Security News

US-sanctioned Positive Technologies has pointed out three vulnerabilities in Zoom that can be exploited to crash or hijack on-prem instances of the videoconferencing system. One of the trio of bugs is an input validation flaw, which can be abused by a malicious Zoom portal administrator to inject and execute arbitrary commands on the machine hosting the software.

China Telecom Americas is the largest foreign subsidiary of China Telecom Corporation, China's state-owned telecom company. "Indeed, the FCC's own review found that China Telecom Americas poses significant national security concerns due to its control and ownership by the Chinese government, including its susceptibility to complying with communist China's intelligence and cybersecurity laws that are contrary to the interests of the United States."

BEC scams use various tactics to compromise or impersonate business email accounts with the end goal of redirecting pending or future payments to bank accounts under a threat actor's control. One of the case examples in the indictment document seen by Bleeping Computer, mentions a single transaction of $356,954, sent by a victim in Boston to what they thought was the bank account of their business partner.

A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat tracked as APT-C-36, a suspected South America espionage group that has been active since at least 2018 and previously known for setting its sights on Colombian government institutions and corporations spanning financial, petroleum, and manufacturing sectors.

SafetyPay is a payments platform that enables eCommerce transactions via an unrivalled choice of open banking and eCash solutions, operating primarily in Latin America. Together the two acquisitions set Paysafe up to be the leading open banking and eCash solutions provider in Latin America, one of the world's fastest-growing online markets.

The United States' Cybersecurity and Infrastructure Security Agency has announced the "Standup" of a body called the "Joint Cyber Defense Collaborative" that it hopes will spark ideas for new and improved national responses against electronic threats. The aim of the effort is to get the private sector working alongside government agencies, so they can develop and implement better cyber security plans than are currently in operation.

Pneumatic tube system stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital's critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they're needed.

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across manufacturing, construction, healthcare, software services, and retail sectors.

The United Nations International Telecommunication Union published its 2020 Global Cyber Security Index on Tuesday, and listed the US first in overall ranking, followed by a tie for second place tie between the UK and Saudi Arabia. The index ranks nations using 82 questions developed by a panel of experts.