Cyberattacks on the U.S. financial sector amid COVID-19 rose 238 percent over the first five months of 2020, VMware/Carbon Black told Congress during a House Subcommittee on National Security, International Development and Monetary Policy virtual hearing Tuesday. Four NGOs brought to the attention of the lawmakers of how attackers are raising the stakes with fraudulent schemes and the need for public and private sector vigilance during testimony for the nearly two-hour session entitled “Cybercriminals and Fraudsters: How Bad Actors Are Exploiting the Financial System During the COVID-19 Pandemic.”
The Covid crisis has reshaped the cyber-threat landscape around the globe. There may not have been a significant increase in the volume of cyber-attacks, but countries have pursued new targets, pushed boundaries and taken advantage of their adversaries working from home, according to cyber-security experts. Understanding the crisis is the highest priority for almost every government – vital to their security, and in some cases their political survival at home. From January, states began urgently tasking their cyber-security teams with gathering information.
igh-severity flaws plague Cisco’s Webex collaboration platform, as well as its RV routers for small businesses. Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. Beyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products, including its small business RV routers and TelePresence Collaboration Endpoint software. It’s also investigating whether vulnerabilities affect other products.
Attackers use trusted entities to trick victims into giving up their corporate log-in details as well as to bypass security protections. Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the attacks—the majority of which targeted European companies, with others seen in Asia and the Middle East–in April, when they discovered emails sent to victims titled “Office 365 Voice Mail.”
Clipper Malware Operators Now Use Cloned Sites to Lure Victims. Clipper malware are known for replacing the user’s cryptocurrency wallet address (a long and random string) with that of the hacker’s own wallet address, which is already difficult to keep a track due to its typical format. Recently, hackers were seen targeting a private note sharing service to lure their victims with clipper malware, making the attack almost undetectable for the users.
High-severity flaws plague Cisco’s Webex collaboration platform, as well as its RV routers for small businesses. Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. Beyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products, including its small business RV routers and TelePresence Collaboration Endpoint software. It’s also investigating whether vulnerabilities affect other products.
