Security News

Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. The Zoom transport protocol adds Zoom's own encryption scheme to RTP in an unusual way.

In a blunder described as "Astonishing and worrying," Sheffield City Council's automatic number-plate recognition system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal. The ANPR camera system's internal management dashboard could be accessed by simply entering its IP address into a web browser.

Rabobank's Australian outpost has messed up its Android app, leaving an unknown number of users unable to access their bank accounts on mobile devices. Customers brought The Register's attention to the pile of woeful reviews for the bank's app, many featuring a complaint that it produces the error "Unable to connect please check your internet connection".

In a memorandum [PDF] first spotted by The Guardian, the British government is asking that five more public authorities be added to the list of bodies that can access data scooped up under the nation's mass-surveillance laws: the Civil Nuclear Constabulary, the Environment Agency, the Insolvency Service, the UK National Authority for Counter Eavesdropping, and the Pensions Regulator. The Environment Agency investigates "Over 40,000 suspected offences each year," the memo stated.

A case of alleged low-orbit internet banking fraud has taken another twist, with the US Attorney's Office for the Southern District of Texas filing an indictment in which it claimed the complainant in the case had lied. The case came to our attention in August 2019 when we chronicled how astronaut Lt Col Anne McClain denied a claim that she'd improperly accessed a bank account belonging to ex-wife Summer Worden while aboard the International Space Station.

The agency that oversees online addresses on Tuesday called for those issuing website addresses to vigilantly thwart cyber scams exploiting coronavirus fears. The Internet Corporation for Assigned Names and Numbers took the unusual step of firing off a letter to "Registrars" entrusted with the business of issuing website names around the world.

A huge BGP hijack by Russian state telecommunications provider Rostelecom diverted the traffic from more than 200 networks - including Google, Amazon, Facebook and Cloudflare - to Russian servers on April 1. Internet traffic routes are managed by the Border Gateway Protocol, which controls the way in which internet traffic moves from one autonomous system network to the next on its way to its destination.

Inti De Ceukelaire of bug-bounty platform Intigriti claimed earlier this month hundreds of corporate service portals have been exposed to the internet, a 12 per cent increase since he scanned the internet for them last summer - an increase the COVID-19 crisis may have contributed to. As a proof of concept, De Ceukelaire targeted a set of corporate Atlassian service desk portals he found facing the internet.

Trend Micro's security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. Several years ago, the FairWare ransomware targeted over 18,000 unsecured Redis instances.

MANRS over the past six years has worked to build up a team of 300 network operators, internet exchange points and other companies to provide "Crucial fixes to reduce the most common routing threats." The internet routing process is complex; exchanged traffic for instance runs on Border Gateway Protocol, a protocol that joins different networks together to build a "Roadmap" of the internet.