Security News

As should be evident to anyone in the cyber security industry, the wide range of available web security solutions from commercial vendors will necessarily have varying degrees of effectiveness against different threats. Once a bad script finds its way past the IDS/IPS onto a client browser, the malware can run without the gateway security having any idea it is occurring.

What type of data is trending on the dark web?Fraud guides accounted for nearly half of the data being sold on the dark web, followed by personal data at 15.6%, according to Terbium Labs. Will Zoom manage to retain security-conscious customers?While Zoom Video Communications is trying to change the public's rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their list of priorities, some users are already abandoning the ship.

Fraud guides accounted for nearly half of the data being sold on the dark web, followed by personal data at 15.6%, according to Terbium Labs. Researchers surveyed three major dark web marketplaces: "The Canadian HeadQuarters", "Empire Market" and "White House Market," sorting all data listings into six categories: personal data, payment cards, financial accounts and credentials, non-financial accounts and credentials, fraud guides and fraud tools and templates.

In a report released Thursday, Terbium Labs looks at how fraud guides and other information are bought and sold on the dark web and how this activity impacts organizations and individuals. Based on the analysis, fraud guides were the hottest product on dark web marketplaces, compromising 49% of the listings.

Large campaigns that are spreading malicious browser extensions are abusing Google Ads and well-known cryptocurrency brands to draw in victims. Extensions can be installed to add widgets or other functionality to web browsers; they offer the ability to do everything from setting a special search wallpaper to displaying continuous weather data to language translation.

You've almost certainly heard of Zoom over the past few weeks - Zoom, more properly Zoom Video Communications, Inc., lets you run remote meetings and webinars, with audio and video for all participants, right from your browser. The biggest problems that many new users seem to be having with Zoom have nothing to do with Zoom's programming or its service - in other words, they're mistakes that Zoom itself can't easily stop people from making.

Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges. Some of the extensions, he said, were supported by fake five-star reviews; some internet good samaritans also tried to warn others that the extensions were malicious.

A new report from BleepingComputer found that cybercriminals are selling and trading the credentials for more than 500,000 Zoom accounts associated with companies like Chase and Citibank as well as schools like Dartmouth College, the University of Florida, and the University of Vermont. Earlier this month, a report from cybersecurity firm IntSights by cyber threat analyst Charity Wright and chief security officer Etay Maor found that there has been increased chatter across the dark web about ways to take advantage of the increased usage of Zoom globally.

A data set containing 3,954,416 Quidd user credentials was found on a prominent dark web hacking forum, Risk Based Security reports. The data discovered on the dark web, RBS security researchers say, is not up for sale, but access to it is not restricted.

Researchers have found a database of Zoom video conferencing credentials ranging from just an email and password to also include meeting IDs, names and host keys. The latter is possible because Zoom users are remarkably lax about protecting the details - and of course it could be just a small subset of a larger collection of credentials not made available to others.