Security Newsletter

16 March 2020

How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation

Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber attacks.

These scams aim to exploit people’s fear and uncertainty concerning the disease’s spread. These can be broadly split into the following three categories: Phishing and social engineering scams; Sale of fraudulent or counterfeit goods; Misinformation.

To help prevent the spread of misinformation, individuals should ensure that they only follow guidance from official national health institutions like the CDC and NHS, as well as international organizations like the WHO. Use fact-checking tools to challenge potentially dubious claims on social media. Be wary of unsolicited correspondances that contain alarmist messaging and/or impersonate official health and safety institutions. Grammatical and formatting errors can help you identify malicious phishing emails. Be wary of emails soliciting charitable donations. Do not download files or visit unknown websites linked in unsolicited emails. Do not purchase medical equipment from unofficial third-party vendors (particularly on the dark web!). If a deal seems too good to be true, then it probably is.

 

Critical Patch Released for 'Wormable' SMBv3 Vulnerability

Microsoft released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.

The vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that impacts Windows 10 version 1903 and 1909, and Windows Server version 1903 and 1909. Server Message Block (SMB), which runs over TCP port 445, is a network protocol that has been designed to enable file sharing, network browsing, printing services, and interprocess communication over a network.

Earlier this week, due to what looks like a miscommunication between Microsoft and some antivirus vendors, details about this bug leaked online. At the time of writing, there is only one known PoC exploit that exists for this critical remotely exploitable flaw, but reverse engineering new patches could now also help hackers find possible attack vectors to develop fully weaponized self-propagating malware. While Microsoft was not initially planning to release fixes this month, the company was eventually forced to push today's patch after the cat was out of the bag. As of today, there are nearly 48,000 Windows systems vulnerable to the latest SMB compression vulnerability and accessible over the Internet.

 

More #News

 

#Patch Time!

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with a diverse team of 1,600 people serving over 26 million customers across Europe, Australia and the US. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and is an innovation driven company that builds on trust.