Security News > 2020 > June

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.

A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.

The security researcher, Bhavuk Jain, reported the flaw to Apple via its bug bounty program, and was awarded $100,000 for the find. Threatpost has reached out to Apple for further comment.

The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon. The stolen data was published on REvil's Tor webpage as a cache of 1,280 files, which we understand include documents that appeared to be passports of Elexon staff members and an apparent business insurance application form.

"Don't spread disinformation and right now, all signs point to just that - the alleged Minneapolis Police Department 'breach' is fake," he wrote, in an analysis posted on Monday, adding that the data is likely not from the MPD at all, but rather a collection of widely available credentials from earlier breaches, and possibly some made-up combinations, that have been assembled into a new database for the purpose of perpetrating this hoax. Passwords like the all-lowercase "Linkedin"; "Le"; PIN-like passwords like "1603"; and the notoriously insecure "Password," "Qwerty" and "123456" are all represented.

That's nowhere near as crazy as it sounds: you're not asking people to share their actual Apple passwords with you, which would not only be dangerous but also against Apple's terms of service. The benefits are as follows: you get top-quality cryptography and authentication "For free"; your users can use login credentials they already have; and Apple gets to encourage users to have Apple accounts in the first place.

Are you concerned someone might intercept your newly-purchased mobile device during transit and do bad things with it? Purism is aware this happens and takes a lo-fi approach to the problem. Such is the case with Purism's lo-fi approach to protecting the privacy of laptops during shipment.

A hacker has leaked online the database of the largest free hosting service popular with cybercriminals, the result of a breach that took down the service earlier this year, according to a published report. The database apparently was stolen on March 10 from the hosting service, operated by Daniel Winzen, a German software developer.

Cloud security firm Zscaler has acquired Edgewise Networks, a company that helps customers secure application-to-application communications using a zero-trust approach through microsegmentation. The company explains that it "Improves the security of east-west communication by verifying the identity of application software, services and processes to achieve a zero trust environment which measurably reduces the attack surface and lowers the risk of application compromise and data breaches."

Schools, paying customers and potentially high-risk users could be offered stronger encryption for video meetings under new plans being explored by Zoom. Zoom is reported to be planning to strengthen its encryption for paying customers and other institutions such as schools.