Security News > 2020 > April

In addition to these organizations and many others, information security teams find themselves quite busy dealing with this pandemic as well. Business continuity, supply chain risk, and remote access, among other topics, have come to the forefront as security challenges that the business must deal with.

A pair of security vulnerabilities in the WordPress search engine optimization plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. The Rank Math plugin also comes with an optional module that can be used to create redirects on a site.

Malicious, re-packaged versions of the Zoom video conferencing application are targeting work-from-home Android users with adware and Trojans, Bitdefender reports. One type of attack, Bitdefender reveals, involves the use of re-packaged Zoom clones that are being distributed via third-party markets.

In a report published Tuesday, Kaspersky detailed the behavior of several watering hole websites established through a malware campaign dubbed Holy Water. To set up a watering hole attack, cybercriminals observe or ascertain which sites are visited by particular groups of people and then compromise those sites with malware.

UPDATE. Two zero-day flaws have been uncovered in Zoom's macOS client version, according to researchers. The two flaws, uncovered by Patrick Wardle, principle security researcher with Jamf, emerge as Zoom comes under increased scrutiny over its security measures, particularly with more employees working from home over the past few weeks due to the coronavirus pandemic.

A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop. He leveraged an improper input validation bug in the Linux kernel to escalate privileges to root.

The Cofense Phishing Defense Center discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver's local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi. "While these secure email gateways are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack we recently observed," Mahdavi wrote in the post.

On Monday, a video of former Microsoft CEO Bill Gates could be found playing on multiple YouTube channels that were broadcasting a well-known cryptocurrency Ponzi scam, ZDNet reported. In November 2019, cryptocoin news site Coin Rivet reported that scammers were hopping on YouTube live streams to bilk people by posing as the official foundations and development teams of popular cryptocurrencies.

According to cryptocurrency enthusiast and Director of Security at MyCrypto, Harry Denley, a wily scammer has been operating a network of fake bitcoin QR code generators to dupe people out of their bitcoins. Bitcoin uses addresses as conduits to send and receive bitcoin payments.

AWS on Tuesday announced the general availability of Amazon Detective, a service that makes it easier for customers to investigate security issues. Unveiled in December 2019, Amazon Detective is designed to automatically collect data from the customer's AWS environment and uses that data to create interactive visualizations that can be highly useful for analyzing potential security issues or suspicious activity.