Search Results for “BetaNews”


April 20, 2020
Ian Barker / BetaNews

Ian Barker / BetaNews  
COVID-19 Cyberattacks Soar to 14,000 Per Day, Hundreds of Malicious or Suspicious New Domains Registered Related to Stimulus Checks

COVID-19 related cyberattacks rise to an average of 14,000 a day this month, which is six times the average number of daily attacks compared to March, researchers at Check Point Security report. Between April 7 and 14, the average number of daily attacks increased sharply to 20,000, 94 percent of which were phishing. The researchers further found that in March, a total of 2,081 new domains were registered related to stimulus relief packages, with 38 being malicious and 583 suspicious. In the first week of April, 473 were registered, 18 malicious, 73 suspicious.

May 10, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Thunderspy Attack Exploits Flaw in Intel’s Thunderbolt Interface to Open New Avenue for ‘Evil Maid’ Attack

A new technique called Thunderspy can bypass the login screen of a sleeping or locked computer, and even its hard disk encryption, on Thunderbolt-enabled Windows or Linux PCs manufactured before 2019. The technique can allow attackers to gain full access to the computer’s data, Eindhoven University of Technology researcher Björn Ruytenberg revealed. Although the attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be completed in a few minutes, opening a new avenue to the so-called “Evil Maid” attack. Intel’s Thunderbolt interface, which promises faster speeds by allowing more direct access to memory, has frequently posed security problems. As a consequence, researchers recommend taking advantage of a Thunderbolt feature known as “security levels.” However, using the Thuderspy attack, attackers can even bypass this protection level. Intel, and some PC makers, say they have protection against this attack, although Ruytenberg says the flaws he found extend to Intel’s hardware, and can’t be fixed with a mere software update.

Related: Thunderspy, fossBytes, Reddit – cybersecurity, Engadget, Sensors Tech Forum, TechNadu, Silicon Republic, TechSpot, The Next Web, IT Pro, iPhone Hacks, 9to5Mac, Security News | Tech Times, fossBytes, Engadget, SecurityWeek, ZDNet Security, SlashGear » security, Neowin, Reddit – cybersecurity, The Verge, Silicon Republic, WCCFtech, BetaNews, Appleosophy, 9to5Mac, Naked Security, MSSP Alert, BGR, DataBreachToday.com, Techradar, TechWorm, Schneier on Security, Reddit-hacking, CISO MAG, TechJuice, HOTforSecurity, Ars Technica

Tweets:@a_greenberg @0Xiphorus @campuscodi @campuscodi @kennwhite @mattiasgeniar @paulmillr @markwilsonwords

Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
Sensors Tech Forum: Thunderspy Attack Used To Hack Thunderbolt Ports: Millions of PCs Affected
TechNadu: “ThunderSpy” Is Threatening to Steal Your Data Right From the Laptop Port
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
TechSpot: New Thunderbolt flaw lets hackers bypass security features in five minutes
The Next Web: There’s a new Thunderbolt bug, check if your computer is affected
IT Pro: Thunderbolt flaw exposes millions of PCs to attack | IT PRO
iPhone Hacks: Major Thunderbolt Security Exploit ‘Thunderpsy’ Allows Hacker to Steal Data from Encrypted Drive, Partially Affects macOS
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Security News | Tech Times: [HACKERS] Millions of PCs with Intel Thunderbolt Flaws are Vulnerable to Hacking; Thunderspy Attack Takes Only Five Minutes
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
SecurityWeek: Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks
ZDNet Security: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
SlashGear: New Thunderbolt hack exposes your files: How to check if you’re safe
Neowin: Thunderbolt flaw allows a hacker to obtain access to a PC’s data within minutes
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
The Verge: Thunderbolt flaw allows access to a PC’s data in minutes
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
WCCFtech: Thunderbolt Security Flaw in Intel Chips Affects All Compatible Macs and PCs
BetaNews: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines
Appleosophy: Severe Thunderbolt flaw discovered affecting Mac’s shipped between 2011-2020
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Naked Security: Thunderspy – why turning your computer off is a cool idea!
MSSP Alert: Intel Thunderbolt Vulnerability Details Explained
BGR : This Thunderbolt vulnerability puts millions of PCs in danger
DataBreachToday.com: New Thunderbolt Flaws Disclosed to Intel
Techradar: Buy Windows 10: the cheapest prices in May 2020
TechWorm: Thunderbolt Vulnerability Affects millions of PCs Manufactured Before 2019
Schneier on Security: Attack Against PC Thunderbolt Port
Reddit-hacking: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
CISO MAG: Millions of Computers Open to Thunderbolt Port Vulnerabilities
TechJuice: Major security flaw discovered in Thunderbolt-equipped devices
HOTforSecurity: Thunderspy Attack Affects all Computers with Thunderbolt Released in the Past Decade
Ars Technica: Thunderspy: What is is, why it’s not scary, and what to do about it

@a_greenberg: Dutch researcher @0Xiphorushas has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable.
@0Xiphorus: This has been a long time coming. Today we release Thunderspy. Find full details at https://thunderspy.io. Thanks to @a_greenberg for reporting. #Thunderspy #Intel #Thunderbolt
@campuscodi: Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.
@campuscodi: Oh, look. Some disclosure drama
@kennwhite: “Thunderspy [Intel exploit] enables creating arbitrary Thunderbolt device identities and cloning user-authorized Thunderbolt devices, even in the presence of Security Levels pre-boot protection and cryptographic device authentication”
@mattiasgeniar: "If your computer has a Thunderbolt port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep." tl;dr: stop using computers. ¯\_(?)_/¯ https://thunderspy.io
@paulmillr: This looks bad. An attacker could read your encrypted drive & contents of a RAM, even when the laptop is sleeping. All it takes is inserting a device into USB/Thunderbolt port. All macbooks are affected, even with Linuxes. Can't be fixed in software.
@markwilsonwords: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines https://betanews.com/2020/05/11/thunderspy-security-vulnerability/ via @BetaNews


May 19, 2020
Jasper Jolly / The Guardian

Jasper Jolly / The Guardian  
EasyJet Says Personal Data on Nine Million Customers Were Accessed in ‘Highly Sophisticated’ Cyberattack, Over Two Thousand Customers’ Credit Card Details Stolen

European budget airlines EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyberattack on the airline. The company said that email addresses and travel details were accessed, and it would contact the customers affected. Of the 9 million people affected, 2,208 had credit card details stolen, but no passport details were uncovered. Those customers whose credit card details were taken have been contacted, while everyone else affected will be contacted by 26 May. EasyJet offered no details of the hack but said it had “closed off this unauthorized access” and reported the incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO), the data regulator.

Related: BBC News, TechCrunch, Associated Press Technology, Financial Times Technology, Bloomberg, CNBC Technology, Information Age, Evening Standard, Graham Cluley, Channel News Asia, France 24, IT Pro, PerthNow, Thomas Brewster – Forbes, RT News, MediaNama: Digital Media in India, POLITICO EU, Computer Business Review, The Sun, BetaNews, Voice of America, The State of Security, The Loadstar, RTE, Sky News, Independent

Tweets:@lukOlejnik @dcuthbert @joetidy @racheltobac @zsk @jc_stubbs

BBC News : EasyJet admits nine million customers hacked
TechCrunch: Europe to Facebook: Pay taxes and respect our values — or we’ll regulate
Associated Press Technology: EasyJet reveals ‘sophisticated’ hack of customer details
Financial Times Technology: EasyJet says hackers accessed travel details of 9m customers
Bloomberg: EasyJet Says Hackers Accessed Data of 9 Million Customers
CNBC Technology: EasyJet hack leaves 9 million customers’ details exposed
Information Age: EasyJet data breached, over 9 million customers affected
Evening Standard: Millions of easyJet customers at risk after hackers access personal details
Graham Cluley: EasyJet hack impacts nine million passengers
Channel News Asia: EasyJet hit by cyber attack, hackers access 9 million customers’ details
France 24: Hackers access details of millions of easyJet passengers in cyber attack
IT Pro: Easyjet hack exposes details of nine million customers | IT PRO
PerthNow: Cyber attackers target easyJet
Thomas Brewster – Forbes: EasyJet Hacked: 9 Million Customers And 2,000 Credit Cards Hit
RT News: Hackers steal personal data of 9 million EasyJet costumers in ‘highly sophisticated’ cyber attack
MediaNama: Digital Media in India: Hackers accessed details of 9 million EasyJet customers, credit card details of 2K+ people
POLITICO EU: Easyjet cyberattack hits 9 million customers
Computer Business Review: EasyJet Hacked: 9 Million Customers Affected
The Sun: EasyJet hit by cyber attack with 9million customers details stolen
BetaNews: easyJet hit by ‘highly sophisticated’ cyberattack: 9 million customers’ details exposed
Voice of America: EasyJet Hit by Cyber Attack, Hackers Access 9 mln Customers’ Details 
The State of Security: Around 9 Million easyJet Customers’ Details Stolen in Hacking Incident
The Loadstar: SN: EasyJet: Nine million customers’ details ‘accessed’ by hackers
RTE: EasyJet hit by ‘highly sophisticated’ cyber attack
Sky News: EasyJet: Nine million customers’ details ‘accessed’ by hackers
Independent: EasyJet hacked: 9M customers’ details stolen

@lukOlejnik: Hacked EasyJet. Stolen data of 9M customers, for >2000 of them this includes credit card numbers. Users to be contacted gradually. Certainly not a good time to be an airline :)
@dcuthbert: My personal details are 99% included in this. So, let's play a game shall we? #easyjet
@joetidy: EasyJet’s stock exchange notice about the cyber attack here. Looks like they’ve taken all the correct steps (notifying ICO/ NCSC) etc but if the hack happened in Jan - why are we only learning of it now? http://otp.investis.com/clients/uk/easyjet1/rns/regulatory-story.aspx?cid=2&newsid=1391756
@racheltobac: Prepare to receive phishing emails, texts or calls pretexting as your bank looking to investigate fraud on your account, airlines attempting to cancel, rebook, or alert you to changes on your account, and much more. Contact back using 2nd form of comms ImpRobot face
@zsk: And now my inbox overfloweth with "comments" from PR people's cybersecurity clients, all of whom are scrambling trying to connect the EasyJet data breach with the Covid19 pandemic.
@jc_stubbs: Scoop >> The cyberattack disclosed by #easyJet earlier today is thought to be the work of a suspected Chinese hacking group that has targeted multiple airlines in recent months, two sources tell @Reuters


April 7, 2020
Supantha Mukherjee, Ben Blanchard / Reuters

Supantha Mukherjee, Ben Blanchard / Reuters  
Taiwan and Canada Join the Ranks of Governments That Are Banning Zoom Due to Perceived Security Flaws

Taiwan and Canada are joining the growing ranks of governments around the globe that are banning the Zoom videoconferencing app in government offices due to its reported and perceived security flaws. Zoom is currently facing backlash from users worried about the lack of end-to-end encryption of meeting sessions and “zoombombing,” where uninvited guests crash into meetings. Taiwan’s cabinet said in a statement that government agencies “should not use products with security concerns, like Zoom.”

Related: TechCrunch, BetaNews, NDTV Gadgets360.com, Quartz,Business Insider, The Hill, TechRepublic, MarketWatch.com – Software Industry News, Motley Fool, Daily Dot, HealthITSecurity, E-Commerce Times, CNN.com, ZDNet, diginomica government, ForbesHotHardware.com

TechCrunch: Taiwan’s government bars its agencies from using Zoom over security concerns
BetaNews: Taiwanese government bans agencies from using Zoom because of security concerns
NDTV Gadgets360.com: Zoom Meeting App Continues to Battle Privacy Concerns, Increased Competition
Quartz: Taiwan is taking cybersecurity seriously by banning the use of Zoom in government
Business Insider: Taiwan’s government bans official use of Zoom, days after the firm admitted to ‘mistakenly’ routing some calls through China
The Hill: Democratic senator criticizes Zoom’s security and privacy policies
TechRepublic: Zoom’s security flaws: Has it done enough to fix them?
MarketWatch.com – Software Industry News: Zoom Video lurches from boom to backlash amid privacy issues, ‘Zoom bombing’ attacks
Motley Fool: Zoom Has Gotten Ahead of Itself
Daily Dot: Senator calls for federal investigation into Zoom’s ‘deceptive’ practices
HealthITSecurity: Zoom to Halt Feature Development to Bolster Privacy, Security for COVID-19
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
CNN.com: Zoom CEO apologizes for having ‘fallen short’ on privacy and security
ZDNet: Microsoft Teams vs Zoom video meetings: Microsoft touts superior security and privacy
diginomica government: WFH darling Zoom is a security and privacy disaster – let me count the ways
Forbes : Microsoft Just Dealt A New Blow To Zoom With This Bold Security Move
HotHardware.com: Microsoft Dunks On Zoom Touting Strict Security And Privacy Regimen In Microsoft Teams


March 4, 2020
Jim Salter / Ars Technica

Jim Salter / Ars Technica  
Let’s Encrypt Finds Software Bug That Will Result in Millions of Revoked Certificates If Admins Don’t Force Renewals by March 4

Non-profit certificate authority Let’s Encrypt discovered a bug in its CAA (Certification Authority Authorization) code that opens up a window of time in which a certificate might be issued even if a CAA record in that domain’s DNS should prohibit it. To err on the side of caution, Let’s Encrypt is evoking any currently issued certificates it can’t be certain are legitimate. The organization is urging users to renew and replace their affected certificate(s) by Wednesday, March 4, 2020. The bug Let’s Encrypt discovered is in Certificate Authority software called Boulder, which failed to check all the domains on servers that Let’s Encrypt authorizes, potentially allowing in domains that should not be authorized for up to 30 days. Admins of affected servers must perform manual force-renewals; otherwise, their websites, amounting to at least three million, will show TLS security warnings due to revoked certificates.

Related: The Mac Observer, Threatpost, BleepingComputer.com, Neowin, ZDNet, Blog – Wordfence, Slashdot, The Register, Let’s Encrypt,
Security – Computing, Scott Helme, The Hacker News, BetaNews


March 23, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Are Exploiting Windows Zero-Day in Adobe Type Manager Library to Take Over Systems, Patch Not Yet Available

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said, with the zero-day located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows. There are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf. All current and supported Windows and Windows Server operating systems are vulnerable. A patch is not available, although Microsoft hinted one would become available by the next Patch Tuesday on April 14.  Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.

Related: Threatpost, BleepingComputer.com, CyberSecurity Help s.r.o., The Register – Security, Help Net Security, CERT Recently Published Vulnerability Notes, SecurityWeek, Tenable Blog, Ars Technica, Security News | Tech Times, The Hacker News, TechNadu, Engadget, HotHardware.com, Slashdot, Bitcoinist.com, TechCrunch, Microsoft, fossBytes, BusinessLine – Home, The Next Web, Security Intelligence, GBHackers On Security, Windows Central, SC Magazine, RAPPLER, HOTforSecurity, Verdict, The Sun, Techradar, Infosecurity Magazine, gHacks, BetaNews, Softpedia News, SiliconANGLE

Tweets:@msftsecresponse

Threatpost: Microsoft Warns of Critical Windows Zero-Day Flaws
BleepingComputer.com: Microsoft Warns of Hackers Abusing Windows Adobe Library Zero-Days
CyberSecurity Help s.r.o.: Remote code execution in Adobe Type Manager Library in Microsoft Windows
The Register – Security: It’s 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
Help Net Security: Windows users under attack via two new RCE zero-days
CERT Recently Published Vulnerability Notes: VU#354840: Microsoft Windows Type 1 font parsing remote code execution vulnerabilities
SecurityWeek: Hackers Target Two Unpatched Flaws in Windows Adobe Type Manager Library
Tenable Blog: Adobe Type Manager Library Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild (ADV200006)
Ars Technica: Windows code-execution zeroday is under active exploit, Microsoft warns
Security News | Tech Times: Are Hackers Working in the Wild? Microsoft Warns of Windows Zero-Day Hacking Exploitation
The Hacker News: Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
TechNadu: Windows Defender in Windows 10 is Skipping Files When Scanning
Engadget: Microsoft warns Windows users of two security holes already under attack
HotHardware.com: Another Windows 10 Update Is Causing Problems, This Time With Windows Defender
Slashdot: Microsoft Says Hackers Are Attacking Windows Users With a New Unpatched Bug
Bitcoinist.com: Microsoft 10 Security Flaw Threatens Crypto Users
TechCrunch: Microsoft says hackers are attacking Windows users with a new unpatched bug
Microsoft: ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
fossBytes: A ‘Critical’ Unpatched Flaw Has Affected All Versions Of Windows: Microsoft
BusinessLine – Home: Microsoft working on fixing ‘critical’ security flaw affecting Windows users
The Next Web: An open Windows vulnerability lets attackers install malware through documents
Security Intelligence: TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany
GBHackers On Security: Hackers Exploiting 2 Unpatched Windows 0-Day Vulnerabilities in Wide – Microsoft Warns
Windows Central : Need to quickly screen-record an app? Use this hidden feature in Windows 10
SC Magazine: Unpatched Windows Zero-Day flaws exploited, Microsoft says | SC Media
RAPPLER: Hackers attacking Windows users using unpatched vulnerability – Microsoft
HOTforSecurity: Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming
Verdict: Unpatched Windows 10 vulnerability exploited by hackers as working from home rises
The Sun: Microsoft warns Windows users of ‘critical’ hack attack with NO fix available – how to avoid it
Techradar: This major new security flaw affects all versions of Windows – here’s what you need to know
Infosecurity Magazine: Microsoft: Targeted Attackers Are Exploiting Two Zero-Day Bugs
gHacks: Critical font parsing issue in Windows revealed (fix inside)
BetaNews: There’s a simple fix for the Windows Defender bug in Windows 10
Softpedia News: How to Fix Windows Defender Skipping Files During Scans
SiliconANGLE: Windows vulnerabilities being targeted by hackers and no patch is available

@msftsecresponse: Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006


March 24, 2020
Lily Hay Newman / Wired

Lily Hay Newman / Wired  
Google Removed Over Fifty Apps From Its Play Store That Are Part of New Adware Family Tekya, Twenty-Four Apps Were Specifically Aimed at Children

At the beginning of March, Google removed 56 applications from its Play Store that had been downloaded almost a million times and are part of a new malware family dubbed ‘Tekya’ by researchers at Check Point who discovered the apps. The apps appeared benign but were tainted with adware. Although more than half the apps claimed to be simple utilities like calculators, translation tools, or cooking apps, twenty-four were explicitly targeted at kids offering child-appealing options such as puzzles and racing games.

Related: Engadget, PYMNTS.com, Cyberscoop, Check Point Research, The Next Web, BetaNews, The Hacker News

Tweets:@TheHackersNews @TheHackersNews


March 28, 2020
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Zoom Updates iOS App to Stop Sending Data to Facebook

Video-conferencing software company Zoom issued an update to its iOS app, which stops it from sending certain pieces of data to Facebook. A Motherboard analysis had revealed this privacy faux pas. Motherboard discovered that when a user opened the app, their timezone, city, and device details were sent to the social network giant.

Related: Neowin, MacRumors, iMore, TechWorm, The Sun, BetaNews, Verdict, BGR, Cult of Mac, Quartz


April 2, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Cloudflare Introduces New Privacy-Focused DNS Resolver 1.1.1.1 for Families to Help Safeguard Children’s Online Security and Privacy

Cloudflare introduced a new tool called 1.1.1.1 for Families, which it touts is the easiest way to add a layer of protection to home networks and protect them from malware and adult content. It is a privacy-focused DNS resolver designed to help parents in their efforts to safeguard their children’s online security and privacy by automatically filtering out bad sites. 1.1.1.1 for Families comes with two options: the first one will automatically block malware content only, while the second is designed to prevent both malware and adult content from reaching your children while they browse the web.

Related: How-To Geek, The Register – Security, Slashdot, ZDNet, Android Police, BetaNews, SlashGear, gHacks, Cloudflare

Tweets:@Cloudflare


Romain Dillet / TechCrunch

Romain Dillet / TechCrunch  
Zoom CEO Apologizes for Security and Privacy Glitches, Says Company Will Implement 90-Day Feature Freeze and Work with Third-Party Experts to Produce Transparency Report

Wildly popular videoconferencing app Zoom has been battered with a series of privacy and security controversies since its meteoric rise during the COVID-19 crisis even as the company has quickly signed up 200 million new users. In the wake of these controversies, CEO Eric S. Yuan has written a lengthy blog post to address some of the concerns around Zoom. In particular, Yuan said that Zoom is enacting a 90-day feature freeze during which the company won’t ship any new feature until it is done fixing the current feature set. Zoom will also work with third-party experts and prepare a transparency report. Yuan apologized for the glitches saying that “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.”

Related: Forbes, CNET, Neowin, BusinessLine – Home, iPhone Hacks, Engadget, The Verge, Business Insider, TechJuice, HOTforSecurity, Computer Business Review, GeekWire, Reuters: Top News, PhoneArena, Android Authority, ZDNet Security, ExtremeTech, MobileSyrup.com, WCCFtech, Trusted Reviews, TechNadu, RTE, E-Commerce Times, GBHackers On Security, 9to5Mac, Digital Trends, Telecomlive.com, Android Central , iMore, Windows Central ,South China Morning Post, Big News Network, Thomas Brewster – Forbes, Android Authority, Graham Cluley, Telecompaper Headlines, MobileSyrup.com, The Financial Express, Security AffairsUbergizmo, ET news, Fast Company, USA Today, SlashGear » security, City A.M. – Technology, The State of Security, TechWorm, The Hill, CBSNews.com, The Next Web, E Hacking News, BBC News, Digital Trends, BetaNews, The Verge, Tom’s Guide News, Zoom

Tweets:@josephfcox @TheHackersNews @runasand @ashk4n

Forbes : Zoom Just Made These Powerful COVID-19 Security And Privacy Moves Following Outcry
CNET: Zoom boss says it’ll freeze feature updates to address security issues
Neowin: Zoom to fix security and privacy issues in 90-day feature freeze
BusinessLine – Home: Zoom announces 90-day freeze on feature updates to focus on privacy and security
iPhone Hacks: Zoom Announces 90 Days Feature Freeze, Will Work on Improving the Security Of Its Platform
Engadget: Zoom vows to win back user trust with extensive security review
The Verge: What Zoom doesn’t understand about the Zoom backlash
Business Insider: Zoom’s CEO apologizes for its many security issues as daily users balloon to 200 million
TechJuice: ‘Zoombombing’ is becoming an issue amid rising popularity due to coronavirus
HOTforSecurity: Zoom-bombing: FBI warns of rise in teleconference hijacking amid stay-at-home order
Computer Business Review: Zoom Security Storm: Company Apologises, Hackers Squabble
GeekWire: Zoom Security Storm: Company Apologises, Hackers Squabble
Reuters: Zoom pulls in more than 200 million daily video users during worldwide lockdowns
PhoneArena: SpaceX employees forbidden from using the Zoom app over privacy concerns
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
ZDNet Security: Zoom: We’re freezing all new features to sort out security and privacy
TechCrunch: Zoom freezes feature development to fix security and privacy issues
ExtremeTech: Zoom’s Security and Privacy Practices Kind of Zuck
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
WCCFtech: Zoom Gets Banned at SpaceX Following Privacy Concerns
Trusted Reviews: Why Zoom is attracting so much criticism right now
RTE: Zoom stops product development to fix security issues
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
9to5Mac: Zoom penetration tests commissioned to improve ‘trust, safety and privacy’
Digital Trends: SpaceX tells workers to ditch Zoom over ‘significant’ privacy concerns
Android Central : Zoom apologizes over security and privacy issues and freezes new features
iMore: Zoom apologizes over security and privacy issues and freezes new features
Windows Central : Zoom apologizes over security and privacy issues and freezes new features
Channel News Asia: Elon Musk’s SpaceX bans Zoom over privacy concerns
Tech Insider: Elon Musk’s SpaceX bans Zoom over security and privacy concerns
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
Graham Cluley: Zoom promises to improve its security and privacy as usage (and concern) soars
Telecompaper Headlines: Zoom promises full security review as users pass 200 mln per day
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
The Financial Express: Has Zoom got it right on security?
Security Affairs: Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak
Ubergizmo: Zoom Pledges To Spend The Next 90 Days Fixing Its Privacy And Security Issues
ET news: Security snafus exhumed amid Zoom boom
Fast Company: Elon Musk’s SpaceX bans employees from using Zoom over ‘significant privacy and security concerns’
USA Today: Zoom to focus on security, privacy, CEO says, as usage booms during coronavirus crisis
SlashGear » security: Zoom CEO responds: What happens next for hit video calling app
City A.M. – Technology: Zoom vows to fix security issues as it hits 200m daily users
The State of Security: Zoom promises to improve its security and privacy as usage (and concern) soars
TechWorm: Zoom Security Vulnerability Leaks Windows Login Credentials To Hackers
The Hill: Zoom vulnerabilities draw new scrutiny amid coronavirus fallout
CBSNews.com: FBI warns of online attacks on video conference app Zoom
The Next Web: After a litany of security fuck-ups, Zoom promises weekly updates
E Hacking News: Hackers use fake Zoom domains to spread malware
BBC News: Zoom boss apologises for security issues and promises fixes
Digital Trends: Zoom freezes development of new features to fix privacy issues
Trusted Reviews: Why Zoom is attracting so much criticism right now
BetaNews: Zoom issues an apology for privacy and security issues, will enact a feature freeze to focus on fixes
The Verge: Zoom announces 90-day feature freeze to fix privacy and security issues
Tom’s Guide News: Zoom privacy and security issues: Here’s everything that’s wrong (so far)
Zoom: A Message to Our Users

@josephfcox: Zoom announces several changes, such as a "feature freeze" and moving all engineering resources to fixing privacy and security issues; enhancing its bug bounty program https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
@TheHackersNews: UPDATE: After facing backlash over #privacy & security concerns, #Zoom today issued updates to patch some recently disclosed flaws & also announced to enhance its #bugbounty program and shift all of its engineering resources to resolve further issues. https://thehackernews.com/2020/04/zoom-windows-password.html
@runasand: Letter from @zoom_us CEO @ericsyuan outlines what the company has done and will do moving forward to address issues and concerns, including shifting “engineering resources to focus on our biggest trust, safety, and privacy issues.”
@ashk4n: I have to say the response from @zoom_us to all the privacy, security, and #abusability issues surrounding their platform is very good: CEO acknowledges the specific problems, lays out steps they’re taking to fix them, and clear communicates steps to users