SecurityWeek

Keys Used to Encrypt Zoom Meetings Sent to China: Researchers

Security Week - Fri, 04/03/2020 - 11:41am

A recent analysis of the Zoom video conferencing application revealed that the keys used to encrypt and decrypt meetings may be sent to servers in China, even if all participants are located in other countries.

read more

Categories: SecurityWeek

Hacker 'Ceasefire' Gets Little Traction as Pandemic Fuels Attacks

Security Week - Fri, 04/03/2020 - 11:12am

Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the pandemic, even as some hackers have called for dialing back their criminal efforts.

read more

Categories: SecurityWeek

Apple Awards Researcher $75,000 for Camera Hacking Vulnerabilities

Security Week - Fri, 04/03/2020 - 9:59am

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS.

read more

Categories: SecurityWeek

Researchers Discover Hidden Behavior in Thousands of Android Apps

Security Week - Fri, 04/03/2020 - 8:58am

Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered.

With smartphones being part of our every-day lives, millions of applications are being used for a broad variety of activities, yet many of these engage in behaviors that are never disclosed to their users.

read more

Categories: SecurityWeek

Unpatched Flaw in Discontinued Plugin Exposes WordPress Sites to Attacks

Security Week - Fri, 04/03/2020 - 7:40am

A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports.

read more

Categories: SecurityWeek

Twitter Tells Users Firefox Possibly Exposed Personal Information

Security Week - Fri, 04/03/2020 - 6:03am

Twitter informed users on Thursday that their personal information may have been exposed due to the way the Firefox web browser stores cached data.

read more

Categories: SecurityWeek

How Humans "LEAD" the Way to More Effective Use of Threat Intelligence

Security Week - Thu, 04/02/2020 - 5:17pm

When the theme, Human Element, was announced for RSA Conference 2020 (RSAC), I was gratified. It’s a topic I never tire of because not only do I believe that there is no “silver bullet” technology, I believe it’s the humans who really lead the way to greater security efficiency and effectiveness.

read more

Categories: SecurityWeek

Zoom's Security and Privacy Woes Violated GDPR, Expert Says

Security Week - Thu, 04/02/2020 - 4:53pm

Zoom Security Risks, Privacy and GDPR Compliance

Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant?

read more

Categories: SecurityWeek

Researcher Finds New Class of Windows Vulnerabilities

Security Week - Thu, 04/02/2020 - 3:35pm

A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges.

read more

Categories: SecurityWeek

Class Action Lawsuit Filed Against Marriott Over New Data Breach

Security Week - Thu, 04/02/2020 - 3:03pm

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.

read more

Categories: SecurityWeek

Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan

Security Week - Thu, 04/02/2020 - 11:38am

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan.

read more

Categories: SecurityWeek

Browser Makers Delay Removal of TLS 1.0 and 1.1 Support

Security Week - Thu, 04/02/2020 - 11:22am

Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox.

read more

Categories: SecurityWeek

Remaining Nimble During Times of Rapid Change

Security Week - Thu, 04/02/2020 - 10:52am

There is an adage that goes, "the only constant is change." And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security. 

read more

Categories: SecurityWeek

Watchdog Finds New Problems With FBI Wiretap Applications

Security Week - Thu, 04/02/2020 - 8:13am

The Justice Department inspector general has found additional failures in the FBI’s handling of a secretive surveillance program that came under scrutiny after the Russia investigation, identifying problems with dozens of applications for wiretaps in national security investigations.

read more

Categories: SecurityWeek

Coronavirus Malware Makes Devices Unusable by Overwriting MBR

Security Week - Thu, 04/02/2020 - 7:49am

A newly discovered piece of malware is taking advantage of the current COVID-19 pandemic to render computers unusable by overwriting the MBR (master boot record).

read more

Categories: SecurityWeek

Remote Work is Not New, but it is the New Normal

Security Week - Thu, 04/02/2020 - 6:46am

Working from home has been my personal norm for several years. Because I live too far from the office and regularly attend conference calls across different time zones than mine, commuting daily would be impractical. For me, being a remote worker is ideal and ensures that I can balance work and home life successfully.

read more

Categories: SecurityWeek

Zoom Vulnerabilities Expose Users to Spying, Other Attacks

Security Week - Thu, 04/02/2020 - 6:02am

Security researchers discovered recently that the Zoom video conferencing app is affected by vulnerabilities that can be exploited to spy on users, escalate privileges on the system, and capture Windows credentials. The company says it’s working on patching these flaws.

read more

Categories: SecurityWeek

Nigerian Threat Actors Specializing in BEC Attacks Continue to Evolve

Security Week - Thu, 04/02/2020 - 4:51am

The Nigerian business email compromise (BEC) threat actors referred to as SilverTerrier have intensified assaults on multiple industries and should be considered an established threat, Palo Alto Networks says.

read more

Categories: SecurityWeek

Vollgar Campaign Targets MS-SQL Servers With Backdoors, Crypto-Miners

Security Week - Thu, 04/02/2020 - 12:15am

A recently uncovered attack campaign that stayed under the radar since May 2018 is targeting devices running MS-SQL servers with backdoors and crypto-miners, Guardicore Labs reveals.

read more

Categories: SecurityWeek

Keeping Your Security Strategy on Track Amidst Tactical Distractions

Security Week - Wed, 04/01/2020 - 2:56pm

“Goodbye to Rosie, the queen of Corona” - Paul Simon, Me and Julio Down by the Schoolyard

read more

Categories: SecurityWeek

Pages