All in Cybersecurity News

BTH News 20March2020

This week we saw more COVID-19 malware and phishing attacks, a cyberattack against the U.S. Health and Human Services Department, anew and growing botnet that recruits IoT devices, credit card skimming on websites and a security firm re-breaches over 5 billion records.

  1. Malware: A malicious app that supposedly tracks Coronavirus victims, is actually demanding ransom payment from Android users. via @gcluley

  2. Cyberattack: Cyberattack Hits U.S. Health Agency Amid COVID-19 Outbreak

  3. More Patches: Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion -

  4. Botnet: Zxyel Flaw Powers New Mirai IoT Botnet Strain -

  5. Credit Card Skimming: NutriBullet and others caught in online credit card skimming attack!

  6. Data [Re]Breach

BTH News: 13March2020

It’s Friday the 13th, we are in the midst of a global pandemic, threat actors are leveraging public fear in phishing attacks, and data breaches and critical vulnerabilities make the news!

Shark Caught in Phishing Scam Shares Cautionary Tale

An employee of Shark Tank star Barbara Corcoran thought it was a routine wire transfer. The email request did not look unusual, and the amount of the transfer did not raise suspicion. But it was a clever scam, and nearly $400,000 was deposited into the bank account of a phishing scammer. Corcoran, who is well known as one of the “sharks” on ABC’s TV show, Shark Tank, shared details of a cybersecurity breach at her company with ABC News.

"This morning I wired $388,000 into a false bank account…

New Report: Employees’ Poor Password Practices Put Businesses Around the World at Risk

LastPass has released its third annual Global Password Security Report where they analyzed over 47,000 businesses to share interesting and helpful insights into employee password behavior at businesses around the world. The report is free but you will have to give up some contact information to download it.

The key takeaways are:
Businesses still have a lot of work to do in the area of password and authentication security.
Businesses are increasing their use of multi-factor authentication (MFA) but employees still have poor password hygiene.

FBI Router Reboot Recommendation

As I am sure you have heard, the FBI is recommending that anyone with a home router or small office router, reboot them. If you are not familiar with this FBI recommendation, then there are a few links at the end, to get you up to speed.

The reason for the FBI's reboot recommendation is that a piece of malware, named VPNFilter, has infected hundreds of thousands of routers all across the Internet. Rebooting an infected router forces the malware to reload which will initiate an attempted connection to malware command and control (C&C) servers. The FBI has already taken control over some, if not all of the C&C servers so the reloading of the malware will do two things.