A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. In these strange times certain platforms have gained increased popularity, Zoom being one appears to have attracted a lot of attention and not just from it’s users. Both sides of infosec have taken a bite. The news appears to be changing rapidly as Zoom react and deal with it. What is really true about the claims?
- Two Zoom Zero-Day Flaws Uncovered – The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victim’s microphone and camera.
- Yeah, that Zoom app you’re trusting with work chatter? It lives with “vampires feeding on the blood of human data”
- Zoom Removes Data-Mining LinkedIn Feature – The feature, criticized for “undisclosed data-mining”, is only the latest privacy faux pas for Zoom this month.
- Zoom’s end-to-end encryption isn’t actually end-to-end at all. Good thing the PM isn’t using it for Cabinet calls. Oh, for f…
And what is going on here?
Not wanting to miss out on the popularity stakes:
- Critical WordPress Plugin Bug Can Lock Admins Out of Websites – A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
- At the Supreme Court, Morrisons pops data breach liability win into its trolley – but it’s not a get-out-of-compo free card for businesses
- 44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig – Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
- Apple’s latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause?
- Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs – Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.
- Poured your info out on a call to 118 118 Money? Bad luck. Credit provider ‘fesses up that hacker nabbed customer service phone recordings
- You know all those stories of leaky cloud buckets taken offline? Well, some may still be there, just badly hidden
- Why is ransomware still a thing? One-in-three polled netizens say they would cave to extortion demands
- Nation-State Attacks Drop in Latest Google Analysis – Phishing and zero-days continue to be a core part of the APT arsenal.
- Australian state will install home surveillance hardware to make sure if you’re in virus isolation, you stay there