Select Page
Zoom Caught in Cybersecurity Debate — Here’s Everything You Need To Know

Zoom Caught in Cybersecurity Debate — Here’s Everything You Need To Know

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal.

The app has skyrocketed to 200 million daily users from an average of 10 million in December — along with a 535 percent increase in daily traffic to its download page in the last month — but it’s also seen a massive uptick in Zoom’s problems, all of which stem from sloppy design practices and security implementations.

Zoom may never have designed its product beyond enterprise chat initially, but with the app now being used in a myriad number of ways and by regular consumers, the company’s full scope of gaffes have come into sharp focus — something it was able to avoid all this time.

But if this public scrutiny can make it a more secure product, it can only be a good thing in the long run.

images from Hacker News

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

If you use Apple iPhone or MacBook, here we have a piece of alarming news for you.

Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device’s camera, microphone, or location, and in some cases, saved passwords as well.

Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren, who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them.

The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020).

“If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom,” Pickren said.

When chained together, three of the reported Safari flaws could have allowed malicious sites to impersonate any legit site a victim trusts and access camera or microphone by abusing the permissions that were otherwise explicitly granted by the victim to the trusted domain only.

images from Hacker News

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers.

According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into web-pages to phish payment data.

MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data.

Magecart attacks usually involve bad actors compromising a company’s online store to siphon credit card numbers and account details of users who’re making purchases on the infected site by placing malicious JavaScript skimmers on payment forms.

It’s the latest in a series of attacks by Magecart, an umbrella term for eight different hacking groups, all of which are focused on stealing credit card numbers for financial gain.

Hackers associated with Magecart tactics have hit many high profile websites in the past few years, including NutriBulletOlympics ticket reselling websites, Macy’s, TicketmasterBritish Airways, consumer electronics giant Newegg, and many other e-commerce platforms.

RiskIQ had said it took just 22 lines of JavaScript code infection for the attackers to gain real-time access to the sensitive data in question.

images from Hacker News

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.

No doubt, Zoom is an efficient online video meeting solution that’s helping people stay socially connected during these unprecedented times, but it’s still not the best choice for everyone—especially those who really care about their privacy and security.

According to cybersecurity expert @_g0dmode, the Zoom video conferencing software for Windows is vulnerable to a classic ‘UNC path injection‘ vulnerability that could allow remote attackers to steal victims’ Windows login credentials and even execute arbitrary commands on their systems.

Such attacks are possible because Zoom for Windows supports remote UNC paths that convert potentially insecure URIs into hyperlinks when received via chat messages to a recipient in a personal or group chat.

Hacking Zoom to Steal Windows Passwords Remotely

Confirmed by researcher Matthew Hickey and demonstrated by Mohamed Baset, the first attack scenario involves the SMBRelay technique that exploits the fact that Windows automatically exposes a user’s login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.

To steal Windows login credentials of a targeted user, all an attacker needs to do is sent a crafted URL (i.e., \\x.x.x.x\abc_file) to a victim via a chat interface.

Once clicked, the attack would eventually allow the attacker-controlled SMB share to automatically capture authentication data from Windows, without the knowledge of the targeted user.

images from Hacker News

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers.

Named “Vollgar” after the Vollar cryptocurrency it mines and its offensive “vulgar” modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet.

Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.

images from Hacker News

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years.

“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property,” Marriott said in a statement.

“We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”

The incident exposed guests’ personal information such as contact details (name, mailing address, email address, and phone number), loyalty account information (account number and points balance), and additional information such as company, gender, dates of births, room preferences, and language preferences.

The hospitality giant said an investigation into the breach was ongoing, but said there was no evidence that Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers were compromised.

Marriott has also set up a self-service online portal for guests to check whether their personal details were involved in the breach, and what categories of information were exposed. In addition, it’s offering affected users an option to enroll in IdentityWorks, a personal information monitoring service, free of charge for 1 year.

The company has already taken the step of disabling the passwords of Marriott Bonvoy members who had their information potentially exposed in the incident, and they will be notified to change their passwords during the next login, as well as prompted to enable multi-factor authentication.

images from Hacker News