Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. With COVID-19 driving unprecedented levels of remote working, video conferencing software is under the privacy and security microscope.
If vulnerabilities in 4G cellular networks that can expose them to denial-of-service and other attacks are not addressed, emerging 5G networks could inherit these same issues, the security firm Positive Technologies reports.
More than two dozen healthcare organizations and technology firms have formed a coalition to help address the COVID-19 crisis by using secure information sharing and data analysis. But observers warn the group must devote enough attention to privacy and security issues.
Cybercriminals are waging brute-force attacks that enable them to change DNS settings on home and small business routers to redirect victims to fake COVID-19-themed websites that push infostealer malware, according to the security firm Bitdefender.
The COVID-19 pandemic has exposed more than policy and social gaps, says U.K.-based cybersecurity expert John Walker. It's also manifested in digital exposures born out of lack of preparedness and bad practices. Walker offers insights on improving the cyber response.
Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft.
The latest edition of the ISMG Security Report analyzes how and why Russia is spreading disinformation about the COVID-19 pandemic. Plus: the latest CCPA regulation updates; a CISO's tips on securely managing a remote workforce.
Russian authorities typically turn a blind eye to cybercrime committed by citizens, provided they target foreigners. But as the recent "BuyBest" arrests of 25 individuals demonstrate, authorities do not tolerate criminals that target Russians, and especially not anyone who targets Russian banks.
Microsoft has announced that it will pause all non-essential updates for Windows, while both Google and Microsoft have said their Chrome and Edge browsers will, for now, receive only stability and security updates. The moves come as IT teams are continuing to respond to the ongoing fallout of the COVID-19 pandemic.
Although most companies acknowledge the importance of securing their perimeters and endpoints, many are still reactive in their approach to security, says Dipesh Kaura of Kaspersky, who advocates a "security by design" approach.
More bad ransomware news: Following in the footsteps of Maze, now even more cybercrime gangs are threatening to not only crypto-lock systems but also leak stolen data. Such moves come following a banner year for ransomware operators, who are continuing to bring more advanced tactics to bear.
At its core, cybersecurity is about applying scarce resources to the highest risk. And nothing quite puts that tenet to the test like the COVID-19 pandemic. Jim Routh, CISO of MassMutual, discusses the challenges of managing a remote workforce and third-party relationships during this crisis.