Security News > 2020 > April

A report released Wednesday by security provider Arcserve highlights the attitudes and feelings among consumers toward companies hurt by a successful cyberattack. Based on a survey of almost 2,000 consumers across North America, the United Kingdom, France, and Germany, Arcserve's report titled "Ransomware's Stunning Impact on Consumer Loyalty and Purchasing Behavior" found that 59% of respondents would likely avoid during business with an organization that experienced a cyberattack in the past year.

Privacy advocates are urging developers to proceed with caution as they use technology released by Apple and Google to build COVID-19 contact-tracing apps - and are warning against the potential for cybercriminal use. "The apps built on top of Apple and Google's new system will not be a 'magic bullet' techno-solution to the current state of shelter-in-place," EFF staff technologist Bennet Cyphers and director of research Gennie Gebhart said, in a post on Tuesday on the organization's blog.

With the new 5.0 version of Zoom, the app has added features to help you protect your virtual meetings from Zoombombing and other unwanted intrusion. As described in a blog post published last week, Zoom 5.0 brings with it 256-bit encryption to better secure meeting data, meeting passwords that are turned on by default, passwords required to access recorded meetings stored in the cloud, and other security features.

SACRAMENTO, Calif. - A journalist who went to federal prison for hacking attacks on California media is now charged with a similar attack on a magazine. Probation officials filed a petition Monday alleging that Matthew Keys, 33, of Sacramento violated the conditions of his release by hacking into and deleting the YouTube account of Comstock's Magazine, the Sacramento Bee reported.

A vulnerability discovered last year in the defunct OneTone WordPress theme plugin is now being exploited by hackers to compromise entire sites while installing backdoor admin accounts. If successful, hijacking this session in turn allows them to create a backdoor admin account as well as set up additional PHP backdoors through the WordPress dashboard for added persistence.

Google Cloud today announced it's making Google Meet, Google's premium video-conferencing solution, free for everyone with availability rolling out over the coming weeks. "With the lines blurred between work and home, Google Meet can offer the polish needed for a work meeting, a tiled view for your online birthday party and the security needed for a video call with your doctor," said Javier Soltero, VP of G Suite.

Buh-bye, original way of tweeting: Twitter said that for the most part, it's turned off its Twitter via texting service. Besides a few countries that rely on the feature, Twitter's turned off its ability to take in our SMS messages and turn them into tweets.

Microsoft this week announced the general availability of DCsv2-series virtual machines, and Google informed customers that Shielded VM is now the default for Google Compute Engine users. Microsoft has announced the general availability of DCsv2-series VMs for Azure customers in three regions, with plans to expand the offer to other regions before the end of the year.

"And many of the questions posed are relatable. Some are reluctant to use the suggested, super long password a device automatically chooses; there is a fear that if you need to clear your cache, what if it clears your saved passwords? Forty-one percent of people say they"can't remember which password is for which account," and 38% "can't remember because they use unique ones for each account. The universal problem of password memorization is difficult, and 66% of people polled said in the report that "They simply have too many accounts to manage."

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences. It's a big step forward because Office macros, embedded scripts, active content like OLE and COM controls, and documents with obfuscated links to malware remain a major source of attacks - and Protected View leaves a key security decision up to users who may be ill-equipped to decide which documents are safe.