After many schools adopted Zoom to conduct online lessons during the coronavirus lockdown, concerns about security and privacy have led to a ban on the video conferencing software across the US.

The chancellor of New York City's Department of Education Richard A Carranza sent an email to school principals telling them to "cease using Zoom as soon as possible". And he is not alone; schools in other parts of the country have taken similar action, and educators are now being trained to use Microsoft Teams as this has been suggested as a suitable alternative, partly because it is compliant with FERPA (Family Educational Rights and Privacy Act).

Zoom's skyrocketing popularity in recent weeks has been both a blessing and a curse for the company. Clearly it welcomes the additional users and, presumably, the income generated, but the company has also found itself under the spotlight resulting in startling revelations about security and privacy.

Having already apologized for a series of issues, Zoom is not taking steps to improve security. In an email sent out to users, the company explains how the virtual waiting room feature will be enabled by default, and meeting participants will now be required to use passwords to join.

As if the various privacy and security concerns that have plagued Zoom recently had not been enough, now it has been revealed that the company has been routing some calls made in North America through China.

Asking whether Zoom is a "US company with a Chinese heart", security researchers at Citizen Lab reported their discovery that during test meetings, encryption and decryption keys were routed through a server in Bejing. This raised eyebrows, and the company has now tried to explain what happened and issued its second apology this week.

After discovering a no fewer than seven security vulnerabilities in Safari for iOS and macOS, a researcher has received a $75,000 bug bounty pay out from Apple.

Ryan Pickren, a former Amazon Web Services (AWS) security engineer, found a series of security flaws in Apple's web browser, some of which could be exploited to hijack the camera of a Mac or iPhone to spy on users. The webcam hacking technique combined a total of three zero-day bugs.

Zoom has received a lot of attention because of the increased number of people working from home, some good, some bad. There have been various security and privacy issues with the video conferencing app, but there are steps you can take to lock things down a little.

Following numerous controversies, Zoom has not only issued an apology but also put a stop on the development of new features while it gets itself in order. In the meantime, there are a various things you can do to increase your privacy and security when you're using Zoom.

It's not unusual for phishing attacks to focus their efforts on major events. The end of the tax year is always popular as are major sporting occasions. The latest lure of course is the current COVID-19 pandemic.

The problem for IT admins is how to protect against a sudden deluge of threats and spam messages while ensuring that important legitimate communications aren't accidentally blocked.

Zoom has been in the headlines a lot recently -- and not always for the reasons the company might have wanted. Thrust into the spotlight due to massively increased usage during the coronavirus pandemic, Zoom has been plagued with numerous security and privacy issues.

Now company CEO Eric S Yuan has issued a lengthy statement to Zoom users, apologizing for "unforeseen issues" and promising to improve things. For now, Zoom will get no new features as the company is focusing on fixing what is wrong, and regaining customer trust.

Cloudflare's 1.1.1.1 DNS resolver has been around for a couple of years now, helping to cater for those looking for a more private and secure internet connection. Now the company has announced a new version of the product, this time with extra protective layers.

1.1.1.1 for Families is essentially a parental control filter, automatically blocking access to "bad sites". This means not only sites that deliver malware, but also adult sites that might not be suitable for younger internet users. But while parents may welcome this automated filtering, 1.1.1.1 for Families has already come in for criticism for incorrectly blocking sites.

If you're in the market for a free VPN for your desktop PC or laptop, Cloudflare will soon have a new offering.

Following on from the success of its free VPN for mobile devices, the company that's also behind the 1.1.1.1 DNS resolver is now bringing WARP to Windows and macOS -- and there is a Linux version in the works. Cloudflare's WARP is currently available in beta, but not everyone will be able to get access to it straight away.

Infected mail attachments and malicious links are common ways for hackers to try to infiltrate organizations.

Researchers at cybersecurity company Varonis have uncovered at new attack route in the form of malicious Azure apps. Azure apps don't require approval from Microsoft and, more importantly, they don't require code execution on the user's machine, making it easy to evade endpoint detection and antivirus systems.

Security is a serious concern for anyone using the internet, but it most certainly is for businesses. In seeking a video conferencing tool to see them through the home-working coronavirus has forced many people into, Zoom has proved to be an incredibly popular choice, and its proclamation of offering end-to-end encryption very probably swayed a few decisions.

An investigation carried out by the Intercept found that, despite Zoom's claims, the service does not really support end-to-end encryption for video and audio content. In reality, all it offers is TLS, but Zoom has chosen to refer to this as being end-to-end encryption.

Zoom's popularity has accelerated in recent weeks thanks to the number of people now forced to work from home and conduct meetings online. Now security researchers have discovered a worrying vulnerability in the software that could be used to steal Windows login credentials.

The vulnerability steams from the fact that Zoom converts URLs that are sent in messages into clickable links. The same is true for UNC paths, and if such a link is clicked, it is possible to grab a user's login name and their NTLM password hash and decrypt it.

Towards the end of 2018, Marriott International suffered a data breach of its Starwood Hotel reservation database. Now the hotel chain has revealed that it suffered a second data breach earlier this year.

The company says that at the end of February it noticed that an "unexpected amount of guest information" could have been accessed using the login credentials of two employees. It is thought that this access started in the middle of January, and up to 5.2 million customers have been affected.

Recorded Future has been logging sandbox submissions from its platform as mapped to the MITRE ATT&CK framework over 2019 and has released a list of the most frequently referenced tactics and techniques.

The most common tactic in the results is Defense Evasion and the most common technique Security Software Discovery. Defense Evasion involves avoiding detection by, among other things, hiding in trusted processes, obfuscating malicious scripts, and disabling security software.

Microsoft office files have long been used as a means of delivering malware payloads and researchers at Mimecast have discovered a rise in LimeRAT malware delivered using an Excel default password.

Excel files are designed to be easily encrypted, which helps attackers evade detection by common malware detection systems when a file is emailed.