Security News > 2020 > April

These restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe - derisively referred to as "Reshipping mules" - to receive and relay high-dollar stolen goods to crooks living in the embargoed areas. Still, every dark cloud has a silver lining: Intel 471 noted many cybercriminals appear optimistic that the impending global economic recession "Will make it easier to recruit low-level accomplices such as money mules."

Any developer currently using image importers or other image handling libraries should read this document to see how to use the Image I/O framework instead. In other words, instead of laboriously adding support for dozens of different image formats to your app by writing code for each new filetype one-by-one, you can just use ImageIO functions and let the operating system take care of figuring out what image type it is, whether it's supported, and how to read it in. You don't need to worry, or even care, whether it's JPEG, GIF, PNG, BMP, TIFF or even a file format you've never heard off such as KTX. So the drawcard here for a security researcher is the juxtaposition of the word fuzzing, which means going all-out to find weirdly-corrupted files that reveal bugs in the underlying code, and the word ImageIO, which refers to the core code that gets triggered pretty much any time any iPhone app encounters an image file.

The road to secure containers is long and winding. One stop you should take on that journey is unloading unnecessary kernel modules in your Linux containers.

Google said Thursday its task force devoted to fighting "Bad" ads hawking bogus coronavirus cures, illegitimate unemployment benefits and overpriced medical supplies had blocked tens of millions of messages. Google has blocked and removed coronavirus-related marketing pitches in recent months for policy violations including price-gouging and misleading claims, according to ads privacy and safety vice president Scott Spencer.

Is Zoom still a video conferencing app worth using? If so, who should use it when so much personal and business security could be at risk? Learn more by reading this Zoom basics guide. March 30: Another investigation finds that Zoom is not using end-to-end encryption, Zoom bombs are first reported, and multiple flaws in both the windows and macOS versions of Zoom are reported.

The European Union on Thursday accused unnamed parties of exploiting the coronavirus pandemic to launch cyberattacks on infrastructure and healthcare services. A flood of cyberattacks has targeted European countries, affecting critical systems needed to deal with the virus crisis, said foreign policy chief Josep Borrell in a statement on behalf of all 27 EU members.

Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. The Zoom transport protocol adds Zoom's own encryption scheme to RTP in an unusual way.

American education technology company Chegg this week sent notifications to its employees to inform them of a data breach that occurred earlier this month. The company says that it learned of the data breach on April 10, 2020, and that the information of both current and former employees might have been exfiltrated in the incident.

An Android mobile malware has been uncovered that steals payment data from users of popular financial apps like PayPal, Barclays, CapitalOne and more. EventBot is not currently on the Google Play app marketplace, but researchers said the malware is nonetheless masquerading as legitimate applications.

Cybercriminals have been using the coronavirus outbreak to deploy associated malware designed to tap into the curiosity, concern, and fear about COVID-19. As the pandemic has spread and intensified around the world so too have the malware campaigns that take advantage of it.