Facebook Fixes Messenger Bug That Allows Audio to be Transmitted Without a User’s Permission
A critical flaw in the Facebook Messenger messaging app for Android which allowed callers to listen to users’ surroundings without permission has been fixed by Facebook. The bug allowed callers to eavesdrop on the person they were calling before the call was answered. In order to exploit the flaw, a caller would need to send a type of message known as SdpUpdate to the person they were calling, which would allow them to connect to the...
Study Reveals New Financial Services Employees are Immediately Given Access to Millions of Files
A recent study conducted by Varonis has revealed new employees are given excessive permissions and can access a huge amount of company data from their first day on the job. The study was conducted on 56 companies in the financial services and Varonis analyzed a dataset of around 4 billion files. The study revealed employees have access to an average of 10.8 million files as soon as they join the company, with the number rising to...
Zoom Implements New Features to Tackle Zoombombing
Zoom recently agreed to settle allegations of lax cybersecurity and misrepresentation of the level of encryption provided by its teleconferencing platform with the U.S. Federal Trade Commission (FTC). The settlement required Zoom to implement additional security controls and accurately describe the security features of the platform moving forward, although the company was able to avoid a financial penalty. Just a few days after the...
Malsmoke Campaign Delivers ZLoader Malware via Popups on High Traffic Adult Websites
A malware distribution campaign identified by security researchers at Malwarebytes is now distributing a ZLoader malware variant via popups on popular adult websites. The campaign – named Malsmoke by Malwarebytes – has been active since at least August 2020. Initially, the threat actors were using exploit kits to deliver the Smoke Loader malware dropper; however, in October they changed tactics and switched to fake Java update...
Time to Switch from SMS and Phone-Based MFA to More Secure Authentication Methods
Multi-factor authentication is an important security measure to prevent compromised credentials from being used to gain access to accounts and sensitive data, but not all forms of MFA are equal. Earlier this year, Microsoft explained in a blog post that MFA is effective at blocking 99.9% of automated attacks on Microsoft accounts. While the advice remains the same – enable MFA on all accounts if possible – Microsoft is now urging...