Security News > 2020 > July

The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks. Attacking dedicated Zoom web interfaces: Since some organizations have their Zoom web interface for conference calls, a hacker could also target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual Zoom web interface and join the relevant Zoom session.

The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks. Attacking dedicated Zoom web interfaces: Since some organizations have their Zoom web interface for conference calls, a hacker could also target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual Zoom web interface and join the relevant Zoom session.

Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.

NSS Labs released the results of its web browser security test after testing Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, for phishing protection and malware protection. Key takeaways Phishing protection rates ranged from 79.2% to 95.5%. For malware, the highest block rate was 98.5% and the lowest block rate was 5.6%. Protection improved over time; the most consistent products provided the best protection against phishing and malware.

The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019, according to a report from Akamai. The report found that 20% of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies.

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications. AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection's Application DB, which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems.

The CIA is running a secret cyberwar including Russian-style hack-and-leak operations with little or no oversight, US officials have warned. The approval for the operations stems from a National Security Presidential Memorandum signed in 2018 by President Trump which has long been known about but the contents of which remain top secret.

Many prominent, verified Twitter accounts have been tweeting out cryptocoin scams, with fake tweets reported from an eclectic range of high-profile people and companies, apparently including Joe Biden, Elon Musk, Barack Obama, Bill Gates, Apple and many others. The scam tweets reportedly included catchy - if highly unlikely - messages such as "Feeling greatful , doubling all payments made to my Bitcoin address," urging people to pay out $1000 and get $2000 back.

The Twitter accounts of Bill Gates, Elon Musk, Joe Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts. Twitter locked down thousands of verified accounts belonging to elite Twitter users and high-profile companies Wednesday afternoon in an effort to prevent hackers from perpetrating a massive cryptocurrency scam.

Twitter said it is working to fix a "Security incident" after scammers hijacked high-profile accounts on Wednesday to dupe people out of money. "We are aware of a security incident impacting accounts on Twitter," the messaging platform said in a tweet.