Security News > 2020 > December

At some point since August, Microsoft quietly fixed a cross-site scripting bug in its Teams web app that opened the door to a serious remote-code-execution vulnerability in the Linux, macOS, and Windows desktop versions of its Teams collaboration app. The security researcher who identified the issue suggests Microsoft should have done more to acknowledge the risk, noting that Microsoft didn't bother to publish details or obtain Common Vulnerabilities and Exposures identifiers for the flaws because Teams gets automatically updated.

The US National Security Agency on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.

Tom Merritt lists five reasons why SMS should not be used for MFA. Multi-factor authentication, or as we used to call it two-factor authentication, is essential-it means you don't rely on your password alone for security. SMS is the most frequently used additional factor because almost everybody has it, and it's a little easier to manage for developers-but it's also the least secure.

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more. In tandem with the sanctions, the FBI released a public threat analysis report that investigated several tools used by Rana Corp. Researchers recently conducted further analysis of one of these malware samples and found that its latest variant showcases several new commands that point to the threat actors sharpening their surveillance capabilities.

The agency joins a chorus of security professionals that have concerns about widespread attacks on the COVID-19 vaccine rollout. "The detection of a fake influenza vaccine confirms that criminals seize opportunities as soon as they present themselves," the Europol warning read. "Owing to the pandemic, the demand for the influenza vaccine has been higher than usual and there risks being a shortage. Criminals have reacted quickly by producing counterfeit influenza vaccines. The same scenario is also likely to happen when COVID-19 vaccines do become available."

Jack Wallen shows you how to make SSH connections even easier from your macOS machine. You probably use SSH to connect to remote machines for admin purposes.

Did you know you can join us for a live cybersecurity lecture every Friday? Thanks for watching hope to see you online later this week!

Teachers are filling in as tech support, connectivity is a problem for 76% of teachers and students, and IT teams report a sustained, excess workload, according to a new survey from Malwarebytes. The new report, "How education coped in the shift to distance learning," found that IT decision makers and students are struggling with the basics as remote education becomes the norm.

The hotly anticipated videogame title Cyberpunk 2077 comes out on Dec. 10, inspiring breathless countdowns from gaming publications and enthusiasts across the globe. Cyberpunk 2077, an open-world game that lets players create a character called "V" who lives in Night City and is looking to become a top-tier criminal, will be available for PC, PlayStation 4, Xbox One and Stadia, with compatibility with PS5 and Xbox Series X. It will cost $60 - a steep price tag for many.