The hackers soon uncovered a major security vulnerability in Zoom's software that could have allowed attackers to covertly control certain users' Mac computers. It was precisely the type of bug that security engineers at Dropbox had come to dread from Zoom, according to three former Dropbox engineers.
Now Zoom's videoconferencing service has become the preferred communications platform for hundreds of millions of people sheltering at home, and reports of its privacy and security troubles have proliferated.
Quite a lot has been going on:
Hacking against corporations surges as people work from home | News | Al Jazeera
Hacking activity against corporations in the United States and other countries more than doubled by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said.
Corporate security teams have a harder time protecting data when it is dispersed on home computers with widely varying setups and on company machines connecting remotely, experts said.
Even those remote workers using virtual private networks (VPNs), which establish secure tunnels for digital traffic, are adding to the problem, officials and researchers said.
Facebook Dark Web Deal: Hackers Just Sold 267 Million User Profiles For $540
Facebook is desperate to repair the reputational damage that started with the Cambridge Analytica scandal and lurched through various data protection, privacy and ad tracker scandals. This data is likely from a past breach and does not suggest current weaknesses with Facebook's systems.
DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs | ZDNet
US officials talk about all the methods the Chinese government and its agents have been using to target US companies and universities to steal intellectual property.
Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month.
Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet.
Check out this next:
China-linked ‘Electric Panda’ hackers seek U.S. targets, intel agency warns - POLITICO
A sign for the Department of Defense, which houses the Defense Counterintelligence and Security Agency. | Patrick Semansky/AP Photo
* * *
Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday.
The bulletin, obtained by Politico, is marked "unclassified/for official use only" and warns that DCSA's cyber division detected nearly 600 "inbound and outbound connections" from "highly likely Electric Panda cyber threat actors" targeting 38 cleared contractor facilities, including those specializing in health care technology.
Russian Hackers Went After San Francisco International Airport | WIRED
The argument over Apple and Google's plan to use Bluetooth to help with Covid-19 contact tracing escalated this week. But while plenty of societal and efficacy issues remain unresolved, we found answers to some of the tricker questions about the underlying tech. It's not perfect, but protects your privacy better than you might think.
Meanwhile the Pentagon handles its cybersecurity training worse than you might think, ignoring or losing track of the majority of goals it set for itself in that area five years ago. Which might be a little less alarming were this not the Department of Defense we're talking about.
Hackers Raid Crypto Firms in $25m Attacks - Infosecurity Magazine
Hackers have made off with at least $25m from two cryptocurrency firms after apparently targeting them with “reentrancy attacks” over the weekend.
The raids affected decentralized lending platform Lendf.Me, which is supported by a decentralized finance (DeFi) network known as dForce, and crypto exchange Uniswap.
According to Tokenlon , the organization behind digital currency imBTC, the attackers first struck on Saturday exploiting a vulnerability at Uniswap in combination with the ERC777 token standard.
European breaches quadruple as remote workers targetted by hackers
The coronavirus lockdown has seen the number of compromised organisations across Europe and the US nearly quadruple as more employees work from home.
According to figures released by Finland-based Arctic Security, a steep increase in compromised networks by nearly 300 per cent was observed in nine European countries and the US, mirroring the timing of the stay at home orders and the newly remote workforce.
The firm found that the number of compromised networks was less than 4,000 in January but rose to over 12,000 in March. While Italy had the highest number of compromised networks in January and February, this was eclipse by the UK in March as the lockdown came into force in that country.
Happening on Twitter
Zoom security is so bad Dropbox itself paid for disclosures: "The former Dropbox engineers said they were stunned b… https://t.co/ISWHh9Yxao dhh Mon Apr 20 14:07:07 +0000 2020
"Dropbox grew so concerned that vulnerabilities in [Zoom] might compromise its own..security that..[it] began priva… https://t.co/sptwOK3tof KimZetter (from San Francisco) Mon Apr 20 13:13:22 +0000 2020
Former Dropbox engineers say Zoom's security woes can be traced back two years or more, and they argue that the com… https://t.co/VrtA4hs7rW nytimes (from New York City) Mon Apr 20 16:20:05 +0000 2020
Still, Zoom's focus on ease of use, at the expense of everything including security, helped the app become popular.… https://t.co/tectOdTwK5 ozm Mon Apr 20 14:42:26 +0000 2020
No comments:
Post a Comment