Netsweeper’s internet filter has a nasty security vulnerability that can be exploited to hijack the host server and tamper with lists of blocked websites. There are no known fixes right now. For those unfamiliar, Netsweeper makes software that monitors and blocks connections to undesirable websites and servers. It’s aimed at parents, schools, government offices, and Read more about annoying Netsweeper internet filter comes with a pre-auth remote-command execution hole and there’s no patch[…]

An employee of controversial surveillance vendor NSO Group abused access to the company’s powerful hacking technology to target a love interest, Motherboard has learned. The previously unreported news is a serious abuse of NSO’s products, which are typically used by law enforcement and intelligence agencies. The episode also highlights that potent surveillance technology such as Read more about NSO Employee Abused Phone Hacking Tech to Target a Love Interest[…]

A vulnerability existed in Microsoft’s Slack for Suits tool, Teams, that could have let a remote attacker take over accounts by simply sending a malicious GIF, infosec researchers claim. The pwn-with-GIF vuln was possible, said Cyberark, thanks to two compromisable Microsoft subdomains along with a carefully crafted animated image file. Although it was a responsibly Read more about We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit[…]

In a blunder described as “astonishing and worrying,” Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal. The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. Read more about Nine million logs of Brits’ road journeys spill onto the internet from password-less number-plate camera dashboard[…]

Financial Times reporter Mark Di Stefano allegedly spied on Zoom meetings at rival newspapers the Independent and the Evening Standard to get scoops on staff cuts and furloughs due to the coronavirus pandemic, according to a report from the UK’s Independent. And Di Stefano he did a comedically bad job of covering his tracks. Di Read more about Journalist Allegedly Spied on Zoom Meetings of Rivals in Hilariously Dumb Ways[…]

IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk. Read more about IBM No-auth remote root exec exploit in Data Risk Manager (an enterprise security program!) drops after Big Blue snubs bug report[…]

One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. Read more about Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox – in 2018![…]

Bitdefender researchers have recently found spearphishing campaigns, either impersonating a well-known Egyptian engineering contractor or a shipment company, dropping the Agent Tesla spyware Trojan. The impersonated engineering contractor (Enppi – Engineering for Petroleum and Process Industries) has experience in onshore and offshore projects in oil and gas, with attackers abusing its reputation to target the Read more about Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal[…]

Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene. The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged Read more about Security lapse exposed creepy Clearview AI source code[…]

A critical vulnerability in VMware’s vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln (CVE-2020-3952), details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the Read more about That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed[…]

In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures. The analysis found that the unusual persistence was the result of rogue folders containing a trojan installer, neither of which was removed by a Read more about The secret behind “unkillable” Android backdoor called xHelper has been revealed[…]

Router biz Linksys has reset all its customers’ Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware. The mass reset took place after all user accounts were locked on 2 April, following infosec firm Bitdefender revealing that malicious persons were pwning Linksys devices through cred-stuffing attacks. Hackers Read more about Linksys forces password reset for Smart Wi-Fi accounts after router DNS hack pointed users at COVID-19 malware[…]

Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are Read more about Over 500,000 Zoom accounts sold on hacker forums, some being given away for free[…]

As much of the world works from home, an explosion of video conference calls has provided a playground not just for Zoombombers, phishermen and cybercriminals, but also for spies. Everyone from top business executives to government officials and scientists are using conferencing apps to stay in touch during the new coronavirus lockdowns and U.S. counterintelligence Read more about Foreign Spies Target Zoom, U.S. Intel Officials Say[…]

US senators have been advised not to use videoconferencing platform Zoom over security concerns, the Financial Times reports. According to three people briefed on the matter, the Senate sergeant-at-arms – whose job it is to run law enforcement and security on the Capitol – told senators to find alternative methods for remote working, although he Read more about The US Senate reportedly advised members to stop using Zoom[…]

Singapore has suspended the use of video-conferencing tool Zoom by teachers after “very serious incidents” in the first week of a coronavirus lockdown that has seen schools move to home-based learning. FILE PHOTO: FILE PHOTO: Zoom logo is seen in front of diplayed coronavirus disease (COVID-19) in this illustration taken March 19, 2020. REUTERS/Dado Ruvic/Illustration Read more about Singapore stops teachers using Zoom app after ‘very serious incidents’ (Zoom bombing)[…]

PIJNACKER – Het Stanislascollege in Pijnacker stopt per direct met het gebruik van de video-app Zoom voor het geven van online lessen. De school heeft meerdere berichten ontvangen van leerlingen, ouders en docenten dat er tijdens de lessen beelden of teksten te zien zijn die niet door de beugel kunnen. Woensdag besloot het Zoetermeerse Erasmus Read more about Stanislascollege Pijnacker stopt ook met Zoom door ‘beelden die niet door de beugel kunnen’: porno en Hitler snor tijdens Duits[…]

ZOETERMEER – Leerlingen van een klas van het Zoetermeerse Erasmus College hebben woensdagochtend, tijdens een les via de video-app Zoom, pornobeelden te zien gekregen. De school is onmiddellijk gestopt met het gebruik van Zoom. ‘We snappen dat jullie ontzettend geschrokken zijn’, schrijft de school in een mail aan de betreffende leerlingen. ‘We hebben natuurlijk direct Read more about Porno tijdens online les van Zoetermeerse school dus stoppen met Zoom[…]

For decades, the use of fingerprints to authenticate users to computers, networks, and restricted areas was (with a few notable exceptions) mostly limited to large and well-resourced organizations that used specialized and expensive equipment. That all changed in 2013 when Apple introduced TouchID. Within a few years, fingerprint-based validation became available to the masses as Read more about Attackers can bypass fingerprint authentication with an ~80% success rate[…]

Google has banned the popular videoconferencing software Zoom from its employees’ devices, BuzzFeed News has learned. Zoom, a competitor to Google’s own Meet app, has seen an explosion of people using it to work and socialize from home and has become a cultural touchstone during the coronavirus pandemic. Last week, Google sent an email to Read more about Google Bans Zoom Videoconferencing Software From Employees’ Computers[…]

A padlock—whether it uses a combination, a key, or “smart” tech—has exactly one job: to keep your stuff safe so other people can’t get it. Tapplock, Inc., based in Canada, produces such a product. The company’s locks unlock with a fingerprint or an app connected by Bluetooth to your phone. Unfortunately, the Federal Trade Commission Read more about Easy-to-pick “smart” locks gush personal data, FTC finds[…]

Zoom has been banned from government business in Taiwan in the latest setback for the hugely popular video-calling app. It follows revelations that some Zoom traffic was “mistakenly” routed through China, which does not recognise Taiwan’s independence. Taiwan’s government said public bodies should not use products with security concerns “such as Zoom”. But competitors like Read more about Zoom banned by Taiwan’s government over China security fears[…]

Some Docker installations are getting hammered by malware skiddies hoping to mine digital cash using other people’s CPU time. Infosec outfit Aqua – no, not the Barbie Girl band – said miscreants have spotted that a decent number of Docker deployments are lazily or inadvertently exposing the daemon API port to the public internet with Read more about If you don’t cover your Docker daemon API port you’ll have a hell of a time… because cryptocreeps are hunting for it[…]

After many schools adopted Zoom to conduct online lessons during the coronavirus lockdown, concerns about security and privacy have led to a ban on the video conferencing software across the US. The chancellor of New York City’s Department of Education Richard A Carranza sent an email to school principals telling them to “cease using Zoom Read more about American schools are banning Zoom and switching to Microsoft Teams[…]