SecurityWeek RSS Feed

Keys Used to Encrypt Zoom Meetings Sent to China: Researchers

Zoom encryption keys sent to China A recent analysis of the Zoom video conferencing application revealed that the keys used to encrypt and decrypt meetings may be sent to servers in China, even if all participants are located in other countries. read more

Hacker 'Ceasefire' Gets Little Traction as Pandemic Fuels Attacks

Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the pandemic, even as some hackers have called for dialing back their criminal efforts. read more

Apple Awards Researcher $75,000 for Camera Hacking Vulnerabilities

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. read more

Researchers Discover Hidden Behavior in Thousands of Android Apps

Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. With smartphones being part of our every-day lives, millions of applications are being used for a broad variety of activities, yet many of these engage in behaviors that are never disclosed to their users. read more

Unpatched Flaw in Discontinued Plugin Exposes WordPress Sites to Attacks

A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports. read more

Twitter Tells Users Firefox Possibly Exposed Personal Information

Twitter informed users on Thursday that their personal information may have been exposed due to the way the Firefox web browser stores cached data. read more

How Humans "LEAD" the Way to More Effective Use of Threat Intelligence

When the theme, Human Element , was announced for RSA Conference 2020 (RSAC), I was gratified. It's a topic I never tire of because not only do I believe that there is no "silver bullet" technology, I believe it's the humans who really lead the way to greater security efficiency and effectiveness. read more

Zoom's Security and Privacy Woes Violated GDPR, Expert Says

Zoom Security Risks, Privacy and GDPR Compliance Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant? read more

Researcher Finds New Class of Windows Vulnerabilities

A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges. read more

Class Action Lawsuit Filed Against Marriott Over New Data Breach

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals. read more

Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan. read more

Browser Makers Delay Removal of TLS 1.0 and 1.1 Support

Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox. read more

Remaining Nimble During Times of Rapid Change

There is an adage that goes, "the only constant is change." And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security.  read more

Watchdog Finds New Problems With FBI Wiretap Applications

The Justice Department inspector general has found additional failures in the FBI's handling of a secretive surveillance program that came under scrutiny after the Russia investigation, identifying problems with dozens of applications for wiretaps in national security investigations. read more

Coronavirus Malware Makes Devices Unusable by Overwriting MBR

A newly discovered piece of malware is taking advantage of the current COVID-19 pandemic to render computers unusable by overwriting the MBR (master boot record). read more

Remote Work is Not New, but it is the New Normal

Working from home has been my personal norm for several years. Because I live too far from the office and regularly attend conference calls across different time zones than mine, commuting daily would be impractical. For me, being a remote worker is ideal and ensures that I can balance work and home life successfully. read more

Zoom Vulnerabilities Expose Users to Spying, Other Attacks

Security researchers discovered recently that the Zoom video conferencing app is affected by vulnerabilities that can be exploited to spy on users, escalate privileges on the system, and capture Windows credentials. The company says it's working on patching these flaws. read more

Nigerian Threat Actors Specializing in BEC Attacks Continue to Evolve

The Nigerian business email compromise (BEC) threat actors referred to as SilverTerrier have intensified assaults on multiple industries and should be considered an established threat, Palo Alto Networks says. read more

Vollgar Campaign Targets MS-SQL Servers With Backdoors, Crypto-Miners

A recently uncovered attack campaign that stayed under the radar since May 2018 has targeted Microsoft SQL servers with backdoors and crypto-miners, Guardicore Labs reveals. read more

Keeping Your Security Strategy on Track Amidst Tactical Distractions

"Goodbye to Rosie, the queen of Corona"  - Paul Simon, Me and Julio Down by the Schoolyard read more

Distributed by