SBS CyberSecurity - In The Wild 162

In The Wild - CyberSecurity Newsletter Welcome to the 162nd issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [Webinar]: Check Your Pandemic Plan and BCP SBS Educational Resources As the number of global cases of COVID-19 nears 100,000, and the number of US infections rises, it's time for financial institutions to dust off their Pandemic Preparedness Plans and revisit our plans for operating with a reduced staff. Pandemic Preparedness, which falls under the umbrella of Business Continuity Management, was all but removed from the updated FFIEC Business Continuity Management booklet in November of 2019, but we've quickly remembered that doesn't mean that the threat of a global pandemic isn't real. This seminar will cover the current state of the COVID-19 - the Wuhan Coronavirus - and what financial institutions need to do from a Pandemic Preparedness and Business Continuity perspective. Read Here »   Live Coronavirus Map Used to Spread Malware Krebs on Security In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate and $700 if the buyer wishes to just use the seller’s certificate. Read Here »   US Govt Shares Tips on Securing VPNs Used by Remote Workers Bleeping Computer The Department of Homeland Security's cybersecurity agency today shared tips on how to properly secure enterprise virtual private networks (VPNs), seeing that a lot of organizations have made working from home the default for their employees in response to the Coronavirus disease (COVID-19) pandemic. "As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity," an alert published today says. Read Here »   List of Free Software and Services During Coronavirus Outbreak Bleeping Computer In response to the Coronavirus (COVID-19) outbreak, many organizations are asking their employees to work remotely. This, though, brings new challenges to the workplace as users adapt to video meetings, screen sharing, and the use of remote collaboration tools. To assist a new wave of remote workers and get some publicity at the same time, many software developers and service providers have started to offer free licenses or enhanced versions of their software and services. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Google Creating a Nationwide Coronavirus Information Site Bleeping Computer In a press conference in the White House Rose Garden, President Trump announced that Google and 1,700 of its engineers are working on a new web site devoted to information about Coronavirus. President Trump and Vice President Pence stated that this site would allow people to enter their symptoms and determine if a test was needed. If a test is recommended, the site would then direct them to the nearest location that is offering Coronavirus tests. Read Here »   Remote Workforce Security Tips & Best Practices Digital Guardian With more companies working with geographically distributed teams today, more employees are working remotely than ever before. Remote work poses unique security challenges for companies. Because employees are not physically working on-site, they're often relying on their own Wi-Fi networks and devices to access company data. To mitigate security risks, companies must implement clear and comprehensive policies and take proactive measures to ensure the safety and integrity of company data. Read Here »   Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP! The Hacker News Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that impacts Windows 10 version 1903 and 1909, and Windows Server version 1903 and 1909. Read Here »   This Can Be Our Finest Hour - But We Need All Of You Gretchen Schmelzer You may be healthy, and your kids may be healthy. Your parents may be healthy. Everyone around you seems fine. And all the things you planned and the 2020 spring you thought you were going to have has been completely undone. You have to work from home. Your conference is canceled. Your semester is over. Your work is canceled. It all seems fast, out-of-proportion, and disorienting. You look at each action and think—but it would be okay if I did that. It’s not so big. We worked so hard. They would be so disappointed. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: Crafty Web Skimming Domain Spoofs “https”       Bleeping Computer: COVID-19 Testing Center Hit By Cyberattack       Bleeping Computer: BlackWater Malware Abuses Cloudflare Workers for C2 Communication       ZDNet: State-sponsored hackers are now using coronavirus lures to infect their targets       SC Magazine: Ransomware halts health organization’s ability to inform public on COVID-19       Health IT Security: Ransomware Attacks on Healthcare Providers Rose 350% in Q4 2019       infosecurity magazine: A Cybersecurity Culture Score       The New York Times: Congress, Warning of Cybersecurity Vulnerabilities, Recommends Overhaul       The Washington Post: Federal employees may soon be ordered to work from home       The Washington Post: Why Outbreaks Like Coronavirus Spread Exponentially, and How to "Flatten the Curve"