Articles about Security

Zoom admits to routing some US calls through China

Angled Zoom logo

As if the various privacy and security concerns that have plagued Zoom recently had not been enough, now it has been revealed that the company has been routing some calls made in North America through China.

Asking whether Zoom is a "US company with a Chinese heart", security researchers at Citizen Lab reported their discovery that during test meetings, encryption and decryption keys were routed through a server in Bejing. This raised eyebrows, and the company has now tried to explain what happened and issued its second apology this week.

Continue reading

Security researcher discovers vulnerabilities in iOS and macOS that could be exploited to hack webcams

Angled Apple logo

After discovering a no fewer than seven security vulnerabilities in Safari for iOS and macOS, a researcher has received a $75,000 bug bounty pay out from Apple.

Ryan Pickren, a former Amazon Web Services (AWS) security engineer, found a series of security flaws in Apple's web browser, some of which could be exploited to hijack the camera of a Mac or iPhone to spy on users. The webcam hacking technique combined a total of three zero-day bugs.

Continue reading

How to lock down Zoom to improve your privacy and security

Zoom logo on a building

Zoom has received a lot of attention because of the increased number of people working from home, some good, some bad. There have been various security and privacy issues with the video conferencing app, but there are steps you can take to lock things down a little.

Following numerous controversies, Zoom has not only issued an apology but also put a stop on the development of new features while it gets itself in order. In the meantime, there are a various things you can do to increase your privacy and security when you're using Zoom.

Continue reading

Events tracking tool helps track and guard against phishing and spam campaigns

Phishing

It's not unusual for phishing attacks to focus their efforts on major events. The end of the tax year is always popular as are major sporting occasions. The latest lure of course is the current COVID-19 pandemic.

The problem for IT admins is how to protect against a sudden deluge of threats and spam messages while ensuring that important legitimate communications aren't accidentally blocked.

Continue reading

Zoom issues an apology for privacy and security issues, will enact a feature freeze to focus on fixes

Zoom on a tablet

Zoom has been in the headlines a lot recently -- and not always for the reasons the company might have wanted. Thrust into the spotlight due to massively increased usage during the coronavirus pandemic, Zoom has been plagued with numerous security and privacy issues.

Now company CEO Eric S Yuan has issued a lengthy statement to Zoom users, apologizing for "unforeseen issues" and promising to improve things. For now, Zoom will get no new features as the company is focusing on fixing what is wrong, and regaining customer trust.

Continue reading

Cloudflare launches DNS-based parental control service 1.1.1.1 for Families

Cloudflare .1.1.1 for Families

Cloudflare's 1.1.1.1 DNS resolver has been around for a couple of years now, helping to cater for those looking for a more private and secure internet connection. Now the company has announced a new version of the product, this time with extra protective layers.

1.1.1.1 for Families is essentially a parental control filter, automatically blocking access to "bad sites". This means not only sites that deliver malware, but also adult sites that might not be suitable for younger internet users. But while parents may welcome this automated filtering, 1.1.1.1 for Families has already come in for criticism for incorrectly blocking sites.

Continue reading

Cloudflare announces free VPN tool WARP for Windows and macOS, with Linux to follow

Cloudflare WARP

If you're in the market for a free VPN for your desktop PC or laptop, Cloudflare will soon have a new offering.

Following on from the success of its free VPN for mobile devices, the company that's also behind the 1.1.1.1 DNS resolver is now bringing WARP to Windows and macOS -- and there is a Linux version in the works. Cloudflare's WARP is currently available in beta, but not everyone will be able to get access to it straight away.

Continue reading

How Malicious Azure apps can be used to target Office 365

Network security

Infected mail attachments and malicious links are common ways for hackers to try to infiltrate organizations.

Researchers at cybersecurity company Varonis have uncovered at new attack route in the form of malicious Azure apps. Azure apps don't require approval from Microsoft and, more importantly, they don't require code execution on the user's machine, making it easy to evade endpoint detection and antivirus systems.

Continue reading

Zoom claims to offer end-to-end encryption -- even though that's not strictly true

Zoom logo

Security is a serious concern for anyone using the internet, but it most certainly is for businesses. In seeking a video conferencing tool to see them through the home-working coronavirus has forced many people into, Zoom has proved to be an incredibly popular choice, and its proclamation of offering end-to-end encryption very probably swayed a few decisions.

An investigation carried out by the Intercept found that, despite Zoom's claims, the service does not really support end-to-end encryption for video and audio content. In reality, all it offers is TLS, but Zoom has chosen to refer to this as being end-to-end encryption.

Continue reading

Zoom security vulnerability can be used to steal Windows login credentials

Zoom icon

Zoom's popularity has accelerated in recent weeks thanks to the number of people now forced to work from home and conduct meetings online. Now security researchers have discovered a worrying vulnerability in the software that could be used to steal Windows login credentials.

The vulnerability steams from the fact that Zoom converts URLs that are sent in messages into clickable links. The same is true for UNC paths, and if such a link is clicked, it is possible to grab a user's login name and their NTLM password hash and decrypt it.

Continue reading

Marriott International reveals details of another data breach

Marriott sign

Towards the end of 2018, Marriott International suffered a data breach of its Starwood Hotel reservation database. Now the hotel chain has revealed that it suffered a second data breach earlier this year.

The company says that at the end of February it noticed that an "unexpected amount of guest information" could have been accessed using the login credentials of two employees. It is thought that this access started in the middle of January, and up to 5.2 million customers have been affected.

Continue reading

2019's top cyberattack techniques

Cyber attack

Recorded Future has been logging sandbox submissions from its platform as mapped to the MITRE ATT&CK framework over 2019 and has released a list of the most frequently referenced tactics and techniques.

The most common tactic in the results is Defense Evasion and the most common technique Security Software Discovery. Defense Evasion involves avoiding detection by, among other things, hiding in trusted processes, obfuscating malicious scripts, and disabling security software.

Continue reading

Excel vulnerability aids delivery of malware

Spreadsheet

Microsoft office files have long been used as a means of delivering malware payloads and researchers at Mimecast have discovered a rise in LimeRAT malware delivered using an Excel default password.

Excel files are designed to be easily encrypted, which helps attackers evade detection by common malware detection systems when a file is emailed.

Continue reading

Why supply chain security is essential to digital transformation [Q&A]

supply chain

As digital transformation projects mean enterprises are sharing more and more information with customers and suppliers, added focus is placed on the security of that data.

To find out how companies can address this, while still reaping the benefits of AI, IoT and other fast growing technologies, we spoke to Fouad Khalil, VP of compliance at SecurityScorecard.

Continue reading

Organizations not adequately protected against tax phishing scams

phishing hook

With phisherfolk ever keen to cash in at the end of the tax year, a new study has analyzed the public DNS records for 200 domains likely to be impersonated for tax fraud and finds that 78 percent are not adequately protected.

The research from email security company Valimail looked at Fortune 100 businesses, US states' departments of revenue, federal tax agencies and well-known tax preparation services.

Continue reading

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.