Μένουμε σπίτι και απολαμβάνουμε τα ραδιόφωνα όλου του κόσμου δωρεάν, πατώντας σε μια πράσινη τελεία!

Search Results

Web result with site links

Μένουμε σπίτι και απολαμβάνουμε τα ραδιόφωνα όλου του κόσμου!!

Radio Garden – Explore live radio by rotating the globe






Radio Garden Lets You Tune Into 8,000 Stations From Around The World : Goats and Soda It's a new website with 8,000 radio stations from around the world. It's a way to travel to faraway places — and for immigrants to get a taste of home.

RemoteSec: achieving on-prem security levels with cloud-based remote teams

RemoteSec: achieving on-prem security levels with cloud-based remote teams

Posted: March 12, 2020 by Dan Macharia
Last updated: March 13, 2020


The world of work is changing—by the minute, it feels these days. With the onset of the global coronavirus pandemic, organizations around the world are scrambling to prepare their workforce, and their infrastructure, for a landslide of remote connections. This means that the security perimeter of businesses small and large has transformed practically overnight, requiring IT leaders to rethink the way they’re protecting their organizations.

Even before the spread of the virus, preparing business security protocols for a mixture of remote and on-premises work had become a forgone conclusion. With increasing globalization and connectedness, remote work is fast supplementing, if not outright replacing, traditional 9-5 office-based hours. Upwork Global predicts that by 2028, up to 78 percent of all departments will have remote workers.

This trend is affecting companies of all sizes. In fact, a study by Owl Labs indicates that smaller companies are twice as likely to hire full-time remote workers, and a State of Telecommuting study found that telecommuting grew by 115 percent over the last decade.

These numbers clearly show that remote work is here to stay, whether in quick response to dire crises or simply as a slow, societal shift. What companies are now grappling with is how to manage a ballooning remote workforce, and more so, the security challenges that come with that growth.

In the past, traditional work made it easy to create and enforce on-prem security policies. Simple controls like logical and physical access were handled through a centralized command and control hierarchy. As workforces become increasingly distributed, such security hierarchies are starting to underdeliver. Companies are now faced with novel security challenges posed by the diverse work conditions remote workers operate within.
The rise of RemoteSec

Remote Security, or RemoteSec, is a set of security tools, policies, and protocols that govern the IT infrastructure supporting remote teams. As most remote workers rely heavily on cloud tools and platforms, RemoteSec addresses security challenges that almost always fall under this category, though other tools, such as virtual private networks (VPNs) play a role, as they are often deployed to establish secure connections to the cloud.

For any business working with remote teams, understanding the role cloud security plays in securing remote teams is crucial to realizing overall remote security. However, one challenge that remains is how to replicate the success of on-prem security within a cloud environment.

Before we delve into the details of RemoteSec, it’s crucial to note the difference between RemoteSec and overall cybersecurity policy. While both deal with securing networked resources, RemoteSec focuses mostly on securing remote teams and the cloud resources they use. As such, organizations with cybersecurity policies may need to extend them to cover security issues that emerge when remote workers relying on cloud infrastructure are added to the workforce matrix.
Crucial RemoteSec considerations

Remote workers—which include freelancers, contractors, or in-house employees working from home, in coworking spaces, or at coffee shops—do their jobs under a diverse set of conditions. These unique and unpredictable conditions form the body of challenges RemoteSec addresses.

For example, 46 percent of staff members admit to moving files between work and personal computers while working from home. A further 13 percent admit to sending work emails via personal email addresses because they are unable to connect to an office network.

With these challenges in mind, here are some crucial RemoteSec considerations you should focus on to secure your remote teams.
Global location of employees

Remote workers that are spread across the globe face different security challenges. As each part of the world has its own unique IT infrastructure characteristics, it is essential to standardize remote work environments for your entire team. Using VPNs and virtual desktops can help provide a uniform and secure work environment for your remote team, despite their location in the world.
Remote data security policies

Data security is a significant challenge when working with remote teams. For example, remote workers may access public unsecured Wi-Fi hotspots, exposing company data to eavesdroppers or cybercriminals. Also, remote workers may use free data storage tools like Google Drive without knowing that such tools are vulnerable to ransomware attacks.

RemoteSec addresses these issues through comprehensive cloud data policies that cover remote data access, public hotspots, USB devices, password management, device management, network compliance, and others.
IT and network infrastructure

Endpoint security is another area that organizations must address when it comes to RemoteSec. Remote workers tend to use multiple endpoints (devices) to access company resources. However, in many instances, these devices may not be secure or may be connecting through unsecured network channels.

Issuing mobile device management (MDM) policies, using secure VPNs, deploying cloud-based endpoint security on all remote devices, and enforcing secure cloud network protocols can ensure remote workers do not circumvent network or endpoint security measures.
Remote IT support

Not all remote workers are tech-savvy. As more roles move to remote, non-technical remote workers may face challenges accessing IT support. If a remote worker halfway across the world experiences technical problems, they may turn to non-secure, outside IT support, exposing your company’s confidential resources. Using cloud tools to deliver IT support can help maintain seamless security across your technical and non-technical remote workforce.
On-prem security tools vs. cloud-based RemoteSec

Most companies extol the virtues of on-prem security and rightly so. On-prem security is the gold standard of information security. However, that standard falls apart when stood up against today’s hybrid workforce of remote teams and in-house professionals using a diverse range of endpoints—especially when that workforce is quickly ushered back into their homes for safety purposes. Why? Because on-prem security protocols are designed to contain information in an airtight box.

Cloud and remote teams not only open that box, but they also turn the organization into an open platform with multiple access points and endpoints. So, how can an organization achieve on-prem security levels with remote teams in the cloud? The answer lies in using the right security tools to migrate your organization from an on-prem mindset to one that considers remote security equally.

Cloud security tools include desktop infrastructure, file system snapshots, remote data and activity monitoring, and remote device encryption and data wipes. Such mechanisms not only safeguard company data, but give more control over IT resources used by remote workers.

In addition, deploying a single-sign on service with multi-factor authentication can better protect company data stored in the cloud, as well as assist in access management. VPNs, both desktop and mobile, can further provide authentication while also encrypting network traffic and obscuring private details, which may be necessary while connecting in public places.
A massive shift

Cloud services, at once the hero and villain of information security, will prove to be an ace up the sleeve for companies transitioning away from underperforming on-prem security standards. While remote work seems to have caught on—and is sometimes necessary—we are only at the beginning of a massive tectonic shift in how work is done.

RemoteSec, therefore, is an emerging security field in security, one that’s been discussed for years but never quite tested to this degree. As organizations gain more remote workers, the need to embrace RemoteSec at the forefront of cybersecurity policy will only escalate. Addressing the crucial areas outlined above can help organizations mitigate the emerging risks while embracing a remote workforce.

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book

SOCIAL ENGINEERING


Posted: March 18, 2020 by Threat Intelligence Team


The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected.

Yesterday, we observed a phishing campaign similar to malspam previously discovered by MalwareHunterTeam, which impersonates the World Health Organization (WHO) and promises the latest on “corona-virus.” Right off the bat, the incorrect use of a hyphen in “coronavirus” in the subject line could tip off users with a critical eye for grammar. However, since WHO are often touted as a trustworthy and authoritative resource, including by our own blog, many will be tempted to open the email.

In this particular campaign, threat actors use a fake e-book as a lure, claiming the “My Health E-book” includes complete research on the global pandemic, as well as guidance on how to protect children and businesses.

The criminals behind this scheme try to trick victims into opening the attachment, contained in a zip file, by offering teaser content within the body of the email, including:


Guidance to protect children and business centre;

This guidance provides critical considerations and practical checklists to keep Kids and business centre safe. It also advises national and local authorities on how to adapt and implement emergency plans for educational facilities.

Critical preparedness, readiness and response actions for COVID-19;

WHO has defined four transmission scenarios for COVID-19. My Health E-book describes the preparedness, readiness and response actions for each transmission scenario.

The email content goes on to tell readers that they can download and access the e-book from Windows computers only.

Instead, as soon as they execute the file inside the MyHealth-Ebook.zip archive, malware will be downloaded onto their computers. As seen in the previous wave of spam, the malicious code is for a downloader called GuLoader.

GuLoader is used to load the real payload, an information-stealing Trojan called FormBook, stored in encoded format on Google Drive. Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors.

While the threat actors are improving on the campaign’s sophistication by building reputable-sounding content within the body of the email, a closer examination reveals small grammatical errors, such as:


You are now receiving this email because your life count as everyone lives count.

This combined with other minor formatting and grammar mistakes, as well as a mix-and-match selection of fonts make this clever phishing scheme, upon closer examination, a dud. Still, many have fallen for far more obvious ploys.

With a huge swatch of the population now confined to their homes but working remotely, the risk of infecting a highly-distributed network is increasing. That’s why it’s more important than ever to use a discerning eye when opening work or personal emails, as employee negligence is one of the top indicators for successful cyberattack/data breach.

Malwarebytes home and business customers were already protected against this malspam campaign and its associated payloads.
Indicators of compromise

GuLoaderde1b53282ea75d2d3ec517da813e70bb56362ffb27e4862379903c38a346384d


FormBook URLdrive.google[.]com/uc?export=download&id=1vljQdfYJV76IqjLYwk74NUvaJpYBamtE

Η Microsoft κυκλοφόρησε το Windows Terminal Preview v0.10

Η Microsoft κυκλοφόρησε το Windows
Terminal Preview v0.10

18 Μαρτίου, 2020, 12:24 μμ by Absenta Mia

Η Microsoft κυκλοφόρησε το Windows Terminal Preview v0.10 με νέες δυνατότητες και βελτιώσεις. Αν θέλετε να εγκαταστήσετε το Windοws Terminal, μπορείτε να επισκεφτείτε το Microsoft Store ή να κάνετε λήψη του πακέτου από τη σχετική σελίδα του GitHub.

Πάμε να δούμε τι νέο υπάρχει:

Υποστήριξη χρήσης ποντικιού

Το Windows Terminal υποστηρίζει τώρα την είσοδο του ποντικιού σε εφαρμογές Windows Subsystem για Linux (WSL) καθώς και σε εφαρμογές Windows που χρησιμοποιούν virtual terminal (VT) input. Αυτό σημαίνει ότι εφαρμογές, όπως το tmux και το Midnight Commander θα αναγνωρίζουν τις εντολές, όταν κάνετε κλικ με το ποντίκι σε στοιχεία στο παράθυρο του Terminal!



Ρυθμίσεις

Duplicate Pane


Με τη νέα έκδοση του Windows Terminal, μπορείτε να ανοίξετε ένα νέο παράθυρο (pane) με διπλό προφίλ. Αυτό μπορεί να γίνει με την προσθήκη των εντολών “splitMode“: “duplicate” στη λίστα εντολών του “splitPane” στα key bindings. Αυτό το key binding θα εμφανίσει ένα διπλό προφίλ, αλλά μπορείτε να προσθέσετε και άλλες επιλογές, όπως “commandline”, “index”, “startingDirectory”, and “tabTitle”.

Εάν θέλετε να μάθετε περισσότερες λεπτομέρειες σχετικά με τις επιλογές του key binding, μπορείτε να δείτε αυτό το blog post.

{“keys”: [“ctrl+shift+d”], “command”: {“action”: “splitPane”, “split”: “auto”, “splitMode”: “duplicate”}}



Διορθώσεις σφαλμάτων
Η εμφάνιση του κειμένου είναι σημαντικά καλύτερη, όταν αλλάζει το μέγεθος του παραθύρου!
Τα πλαίσια, όταν χρησιμοποιείτε dark theme, δεν είναι πλέον λευκά!
Η γραμμή εργασιών (που είναι auto-hidden) θα εμφανίζεται τώρα, όταν το ποντίκι βρίσκεται στο κάτω μέρος της οθόνης.
Το Azure Cloud Shell μπορεί τώρα να τρέξει PowerShell, να υποστηρίζει εντολές μέσω ποντικιού και να ακολουθήσει το επιθυμητό shell της επιλογής σας.

Όλα τα παραπάνω μπορείτε να τα βρείτε στο Windows Terminal Preview v0.10.

Η Microsoft δήλωσε ότι οι προγραμματιστές της ασχολούνται με τη διόρθωση κάποιων σφαλμάτων για να προετοιμαστούν για την κυκλοφορία του v1. Το Windows Terminal v1 θα κυκλοφορήσει τον Μάιο.

Η ESET προειδοποιεί για scams που εκμεταλλεύονται το κλίμα ανησυχίας για τον κορωνοϊό

ΚΕΙΜΕΝΟ: FORTUNEGREECE.COM
16/03/2020 18:00






Οι ερευνητές της ESET συγκέντρωσαν μερικές από τις πιο συνηθισμένες μορφές απάτης και τις αναλύει, εφιστώντας την προσοχή στους χρήστες.


Τις ιδιαίτερες συνθήκες που έχει προκαλέσει σε όλον τον πλανήτη η πανδημία του κοροναϊού εκμεταλλεύονται οι κυβερνοεγκληματίες, όπως προειδοποιεί σχετικά η ESET. Η παγκόσμια ανησυχία, οι ευπαθείς ομάδες που διατρέχουν τον υψηλότερο κίνδυνο, η υπερβολική ζήτηση για αγαθά που δεν είναι πλέον σε απόθεμα και η παραπληροφόρηση στα μέσα κοινωνικής δικτύωσης – όλα αυτά ισοδυναμούν με μια τεράστια ευκαιρία για τους απατεώνες του διαδικτύου. Οι ερευνητές της ESET συγκέντρωσαν μερικές από τις πιο συνηθισμένες μορφές απάτης και τις αναλύει, εφιστώντας την προσοχή στους χρήστες.

Κακόβουλα νέα

Οι απατεώνες προσποιούνται ότι στέλνουν σημαντικές πληροφορίες από έγκυρους φορείς, όπως τον Π.Ο.Υ. (Εικ.1) ή από αξιόπιστους δημοσιογραφικούς οργανισμούς, όπως τη Wall Street Journal (Εικ.2), με στόχο να ξεγελάσουν τα πιθανά θύματα να κάνουν κλικ σε κακόβουλα link. Συνήθως, τέτοιοι σύνδεσμοι μπορούν να εγκαταστήσουν κακόβουλο λογισμικό, να κλέψουν προσωπικές πληροφορίες ή να επιχειρήσουν να αποσπάσουν διαπιστευτήρια σύνδεσης και κωδικούς πρόσβασης.

Εκμετάλλευση της φιλανθρωπίας


Σε αυτή τη μορφή scam, οι κυβερνοεγκληματίες προσπαθούν να πείσουν το θύμα να βοηθήσει στη χρηματοδότηση εμβολίου για τα παιδιά στην Κίνα. Καθώς αυτή τη στιγμή εμβόλιο δεν υπάρχει, οι χρήστες τελικά καταλήγουν να στέλνουν bitcoin στα πορτοφόλια των απατεώνων. Η τεχνική είναι αποτελεσματική μόνο σε ένα πολύ μικρό ποσοστό χρηστών, αποκτά όμως σεβαστό μέγεθος αν αναλογιστεί κανείς ότι γίνεται σε παγκόσμια κλίμακα.

Μάσκες

Σε έναν άλλο τύπο απάτης, οι κυβερνοεγκληματίες στέλνουν spam email (Εικ.3) θέλοντας να ξεγελάσουν τα θύματα ότι μπορούν να παραγγείλουν μάσκες που θα τους κρατήσουν ασφαλείς από τον κοροναϊό. Στην πραγματικότητα, τα θύματα καταλήγουν να αποκαλύπτουν, χωρίς να το θέλουν, ευαίσθητα προσωπικά και οικονομικά δεδομένα. 

Σύμφωνα με το Sky News, οι απατεώνες πωλητές μασκών απέσπασαν 800.000 λίρες Αγγλίας (1 εκατομμύριο δολάρια) από χρήστες στο Ηνωμένο Βασίλειο, μόνο τον Φεβρουάριο.

Η ESET συμβουλεύει τους χρήστες να έχουν το νου τους σχετικά με αυτές και αντίστοιχες απάτες και να είναι ιδιαίτερα προσεκτικοί, εφαρμόζοντας τις παρακάτω οδηγίες:

Αποφύγετε να κάνετε κλικ σε συνδέσμους ή να κάνετε λήψη συνημμένων σε ανεπιθύμητα μηνύματα/κείμενα από άγνωστες πηγές ή ακόμα και από αξιόπιστες πηγές, παρά μόνο αν είστε απολύτως βέβαιοι ότι το μήνυμα είναι αυθεντικό.

Αγνοήστε τις επικοινωνίες που ζητούν τα προσωπικά σας στοιχεία. Αν κρίνετε ότι είναι απαραίτητο να τα δώσετε, φροντίστε πρώτα να ελέγξετε την αυθεντικότητα του αποστολέα, χρησιμοποιώντας ένα διαφορετικό μέσο από το ίδιο το email (π.χ. αναζήτηση στο διαδίκτυο).

Προσέξτε ιδιαίτερα τα email που έχουν σήμανση «επείγον» ή «προσοχή» και σας παροτρύνουν να λάβετε άμεσα μέτρα ή προσφέρουν εμβόλια ή θεραπείες για τον COVID-19.

Προσέξτε για φιλανθρωπικές καμπάνιες ή εκστρατείες crowdfunding που μπορεί να είναι απάτες.

Χρησιμοποιήστε αξιόπιστο λογισμικό με πολλαπλά επίπεδα ασφάλειας, που διαθέτει προστασία από το ηλεκτρονικό «ψάρεμα» (phising)

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic

By Lawrence Abrams March 18, 2020 06:36 PM 0






Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Last night, BleepingComputer reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak.
DoppelPaymer Ransomware

DoppelPaymer was the first to respond and stated that they do not normally target hospitals or nursing homes and will continue this approach during the pandemic.


"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now.

If we do it by mistake - we'll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we'll do double, triple check before releasing decrypt for free to such a things. But about pharma - they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns."

When asked what happens if a medical organization gets encrypted, we were told that a victim should contact them on their email or Tor webpage to provide proof and get a decryptor.
Maze Ransomware

Today, the Maze operators responded to my questions by posting a "Press Release" that also states that they will stop all "activity" against all kinds of medical organizations until the end of the pandemic.


"We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus."

We have not received a reply as to whether a free decryptor would be provided if a healthcare organization mistakenly gets encrypted.
Security companies offer free help

For now, if any organizations get encrypted, both Emsisoft and Coveware announced today that they would be offering their ransomware services for free to healthcare organizations during the pandemic.

This includes the following:
Technical analysis of the ransomware.
Development of a decryption tool whenever possible.
As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.

While this help is greatly appreciated, I hope other ransomware operators will stop targeting healthcare organizations after reading this article so that it is not needed.

As this is a global epidemic, anyone could become sick with this virus, including the ransomware operator's loved ones.

Right now healthcare workers need to focus on helping people, not decrypting their files.

EMSISOFT Free ransomware help for healthcare providers during the Coronavirus outbreak

As hospitals around the world struggle to respond to the COVID-19 crisis, ransomware presents a serious risk to their ability to provide urgent care are to the critically ill. In 2019, at least 764 healthcare providers were impacted by ransomware. 

Without a global pandemic, a ransomware attack on a critical care facility can cause grave danger to patients. With COVID-19, a ransomware attack on an overwhelmed hospital could tip the balance and result in a significant loss of life.
We’re here to help

In partnership with incident response company Coveware, we will be offering completely free help to critical care hospitals and other healthcare providers that are on the front lines of COVID-19 and have been impacted by ransomware. Subject to our own capacity, we aim to provide this service for the duration of the crisis to healthcare providers anywhere in the world.

The services offered will include:
Technical analysis of the ransomware.
Development of a decryption tool whenever possible.
As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.

Our aim? Get affected healthcare providers operational in the shortest time possible so they can minimize disruption to patient care.

If you are a healthcare service provider that has experienced an attack, get in touch.
Ransomware attacks are likely to spike in the coming weeks

Ransomware has a seasonal aspect with the number of incidents spiking during the spring and the summer months.


Chart based on our data plus data from EPSRC EMPHASIS Ransomware Project

Whether these spikes are due to increases in the number of attacks or organizations being more susceptible to attacks at certain times of year is not clear. However, in either case, it is likely that there will be an increase in the number of healthcare providers impacted by ransomware in the coming months and, unfortunately, this increase may coincide with the peak of the COVID-19 outbreak. Further, the spikes may be more pronounced than in previous years due to security weaknesses resulting from hastily introduced work-from-home arrangements, personal device usage and staffing shortages.

In short, we may be looking at a near-perfect storm in which healthcare providers are disrupted at the very time they are needed the most.
A note to ransomware groups

While we will never condone criminal behavior, we understand why financially motivated cybercrime exists. We also know you are humans, and that your own family and loved ones may find themselves in need of urgent medical care. Make no mistake, an attack on a healthcare organization will have negative outcomes and may result in the loss of life. We ask for your empathy and cooperation. Please do not target healthcare providers during the coming months and, if you target one unintentionally, please provide them with the decryption key at no cost as soon as you possibly can. We’re all in this together, right?
A note to security companies and professionals

Got expertise? Got some free time? Willing to assist with this initiative? Shoot us an email at volunteer@emsisoft.com. We’d love your help.
A note to other organizations that may be affected by ransomware during these trying times

It breaks our hearts not to be able to extend a helping hand to everyone. We are all in the same boat together. Our priority at this time is to ensure we have the capacity to assist the healthcare organizations helping save the lives of COVID-19 patients. If we find the capacity to extend this offer to other industries, we will update this post and provide further guidance. Until then, please hunker down and stay safe.

COVID-19 Security Resource Library A compilation of tips and recommendations from NCSA and its partners on ways to stay safe online

The National Cyber Security Alliance, our board member companies, federal partners and non-profit collaborators have worked swiftly to provide organizations and individuals with relevant and helpful information to address security and privacy concerns surrounding the global COVID-19 outbreak.

To help individuals and organizations find resources they can use and share, NCSA has launched the COVID-19 Security Resource Library. This library features free and updated information on current scams, cyber threats, remote working, disaster relief, and more. NCSA will work diligently to update this page regularly as resources become available.

Looking for a specific type of resource that you don’t see here? Let us know: info@staysafeonline.org
NCSA Encourages Vigilance Against Coronavirus Scams, Best Cybersecurity Practices for Remote Workers
NCSA’s Security Tips for Remote Workers

Avoiding Cyber Threats and Scams


CISA: Defending Against COVID-19 Cyber Scams
CISA: CISA Alerts and Recommendations
CISA: Recommendations on VPN Security
Cofense: Coronavirus Phishing Infocenter
ESET: Beware Scams Exploiting Coronavirus Fears
FTC: Tips for Avoiding Coronavirus Scams
NCSA: NCSA Statement on Coronavirus
NortonLifeLock: Coronavirus Phishing Emails: How to Protect Against COVID-19 Scams
Wells Fargo: Beware of Coronavirus Phishing Scams

Security Tips for Working Remotely


Cyber Readiness Institute: Securing A Remote Workforce
EDUCAUSE: Resources for Business Continuity and Alternative Education Delivery
EDUCAUSE: Corporate Resources for COVID-19
ESET: COVID‑19 and the Forced Workplace Exodus
Facebook: Business Resource Hub
Facebook: Small Business Resilience Toolkit
LogMeIn: Remote Work Toolkit
MediaPRO: Coronavirus Sucks: Working From Home Doesn’t Have To
NCSA: NCSA Tipsheet – Best Practices for Remote Workers
NIST: Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
NortonLifeLock: Seven Tips to Help Keep Your Connections Secure

Government Assistance and Resources


CDC: What You Need to Know About COVID-19
IRS: Coronavirus Tax Relief
SBA: SBA Disaster Assistance in Response to Coronavirus
WHO: Coronavirus Disease (COVID-19) Outbreak

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait



March 18, 2020Ravie Lakshmanan
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns.

Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.


"Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said.


COVID-19 Discounts: Exploit Tools for Sale
The report comes following an uptick in the number of malicious coronavirus-related domains that have been registered since the start of January.



"In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered — the average number of new domains is almost 10 times more than the average number found in previous weeks," the researchers said. "0.8 percent of these domains were found to be malicious (93 websites), and another 19 percent were found to be suspicious (more than 2,200 websites)."

Some of the tools available for purchase at a discounted price include "WinDefender bypass" and "Build to bypass email and chrome security."



Another hacking group, which goes by the moniker "SSHacker," is offering the service of hacking into Facebook account for a 15 percent discount with "COVID-19" promo code.


What's more, a seller that goes by the name of "True Mac" is selling a 2019 MacBook Air model for a mere $390 as a "corona special offer." It goes without saying the offer is a scam.


A Long List of Coronavirus-Themed Attacks
The latest development adds to a long list of cyberattacks against hospitals and testing centers, distribute malware such as AZORuIt, Emotet, Nanocore RAT and TrickBot via phishing campaigns using malicious links and attachments, and execute malware and ransomware attacks that aim to profit off the global health concern.



APT36, a Pakistani state-sponsored threat actor that targets the defense, embassies, and the government of India, was found running a spear-phishing campaign using Coronavirus-themed document baits that masqueraded as health advisories to deploy the Crimson Remote Administration Tool (RAT) onto target systems.
Researchers from security firm IssueMakersLab uncovered a malware campaign launched by North Korean hackers that used boobytrapped documents detailing South Korea's response to the COVID-19 epidemic as a lure to drop BabyShark malware. Recorded Future observed, "at least three cases where reference to COVID-19 has been leveraged by possible nation-state actors."
A COVID-19-themed malspam campaign targeting the manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic industries via Microsoft Word documents that exploits a two-and-a-half-year-old Microsoft Office bug in Equation Editor to install AZORult malware. The AZORult info stealer has also been distributed using a fraudulent version of the Johns Hopkins Coronavirus Map in the form of a malicious executable.
A fake real-time coronavirus tracking Android app, called "COVID19 Tracker," was found to abuse user permissions to change the phone's lock screen password and install CovidLock ransomware in return for a $100 bitcoin ransom.
Another phishing attack, uncovered by Abnormal Security, targeted students and university staff with bogus emails in a bid to steal their Office 365 credentials by redirecting unsuspecting victims to a fake Office 365 login page.
Comment spamming attacks on websites that contained links to a seemingly innocuous coronavirus information website but redirected users to dubious drug-selling businesses.
Aside from malware-laden spam emails, F-Secure researchers have observed a new spam campaign that aims to capitalize on the widespread mask shortage to trick recipients into paying for masks, only to send them nothing.


Staying Secure in the Time of COVID-19
It's amply that these attacks exploit coronavirus fears and people's hunger for information about the outbreak. Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene:



Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.
Individuals should keep away from using unauthorized personal devices for work, and ensure "personal devices will need to have the same level of security as a company-owned device, and you will also need to consider the privacy implications of employee-owned devices connecting to a business network."
Watch out for emails and files received from unknown senders. Most importantly, check a sender's email address for authenticity, don't open unknown attachments or click on suspicious links, and avoid emails that ask them to share sensitive data such as account passwords or bank information.
Use trusted sources, such as legitimate government websites — for up-to-date, fact-based information about COVID-19.

The effects of climate change on cybersecurity

AWARENESS
The effects of climate change on cybersecurity

Posted: March 13, 2020 by Pieter Arntz


Outside the coronavirus pandemic and its related healthcare and economic fallout, climate change and cybersecurity are seen by many as the two most urgent problems facing our planet now and in the near future. They are two distinct and separate problems, to be sure. There are some areas, however, where security and climate change overlap, interlock, and influence one another. Let’s have a look.

To understand how climate change and the methods to counteract its rapid ascent will affect cybersecurity, we first have to look at how computing contributes to global warming. Your first instinct about their relationship is probably right: computing involves energy consumption and heat production. As long as we cannot produce enough “clean energy” to satisfy our needs for electricity, the energy consumed by computing—and security within it—will continue to contribute to global warming.
The big energy consumers

There are a few fields in computing and cybersecurity that guzzle up huge amounts of energy and produce heat as a byproduct:
Supercomputers
Blockchain mining
Data centers
The Internet as a whole

Before you dismiss the problem of the supercomputers (because you assume there are only a few of them)—even I was astounded to find out that there are over 500 systems that deliver a petaflop or more on the High Performance Linpack (HPL) benchmark. Most of these supercomputers consume vast amounts of electrical power and produce so much heat that large cooling facilities must be constructed to ensure proper performance. But in recent years, vendors have started to produce supercomputers that are more energy efficient.

In 2019, the mining of Bitcoin alone consumed more energy than the entire nation of Switzerland, which equals about one quarter percent of the world’s entire energy consumption. There are many more blockchains and cryptocurrencies, although Bitcoin is by far the largest energy consumer among them. This is mostly due to their operation on the proof-of-work concept and the high value of Bitcoin.

While cybercrime experienced a huge jolt in cryptomining in 2018, the frenzy has mostly died down as Bitcoin value dipped and plateaued. However, cryptomining continues as both a legitimate and illegitimate activity—especially because miners can switch to other cryptocurrencies when Bitcoin drops off.

An even bigger impact on energy consumption are data centers, which already use over 2 percent of the world’s total energy consumption, and that number is expected to rise fast. The prediction is based on the growing number of content delivery networks (CDN), more Internet of Things (IoT) devices, the growth of the cloud, and other colocation services. So, not only do computer centers consume massive amounts of energy, their use is expected to grow astronomically.

The Internet can’t be completely separated from the data centers that enable it. But despite the overlap, it’s still worth mentioning that the total energy consumption of the Internet as a whole lies at around 10 percent, which is more than the world’s total energy production from renewable sources such as wind and solar.

However, it’s fair to note that the Internet has taken over a lot of tasks that would have cost more energy or created a greater carbon footprint if they had been performed in the “old ways.” Consider, for example, the energy saved by working remote: the energy expended on the Internet and inside one’s home is far less damaging than the carbon monoxide released into the atmosphere by fossil fuels from a daily commute to the office.
Global warming’s trickle down effects

Conversely, global warming and its effects on the climate, environment, and economy do have a direct impact on our everyday lives, and that trickles down to cybersecurity. Some of the projected dangers include:
Flooding of certain areas
Prolongation of the wild-fire season
Spread of diseases
Economic costs
Scarcity of fresh water in certain areas

By 2030, climate change costs are projected to cost the global economy $700 billion annually, according to the Climate Vulnerability Monitor. And The International Organization for Migration estimates that 200 million people could be forced to leave their homes due to environmental changes by 2050.

Climate change and its implications will act as a destabilizing factor on society. When livelihoods are in danger, this will spark insecurity and drive resource competition. This does not only have implications for physical security, but in modern society, this also has an impact on cybersecurity and its associated threats.

From a big picture, worst-case-scenario perspective, climate change could trigger profound international conflicts, which go hand-in-hand with cyberwar. Beyond nation-state activity, individuals that have no other means of providing for their families could turn to cybercrime, which is often seen as a low-risk activity with a potentially high yield.

But on a smaller scale, we’re already seeing the impacts of climate change on cybersecurity, whether via social engineering scare tactics embraced by threat actors or disruptions to Internet-connected home heating and cooling devices meant to track energy consumption.
Global warming scams

NO, we’re not saying that climate change is a hoax or a scam. But we want to issue a warning related to the subject. As with any newsworthy topic, there are and will be scammers trying to make a profit using the feeling of urgency that gets invoked by matters like climate change.

For example, the Intergovernmental Panel on Climate Change (IPCC) issued a warning against several scams abusing their name.


“IPCC has been made aware of various correspondences, being circulated via e-mail, from Internet Web sites, and via regular mail or facsimile, falsely stating that they are issued by, or in association with, IPCC and/or its officials. These scams, which may seek to obtain money and/or in many cases personal details from the recipients of such correspondence, are fraudulent.”

Natural disaster scams are increasing in the same frequency as natural disasters themselves, often claiming to be collecting donations for a particular cause but putting money in their own pockets instead. We’ve seen social engineering tricks ranging from phishing emails and malspam to social media misinformation campaigns on hurricanes, tornadoes, fires, and flooding. Expect this sort of gross capitalization on tragedy and fear to continue as the effects of climate change become more dramatic.
Improving efficiency and preparing for changes

The number of datacenters is down, but their size has grown to meet the demand. This is potentially a step in the right direction since it decreases the power needed for the overhead, but not as big as the step that could be made if they would actually work on their power efficiency.

Online companies typically run their facilities at maximum capacity around the clock, regardless of the demand. As a result, data centers are wasting 90 percent or more of their power. Smart management could make a substantial difference in energy consumption and costs.

Cryptomining could improve on energy consumption if the most popular currencies would not be based on proof of work but proof of stake. Proof of work rewards the largest number of CPU cycles with that the highest energy consumption.

NEO and Hyperledger are next generation blockchain technologies with much lower electricity cost. NEO uses what it calls delegated Byzantine Fault Tolerance (dBFT), which is an optimized proof-of-stake model. Hyperledger Fabric centralizes block creation into a single resource pool and has multiple validators in the participants. It’s an enterprise collaboration engine, using blockchain smart contracts, where validation is much easier than creation, and creation will be centralized on a single, optimized platform.

More effective methods of cooling would both help supercomputers and large data centers. At the moment, we are (ironically) using electricity to power cooling systems to control the heat caused by electricity usage. In fact, cooling gobbles up about 35 percent of the total power in high performance computing with air cooled systems. Hot-water liquid cooling might be a key technology in future green supercomputers as it maximizes cooling efficiency and energy reuse.
Interaction between climate change and cybersecurity

As we have seen, there are opportunities for those in security and computing to slow the progression of climate change. But there are also opportunities for those in cybercrime to take advantage of the destabilization caused by climate change, as some already have through related scams and malware campaigns. As long as we don’t drop security in attempts to counteract global warming, we’ll be able to protect against some of the more advanced threats coming down the pike. But while we still can, let’s rein in our carbon footprint, improve on computing efficiency, and remember our cybersecurity lessons when criminals come calling.

Stay safe, everyone!

Windows 10 Secured-Core PCs Can Block Driver-Abusing Malware

Windows 10 Secured-Core PCs Can Block Driver-Abusing Malware
By Sergiu Gatlan March 17, 2020 03:30 PM 0






Microsoft says that Windows 10 Secured-core PCs can successfully defend their users against malware designed to take advantage of driver security flaws to disable security solutions.

"Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have leveraged driver vulnerabilities (for example, CVE-2008-3431, CVE-2013-3956, CVE-2009-0824, CVE-2010-1592, etc.) to gain kernel privileges and, in some cases, effectively disable security agents on compromised machines," Microsoft says.

However, according to Microsoft, endpoint devices can be defended against such attacks if you are using a Secured-core PC that comes with built-in protection against firmware attacks that have been increasingly used by both state-sponsored hacking attacks and commodity malware.

Secured-core PCs were released as a solution to the number of increasing firmware security issues that attackers can exploit to bypass a Windows machine's Secure Boot, as well as to the lack of visibility at the firmware level commonly present in today's endpoint security solutions.
Malware abusing vulnerable firmware and drivers

"In addition to vulnerable drivers, there are also drivers that are vulnerable by design (also referred to as 'wormhole drivers'), which can break the security promise of the platform by opening up direct access to kernel-level arbitrary memory read/write, MSRs," Microsoft adds.

"In our research, we identified over 50 vendors that have published many such wormhole drivers. We actively work with these vendors and determine an action plan to remediate these drivers."

One instance of a threat actor abusing firmware vulnerabilities is the Russian-backed APT28 cyber-espionage group (also tracked as Tsar Team, Sednit, Fancy Bear, Strontium, and Sofacy) who used a Unified Extensible Firmware Interface (UEFI) rootkit dubbed LoJax during some of its 2018 operations.

More recently, the operators behind the RobbinHood Ransomware exploited a vulnerable GIGABYTE driver to elevate privileges and install malicious unsigned Windows drivers that allowed them to terminate antivirus and security software processes on compromised systems.
RobbinHood Ransomware attack chain (Microsoft)

"In this attack scenario, the criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows," Sophos researchers explained at the time.

"This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference."

This tactic enabled the attackers to circumvent anti-ransomware defenses by killing the antivirus software before deploying the ransomware executable used to encrypt the victim's documents.

Sophos was unable to fully analyze this ransomware sample so far therefore the processes and services that are being targeted are currently unknown.
Secured-core PCs feature built-in protection

As Microsoft says, however, Windows 10 comes with hardware and firmware protection features that can successfully fight against attacks such as the one that infected victims with Lojax and RobbinHood Ransomware.

Moreover, Secured-core PCs introduced by Microsoft in October 2019 in partnership with OEM partners Lenovo, HP, Dell, Panasonic, Dynabook, and Getac can block firmware-level attacks as they come with these hardware-backed security features enabled by default removing the need for users to make the required BIOS and OS settings changes manually.

"Because both BIOS settings and OS settings are enabled out of the box with these devices, the burden to enable these features onsite is removed for customers," Microsoft adds, with the following features being turned on all Secured-core PCs:

Security promise Technical features
Protect with hardware root of trust TPM 2.0 or higher
TPM support enabled by default
Virtualization-based security (VBS) enabled
Defend against firmware attack Windows Defender System guard enabled
Defend against vulnerable and malicious drivers Hypervisor-protected code integrity (HVCI) enabled
Defend against unverified code execution Arbitrary code generation and control flow hijacking protection [CFG, xFG, CET, ACG, CIG, KDP] enabled
Defend against limited physical access, data attacks Kernel DMA protection enabled
Protect identities and secrets from external threats Credential Guard enabled


However, users of other devices can also take advantage of similar protection if they configure their hardware and Windows security features correctly.

"Specifically, the following features need to be enabled: Secure boot, HVCI (enables VBS), KDP (automatically turned on when VBS is on), KDMA (Thunderbolt only) and Windows Defender System Guard," Microsoft explains.

"With Secured-core PCs, however, customers get a seamless chip to cloud security pattern that starts from a strong hardware root of trust and works with cloud services and Microsoft Defender ATP to aggregate and normalize the alerts from hardware elements to provide end-to-end endpoint security."

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware

Tarik SalehSenior Security Engineer & Malware Researcher


Cybercriminals like to exploit people when they are at their most vulnerable. They use dramatic events that cause people to be emotional or fearful to drive their profits. Any time there are major news cycles happening on a topic that stirs a strong reaction, cybercriminals will not be far behind.

The Coronavirus is no different. Shortly after the first cases were confirmed, DomainTools’ researchers observed a minor uptick in domain names leveraging Coronavirus and COVID-19. These registrations have peaked significantly in the past few weeks and many of them are scams.

The security research team has continuously been monitoring these suspicious domains. The DomainTools security research team discovered a domain (coronavirusapp[.]site) that claims to have a real-time Coronavirus outbreak tracker available via an app download.
Malicious Website (coronavirusapp[.]site)





The domain prompts users to download an Android App that will give them access to a Coronavirus map tracker that appears to provide tracking and statistical information about COVID-19, including heatmap visuals.
Malicious COVID19 Tracker App





In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.
COVID-19 Tracker App Ransom Note





The ransomware requests $100 in bitcoin in 48 hours on the ransom note. It threatens to erase your contacts, pictures and videos, as well as your phone's memory. It even claims that it will leak your social media accounts publicly.

Since Android Nougat has rolled out, there is protection in place against this type of attack. However, it only works if you have set a password. If you haven't set a password on your phone to unlock the screen, you're still vulnerable to the CovidLock ransomware.

The DomainTools security research team has reverse engineered the decryption keys and will be sure to post the key publicly. The team also has the BTC wallet and is monitoring its transactions. Further technical details will be released soon.
How To Increase Your Ransomware Immunity


Be sure to only use trusted information sources from government and research institution’s websites. Don’t click on anything in your email that’s health related. In general, be sure to follow all of the basic phishing recommendations—be aware that people are trying to capitalize on fear here.
Ensure that you download Android applications only from the Google Play store. There is a much higher risk of downloading malware from untrusted 3rd party stores.
Research Conducted By:

Chad Anderson, Senior Security Researcher

Tarik Saleh, Senior Security Engineer & Malware Researcher

Ψεύτικο app ανίχνευσης κορωνοϊού εγκαθιστά το “Covidlock” Ransomware

16 Μαρτίου, 2020, 10:52 πμ by Absenta Mia




Η πανδημία του κορωνοϊού, συνεχίζει να εξαπλώνεται ραγδαία. Μέχρι τώρα ο ιός έχει μολύνει 153.000 ανθρώπους και έχει στοιχίσει τη ζωή σε 5.800 άτομα παγκοσμίως. Κι ενώ η κατάσταση έχει σπείρει τον τρόμο, οι κακόβουλοι παράγοντες προσπαθούν να εκμεταλλευτούν το κλίμα ανασφάλειας που επικρατεί, για να μολύνουν συσκευές smartphone με το Covidlock ransomware.

Σύμφωνα με την εταιρεία ασφαλείας DomainTools, ένας ιστότοπος υπόσχεται ότι προσφέρει έγκυρη πληροφόρηση σχετικά με τα περιστατικά του κορωνοϊού, μέσω της Android εφαρμογής του, αλλά στην πραγματικότητα εγκαθιστά το Covidlock ransomware.

Ο ιστότοπος, γνωστός ως “coronavirusapp [.] Site” παρουσιάζει πιστοποιήσεις από τον Παγκόσμιο Οργανισμό Υγείας (WHO) και από τα Κέντρα Ελέγχου και Πρόληψης Νοσημάτων (CDC). Επιπλέον, υποστηρίζει ότι η εφαρμογή του έχει πάνω από 6 εκατομμύρια κριτικές και βαθμολογία 4,4 αστέρων.

Η εφαρμογή υπόσχεται να στείλει ειδοποιήσεις στον χρήστη, όταν εντοπίζει κάποιο κρούσμα κορωνοϊού που βρίσκεται κοντά στην περιοχή του. Μόλις όμως ο χρήστης εγκαταστήσει την εφαρμογή και δώσει έγκριση για διάφορα δικαιώματα στη συσκευή του, δέχεται επίθεση από το Covidlock, το οποίο τον αναγκάζει να αλλάξει το κλείδωμα οθόνης του.


Στη συνέχεια το θύμα λαμβάνει ένα μήνυμα που του δίνει διορία 48 ώρες, για να πληρώσει τα λύτρα που του ζητάει. Το μήνυμα απειλεί το χρήστη ότι αν δεν πληρώσει έγκαιρα, θα σβήσει όλα τα δεδομένα από τη συσκευή του και επιπλέον θα διαρρεύσει τους λογαριασμούς των social media του. Το ποσό που ζητούν οι hacker είναι $100 σε bitcoin.

Μέχρι τώρα δεν έχει γίνει γνωστή κάποια περίπτωση που να έχουν καταβληθεί τα λύτρα. Εν τω μεταξύ, η εταιρεία ασφαλείας ισχυρίζεται ότι χρησιμοποίησε αντίστροφη μηχανική και ανακάλυψε τα κλειδιά αποκρυπτογράφησης και σκοπεύει να τα δημοσιεύσει σύντομα.

Φυσικά δεν είναι το μόνο περιστατικό που εκμεταλλεύεται την κατάσταση τρόμου που επικρατεί. Πριν λίγες μέρες κυκλοφόρησε ένας ψεύτικος χάρτης εντοπισμού του κορωνοϊού που εγκαθιστούσε ένα malware στους υπολογιστές για να κλέψει κωδικούς.

Η DomainTools σημειώνει ότι ένας ανησυχητικός αριθμός domain, καταχωρείται γύρω από τον κορωνοϊό. “Αυτές οι καταχωρήσεις έχουν αυξηθεί σημαντικά τις τελευταίες εβδομάδες και πολλές από αυτές είναι απάτες”.

Ένα παρόμοιο περιστατικό συνέβη πρόσφατα στο Ιράν, όπου ένα app υποσχόταν να ενημερώνει τους ανθρώπους σε περίπτωση που έχουν προσβληθεί από τον κορωνοϊό. Όμως στην πραγματικότητα αυτό που έκανε ήταν να συλλέγει τα δεδομένα τοποθεσίας των πολιτών του Ιράν.

Coronavirus COVID-19 Global Cases by the Center for Systems Science and Engineering (CSSE) at Johns Hopkins University (JHU)

 Professor Lauren Gardner, a civil and systems engineering professor at Johns Hopkins University, built the dashboard with her graduate student, Ensheng Dong. It is maintained at the Center for Systems Science and Engineering at the Whiting School of Engineering, with technical support from ESRI and the Johns Hopkins University Applied Physics Laboratory. Gardner is co-director of the CSSE.

CSSE : PC version  

 

Coronavirus COVID-19 Global Cases by Johns Hopkins CSSE Mobile Version  

Microsoft Bing team launches COVID-19 tracker

Microsoft's COVID-19 tracker is located at bing.com/covid.

 By Catalin Cimpanu for Zero Day | March 15,

The Microsoft Bing team launched today a web portal for tracking coronavirus (COVID-19) infections across the globe.

"Lots of Bing folks worked (from home) this past week to create a mapping and authoritative news resource for COVID19 info," said Michael Schechter, General Manager for Bing Growth and Distribution at Microsoft.

The website, accessible at bing.com/covid, is a basic tracker. It shows up-to-date infection statistics for each country around the globe and all the US states.

Data is aggregated from authoritative sources like the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and the European Centre for Disease Prevention and Control (ECDC).

Users can click countries or US states on the map and see the latest infection stats, along with the latest COVID-19 news coverage for that specific country or state.

Microsoft announced the website tonight, two days after President Trump said Google began working on COVID-19-related portal for US citizens.

According to reports, Google's websites will be more than just an infection tracker and news portal, and will also include information on COVID-19 symptoms, risks associated with the disease, and info on local testing centers.


Google's website is being built by Verily, a subsidiary of Alphabet focused on healthcare services. More than 1,700 engineers are currently working on the site, President Trump said.

The COVID-19 outbreak, which started in late December 2019 in China, has now infected more than 168,000 people and killed nearly 6,500.

Earlier this week, the WHO officially declared COVID-19 a global pandemic. The last time when a global pandemic was declared was in 2009, for the H1N1 influenza virus.

List of Free Software and Services During Coronavirus Outbreak

List of Free Software and Services During Coronavirus Outbreak


By
Lawrence Abrams March 14, 2020 04:59 PM 0








In response to the Coronavirus (COVID-19) outbreak, many organizations are asking their employees to work remotely. This, though, brings new challenges to the workplace as users adapt to video meetings, screen sharing, and the use of remote collaboration tools.


To assist a new wave of remote works and get some publicity at the same time, many software developers and service providers have started to offer free licenses or enhanced versions of their software and services.


Below is a roundup of all the free upgrades to services and software licenses being offered during the Coronavirus outbreak.


If you are a software developer or technology service provider and would like to add any free offers to this list, please contact us and let us know.
AT&T


According to a report by Vice, AT&T is suspending broadband data caps during the Coronavirus outbreak.


AT&T is the first major ISP to confirm that it will be suspending all broadband usage caps as millions of Americans bunker down in a bid to slow the rate of COVID-19 expansion. Consumer groups and a coalition of Senators are now pressuring other ISPs to follow suit.
Cisco


Cisco is changing its free Webex meeting software so that it supports unlimited usage, supports up to 100 people per meeting, and has toll dial-in availability.


For businesses that are not currently a customer, Cisco is also offering free 90-day trials.


"Additionally, through our partners and the Cisco sales team, we are providing free 90-day licenses to businesses who are not Webex customers in this time of need. We’re also helping existing customers meet their rapidly changing needs as they enable a much larger number of remote workers by expanding their usage at no additional cost."
Cloudflare


Cloudflare has made its Cloudflare for Teams service free for small businesses for at least six months.


"Beginning today, we are making our Cloudflare for Teams products free to small businesses around the world. Teams enables remote workers to operate securely and easily. We will continue this policy for at least the next 6 months."


Using Cloudflare for Teams, remote workers can gain access to a company's internal resources using a secure VPN.
Discord


Discord has enhanced its free Go Live streaming service so that it can now support 50 simultaneous users rather than 10.


"We wanted to find a way to help, so we’re temporarily upping the limit on Go Live to 50 people at a time, up from 10. Go Live is free to use and lets people privately stream or screen share apps from a computer while others watch on any device — so teachers can conduct a class, co-workers can collaborate, and groups can still meet. You can learn more about how to get started with Go Live here," Discord stated in a blog post.
Google


Google is giving G Suite and G Suite for Education customers free access to their Hangouts Meet video-conferencing features.


This includes these features:
Larger meetings, for up to 250 participants per call
Live streaming for up to 100,000 viewers within a domain
The ability to record meetings and save them to Google Drive
Instant Housecall


Subscribers to Instant Housecall can now create subaccounts that allow remote workers to take over their office PC. This offer will be available until the World Health Organization (WHO) designates the end of the pandemic.


"All plans now include subaccounts that let your customers work remotely. Using a subaccount that you create, your customers can login and control their own unattended PC," the announcement states.
Logmein


LogMeIn is providing a free Emergency Remote Work Kit that gives free 3-month site-wide licenses to GoToMeeting to make it easier for remote workers to conduct meetings.


"Starting immediately, we will be offering our critical front-line service providers with free, organization-wide use of many LogMeIn products for 3 months through the availability of Emergency Remote Work Kits. These kits will include solutions for meetings and video conferencing, webinars and virtual events, IT support and management of remote employee devices and apps, as well as remote access to devices in multiple locations. For example, the “Meet” Emergency Remote Work Kit will provide eligible organizations with a free site-wide license of GoToMeeting for 3 months," LogMeIn CEO Bill Wagnar said in a blog post.
Loom


The Loom video messaging platform has announced that through July 1st, 2020 they will provide these additional features:
Remove the recording limit on our free plan — what was 25 is now unlimited
Cut the price of Loom Pro in half — what was $10/month is now $5/month
Extend all trials of Loom Pro from 14 to 30 days
Microsoft


Microsoft is making Microsoft Teams for free for the next six months to aid businesses who move towards a remote workplace during the outbreak.


"At Microsoft, the health and safety of employees, customers, partners and communities is our top priority. By making Teams available to all for free for six months, we hope that we can support public health and safety by making remote work even easier," Microsoft EVP and President JP Courtois stated on Twitter.
Splashtop


Splashtop is offering free 60-day licenses to its Business Access remote access software.


"In response to the recent coronavirus outbreak, many organizations, businesses, educational institutions, and governments are recommending that people work from home to help reduce the spread of the virus. To support these remote work initiatives, Splashtop is offering its Splashtop Business Access remote computer access software free for 60 days in some of the most affected countries.


Residents of China, Hong Kong, Macau, and Taiwan are eligible for the free license,"
TechSmith


TechSmith is giving free licenses to their TechSmith Snagit screen capture software and the TechSmith Video Review software through June 30th, 2020.


"Our screen recording tool, TechSmith Snagit, and our asynchronous collaboration platform, TechSmith Video Review, will be provided for free through the end of June 2020 to any organization that needs it," TechSmith announced.


For existing customers of the TechSmith Relay or Video Review products, TechSmith is providing free increased usage with no charge.
Zoho


Zoho is now offering free access to its Remotely remote work software suite through July 1st, 2020.


"Zoho Remotely will enable you to take your work remote by offering a complete suite of web and mobile apps that will help you communicate, collaborate and be productive."
Zoom


For people in China, Zoom has enhanced the Basic (free) license by removing the 40-minute meeting limit.


With this tenet in mind, Zoom is doing everything we can to provide resources and support to those navigating the coronavirus outbreak, including:
For our Basic (free) users in China, we’ve lifted the 40-minute limit on meetings with more than two participants, providing unlimited time to collaborate.
We’re proactively monitoring servers to ensure maximum reliability amid any capacity increases, as uptime is paramount.
We’re scheduling informational sessions and on-demand resources so anyone can learn how to use the Zoom platform with ease — and at their convenience.