SecurityWeek
Keys Used to Encrypt Zoom Meetings Sent to China: Researchers
A recent analysis of the Zoom video conferencing application revealed that the keys used to encrypt and decrypt meetings may be sent to servers in China, even if all participants are located in other countries.
Hacker 'Ceasefire' Gets Little Traction as Pandemic Fuels Attacks
Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the pandemic, even as some hackers have called for dialing back their criminal efforts.
Apple Awards Researcher $75,000 for Camera Hacking Vulnerabilities
A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS.
Researchers Discover Hidden Behavior in Thousands of Android Apps
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered.
With smartphones being part of our every-day lives, millions of applications are being used for a broad variety of activities, yet many of these engage in behaviors that are never disclosed to their users.
Unpatched Flaw in Discontinued Plugin Exposes WordPress Sites to Attacks
A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports.
Twitter Tells Users Firefox Possibly Exposed Personal Information
Twitter informed users on Thursday that their personal information may have been exposed due to the way the Firefox web browser stores cached data.
How Humans "LEAD" the Way to More Effective Use of Threat Intelligence
When the theme, Human Element, was announced for RSA Conference 2020 (RSAC), I was gratified. It’s a topic I never tire of because not only do I believe that there is no “silver bullet” technology, I believe it’s the humans who really lead the way to greater security efficiency and effectiveness.
Zoom's Security and Privacy Woes Violated GDPR, Expert Says
Zoom Security Risks, Privacy and GDPR Compliance
Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant?
Researcher Finds New Class of Windows Vulnerabilities
A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges.
Class Action Lawsuit Filed Against Marriott Over New Data Breach
Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.
Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan
Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan.
Browser Makers Delay Removal of TLS 1.0 and 1.1 Support
Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox.
Remaining Nimble During Times of Rapid Change
There is an adage that goes, "the only constant is change." And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security.
Watchdog Finds New Problems With FBI Wiretap Applications
The Justice Department inspector general has found additional failures in the FBI’s handling of a secretive surveillance program that came under scrutiny after the Russia investigation, identifying problems with dozens of applications for wiretaps in national security investigations.
Coronavirus Malware Makes Devices Unusable by Overwriting MBR
A newly discovered piece of malware is taking advantage of the current COVID-19 pandemic to render computers unusable by overwriting the MBR (master boot record).
Remote Work is Not New, but it is the New Normal
Working from home has been my personal norm for several years. Because I live too far from the office and regularly attend conference calls across different time zones than mine, commuting daily would be impractical. For me, being a remote worker is ideal and ensures that I can balance work and home life successfully.
Zoom Vulnerabilities Expose Users to Spying, Other Attacks
Security researchers discovered recently that the Zoom video conferencing app is affected by vulnerabilities that can be exploited to spy on users, escalate privileges on the system, and capture Windows credentials. The company says it’s working on patching these flaws.
Nigerian Threat Actors Specializing in BEC Attacks Continue to Evolve
The Nigerian business email compromise (BEC) threat actors referred to as SilverTerrier have intensified assaults on multiple industries and should be considered an established threat, Palo Alto Networks says.
Vollgar Campaign Targets MS-SQL Servers With Backdoors, Crypto-Miners
A recently uncovered attack campaign that stayed under the radar since May 2018 is targeting devices running MS-SQL servers with backdoors and crypto-miners, Guardicore Labs reveals.