News

  The feature, criticized for “undisclosed data-mining,” is only the latest privacy faux pas for Zoom this month. Zoom has nixed a feature that came under fire for “undisclosed data mining” of users’ names and email addresses, used to match them with their LinkedIn profiles. The feature, the LinkedIn Sales Navigator, is a LinkedIn service used for sales prospecting. When users enter a web conference meeting, the tool automatically sent their user names and email...

OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. "It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020," said Ace, the forum's administrator. The attacker is believed to have stolen the details of more than 200,000 users, the...

The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera. Two zero-day flaws have been uncovered in Zoom’s macOS client version, according to researchers. The web conferencing platform vulnerabilities could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera. The two flaws, uncovered by Patrick Wardle, principle security researcher with Jamf, emerge as Zoom comes under increased scrutiny over...

  A new campaign is spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. LimeRAT is a simple Trojan designed for Windows machines. The malware is able to install backdoors on infected machines and encrypt files in the same way as typical ransomware strains, add PCs to botnets, and install cryptocurrency miners. Source: ZD Net

  With many malicious websites, a user typically needs to click on a link to set off a chain of events that could then lead to a malware infection. But in some cases, all you have to do is visit a particular site to trigger a possible malware attack. That's true with a series of sites discovered by security provider Kaspersky last December. In a report published Tuesday, Kaspersky detailed the behavior of several watering...

  With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer's master boot record (MBR). With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created only as tests or jokes. The common theme among all four samples is that they use...

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors. A pair of security vulnerabilities in the WordPress search engine optimization (SEO) plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. It’s a WordPress plugin with more than 200,000 installations. According to researchers with Wordfence, one of the flaws is...

The public nominations for the seventh annual European Cybersecurity Blogger Awards 2020 have been collated and finalists announced. To see the full list of nominees and cast your votes in each category, click here: https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform Don't miss your chance to vote for your favourite bloggers, vlogger, podcasters or social media accounts in each of the 13 categories. The first round of public nominations is complete, and you now have the chance to vote for your...

As mentioned in previous articles, Securonix, has devoted an entire taskforce to outlining key threats that are appearing under the guise of COVID-19 themed domain names or emails. The threat research team has been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors such as:    Ransomware using weaponized COVID-19/coronavirus-related documents disrupting critical healthcare and other businesses’ operations;  Custom COVID-19 themed phishing attacks involving malicious documents to steal remote workforce credentials and infiltrate various organizations;  Malware using...

A company claiming to provide “the world’s most secure online backup” leaked metadata and customer information in over 135 million records after misconfiguring an online database, Infosecurity has learned. The team at vpnMentor discovered the privacy snafu as part of its ongoing web mapping project that has already uncovered major cloud data leaks at brands including Decathlon, PhotoSquared and Yves Rocher. Source: InfoSecurity