A newly discovered botnet that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers said on Wednesday. Its list of advanced features includes the ability to disguise malicious traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs. READ MORE...
American and British cybersecurity authorities on Wednesday issued a fresh warning that "a growing number of cyber criminals and other malicious groups" are exploiting the coronavirus pandemic. Criminals have been scanning for vulnerabilities in remote access software as people around the world stay home, while state-linked hackers are impersonating trusted organizations to further their cyber-operations, U.S. and U.K. officials said. READ MORE...
Crisis events such as the current COVID-19 pandemic often lead to a change in habits that captures the attention of cybercriminals. With the confinement measures imposed in many countries, for example, online shopping has soared and along with it, credit card skimming. According to our data, web skimming increased by 26 percent in March over the previous month. READ MORE...
A new update to the Zoom client has been released that removes the meeting ID from the title bar when conducting meetings to increase security and to prevent them from being exposed in screenshots. Since the Coronavirus pandemic started and people began to perform social distancing, the Zoom video conferencing software has become very popular for remote work meetings, distance learning, and family and friend get-togethers. READ MORE...
Both Google and Mozilla released new versions of their browsers this week, addressing a variety of high-severity vulnerabilities, some of which could lead to remote code execution. Google included a total of 32 security fixes in Chrome 81, which was finally promoted to the stable channel, after the current COVID-19 pandemic forced the Internet giant to delay stable releases and roll back some of the recently introduced protections in Chrome. READ MORE...
An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex (as well as Zoom and other platforms). READ MORE...
A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. The technique does require a victim to accept one pop-up dialogue box to run or install a program. For those reasons, Microsoft does not consider this a vulnerability. Mandar Satam, independent security researcher, disagrees. READ MORE...