Search Results for “ZDNet”


April 10, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Zoom Issues Fixes to Stop Leaking of Meeting IDs by Removing IDs From Title Bar, Goal Is to Reduce Zoombombing

Following highly publicized incidents in which Zoom users were shown to be leaking their meeting IDs, and even meeting passwords, when sharing screenshots of their meetings on social media, Zoom released an update for its Linux, Mac, and Windows apps that removes the meeting ID from the app’s title bar. The leaks of meeting IDs led to Zoombombing, where trolls search for meeting IDs online and then disturb meetings by playing porn videos, hurling insults, or making disturbing comments. By hiding the meeting IDs, Zoom hopes to curb Zoombombing. Also, Zoom fixed an issue with its meeting waiting rooms that allowed users to spy on meetings even if they weren’t approved to attend them.

Related: HOTforSecurity, WonderHowTo, Cyberscoop, Graham Cluley

Tweets:@campuscodi @campuscodi @campuscodi @rondeibert


April 21, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
All-Purpose Trickbot Malware Now Delivered Via Fake COVID-19 Medical Advice Emails From Volunteer and Humanitarian Groups

The gang behind the Trickbot malware sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, each to install Trickbot malware via unique “macro-laced” malicious document attachments inside the message, researchers at Microsoft Security Intelligence warn. The attacks take the form of phishing emails claiming to be from volunteer and humanitarian groups offering COVID-19 testing. Although it started as a banking Trojan, Trickbot has evolved and is now capable of delivering keyloggers, trojans, and ransomware onto compromised computers, as well as the ability to maintain persistence on infected machines. It can also allow hackers to move around networks via the EternalBlue vulnerability, as well as operating with botnet-like capabilities to help further the spread of infections.

Related:  CISO MAG,  ZDNet, Newslocker, Infosecurity Magazine, HotHardware.com, DataBreachToday.com

Tweets:@MsftSecIntel


April 24, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
ESET Took Down Monero-Mining VictoryGate Botnet That Infected More Than 35,000 Computers in Mostly Latin America

A malware botnet dubbed VictoryGate that infected more than 35,000 computers, mostly in Latin America, specifically Peru, since May 2019, has been taken down by Slovak cyber-security firm ESET. The botnet’s primary purpose was to infect victims with malware that mined the Monero cryptocurrency behind their backs. ESET reported and took down the botnet’s command and control (C&C) server and set up a fake one (called a sinkhole) to monitor and control the infected hosts. The firm is now working with Shadowserver Foundation to notify and disinfect all computers who connect to the sinkhole.

April 13, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Dutch Police Take Down Fifteen DDoS-for-Hire Services, Bust Teen Suspected of Launching Attacks Against Dutch Government Websites

Dutch police, with support from web hosting companies, domain registrars, Europol, Interpol, and the FBI. said they successfully took down 15 DDoS-for-hire services in the span of a week, as part of one of their most successful crackdowns against online DDoS service providers, arresting a 19-year-old man suspected of launching a DDoS attack against MijnOverheid.nl, a portal where Dutch citizens receive documents from the Dutch government, and Overheid.nl, a general-purpose government information portal.

June 4, 2020
Liam Tung / ZDNet

Liam Tung / ZDNet  
Cisco Issues Security Updates That Patch More Than Two Dozen Flaws In Its Industrial Routers, Switches

As part of its semi-annual advisory bundle for IOS XE and IOS networking software, Cisco issued 23 advisories describing 25 vulnerabilities, including four critical security flaws affecting router equipment that uses its IOS XE and IOS software. The most critical flaw, CVE-2020-3227, concerns the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software, which allows a remote attacker without credentials to execute Cisco IOx API commands without proper authorization. All four bugs were found by Cisco’s penetration testing squad, the Cisco Advanced Security Initiatives Group.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Massive Campaign Carried Out From 20,000 IP Addresses Targeted WordPress Sites to Extract Database Credentials

A massive campaign against WordPress websites was launched over the past weekend, attacking old vulnerabilities in unpatched plugins to download or export wp-config.php files from unpatched sites, extract database credentials, and then use the usernames and passwords to take over databases, according to researchers at firewall company Wordfence. The campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem, the researchers say.  The attacks were carried out from a network of 20,000 different IP addresses. Most of these IPs were also previously used in another large-scale campaign that targeted WordPress sites at the start of May.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Google Rolls Out iOS App Updates That Support WebAuthn-Capable Security Keys

Google started rolling out an update to its iOS apps and online services that adds support for WebAuthn-capable security keys. The update allows iOS device owners to use security keys via W3C WebAuthn, today’s most advanced standard for passwordless authentication. Once the devices are configured, users will be able to verify their identity and log into Google’s iOS apps and Google-owned websites via the Safari browser using modern security keys. These keys include a USB-A and Bluetooth Titan Security Key, YubiKey 5Ci, or any USB security key, USB-C security keys if an iOS device has a USB-C port and the iPhone itself.

June 3, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
DopplePaymer Ransomware Gang Says It Successfully Breached Network of NASA IT Contractor and Accessed NASA-Related Files

The DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI). This Maryland-based company provides managed IT and cyber-security services on demand and is an IT contractor for NASA, as well as other government agencies and Fortune 500 companies. The ransomware gang was able to access NASA-related files, suggesting they breached DMI’s NASA-related infrastructure. The DopplePaymer gang also posted a list of 2,583 servers and workstations that hackers claim are part of DMI’s internal network, and which they have encrypted and are now holding for ransom.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Cybersecurity Incidents at U.S. Federal Agencies Dropped by 8% in 2019 Due to Decline in Successful Phishing Attacks, Web Compromises and Loss of Devices, Report

The number of cybersecurity incidents recorded at US federal agencies in 2019 went down by 8%, according to the latest annual report on the Federal Information Security Modernization Act (FISMA) of 2002 released by the White House’s Office of Management and Budget (OMB). According to the report, US federal agencies said they suffered 28,581 cybersecurity incidents in 2019, a number that went down by 8% from 31,107 incidents reported in 2018. The reduction stemmed from the fact that agencies saw fewer incidents stemming from successful phishing attacks, website/web app compromises, and loss of devices. However, agencies also saw a rise in brute-force attacks, attacks executed with removable media (USB devices, external hard drives), and incidents caused by the improper use of a federal agency service or device.

June 1, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Joomla Announces Security Breach, Unencrypted Backup File Left on Amazon S3 Bucket Exposing Details on 2,700 Registered Users

The team behind the Joomla open source content management system (CMS) announced a security breach that took place after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site (resources.joomla.org) on an Amazon Web Services S3 bucket the company owned. The backup file was not encrypted and contained details for around 2,700 users who registered and created profiles on the JRD website, a portal where professionals advertise their Joomla site-making skills. Among the data that could have been exposed were names, addresses, email addresses, phone numbers, company URLs, encrypted passwords (hashed), and more. The Joomla team said that once it learned of this accidental leak of the JRD site backup, they carried out a full security audit of the JRD portal.