Cybersecurity News


Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats

Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
02 April 2020

5 Ways Enterprises Inadvertently Compromise Their Network Security

Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.
02 April 2020

Twitter discloses Firefox bug that cached private files sent or received via DMs

Private files sent via DMs were cached inside Firefox browsers for as long as a week, even after users logged off.
02 April 2020

A Hacker's Perspective on Securing VPNs As You Go Remote

As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
02 April 2020

Zoom Removes Data-Mining LinkedIn Feature

Zoom Removes Data-Mining LinkedIn Feature The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month.
02 April 2020

Name That Toon: The Devil You Know?

Name That Toon: The Devil You Know? Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
02 April 2020

In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits

In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits Old phishing kits are being pressed into service to keep up with the unprecedented volume of new scams that exploit the pandemic.
02 April 2020

‘War Dialing’ Tool Exposes Zoom’s Password Problems

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there's a decent chance your next Zoom meeting could be "Zoom bombed" -- attended or disrupted by someone who doesn't belong. And according to data gathered by a new automated Zoom meeting discovery tool dubbed "zWarDial," a crazy number major corporations are setting up meetings without passwords enabled.
02 April 2020

‘Zoom is malware’: why experts worry about the video conferencing platform

‘Zoom is malware’: why experts worry about the video conferencing platform

The company has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a ‘privacy disaster’

As coronavirus lockdowns have moved many in-person activities online, the use of video conferencing platform Zoom has quickly escalated. So, too, have concerns about its security.

In the last month, there was a 535% rise in daily traffic to the Zoom.us download page, according to an analysis from web analytics firm SimilarWeb. Its app for iPhone has been the most downloaded app in the country for weeks, according to the mobile app market research firm Sensor Tower. Even politicians and other high-profile figures, including the British prime minister, Boris Johnson, and the former US federal reserve chair Alan Greenspan, use it for conferencing as they work from home.

Related: Coronavirus and app downloads: what you need to know about protecting your privacy

Continue reading...
02 April 2020

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
02 April 2020

Best Practices to Manage Third-Party Cyber-Risk Today

Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
02 April 2020

New Magecart Skimmer Infects 19 Victim Websites

MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
02 April 2020

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.
02 April 2020

Cloudflare debuts 1.1.1.1 for Families, comes under fire for blocking LGBTQIA+ sites

The company immediately apologized, branding the blocks as a “mistake.”
02 April 2020

Vulnerability Researchers Focus on Zoom App's Security

With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
02 April 2020

The internet is now rife with places where you can organize Zoom-bombing raids

Zoom-raiding parties are everywhere now — Discord, Reddit, Twitter, hacking forums.
02 April 2020

Why isn't the government publishing more data about coronavirus deaths? | Jeni Tennison

Why isn't the government publishing more data about coronavirus deaths? | Jeni Tennison

Studying the past is futile in an unprecedented crisis. Science is the answer – and open-source information is paramount

Coronavirus – latest updates
See all our coronavirus coverage

Wherever we look, there is a demand for data about Covid-19. We devour dashboards, graphs and visualisations. We want to know about the numbers of tests, cases and deaths; how many beds and ventilators are available, how many NHS workers are off sick. When information is missing, we speculate about what the government might be hiding, or fill in the gaps with anecdotes.

Data is a necessary ingredient in day-to-day decision-making – but in this rapidly evolving situation, it’s especially vital. Everything has changed, almost overnight. Demands for food, transport, and energy have been overhauled as more people stop travelling and work from home. Jobs have been lost in some sectors, and workers are desperately needed in others. Historic experience can no longer tell us how our society or economy is working. Past models hold little predictive power in an unprecedented situation. To know what is happening right now, we need up-to-date information.

Related: A public inquiry into the UK's coronavirus response would find a litany of failures | Anthony Costello

Jeni Tennison is technical director of the Open Data Institute.

Continue reading...
02 April 2020

There's now COVID-19 malware that will wipe your PC and rewrite your MBR

Security researchers have discovered coronavirus-themed malware created to destroy users' computers.
01 April 2020

Attackers Leverage Excel File Encryption to Deliver Malware

Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
01 April 2020

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims Like NotPetya, it overwrites the master boot record to render computers "trashed."
01 April 2020