Is Zoom safe and should security teams ban it?

The rapid rise to prominence of videoconferencing and collaboration application Zoom during the Covid-19 coronavirus pandemic is highlighting more and more cyber security problems with the service, which has been downloaded millions of times to personal and enterprise devices across the globe.

Earlier this week Check Point threat researchers reported on a surge in fraudulent Zoom domains being used to lure in unsuspecting users and steal their personal information. Now, more threat researchers have piled in with disclosures of their own, and some go so far as to recommend people stop using Zoom altogether. Among them is Patrick Wardle, a former NSA cyber security operative and now principle security researcher at Jamf, who highlighted two dangerous zero day exploits on his blog.

Both these vulnerabilities, which have now been patched, affected the Apple macOS version of Zoom and are easily exploited by an attacker who with physical control

Read More

Microsoft is working on mitigating an entire Windows bug class

Microsoft is working on developing comprehensive mitigation for a class of Windows bugs that have plagued the operating system for more than two decades.

Israeli security researcher Gil Dabah told ZDNet that a fix is currently in the works.

Earlier today, Dabah published proof-of-concept code and a report detailing 25 bugs, all exploiting variations on the same type of vulnerability.

Bug class impacts the old Win32k component

Dabah’s work expands on an attack surface in the Windows operating system that’s been known since the mid-90s. The vulnerability class impacts Win32k, a Windows component that manages the user interface on Windows 32-bit architectures, and the interactions between UI elements, drivers, and the Windows OS/kernel.

Today, the Win32k component still ships with Windows, even on 64-bit versions, where it acts as a legacy layer, allowing older apps to run on modern systems.

But the problem comes from how this component evolved. In

Read More

Use of fintech apps in Europe accelerates

Fintech apps have seen a surge in take-up in Europe over the past week, as people adapt their lifestyles to cope with limitations on mobility amid the Covid-19 pandemic.

As people are told to stay at home, digital banking apps are being increasingly used, along with other digital services.

According to a study by financial advisory deVere Group, the use of fintech apps in Europe surged 72% in the past week. Meanwhile, the use of cash in the UK dropped by 50% in the days following the UK government announcing limits on people’s movements, known as lockdown, according to the UK ATM network Link. The exchanging of cash can spread the virus and some retailers stopped accepting it early in the lockdown.

“The world has changed in the past few weeks,” said James Green, divisional manager Europe at deVere Group. “The measures we’re now all taking to help the fightback

Read More

There’s now COVID-19 malware that will wipe your PC and rewrite your MBR

With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer’s master boot record (MBR).

With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created only as tests or jokes.

The common theme among all four samples is that they use a coronavirus-theme and they’re geared towards destruction, rather than financial gain.

MBR-rewriting malware

Of the four malware samples found by security researchers this past month, the most advanced were the two samples that rewrote MBR sectors.

Some advanced technical knowledge was needed to create these strains as tinkering with a master boot record is no easy feat and could easily result in systems that didn’t boot at all.

The first of the MBR-rewriters was

Read More

Security, network services top enterprise challenges for deploying UCaaS, CCaaS

With distributed working taking place on unprecedented levels, unified-communications-as-a-service (UCaaS) and contact-centre-as-a-service (CCaaS) solutions have never been so important, but businesses are still finding their implementation a challenge.

According to a market trends report based on research by software-defined network and cloud platform provider Masergy, security and network services are the top challenges for enterprises deploying or considering UCaaS and CCaaS technologies, and decision-makers prefer bundled solutions that add security features, a software-defined network and 24/7 performance monitoring.

Conducted in partnership with IDG Research, the study analysed responses from IT decision-makers at global enterprises that are evaluating, planning to implement, or have implemented UCaaS or CCaaS. Findings revealed that data security and network performance were the top two areas that IT focuses on to ensure their UCaaS and CCaaS solutions are successfully delivering on business goals.

As regards security, 70% said it was an issue with regards to

Read More

Top Best Buy Black Friday 2019 tech deals


(Image: Getty Images/iStockphoto)

Best Buy’s Black Friday ad is always one of the most anticipated of the holiday shopping season, and one pleasant surprise with its release this year is that many of the deals are already available, a sign that online shopping continues to erode the “magic” of Black Fridays past when people trampled each other to get to doorbuster specials before they ran out. 

We’ve covered Best Buy’s Black Friday Apple deals elsewhere, but below are several other sales that caught our eye.

When is Best Buy’s Black Friday Sale?

Best Buy has already announced all the Black Friday 2019 deals it plans to offer in its annual Black Friday ad  Luckily for us, some of these deals are now live, but others won’t be live until Nov. 28. Best Buy is also highlighting a new sale daily with its special Deal of the Day promotion. 

Black

Read More