Security News > 2020

Zoom Video Communications has fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a Zoom meeting ID and join a conference call. The flaw was due, in part, to an attacker potentially being able to guess a valid Zoom meeting ID, according to Alexander Chailytko, a research and innovation manager at Check Point, who notes that all Zoom meeting IDs have nine to 11 digits.

So says Mieke Eoyang, long-time US government policy adviser and veep of the national security program at Washington DC think tank Third Way. After citing figures from Uncle Sam that show only three in 1,000 cyber-crimes are actually prosecuted - the actual ratio could be closer to three in 100,000 as the FBI tends to underestimate the extent of cyber-crime, she explained - Eoyang said police and agents are either told not to pursue online fraudsters or not given the training and resources to do so.

Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices' Direct Memory Access capability. "This can allow an attacker to execute kernel code on the system, insert a wide variety of kernel implants and perform a host of additional activity such as spawning system shells or removing password requirements."

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.

That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest dark web marketplaces where cybercriminals buy and sell stolen payment card data. Now it turns out that the Wawa breach marked itself in the list of largest credit card breaches ever happened in the history of the United States, potentially exposing 30 million sets of payment records.

If you're an IT security professional, you're almost certainly familiar with that sinking feeling you experience when presented with an overwhelming number of security issues to remediate. If you aren't prioritizing cybersecurity risks effectively, you're not only creating a lot of extra work for your team and yourself - you're also needlessly exposing your organization to IT security attacks.

61% of organizations in the U.S. and Canada are committed to moving enterprise applications to the cloud as quickly as possible, but many struggle with challenges related to company culture on the way to a successful cloud strategy, NTT DATA Services reveals. "Cloud adoption is critical to create a more agile, innovative business, but leaders must address cultural challenges to successfully modernize," said Emily Lewis-Pinnell, Vice President, Cloud and Application Transformation, NTT DATA Services.

There's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses. "Integrating security into your DevOps practices can be challenging, but when done correctly is proven to pay off. Security should not be an afterthought; it must be a shared responsibility across teams during every stage of their software delivery lifecycle," said Alanna Brown, Sr. Director Community and Developer Relations at Puppet.

The delivery agent is invoked by OpenSMTPD executing a shell command, which includes the sender's address as a command-line parameter. Thus, whatever sender address is supplied by an email client, it can't smuggle in extra commands.

Last year, SEO spam was the most frequently observed threat on compromised websites, according to a new report from GoDaddy-owned web security company Sucuri. Nearly two-thirds of infected websites had a form of SEO spam present, with database spam being the most prevalent form of infection.