CyberJudicata Weekly Debrief (3/23–27)
This week's Weekly Debrief covers COVID-19 issues, Chinese cyber espionage, targeted attack with malicious USB dongles, facial recognition, and data transparency in the age of privacy.
"Security researchers have come across an attack where an USB dongle designed to surreptitiously behave like a keyboard was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals during physical penetration testing engagements in the past, but it has very rarely been observed in the wild. This time it's a known sophisticated cybercriminal group who is likely behind it."
"Despite the global COVID-19 pandemic, which started in China, Chinese cyber espionage campaigns are continuing, with a new campaign from one advanced persistent threat group targeting at least 75 enterprises in 20 countries, according to the security firm FireEye."
"Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now."
"The novel coronavirus is challenging organizations on all fronts. Leaders must contend not only with cyberattackers leveraging COVID-19, but also employee, customer and partner concerns, and business continuity and risk management planning. Visit this page for ongoing updates to coverage from SC Media and other CyberRisk Alliance affiliates — including news analysis, business guidance and insights cyber risk professionals and leaders can use now."
"In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus’ spread.But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and storage, user consent, and surveillance will be brushed under the rug.
"As data volumes explode, consumers have become increasingly worried about privacy and are hesitant to entrust their data to just anyone. At the same time, they've also come to expect highly personalized brand interactions, for which some data is essential.
. . .