Security News > 2020 > June

Security researchers have analyzed contact-tracing mobile apps from around the globe and found that their developers have generally failed to implement suitable security and privacy protections. In an effort to stem the spread of COVID-19, governments are aiming to provide their citizenry with contact-tracing mobile apps.

The Miami-based cryptocurrency firm Centra Tech was built on fairy dust and paid celebrity hoo-ha, but co-founder Robert Joseph Farkas is going to be doing real time in a real prison for the $25 million initial coin offering rip-off. Centra Tech's founders included Farkas, who held different roles, such as chief marketing officer and chief operating officer.

The anti-secrecy group dubbed the release "Vault 7," and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA's history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency's techniques. The October 2017 report by the CIA's WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure.

In a recent campaign, the elusive InvisiMole group has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe, ESET reports. First reported on in 2018 but active since at least 2013, InvisiMole appears to be tightly connected to the Russia-linked threat group Gamaredon, which is also believed to have started activity in 2013.

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat group. The updated InvisiMole toolset relies heavily on "Living off the land" techniques, which are used across its four different execution chains, abusing legitimate applications to perform malicious operations while flying under the radar.

Zoom Video Communications has decided to extend the benefits of end-to-end encryption not only to paying Zoom customers, but to those who create free accounts, as well. Zoom does an about-face on E2EE. Zoom CEO Eric Yuan announced their decision to bring E2EE to paid users only in early June.

Adobe this week announced that it has introduced a protected mode in Adobe Acrobat DC for Windows. The Protected Mode in Acrobat DC is aimed at ensuring addition layers of security are available for users, thus improving the protection of desktop environments from potentially malicious code.

Adobe Audition, got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media.

Zoom announced on Wednesday that it has decided to offer end-to-end encryption to free users after all, as long as they verify their account by providing an additional piece of information, such as a phone number. Zoom said earlier this month that only paying customers and schools would benefit from its upcoming end-to-end encryption feature, arguing that free users are more likely to commit abuse and the company wants to be able to assist law enforcement investigations.

Today, customers use the AWS Snow Family to collect and process data, run local computing applications, and move large volumes of data from log files, digital media, genomic data, and sensor data from connected devices to AWS. As customers seek to extend the reach of their cloud infrastructure into more edge locations, new use cases are emerging for edge computing in more situations like vehicles, industrial operations, and remote and austere sites that require a rugged and secure device with even greater portability and a smaller form factor than the AWS Snow Family of devices has traditionally provided. AWS Snowcone provides maximum flexibility for edge computing environments, offering a small, ultra-portable, rugged, and military grade secure device to run applications and migrate data to AWS. AWS Snowcone measures 9 inches x 6 inches x 3 inches and weighs 4.5 lbs.