In response to a new report that reveals hackers are exploiting a security weakness in TikTok and planting fake videos in users’ feeds that appear to come from official sources, an expert from KnowBe4 offers perspective.
ISBuzz Team
Zoom is making rapid security changes after being banned from a number of high-profile businesses including Siemens, SpaceX and Standard Chartered following high-profile criticism from the InfoSec community. Where does this leave Zoom and what can other businesses learn from its meteoric rise in popularity exposing weaknesses?
The U.S. government has issued guidance on North Korean hacking activity in a joint advisory published by the U.S. Departments of State, Treasury, and Homeland Security, and the FBI. The advisory includes mitigation measures that the international community, network defenders, and the public can take to defend against state-sponsored hacking groups backed by North Korea (formally known as the Democratic People’s Republic of Korea aka DPRK), tracked by the US under the HIDDEN COBRA moniker.
Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. This month sees the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important. Crucially, four of the vulnerabilities are being exploited in the wild; and two of them were previously publicly disclosed.
As federal and state officials scramble to fight the novel coronavirus pandemic, experts are sounding alarms about the potential danger of increased surveillance programs they say could do long-term damage to privacy rights. Several nations, including South Korea and Israel, have used tracking data including cellphone location information and facial recognition tools to power their pandemic responses. But similar efforts in the United States could amount to a major erosion of civil liberties. And there’s scant evidence that efforts more sensitive to privacy and security concerns would actually be effective at containing the virus, experts say.
ThreatPost has reported that a security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user’s TikTok feed and swap it out with hacker-generated content.
As reported by Bleeping Computer, attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy. During the attack, the Ragnar Locker ransomware operators claim to have stolen over 10 TB of sensitive company files and they are now threatening the company to leak all the stolen data unless the ransom is paid.
ZDNet reported this morning that the average price of a phishing kit sold on cybercrime markets has gone up in 2019 by 149%, cybersecurity firm Group-IB said in a reported due to go live later today.
In response to a new report that indicates credit card thieves are targeting WordPress e-commerce sites powered by WooCommerce with a dedicated JavaScript-based card-skimmer malware, a security awareness expert offers perspective.
As reported by BleepingComputer, over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers. Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities. Others are sold for less than a penny each.