5 hours ago

Justice Department Accuses China Telecom of Lying About Its Cybersecurity Practices, Says the Company Is a National Security Risk, Asks FCC to Block Its Licenses

In the Trump Administration’s latest bid to push China out of U.S. telecom infrastructure, the Justice Department has recommended to the Federal Communications Commission that it block China Telecom from operating in the U.S. by revoking its licenses and warned that the China-backed company was creating “substantial and unacceptable” national security and law enforcement risks for the U.S. The Justice Department said its recommendations were based on new information about China’s alleged role in “malicious cyber activity” targeting the U.S., and fears that China Telecom was vulnerable to exploitation, influence, and control by the Chinese government. The principal law enforcement agency also said that China Telecom had made inaccurate statements to the U.S. regarding its cybersecurity practices and the “nature” of its U.S. operations, which the department said was giving Chinese state actors opportunities to engage in malicious cyber-activity enabling economic espionage and the “misrouting” of U.S. communications. China Telecom denied the allegations claiming that it has been extremely cooperative and transparent with regulators. (The Guardian)
6 hours ago

Zoom Issues Fixes to Stop Leaking of Meeting IDs by Removing IDs From Title Bar, Goal Is to Reduce Zoombombing

Following highly publicized incidents in which Zoom users were shown to be leaking their meeting IDs, and even meeting passwords, when sharing screenshots of their meetings on social media, Zoom released an update for its Linux, Mac, and Windows apps that removes the meeting ID from the app’s title bar. The leaks of meeting IDs led to Zoombombing, where trolls search for meeting IDs online and then disturb meetings by playing porn videos, hurling insults, or making disturbing comments. By hiding the meeting IDs, Zoom hopes to curb Zoombombing. Also, Zoom fixed an issue with its meeting waiting rooms that allowed users to spy on meetings even if they weren’t approved to attend them. (ZDNet)
21 hours ago

Travelex Paid Ransomware Hackers $2.3 Million in Bitcoin After Its Crippling New Year’s Attack, Source

London-based foreign exchange company Travelex, which was crippled on New Year’s Eve and into the first weeks of 2020 by a ransomware attack, paid the ransomware hackers the equivalent of $2.3 million using 285 bitcoin to make the problem go away and retrieve their encrypted files, according to a person familiar with the transaction. Travelex was hit with ransomware called Sodinokibi, also commonly referred to as REvil or Sodin. The company was forced to take its internal networks and customer-facing systems offline for many weeks after the attack. The incident disrupted cash deliveries from Travelex’s global network of vaults to divisions of major international banks including Barclays and Lloyds Banking Group in the U.K. A group of hackers who claimed responsibility for the Travelex attack said in an online discussion with The Wall Street Journal in January that they had received the bitcoin payment. Most law enforcement agencies, including the U.K.’s National Crime Agency, advise against paying ransomware attackers. (Wall Street Journal)
21 hours ago

Cloud Security Company Zscaler to Buy Cloud Security Posture Management Company Cloudneeti

San Jose, Calif.-based cloud security company Zscaler has agreed to purchase cloud security posture management startup Cloudneeti. Terms of the deal were not disclosed, but the acquisition is expected to close by the end of the month. Redmond, WA-based Cloudneeti was founded in 2017 and works with managed service providers and risk advisors to deliver cloud security assessments, DevSecOps, and security and compliance assurance in the cloud. (CRN)
21 hours ago

Bugcrowd Raises $30 Million in Series D Round of Venture Funding

Crowdsourced bug bounty and vulnerability disclosure platform Bugcrowd has raised $30 million in its Series D funding round led by Rally Ventures and including unnamed new and existing investors. Bugcrowd CEO Ashish Gupta said the $30 million would help the company ramp up the expansion of its platform, particularly in Europe and Asia. (TechCrunch)
1 day ago

Investcorp Technology Partners Buys Antivirus and Identity Management Company Avira as Part of Broader Security Consoliation

Investcorp Technology Partners, the PE division of Investcorp Bank, has purchased Avira, a cybersecurity company based out of Germany that provides antivirus, identity management, and other tools both to consumers and as a white-label offering from several big tech brands. The deal is part of a broader security consolidation acquisition play by Investcorp. Although terms of the agreement were not revealed, Travis Witteveen, and ITP’s MD, Gilbert Kamieniecky, both said it gives Avira a total valuation of $180 million. (TechCrunch)
1 day ago

Newly Discovered IoT Botnet dark_nexus Is Purportedly One of the Most Advanced Ever Seen, Developed by Well-Known Botnet Author

A newly discovered IoT botnet dubbed dark_nexus that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers at Bitdefender report. Bitdefender says the botnet uses the name dark_nexus in one of its earliest versions, using the name in its user agent string when carrying out exploits over HTTP: dark_NeXus_Qbot/4.0, citing Qbot as its influence. Although dark_nexus uses some Qbot and Mirai code, its core modules are mostly original. The IoT botnet seems to have been developed by a known botnet author, @greek.helios, who has been selling DDoS services and botnet code for years, Bitdefender says. (Ars Technica)
1 day ago

U.S. Senate, Google Become Latest Groups to Ban Use of Zoom Due to Data Security Concerns, Pentagon Says Military Personnel Can Continue to Use the Popular Video Service

The U.S. Senate and Silicon Valley giant Google have become the latest organizations to tell their members and employees not to use Zoom because of concerns about data security on the video conferencing platform that has boomed in popularity during the coronavirus crisis. The Senate sergeant at arms has warned all senators against using the service, according to three people briefed on the advice. The Senate’s position runs slightly counter to the Department of Homeland Security’s praise for the company’s efforts to improve its security during a short time of massive and unexpected growth. Also, the Pentagon told the Financial Times it would allow military personnel to continue using the popular video service. Google last week decided that the Zoom Desktop Client will no longer run on corporate computers because it does not meet the security standards for apps used by its employees. (Financial Times)
1 day ago

Three Academic Teams Are Racing to Develop COVID-19 Contact Tracing Apps That Flatten the Curve on Government Snooping and Virus Infections At the Same Time

Teams of researchers are racing to develop COVID-19 contact tracing apps that notify potentially exposed users without handing over location data to the government, even going so far to focus on developing systems that keep infected users’ identity private while still notifying those who have come in contact with those users. The groups that are attempting to “flatten the curve” on authoritarianism, as well as the number of infections, include COVID Watch, led by Stanford computer scientist Cristina White, an MIT project called Private Kit: Safe Paths, and a project proposed to the Canadian government by a group of computer scientists from the University of Pennsylvania, the University of Toronto, and McGill University. The three teams are all collaborating with each other to some degree. (Wired)
1 day ago

Cloud Giant Box Adds Advanced Security Solutions in Box Shield As Working From Home, COVID-19 Scams Put Pressure on Cloud-Based Security

With COVID-19 creating a fertile landscape to exploit workers at home who rely on cloud-based solutions, cloud giant Box announced it is adding automated malware detection and controls in Box Shield, the company’s advanced security solution for protecting content in the cloud. The new capabilities expand Box protection in three ways: enabling safe preview and online editing of files in Box while displaying the security risk to end-users, automatically restricting downloading and sharing of malicious files to prevent the spread to more users and devices and generating alerts to notify security teams when a file uploaded to Box contains malware. (Venture Beat)
1 day ago

U.S. and British Cybersecurity Authorities Warn of Increasing Scams and Phishing Threats by APT Actors, Cybercriminals Exploiting COVID-19 Fears

U.S. and British cybersecurity authorities warned in a special alert that cybercriminals are increasingly exploiting fears surrounding COVID-19 to target individuals and businesses with scams and phishing threats. The joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) advises that growing use of COVID-19-related themes by malicious cyber actors combined with the mass advent of teleworking amplifies the threat to individuals and organizations. These efforts include actions by both nation-state advanced persistent threat groups as well as common cybercriminals. (Wall Street Journal)
1 day ago

Fingerprint Molds Were Able to Bypass Authentication Locks of Apple, Microsoft, Samsung, Huawei Around 80% of the Time

Over a test period that lasted several months, fake fingerprints were able to bypass sensors at least once roughly 80 percent of the time for fingerprint authentication offered by Apple, Microsoft, Samsung, Huawei, and three lock makers, researchers at Cisco Talos report. The researchers used more than 50 fingerprint molds, attempting 20 times for each model using the best fingerprint models of the lot, so this kind of fingerprint cloning would be challenging to replicate in the real world.  The AICase padlock and Huawei’s Honor 7x and Samsung’s Note 9 Android phones were the easiest to fool and were bypassed 100 percent of the time. Fingerprint authentication in the iPhone 8, MacBook Pro 2018, and the Samsung S10 came next, where the success rate was more than 90 percent. Five laptop models running Windows 10 and two USB drives—the Verbatim Fingerprint Secure and the Lexar Jumpdrive F35—performed the best, with researchers achieving a 0-percent success rate. (Ars Technica)
2 days ago

Former Facebook CSO and Head of Stanford Cyber Policy Center Alex Stamos to Guide Zoom on Security Policy as Outside Consultant, Zoom Forms CISO Council Composed of Infosec Leaders

Former Facebook and Yahoo Chief Security Officer Alex Stamos, who currently leads the Stanford Internet Observatory Cyber Policy Center, is joining Zoom as an outside security consultant, Stamos announced in a Medium post. Stamos said that Zoom CEO Eric Yuan approached him for the move after the former Facebook CSO defended Zoom when the company was getting buried under an avalanche of bad press. Stamos is joining Zoom as an advisor and not as an employee or CSO. Also, Zoom announced the creation of a CISO Council and Advisory Board, which will include cybersecurity leaders from other companies, including VMware, Netflix, Uber, Electronic Arts, and others. (ZDNet)
2 days ago

Zoom Hit With Class-Action Lawsuit by Shareholder Who Claims Company Failed to Disclose Security Problems, Despite News of the Suit Zoom’s Stock Rises More Than 4%

Zoom has been hit with a class-action lawsuit by one of its shareholders, Michael Drieu, in the U.S. District Court for the Northern District of California. Drieu alleges the company failed to disclose issues with its video conferencing platform’s privacy and security, a failure that has caused the company’s stock price to tumble.  Despite news of the lawsuit, Zoom stock was up more than 4% on Wednesday morning. (CNBC)
2 days ago

Accenture Acquires Operational Technology Startup Revolutionary Security to Help Critical Infrastructure Companies Mitigate Risk

Irish CRN solution provider Accenture has purchased operational technology security startup Revolutionary Security to help organizations with critical infrastructure prioritize actions that mitigate cyber risks within their enterprise. The Blue Bell, PA-based Revolutionary Security offers assessment and testing services, the ability to design and build security programs and functions, as well as security operations across clients’ IT and OT systems. The deal, for which financial terms were not disclosed, is aimed to help Accenture’s push to triple the size of its critical infrastructure and OT security business over three years. (CRN)