Security News > 2020 > April

One of the Android apps we identified last year, for example, was a QR code reader that was little different from the one already built into your phone's camera app that went for a whopping €104.99 even if you uninstalled the app straight after trying it and never used it again. Many of the fleeceware apps we see are advertised within the App Store as "Free" apps, which puts the apps at odds with section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their "App description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases."

Modern connected cars contain security threats, consumer org Which? has said after commissioning analyses of two models, a Ford and a Volkswagen. Researchers from Context Information Security were able to find their way into two cars' infotainment units, the dash-mounted screen that displays everything from car information to GPS-based moving maps to your favourite radio station or motorway playlist.

As it faces a major lawsuit, Zoom is taking a significant step to bolster security and privacy efforts by recruiting an industry heavy-hitter - former Facebook CISO Alex Stamos - to provide special counsel. Zoom now says that it aims to clean up its issues from both the product side and by taking a high-level executive approach, Zoom founder Eric Yaun said in a blog post published Wednesday.

Fewer people working onsite due to the pandemic means critical infrastructure is at greater risk in industries like oil and gas, manufacturing, and utilities-and most organizations don't have the right tools in place, according to Dave Weinstein, chief security officer at Claroty, a provider of OT software. Dave Weinstein: A lot of the blocking and tackling of remote access management isn't happening, so there's clearly a need for that; certainly in the coronavirus age, but even before the pandemic occurred and even after it goes away.

Security solutions provider Avast this week announced the launch of an Android version of its Avast Secure Browser. Previously available for Windows and macOS, the browser aims to provide users with increased security and privacy while navigating the Internet, shopping, or accessing their bank accounts on their Android devices.

The phishing emails led to malicious websites that used the same HTML and CSS found in actual White House sites, says email security provider INKY. Phishing emails and their associated websites often impersonate well-known organizations, brands, businesses, and other familiar subjects to try to trap potential victims. A series of recent phishing emails examined by INKY targeted people curious or anxious about COVID-19 by impersonating the White House and some in the administration.

Zoom has promised to improve security and privacy, but an increasing number of organizations have decided to ban the video conferencing application over security concerns. Stamos will help Zoom implement better security controls and practices.

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as "Unbreakable," with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock was shown to be hackable. The $100 Tapplock smart locks are internet-connected and use fingerprint biometrics for security.

A recently identified Internet of Things botnet has modules developed in a manner that makes it significantly more "Potent and robust" than other IoT botnets, Bitdefender's security researchers say. Dubbed dark nexus and featuring a modular architecture, the threat shares some features with previously observed pieces of malware, and even reuses Qbot and Mirai code, but its core modules appear mostly original.