Security News > 2020 > March

"While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices," according to the letter obtained by the New York Times. The potential security issues that Zoom's facing are myriad. Already, numerous reports have emerged of threat actors hijacking Zoom meetings and upending them with hate speech, threats of sexual harassment, and pornographic images.

Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware - making use of the hardcoded, VelvetSweatshop default password for encrypted files. In the observed campaign, threat actors are creating read-only Excel files containing a LimeRAT payload. Typically in malspam scenarios involving Excel files, the files are encrypted and the recipient would need to use a password to decrypt the file.

Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections. For these reasons and more, organizations need to adopt certain security measures to protect themselves when using Microsoft's RDP. SEE: How to work from home: IT pro's guidebook to telecommuting and remote work.

With more and more companies seeking ways to get their essential work done with a workforce that is now primarily home-based during the COVID-19 coronavirus pandemic, IBM has joined a legion of IT vendors that have been offering some of their critical IT applications and services for free to existing customers to help in this time of crisis. Under the new offer, nine IBM cloud products and services are now available for use by IBM customers that need them at no charge for 90 days, including IBM Cloud, Aspera file sharing and team collaboration, IBM Security, IBM Video Streaming and IBM Enterprise Video Streaming, IBM Sterling supply chain tools, IBM Blueworks Live remote collaboration tools, IBM Cloud Event Management, remote learning resources, and IBM Garage.

A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4. Cybercriminals who specialize in phishing attacks have been exploiting the coronavirus for the past couple of months.

Marriott Hotels has suffered its second data spillage in as many years after an "Unexpected amount" of guests' data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January 2020 and was detected "At the end of February."

Marriott Hotels has suffered its second data spillage in as many years after an "Unexpected amount" of guests' data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January 2020 and was detected "At the end of February."

Marriott Hotels has suffered its second data spillage in as many years after an "Unexpected amount" of guests' data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January 2020 and was detected "At the end of February."

MariaDB announced the immediate availability of MariaDB SkySQL, the first database-as-a-service to unlock the full power of MariaDB Platform for transactions, analytics or both, and optimized with a cloud-native architecture. "Existing services, long in the tooth, lock out community innovation, meaning patches, new versions and features are missing for literally years. MariaDB SkySQL is a next-generation cloud database, built by the world's top database engineers in the industry, allowing organizations large and small to know they have an always-on partner to not only roll out new applications, but ensure a consistent and enduring quality of service."

Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people. When the breach was discovered at the end of February, Marriott International says it disabled those login credentials and began its investigation.