Security News > 2020

Both tested positive for COVID-19 after attending RSA in San Francisco. The two Exabeam employees who were diagnosed with coronavirus after attending the RSA tech conference, which ran from Feb. 24-28 at the Moscone Center in San Francisco, are on the road to recovery.

Failure in internet routing security leads to major outages, stolen data, hijacking, lost revenue and more, with more than 12,000 routing outages in 2018 alone. The cascading nature of internet routing means not only that major network players like Cloudflare, Akamai, Facebook and Netflix are committed to secure routing, they are also committed to encouraging adoption by all of the many thousands of networks that peer with them.

Palo Alto Networks on Tuesday announced that it has entered into a definitive agreement to acquire enterprise SD-WAN solutions provider CloudGenix for roughly $420 million. Palo Alto Networks' Prisma Access solution enables organizations to protect remote networks and mobile users, and it provides secure access to enterprise applications.

Group video chat app Houseparty has offered a $1m bounty to identify what it claims is an organised campaign to falsely depict it as a hackers' backdoor. Announced at 4am UTC on the firm's Twitter account, the million-dollar bounty is being offered to "The first individual to provide proof of such a campaign," with Epic Games, the firm behind Houseparty, alleging this effort is "a paid commercial smear to harm Houseparty."

Collaboration platform Zoom has seen usage skyrocket since the COVID-19 pandemic forced hundreds of thousands of workers to begin telecommuting. Zoom has been the subject of privacy concerns before; the video conferencing software experienced a webcam hacking scandal in 2019 and a bug that allowed uninvited users to potentially join meetings they hadn't been invited to, according to CNET. Here are a few things to keep in mind when using Zoom, especially for work-related functions.

"While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices," according to the letter obtained by the New York Times. The potential security issues that Zoom's facing are myriad. Already, numerous reports have emerged of threat actors hijacking Zoom meetings and upending them with hate speech, threats of sexual harassment, and pornographic images.

Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware - making use of the hardcoded, VelvetSweatshop default password for encrypted files. In the observed campaign, threat actors are creating read-only Excel files containing a LimeRAT payload. Typically in malspam scenarios involving Excel files, the files are encrypted and the recipient would need to use a password to decrypt the file.

Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections. For these reasons and more, organizations need to adopt certain security measures to protect themselves when using Microsoft's RDP. SEE: How to work from home: IT pro's guidebook to telecommuting and remote work.

With more and more companies seeking ways to get their essential work done with a workforce that is now primarily home-based during the COVID-19 coronavirus pandemic, IBM has joined a legion of IT vendors that have been offering some of their critical IT applications and services for free to existing customers to help in this time of crisis. Under the new offer, nine IBM cloud products and services are now available for use by IBM customers that need them at no charge for 90 days, including IBM Cloud, Aspera file sharing and team collaboration, IBM Security, IBM Video Streaming and IBM Enterprise Video Streaming, IBM Sterling supply chain tools, IBM Blueworks Live remote collaboration tools, IBM Cloud Event Management, remote learning resources, and IBM Garage.

A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4. Cybercriminals who specialize in phishing attacks have been exploiting the coronavirus for the past couple of months.