Security News > 2020 > July

Former UK prime minister Tony Blair has declared that governments can't "Take 10 years to catch up" with cyber crims - while speaking at an infosec conference organised by Vladimir Putin's favourite Russian bank. Blair scoffed at people with concerns about the role of the state in everyday online life, saying: "When people worry about the data they shared with governments - most people share enormous amounts of data with technology companies!".

Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don't want to wait for the official patch. On Thursday, ACROS Security announced the availability of a micro-patch for a remote code execution vulnerability in Zoom Client for Windows.

The report, based on a survey of IT professionals performed by software company NetMotion, found that VPNs, which have long been the standard way to securely connect remote workers to corporate computing assets, are starting to cause trouble for newly remote workers and organizations alike. For starters, 89% of remote workers have reported issues accessing data and applications needed to complete work at home, and with 87% of organizations saying they're still using VPNs, there's certainly some overlap.

Juniper Networks this week informed customers that it has patched many vulnerabilities in its products, mostly ones that can be exploited for denial-of-service attacks. Over a dozen advisories have been published by the company to describe several vulnerabilities that are specific to Juniper products, as well as tens of flaws impacting third-party components.

A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. On average, the routers analyzed-by vendors such as D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel-were affected by 53 critical-rated vulnerabilities, with even the most "Secure" device of the bunch having 21 CVEs, according to the report.

Modern security threats come in many different forms, which is part of the reason why addressing them is so challenging and there is a dire need for security automation. Despite recent advancements, the barriers to adoption for automation software remain high, particularly within the security industry.

For the past two years, a threat group tracked as Evilnum has been observed targeting financial technology companies, mainly ones located in the European Union and the U.K., ESET reports. Golden Chickens components used in Evilnum attacks are from the TerraLoader family.

Privacy watchdogs in Britain and Australia have opened a joint investigation into facial recognition company Clearview AI over its use of personal data "Scraped" off social media platforms and other websites. Clearview AI Inc. came to attention after investigative reports detailed its practice of harvesting billions of photos from social media and other services to identify people.

Hackers are apparently scanning the web for systems affected by the recently disclosed Citrix vulnerabilities, which the vendor suggested are less likely to be exploited. Citrix informed customers earlier this week that it has patched a total of 11 vulnerabilities affecting its ADC, Gateway, and SD-WAN WANOP networking products.

Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Rather than use free accounts, Cosmic Lynx will register strategic domain names for each BEC campaign to create more convincing email accounts.