personally identifiable information (PII) was compromised as the result of a phishing attack that also served as a prelude to a ransomware attack. According to the notification to affected employees, a single server was compromised by the data breach, and only “certain current employees” had data exfiltrated. For those employees, the lost data was extensive.
The Australian government has pushed out an update to its COVIDSafe app that removes a number of security and privacy issues.. Prime among them is the denial of service attack possible on iOS devices, as demonstrated by Richard Nelson in a blog post. When devices running the app encountered a device advertising a malformed Bluetooth manufacturer identifier, the app would repeatedly crash until it was out of range of the attacker and restarted.