Security News > 2020

Here we have a new "CISO Checklist for Secure Remote Working" that has been built to assist CISOs in navigating through this noise, providing them with a concise and high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. An organization with a high maturity level that routinely monitors its user's behavior to detect anomalies must now alter its policies to adjust to the mass remote workload. On the other hand, organizations with lesser maturity that could contain the risk of not placing advanced protection on their email systems and endpoints now realize that they have a critical security gap that must be addressed.

Such attacks are possible because Zoom for Windows supports remote UNC paths that convert potentially insecure URIs into hyperlinks when received via chat messages to a recipient in a personal or group chat. Hacking Zoom to Steal Windows Passwords Remotely Confirmed by researcher Matthew Hickey and demonstrated by Mohamed Baset, the first attack scenario involves the SMBRelay technique that exploits the fact that Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. Zoom came under the lens for its "Attendee tracking" feature, which, when enabled, lets a host check if participants are clicking away from the main Zoom window during a call.

Learn how to prevent internet trolls from crashing your Zoom video conferences and flooding them with inappropriate content.

One of the zero-day purveyors that may have done a brisk trade in 2019 was the controversial Israeli firm known as NSO Group. The private company has been criticized in the past for selling zero-day exploits to "Authorized governments" who may have launched targeted attacks against human rights activists and journalists.

As reports of "Zoom bombing" explode, the FBI is cracking down on the issue with a new warning that web conference hijackers could face jail time. These are punishable by fines and even imprisonment, according to the FBI. "You think Zoom bombing is funny? Let's see how funny it is after you get arrested," stated Matthew Schneider, United States Attorney for Eastern Michigan in a Friday public statement.

Nextcloud allows you to enforce groups to use two-factor authentication. Let's find out how to create a group and then add them to 2FA enforcement.

If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account.

Mozilla has released security updates for its Firefox browser in conjunction with a US Cybersecurity and Infrastructure Security Agency advisory warning that critical vulnerabilities in the browser are being actively exploited. To address these flaws, Firefox was updated to version 74.0.1 and Firefox Extended Support Release - a slower evolving version for enterprises - was updated to 68.6.1.

A Magecart threat actor tracked as "Group 7" has been using a skimmer that creates iframes to steal payment card data, RiskIQ reveals. In some cases, the compromised websites were abused to host the skimming code, load the code on compromised websites, and exfiltrate stolen data.