Top Cyber News

Zoom Brings in Help to Address Security Issues(April 13 & 16, 2020)
 Zoom is calling in experts to help it address security and privacy concerns. With millions of people working at home during the COVID-19 epidemic, Zoom’s popularity has ballooned. It has also been subjected to greater scrutiny by both hackers and security experts, who have unearthed a number of security and privacy issues. The company has hired numerous security consultants, many of whom are former privacy and security experts from other high-profile tech companies. (Please note that the WSJ story is behind a paywall.)

Read more in:
– www.wsj.com: Zoom Hires Security Heavyweights to Fix Flaws (paywall)

Linksys Forces Password Reset(April 15, 2020)
 Linksys locked all SmartWiFi user accounts on April 2, 2020, after discovering that hackers were breaking into Linksys and D-Link routers and changing their DNS settings to redirect them to malicious sites. The attackers accessed the routers using credential-stuffing attacks. Users need to reset their passwords to regain access to their accounts.

Read more in:
– www.theregister.co.uk: Linksys forces password reset for Smart Wi-Fi accounts after router DNS hack pointed users at COVID-19 malware

Google Removes Malicious Chrome Extensions From Web Store(April 15, 2020)
 Google has pulled nearly 50 malicious extensions from the Chrome Web Store. These bad apps were pretending to be legitimate cryptocurrency wallet apps, but actually stole cryptowallet keys and other sensitive information.

Read more in:
– www.theregister.co.uk: Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store
– www.zdnet.com: Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys

Patch Tuesday(April 14, 2020)
 On Tuesday, April 14, Microsoft released fixes for more than 100 security issues in Windows and related software. Nineteen of the flaws are rated critical, which means they can be remotely exploited to gain control of vulnerable machines with no user interaction.

Three of the vulnerabilities addressed in the update are being actively exploited: two remote code execution flaws in Adobe Font Manager Library, and a remote code execution flaw in Internet Explorer. Adobe released fixes for vulnerabilities in ColdFusion, After Effects, and Digital Editions.
Read more in:
– isc.sans.org: Microsoft April 2020 Patch Tuesday



Categories: Cyber news

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.