Tuesday, March 17, 2020


This one was relatively simple. The next ones won’t be.
A coronavirus-tracking app locked users' phones and demanded $100
You can always count on hackers to exploit a terrible situation to try to make a buck.
A new Android app that promises to deliver up-to-date figures on the coronavirus pandemic includes a strain of malicious software that locks up a user’s phone and demands an extortion fee. The ransomware app, called CovidLock, threatens to erase everything on an infected phone if victims don’t pay $100 in bitcoin within 48 hours, according to the security firm DomainTools..


(Related)
Password found to rescue victims of malicious COVID-19 tracker app
Members of the IT and cybersecurity communities have successfully obtained a password key for victims of CovidLock Android ransomware, which comes disguised as an app that supposedly helps track cases of the coronavirus, but actually locks users’ phones and demands a ransom in order to restore access.
The unlock token has been verified as 4865083501.




A “proof of concept” exercise. Imagine many, many targets as an opening salvo in a cyber war…
Why the Norsk Hydro attack is a 'blueprint' for disruptive hacking operations
It’s been a year since malicious code tore through the computer network of Norwegian aluminum giant Norsk Hydro, forcing the company to shift some of its operations to manual mode and inflicting tens of millions of dollars in damage.
The ransomware attack brought a global manufacturing powerhouse to its knees, and with it more questions than answers about the hackers’ motivations. Attackers targeted a company with good security practices, yet used code that would have made it difficult to collect their extortion fee. Norsk Hydro never paid, a spokesman said.
Now, an investigation published Monday argues that the LockerGoga ransomware variant could have been designed to disrupt rather than to extort — to lock up the enterprise and throw away the key.
Regardless of who was behind the Norsk Hydro attack, it provides a “worryingly effective blueprint” for state-backed hackers to hide behind malware associated with criminals to achieve their goals, says Joe Slowik, adversary hunter at industrial cybersecurity company Dragos.




Security because “we gotta do something?”
TSA Admits Liquid Ban Is Security Theater
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes:
Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.
Won't airplanes blow up as a result? Of course not.
Would they have blown up last week were the restrictions lifted back then? Of course not.
It's always been security theater.
Interesting context:
The TSA can declare this rule change because the limit was always arbitrary, just one of the countless rituals of security theater to which air passengers are subjected every day. Flights are no more dangerous today, with the hand sanitizer, than yesterday, and if the TSA allowed you to bring 12 ounces of shampoo on a flight tomorrow, flights would be no more dangerous then. The limit was bullshit. The ease with which the TSA can toss it aside makes that clear.
All over America, the coronavirus is revealing, or at least reminding us, just how much of contemporary American life is bullshit, with power structures built on punishment and fear as opposed to our best interest. Whenever the government or a corporation benevolently withdraws some punitive threat because of the coronavirus, it's a signal that there was never any good reason for that threat to exist in the first place.




How Asia does it.
Asia Business Law Journal has published a regional comparison of data privacy laws that includes India, the Philippines, Taiwan, and Thailand. You can read it here.




First summary I’ve seen. Clearly the rules are not set in stone.
Coronavirus and Data Protection: Europe’s Data Protection Authorities’ Views
Data protection authorities from around the world are stepping in to provide their input and guidance on the matter of data processing activities and the fight against the coronavirus. Hogan Lovells’ global Privacy and Cybersecurity team has compiled the guidance from various European authorities, which is available here.
The different emphasis among the data protection authorities’ views – which can be categorized as restrictive, neutral or permissible – suggests that the right approach must lie in finding a balanced middle ground which does not ignore the application of essential privacy principles. This is also in line with the statement published by the European Data Protection Board (EDPB) on March 16 highlighting that data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic.


(Related) Not suspended, just waved.
From the U.S. Department of Health & Human Services:
The Novel Coronavirus Disease (COVID-19) outbreak imposes additional challenges on health care providers. Often questions arise about the ability of entities covered by the HIPAA regulations to share information, including with friends and family, public health officials, and emergency personnel. As summarized in more detail below, the HIPAA Privacy Rule allows patient information to be shared to assist in nationwide public health emergencies, and to assist patients in receiving the care they need. In addition, while the HIPAA Privacy Rule is not suspended during a public health or other emergency, the Secretary of HHS may waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act.
Read the full notice below.




Compare and contrast.
A Once-in-a-Century Pathogen’: The 1918 Pandemic & This One
A little over one hundred years ago, a novel virus emerged from an unknown animal reservoir and seeded itself silently in settlements around the world. Then, in the closing months of World War I, as if from nowhere, the infection exploded in multiple countries and continents at more or less the same time. From Boston to Cape Town, and London to Mumbai, the “Spanish flu,” so-called because the first widely reported outbreak occurred in Madrid in May 1918, swept like wildfire through cities and communities both large and small.
By the time the virus had burned itself out, in the spring of 1919, a third of the world’s population had been infected and at least 50 million people were dead.




Worthwhile just as a list of useful tools.
New to remote work? These tools will make your transition to working from home easier
As the coronavirus outbreak continues (even appearing in newsrooms), organizations are asking employees to work from home when they can.
For some, this may mean discovering gaps in your toolstacks. With that in mind, we’ve compiled a list of tools that might help you address different needs your team may have in staying connected and effective at work.




Late moving into AI?




The Great TP Shortage
I think I have an explanation for the toilet paper shortage. Since TP has no role in preventing or minimizing the Corona virus, it must be due to other sources of supply being cut off. I estimate that 60 to 80 percent of the population was stealing toilet paper from their employers. Since they can’t get to their work supply, they have to actually buy it in stores! (Oh, the horror)



No comments: