In July, security firm Forescout discovered that DTEN touchscreen smart TVs, one of video conference service Zoom’s “certified hardware providers,” can be hacked to allow evildoers to bug conference rooms and capture video feeds and whiteboard notes. A two-week study of the DTEN D5 and D7 connected displays revealed five bugs, three of which have been patched but two of which remain. After Forescout disclosed the flaws to DTEN, it decided to go public to raise awareness of the security threat. Continue reading Multiple Bugs Made Zoom Hardware Susceptible to Hackers

One of the benefits of 5G, expected to be 100 times faster than 4G networks, is the improved protection of sensitive data. Much of the conversation about 5G networks has focused on the security issues related to Chinese vendors of gear used in 5G networks. But Verizon chief information officer Chandra McMahon noted that “security is designed into 5G and there will be additional [security] technical features.” Another advantage is that 5G providers will rely on the cloud, providing more capacity and flexibility. Continue reading 5G Offers Wireless Carriers More Security, Privacy Options

Russian hackers have been responsible for serious cybercrimes in the last few years, including Sandworm, a group of hackers who attacked the 2018 Olympics, among other targets. Now, Russia is seeking to replace the 2001 Budapest Convention on Cybercrime with a new agreement that will align with its interests. The country is playing hardball in its attempt to prevent its citizens arrested abroad to be extradited to the U.S. for trial, including holding an Israeli citizen for trade with a Russian hacker held in that country. Continue reading Russia Boosts Efforts to Foil Extradition of Hackers to U.S.

Last week, hackers took over the Twitter account of that company’s chief executive Jack Dorsey, using SIM-swapping, a technique that lets hackers access social media, email, financial accounts and other sensitive data. SIM-swapping, by which hackers take over the target’s phone, is being used to steal money and take over the “online personae” of celebrities, politicians and other notable people. In response, Twitter temporarily turned off the feature that allows users to send tweets via text message. Continue reading Hackers Increasingly Use SIM-Swapping to Hijack Accounts

The Defense Advanced Research Projects Agency (DARPA) published a concept document for the Semantic Forensics (SemaFor) program, aimed at stopping “large-scale, automated disinformation attacks,” by detecting fakes among thousands of audio clips, photos, stories and video. As the 2020 Presidential election approaches, U.S. officials are working to prevent hackers from spreading disinformation on social platforms, but Senate majority leader Mitch McConnell won’t consider any election security laws. Continue reading DARPA Attempts to Stop Automated Disinformation Attacks

In September 2017, hackers broke into credit agency Equifax, compromising almost 150 million Social Security numbers and other personal information. Now, according to sources, under the terms of an agreement with the Federal Trade Commission, Consumer Financial Protection Bureau and most state attorneys general, Equifax will pay about $700 million to settle with these agencies as well as a nationwide consumer class-action lawsuit. The exact amount of the settlement depends on the number of consumer claims ultimately filed. Continue reading 2017 Data Breach Likely to Cost Equifax Up to $700 Million

Threat intelligence firm Mimecast revealed that hackers are exploiting a Microsoft Excel feature called Power Query to facilitate Office 365 attacks. This feature lets legitimate users combine data from various sources by linking to those components in a spreadsheet. Hackers replace a link with another that leads to a site infected with malware. The hacked Excel spreadsheets then allow attackers to install backdoors, using the software program’s own tools. Meanwhile, Apple has yet to fix a macOS bug first identified by a cybersecurity researcher in February. Continue reading Researchers Identify Bugs in Microsoft Excel, Apple macOS

Ohio-based cybersecurity firm Finite State released a report that documents flaws in Huawei Technologies’ equipment that can be used by hackers. According to the report, these flaws are much more extensive than those found in similar gear from rival companies. The report does not, however, accuse the company of incorporating these flaws deliberately and does not comment on U.S. claims that the Chinese company uses such flaws to conduct espionage. The flaws were found in firmware, which enables a computer’s hardware. Continue reading Cybersecurity Report Finds Extensive Flaws in Huawei Gear

Hackers likely associated with the Chinese government broke into at least 10 global telecom carriers, stealing call logs, users’ locations and text-messaging records, according to a report from Boston-based Cybereason. The cybersecurity firm spent 2018 scrutinizing a multi-year, ongoing campaign, suspected to be directed by China and aimed at 20 military officials, spies, law enforcement and dissidents in Africa, Asia, Europe and the Middle East. Cybereason believes the recent hacks point to Chinese group APT10. Continue reading Report: Suspected Chinese Hackers Target Global Telecoms

Industry insider Ming-Chi Kuo reported that Apple plans to introduce some significant changes in its 2020 iPhones, including 5G connectivity and design upgrades. But owners of iPhones and other iOS devices are likely concerned about the recent news that every one of the world’s current 1.4 billion iPhones and iPads can be hacked. Israel-based Cellebrite demonstrated that it can perform a “full file extraction” on any iOS device, as well as on high-end Android devices. Further, law enforcement can pay for that ability without having to send devices to Cellebrite. Continue reading Apple’s 2020 iPhones to Introduce 5G and Design Updates

The nonprofit Cyber Threat Alliance (CTA) has organized its members, which includes some big tech companies such as Cisco, McAfee, Palo Alto Networks and Symantec, to share knowledge about software bugs and hacking threats, to alert their customers and limit the damage. To do so, the companies have decided to put cybersecurity ahead of the competition. Dubbed “early sharing,” the strategy goes into action as government-linked groups in China, Iran, North Korea and Russia run devastating hacking campaigns. Continue reading Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

Facebook, Intel and Microsoft announced bugs in their software this week. Facebook patched WhatsApp to prevent hackers from using it to install spyware on mobile phones. Intel described its efforts to fix a problem with its chipsets that allow attackers to access private data. Now Microsoft warned that it just patched a bug similar to the WannaCry ransomware crypto-worm that attacked computers around the globe in 2017. The company said that, to its knowledge, no one yet had exploited the Windows vulnerability. Continue reading Microsoft Warns Windows Bug May Be Abused by Hackers

Intel and micro-architecture security researchers discovered new vulnerabilities in the company’s chipsets that allow hackers to “eavesdrop” on all processed raw data. Four attacks showed similar techniques, which Intel dubbed Microarchitectural Data Sampling (MDS) and the researchers have named ZombieLoad, Fallout and Rogue In-Flight Data Load (RIDL). The discovery comes more than a year after Intel and AMD identified Meltdown and Spectre, two major security flaws. AMD and ARM chips are not vulnerable to these new attacks. Continue reading Intel, Researchers Team to Address Security Flaws in Chips

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability. Continue reading WhatsApp Calls Used to Inject Spyware on Mobile Phones

Congress introduced the Internet of Things Cybersecurity Improvement Act yesterday, in an effort to position legislative power behind securing connected devices. Defense Intelligence Agency director Lieutenant General Robert Ashley told lawmakers last year that IoT devices are considered one of the “most important emerging cyberthreats” to national security. Without a national standard for IoT security, we need to rely on steps taken by individual companies. The legislation, which was first introduced in 2017, would require security standards for IoT devices used by the federal government. Continue reading Congress Introduces IoT Bill to Protect Connected Devices