“If you use Firefox for browsing Twitter’s platform, media files you privately shared within direct messages or Twitter data archive downloads could have been stored within the browser’s cache. This means that threat actors could have stolen your private data using malicious tools designed to go through Firefox’s cache, while anyone could have got their hands on your personal information if you ever logged in on Twitter from a public computer.” https://www.bleepingcomputer.com/news/security/twitter-reveals-that-firefox-cached-private-data-for-up-to-7-days/
“The Internal Revenue Service (IRS) today issued a warning to alert about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information while using economic impact payments as a lure. This scam wave that can lead to identity theft and tax-related fraud is using the SARS-CoV-2 pandemic to trick vulnerable targets into giving away their sensitive info in exchange for help to speed up the COVID-19 economic impact payments.” https://www.bleepingcomputer.com/news/security/irs-warns-of-surge-in-economic-stimulus-payment-scams/
“Corona Virus themed MBR Lockers: MBRLockers are programs that replace the ‘master boot record’ of a computer so that it prevents the operating system from starting and displays a ransom note or other message instead. Some MBRLockers such as Petya and GoldenEye also encrypt the table that contains the partition information for your drives, thus making it impossible to access your files or rebuild the MBR without entering a code or paying a ransom.” https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/
“FBI’s warning mentions over 1,200 complaints related to coronavirus scams being received and reviewed since March 30, 2020, with threat actors engaging in phishing campaigns targeting first responders, launching Distributed Denial of Service (DDoS) attacks against government agencies, deployed ransomware on health care facilities, as well as creating fake COVID-19 landing pages to be used in attacks that infect victim’s devices with malware.” https://www.bleepingcomputer.com/news/security/fbi-warns-of-attacks-on-remote-work-distance-learning-platforms/
“Nevertheless, the incidence of Zoombombing has skyrocketed over the past few weeks, even prompting an alert by the FBI on how to secure meetings against eavesdroppers and mischief-makers. This suggests that many Zoom users have disabled passwords by default and/or that Zoom’s new security feature simply isn’t working as intended for all users. Earlier this week, KrebsOnSecurity heard from Trent Lo, a security professional and co-founder of SecKC, Kansas City’s longest-running monthly security meetup. Lo and fellow SecKC members recently created zWarDial, which borrows part of its name from the old phone-based war dialing programs that called random or sequential numbers in a given telephone number prefix to search for computer modems.” https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
“This article will detail five key findings from the Dragos report and will explore the vulnerability of power outages, the threat of supply chain compromise, solar generation utility communications outage in the United States, recommendations for asset owners and operators and the relative position of the United States. We’ll take a closer look at the report and leave you with a more solid understanding of the industrial cybersecurity threat landscape. ” https://resources.infosecinstitute.com/the-state-of-threats-to-electric-entities-4-key-findings-from-the-2020-dragos-report/
“Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into web-pages to phish payment data.” https://thehackernews.com/2020/04/magecart-digital-skimmer.html