Security News

Web shell malware continues to evade many security toolsCyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. Phishers exploit Zoom, Webex brands to target businessesProofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco.

Zoom on Wednesday announced a series of security improvements designed to address many of the concerns raised in recent weeks. Zoom has now announced that account administrators will be able to choose which data center regions they want to use for real-time meeting traffic.

Zoom's ongoing game of whack-a-mole with security bugs in its code continued today with the imminent emission of version 5, replete with support for 256-bit AES-GCM encryption. As hundreds of millions of netizens, forced to stay home and work remotely if possible amid the coronavirus pandemic, flocked to Zoom's chat products, its code fell under intense scrutiny.

Zoom 5.0 is due to be launched within a week, bringing 256-bit encryption and new features for helping hosts stay in control of their meetings and their data. Zoom has announced a slew of security enhancements in the upcoming launch of Zoom 5.0, due to be released within the week.

A vulnerability in Zoom's video conferencing service could have been abused to enumerate all of the registered Zoom users within an organization, Cisco Talos reports. Zoom has drawn a lot of attention over the past several weeks, especially since many organizations have asked employees to work from home during the current COVID-19 pandemic, and, for many, Zoom has become the main option for internal communication.

Zoom is introducing a new feature that will let users report meeting participants in a move to deter gatecrashers. The video-conferencing company is introducing a dedicated 'report user to Zoom' button in an upcoming update as it looks to put an end to the troublesome trend of 'Zoom bombing', which has left the company in hot water in recent weeks.

Proofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco. "Not only are attackers using video conferencing brands as a lure for malware, but they're using it for credential phishing, in particular to steal Zoom and Webex credentials."

What type of data is trending on the dark web?Fraud guides accounted for nearly half of the data being sold on the dark web, followed by personal data at 15.6%, according to Terbium Labs. Will Zoom manage to retain security-conscious customers?While Zoom Video Communications is trying to change the public's rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their list of priorities, some users are already abandoning the ship.

A U.S. House Oversight Committee meeting was the most recent victim of a Zoom bombing attack, after the meeting was disrupted at least three different times by uninvited attendees. Previous reports of Zoom bombing incidents have pointed to the trolls spreading hate speech such as racist messages, threats of sexual harassment, and pornographic images, which have reportedly driven meeting participants offline or forced meetings to be abruptly cancelled.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.