Articles about Security

As if the various privacy and security concerns that have plagued Zoom recently had not been enough, now it has been revealed that the company has been routing some calls made in North America through China.

Asking whether Zoom is a "US company with a Chinese heart", security researchers at Citizen Lab reported their discovery that during test meetings, encryption and decryption keys were routed through a server in Bejing. This raised eyebrows, and the company has now tried to explain what happened and issued its second apology this week.

Continue reading →

After discovering a no fewer than seven security vulnerabilities in Safari for iOS and macOS, a researcher has received a $75,000 bug bounty pay out from Apple.

Ryan Pickren, a former Amazon Web Services (AWS) security engineer, found a series of security flaws in Apple's web browser, some of which could be exploited to hijack the camera of a Mac or iPhone to spy on users. The webcam hacking technique combined a total of three zero-day bugs.

Continue reading →

Zoom has received a lot of attention because of the increased number of people working from home, some good, some bad. There have been various security and privacy issues with the video conferencing app, but there are steps you can take to lock things down a little.

Following numerous controversies, Zoom has not only issued an apology but also put a stop on the development of new features while it gets itself in order. In the meantime, there are a various things you can do to increase your privacy and security when you're using Zoom.

Continue reading →

It's not unusual for phishing attacks to focus their efforts on major events. The end of the tax year is always popular as are major sporting occasions. The latest lure of course is the current COVID-19 pandemic.

The problem for IT admins is how to protect against a sudden deluge of threats and spam messages while ensuring that important legitimate communications aren't accidentally blocked.

Continue reading →

Zoom has been in the headlines a lot recently -- and not always for the reasons the company might have wanted. Thrust into the spotlight due to massively increased usage during the coronavirus pandemic, Zoom has been plagued with numerous security and privacy issues.

Now company CEO Eric S Yuan has issued a lengthy statement to Zoom users, apologizing for "unforeseen issues" and promising to improve things. For now, Zoom will get no new features as the company is focusing on fixing what is wrong, and regaining customer trust.

Continue reading →

Cloudflare's 1.1.1.1 DNS resolver has been around for a couple of years now, helping to cater for those looking for a more private and secure internet connection. Now the company has announced a new version of the product, this time with extra protective layers.

1.1.1.1 for Families is essentially a parental control filter, automatically blocking access to "bad sites". This means not only sites that deliver malware, but also adult sites that might not be suitable for younger internet users. But while parents may welcome this automated filtering, 1.1.1.1 for Families has already come in for criticism for incorrectly blocking sites.

Continue reading →

If you're in the market for a free VPN for your desktop PC or laptop, Cloudflare will soon have a new offering.

Following on from the success of its free VPN for mobile devices, the company that's also behind the 1.1.1.1 DNS resolver is now bringing WARP to Windows and macOS -- and there is a Linux version in the works. Cloudflare's WARP is currently available in beta, but not everyone will be able to get access to it straight away.

Continue reading →

Infected mail attachments and malicious links are common ways for hackers to try to infiltrate organizations.

Researchers at cybersecurity company Varonis have uncovered at new attack route in the form of malicious Azure apps. Azure apps don't require approval from Microsoft and, more importantly, they don't require code execution on the user's machine, making it easy to evade endpoint detection and antivirus systems.

Continue reading →

Security is a serious concern for anyone using the internet, but it most certainly is for businesses. In seeking a video conferencing tool to see them through the home-working coronavirus has forced many people into, Zoom has proved to be an incredibly popular choice, and its proclamation of offering end-to-end encryption very probably swayed a few decisions.

An investigation carried out by the Intercept found that, despite Zoom's claims, the service does not really support end-to-end encryption for video and audio content. In reality, all it offers is TLS, but Zoom has chosen to refer to this as being end-to-end encryption.

Continue reading →

Zoom's popularity has accelerated in recent weeks thanks to the number of people now forced to work from home and conduct meetings online. Now security researchers have discovered a worrying vulnerability in the software that could be used to steal Windows login credentials.

The vulnerability steams from the fact that Zoom converts URLs that are sent in messages into clickable links. The same is true for UNC paths, and if such a link is clicked, it is possible to grab a user's login name and their NTLM password hash and decrypt it.

Continue reading →

Towards the end of 2018, Marriott International suffered a data breach of its Starwood Hotel reservation database. Now the hotel chain has revealed that it suffered a second data breach earlier this year.

The company says that at the end of February it noticed that an "unexpected amount of guest information" could have been accessed using the login credentials of two employees. It is thought that this access started in the middle of January, and up to 5.2 million customers have been affected.

Continue reading →

Recorded Future has been logging sandbox submissions from its platform as mapped to the MITRE ATT&CK framework over 2019 and has released a list of the most frequently referenced tactics and techniques.

The most common tactic in the results is Defense Evasion and the most common technique Security Software Discovery. Defense Evasion involves avoiding detection by, among other things, hiding in trusted processes, obfuscating malicious scripts, and disabling security software.

Continue reading →

Microsoft office files have long been used as a means of delivering malware payloads and researchers at Mimecast have discovered a rise in LimeRAT malware delivered using an Excel default password.

Excel files are designed to be easily encrypted, which helps attackers evade detection by common malware detection systems when a file is emailed.

Continue reading →

As digital transformation projects mean enterprises are sharing more and more information with customers and suppliers, added focus is placed on the security of that data.

To find out how companies can address this, while still reaping the benefits of AI, IoT and other fast growing technologies, we spoke to Fouad Khalil, VP of compliance at SecurityScorecard.

Continue reading →

With phisherfolk ever keen to cash in at the end of the tax year, a new study has analyzed the public DNS records for 200 domains likely to be impersonated for tax fraud and finds that 78 percent are not adequately protected.

The research from email security company Valimail looked at Fortune 100 businesses, US states' departments of revenue, federal tax agencies and well-known tax preparation services.

Continue reading →