Cybersecurity News
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.5 Ways Enterprises Inadvertently Compromise Their Network Security
Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.Twitter discloses Firefox bug that cached private files sent or received via DMs
Private files sent via DMs were cached inside Firefox browsers for as long as a week, even after users logged off.A Hacker's Perspective on Securing VPNs As You Go Remote
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposefulZoom Removes Data-Mining LinkedIn Feature
The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month.
Name That Toon: The Devil You Know?
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits
Old phishing kits are being pressed into service to keep up with the unprecedented volume of new scams that exploit the pandemic.
‘War Dialing’ Tool Exposes Zoom’s Password Problems
As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there's a decent chance your next Zoom meeting could be "Zoom bombed" -- attended or disrupted by someone who doesn't belong. And according to data gathered by a new automated Zoom meeting discovery tool dubbed "zWarDial," a crazy number major corporations are setting up meetings without passwords enabled.‘Zoom is malware’: why experts worry about the video conferencing platform
The company has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a ‘privacy disaster’
As coronavirus lockdowns have moved many in-person activities online, the use of video conferencing platform Zoom has quickly escalated. So, too, have concerns about its security.
In the last month, there was a 535% rise in daily traffic to the Zoom.us download page, according to an analysis from web analytics firm SimilarWeb. Its app for iPhone has been the most downloaded app in the country for weeks, according to the mobile app market research firm Sensor Tower. Even politicians and other high-profile figures, including the British prime minister, Boris Johnson, and the former US federal reserve chair Alan Greenspan, use it for conferencing as they work from home.
Related: Coronavirus and app downloads: what you need to know about protecting your privacy
Continue reading...44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig
Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
Best Practices to Manage Third-Party Cyber-Risk Today
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.New Magecart Skimmer Infects 19 Victim Websites
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs
Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.
Cloudflare debuts 1.1.1.1 for Families, comes under fire for blocking LGBTQIA+ sites
The company immediately apologized, branding the blocks as a “mistake.”Vulnerability Researchers Focus on Zoom App's Security
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.The internet is now rife with places where you can organize Zoom-bombing raids
Zoom-raiding parties are everywhere now — Discord, Reddit, Twitter, hacking forums.Why isn't the government publishing more data about coronavirus deaths? | Jeni Tennison
Studying the past is futile in an unprecedented crisis. Science is the answer – and open-source information is paramount
• Coronavirus – latest updates
• See all our coronavirus coverage
Wherever we look, there is a demand for data about Covid-19. We devour dashboards, graphs and visualisations. We want to know about the numbers of tests, cases and deaths; how many beds and ventilators are available, how many NHS workers are off sick. When information is missing, we speculate about what the government might be hiding, or fill in the gaps with anecdotes.
Data is a necessary ingredient in day-to-day decision-making – but in this rapidly evolving situation, it’s especially vital. Everything has changed, almost overnight. Demands for food, transport, and energy have been overhauled as more people stop travelling and work from home. Jobs have been lost in some sectors, and workers are desperately needed in others. Historic experience can no longer tell us how our society or economy is working. Past models hold little predictive power in an unprecedented situation. To know what is happening right now, we need up-to-date information.
Jeni Tennison is technical director of the Open Data Institute.
Continue reading...There's now COVID-19 malware that will wipe your PC and rewrite your MBR
Security researchers have discovered coronavirus-themed malware created to destroy users' computers.Attackers Leverage Excel File Encryption to Deliver Malware
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.Wiper Malware Called “Coronavirus” Spreads Among Windows Victims
Like NotPetya, it overwrites the master boot record to render computers "trashed."