Cyber Security News for 3Apr2020

  1. “Microsoft says that an Emotet infection was able to take down an organization’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment.”  https://www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/
  2. “A recent event highlights just how severe the matter can become if an unauthorized party gets into a cloud-hosted database. A research team from CyberNews revealed that an unauthorized party compromised more than 200 million user records hosted somewhere within the U.S. in a Google Cloud database.” https://securityaffairs.co/wordpress/101015/data-breach/cloud-db-exposes-200m-americans.html
  3. “Apple has paid a $75,000 bug bounty to a security researcher who chained together three different exploits that could have allowed malicious web sites to use your iPhone camera and microphone without permission.” https://www.bleepingcomputer.com/news/security/apple-paid-75k-for-bugs-letting-sites-hijack-iphone-cameras/
  4. NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered in December 2019, and it has been used to distribute a wide variety of remote administration tool (RAT) malware.” https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
  5. “In a rare find, a researcher has unveiled dozens of related bugs in a core Windows API that could enable attackers to elevate their privileges in the operating system. A year ago, Gil Dabah promised that he would find over 15 bugs related to the Windows win32k component.  This week, he released a report detailing 25 of them.” https://nakedsecurity.sophos.com/2020/04/03/zombie-windows-win32k-bug-reanimated-by-researcher/
  6. “The COVID-19 public health emergency already has caused the U.S. Health and Human Services (HHS) Office for Civil Rights to announce various enforcement changes and waivers. On April 2, HHS issued another notification of enforcement discretion – this one relating to business associates. This latest notification allows business associates to use and disclose protected health information (PHI) for public health and health oversight purposes even if not expressly permitted by their business associate agreement.” https://www.dataprivacymonitor.com/hhs/due-to-the-covid-19-pandemic-hhs-eases-restrictions-on-the-use-and-disclosure-of-phi-by-business-associates/
#emotet #gcp #privacy #apple #zoom #netwire #rat #guloader