---

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.

---

12k+ Android apps contain master passwords, secret access keys, secret commands

Comprehensive academic study finds hidden backdoor-like behavior in 6,800 Play Store apps, 1,000 apps from third-party app stores, and almost 4,800 apps pre-installed on user devices.

---

DOJ says Zoom-bombing is a crime

DOJ officials say Zoom-bombing raids could lead to arrests, fines, and even prison sentences.

---

Google rolls back Chrome privacy feature due to COVID-19

Google disables SameSite cookie support to prevent any unforseen breakage to sites during the coronavirus outbreak.

---

Firefox gets fixes for two zero-days exploited in the wild

Mozilla releases Firefox 74.0.1 to patch two bugs exploited by hackers.

---

Week in security with Tony Anscombe

Staying safe from coronavirus-themed scams – Securing remote desktop connections – The security risks of videoconferencing

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

---

Zoom’s privacy and security woes in the spotlight

The company goes straight from basking in the glow of its near-overnight success to launching an all‑out effort to fix its privacy and security issues

The post Zoom’s privacy and security woes in the spotlight appeared first on WeLiveSecurity

---

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.

---

5 Soothing Security Products We Wish Existed

Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.

---

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations.

---

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.

---

FBI Warns Education & Remote Work Platforms About Cyberattacks

The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.

---

This is Not Your Father's Ransomware

Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.

---

Want to Improve Cloud Security? It Starts with Logging

Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.

---

Web skimming attacks not expected to intensify during COVID-19 quarantines

Contrary to popular belief.

---

Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.

---

Reminder: The Black Hat USA 2020 Call for Papers Ends Monday

Now is the time to pitch your great idea for a groundbreaking information security Briefing at Black Hat USA in August. But hurry because submissions close April 6!

---

Researchers propose method to track coronavirus through smartphones while protecting privacy

The concept itself is quite simple but could be invaluable in shielding the general public from privacy violations.

---

How to prevent ZoomBombing from your Zoom video conference

  By William Knowles @c4i Senior Editor InfoSec News April 3, 2020 It seems lately not an hour goes by without news of another ZoomBombing happening, just as I was preparing this story comes this headline from Vermont Senate committee Zoom hearing derailed by porn hacker A Vermont Senate Committee on Agriculture Zoom hearing, which was […]

---

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

Hacker tries to pin the blame on Night Lion Securty, a US cyber-security firm.