Your unused computer could help find a COVID-19 cure

By Lisa Vaas

Folding@Home, a distributed computing project that’s using its might to battle COVID-19, is now twice as fast as Summit, the world’s fastest supercomputer. In fact, it now has more brawn than the world’s top seven supercomputers – combined.

Folding@home’s director, Dr. Greg Bowman, told Twitter on Friday that the project’s now working with about 470 petaFLOPS in its quest to help scientists better understand how the virus’s proteins fold and bind and to hence be able to find a way to block them from attaching to human cells:

Amazing! @foldingathome now has over 470 petaFLOPS of compute power. To put that in perspective, that's more than 2… twitter.com/i/web/status/1…

—

Greg Bowman (@drGregBowman) March 20, 2020

Earlier this month, Oak Ridge National Laboratory (ORNL) announced that IBM’s Summit had joined the coronavirus fight and that it had already found 77 promising small-molecule drug compounds that can be tested for experimental use.

A distributed computing project like Folding@Home works by borrowing PC-owning donors’ idle CPU and GPU cycles. Since February, the community has been working on the computationally heavy work of figuring out how the virus’s proteins bind to cells.

It’s all about blocking those spikes on the outer surface of the virus.

Infection in both COVID-19 (2019-nCoV) and its close cousin, the SARS coronavirus (SARS-CoV), first happens in the lungs when a protein on the surface of the virus binds to a receptor protein on a lung cell.

Read more at https://nakedsecurity.sophos.com/2020/03/25/your-unused-computer-can-help-find-a-covid-19-cure/

Hackers target WHO in phishing attack

By Danny Bradbury

A cyberattack that targeted the World Health Organization (WHO) is probably just the tip of the iceberg according to experts reacting to the news this week.

Reuters first broke the news that a hacking group had targeted WHO, which is the UN agency responsible for international public health. It has played a central role in the monitoring and mitigation of the COVID-19 pandemic in recent weeks.

WHO reportedly noticed the hacking attempt in mid-March. It involved an email front end hosted on a phishing domain that tried to lure the agency’s employees into logging handing over their login credentials.

According to Reuters sources, the attack likely came from Darkhotel, a group that according to MITRE has been active since at least 2004. The group, believed to be based in Southeast Asia, got its name by targeting high-value individuals as they travelled around the world by tracking their hotel bookings via compromised hotel web apps.

Read more at https://nakedsecurity.sophos.com/2020/03/25/hackers-target-who-in-phishing-attack/

Battling the global COVID-19 scammers and fake news hawkers

By Lisa Vaas

Thousands of COVID-19 scam and malware sites are being pumped out on a daily basis: people going online to put up coronavirus scam sites or to sell counterfeit surgical masks; fake self-testing kits for HIV and glucose monitoring; and/or bogus antiviral meds, chloroquine (that’s fish-tank cleaner to me and you, and regardless of what you might have heard, please don’t take it – at least one man has already died), Vitamin C or other food supplements.

Law enforcement around the globe is fighting the good fight to limit how many people’s brains these burrs hook their barbs into.

Crack-down

On Friday, the pandemic-afflicted state of New York, governed by COVID-19 savvy lawmakers, let it be known to domain registrars that it’s high time they cracked down on this health-threatening trend.

The office of New York Attorney General Letitia James sent letters – here’s one sent to GoDaddy – to six of the internet’s largest domain name registrars, asking them how they plan to protect New Yorkers and others across the country from these scams by making it tougher to register a domain that’s likely to be selling snake oil, inflicting malware or setting up whatever other trap the crooks have been rushing to put into place.

The letter was penned by the AG Office’s Kim A. Berger, Chief of the Bureau of Internet and Technology.

New York has already taken action to shut these guys down, Berger noted. For example, earlier this month, the AG ordered conspiracy theorist Alex Jones to stop peddling fake coronavirus cures.

Read more at https://nakedsecurity.sophos.com/2020/03/25/battling-the-global-covid-19-scammers-and-fake-news-hawkers/

Windows has a zero-day that won’t be patched for weeks

By John E Dunn

Cybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.

The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.

For now, there are no CVE identifiers and the only confirmed details are in Microsoft’s warning:

Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library and is providing the following guidance to help reduce customer risk until the security update is released.

Attackers could exploit the flaw by persuading users to open a malicious document. Importantly, however, the same danger would arise even if users viewed that document using the Windows Explorer file manager preview pane.

The latter is significant because, for now, there’s no software fix, which could be as far away as the next Patch Tuesday update, scheduled for 14 April 2020:

Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.

Until then, the only countermeasure is to use one of the recommended workarounds, which involves disabling Explorer’s preview and details pane.

Read more at https://nakedsecurity.sophos.com/2020/03/25/windows-has-a-zero-day-that-wont-be-patched-for-weeks/