---

Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit

The online videoconferencing service added Alex Stamos to the team and has also formed an expert advisory board to grapple with the pains of its COVID-19 growth spurt.

---

Medical Devices on the IoT Put Lives at Risk

Device security must become as important a product design feature as safety and efficacy.

---

Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials

Emails purporting to be a Cisco "critical security advisory" are actually part of a phishing campaign trying to steal victims' Webex credentials.

---

Bugcrowd vulnerability bounty platform snags $30 million in fresh funding round

The Series D round capitalizes on enterprise booking growth of 100%.

---

‘Unbreakable’ Smart Lock Draws FTC Ire for Deceptive Security Claims

Tapplock catches heat for patched vulnerabilities -- because of its claims that its smart locks can't be hacked.

---

Fleeceware apps discovered on the iOS App Store

More than 3.5 million iOS users installed 'fleeceware' apps from the Apple App Store.

---

Bisq Bitcoin exchange slams on the brakes after exploit of critical security flaw, crypto theft

Over $250,000 in cryptocurrency has been stolen from users.

---

Cloudflare dumps reCAPTCHA as Google intends to charge for its use

Cloudflare says its moving to hCaptcha, an alternative CAPTCHA service, more private than reCAPTCHA.

---

Zoom removes meeting IDs from app title bar to improve privacy

Zoom app won't show meeting ID in the title bar going forward to avoid accidental leaks and Zoom-bombing disruptions.

---

Unique Passwords

Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.

---

Keeping Vigilant for BEC Amid COVID-19 Chaos

FBI and security experts warn that attackers are particularly targeting cloud-based email systems at the moment.

---

After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers

While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.

---

Researchers Fool Biometric Scanners with 3D-Printed Fingerprints

Tests on the fingerprint scanners of Apple, Microsoft, and Samsung devices reveal it's possible to bypass authentication with a cheap 3D printer.

---

PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack

Novel hack allows an attacker to create a mouse-over in a PowerPoint file that triggers the installation of malware.

---

Microsoft Releases COVID-19 Security Guidance

Information includes tips on how to keep IT systems infection-free.

---

'Unkillable' Android Malware App Continues to Infect Devices Worldwide

The xHelper Trojan has compromised over 55,000 devices so far, Kaspersky says.

---

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

Researchers say the botnet has emerged over the past three months and shares aspects with Mirai and Qbot.

---

Microsoft: Under 2% of all daily malspam uses COVID-19 lures

Malicious email campaigns have not increased due to COVID-19. Attackers merely changed lures.

---

BEC, Domain Jacking Help Criminals Disrupt Cash Transfers

The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.

---

ThreatList: Skype-Themed Apps Hide a Raft of Malware

Hundreds of thousands of malware files are disguised as well-known social conferencing and collaboration apps.