Security News > 2020 > June

Cisco this week announced that it has patched tens of vulnerabilities in its IOS software, including a dozen security flaws that impact the company's industrial routers and switches. A dozen vulnerabilities appear to impact the company's industrial products.

Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company's carrier-grade and industrial routers and switches. Cisco IOS - a family of network operating systems used on many Cisco Systems routers and network switches.

The US is protected by what's known as a nuclear triad: a three-pronged attack force that consists of land-launched nuclear missiles, nuclear missiles on submarines, and aircraft equipped with nuclear bombs and missiles. One of the triad's legs - the land-based LGM-30 Minuteman intercontinental ballistic missile - has been kicked by hackers who've inflicted Maze ransomware on the computer network of a Northrup Grumman contractor.

Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "I wanted to clarify that Zoom does not monitor meeting content. We do not have backdoors where participants, including Zoom employees or law enforcement, can enter meetings without being visible to others. None of this will change."

AcceleratXR announced the launch of its new open source project - Composer. Js is a framework and toolset for rapidly building back-end API services using NodeJS. The project is a fork of the internal tools and technology the company has been steadily building its innovative MMO gaming platform with over the last two years.

As Zoom continues on its path to bring end-to-end encryption to users, the big news is that only paid users will have access to the option. "Free users for sure we don't want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose," Zoom CEO Eric Yuan said on a company earnings call on Tuesday.

Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers - but actually spreads banking credential-stealing malware. Researchers recently uncovered emails that distributed malicious files masquerading as resumes and CVs. The files, attached in Microsoft Excel format, were sent via email with subject lines such as: "Applying for a job" or "Regarding job." As victims opened the attached files, they were asked to "Enable content."

Malicious files masquerading as curriculum vitae are being sent to businesses to install malware that can capture passwords and other sensitive information, says Check Point Research. In a new malware campaign spotted by cyber threat intelligence provider Check Point Research, attackers spoof job seekers by sending out emails with file attachments that claim to be curriculum vitae.

Google has deleted an app from the Play Store that offered to delete Android software associated with China. Demos found online showed it deleting TikTok, the popular messaging app owned by Chinese developer ByteDance, and UC Browser, developed by Alibaba-owned UCWeb.

Members of Cisco's Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user's system and possibly achieve arbitrary code execution. CVE-2020-6109 is related to the way Zoom processes GIF image files.