Posts

Security Researchers Band Together To Expose Hidden Flaws In Zoom & Microsoft Teams / Digital Information World

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Vulnerabilities in the software makeup of popular video-conferencing apps Zoom and Microsoft Teams have been revealed by teams of hackers. For once, however, such an attack may not be as uninvited as usual considering all of these individuals were participating in a competition.

As part of the annual Pwn2Own competition, individuals proficient in coding and other computer security skills were put to the task of identifying potential weak points and design flaws in Zoom and Teams, as a prophylactic measure to prevent future mass hacking attacks from taking place. And what is Pwn2Own, one might venture to ask? Well, as can be surmised from the previous sentence, it’s a convention housing cybersecurity researchers and experts from across the globe, that mainly serves to address security concerns in popular applications by banding together and looking for them. Active since 2007, the Pwn2Own initiative started out in Vancouver as a response to the lack of initiative companies such as Apple were taking in beefing up their own security measures. From there on, the conference and competition has bloomed to involve a multinational audience, and has even been sponsored by the likes of Microsoft.

The sponsorships themselves are particularly of note due to the exorbitant amount of money participants win if they successfully expose weaknesses and deficits in the software presented. This year’s contestants were awarded a total sum of USD $40,000, even if it came at the expense of inciting minor paranoia in users of Zoom and Microsoft Teams. Then again, one must ponder, what were the weak links? What oversights did developers make in this process? Well, let’s get around to addressing them.

Without delving too much into technical jargon, Zoom’s safety boundaries were overcome via a third-party software developed by the participants themselves. Instead of relying on malware, however, all it took was a software appearing as a calculator to breach security. This bizarre act of ingenuity was achieved by two developers from the Netherlands-based cybersecurity firm Computest. Microsoft Teams also received sufficient attention, as multiple individuals (both independent workers and firm…

Source…

G DATA Internet Security 4.15.2020



Suspected China Hack of Microsoft Shows Signs of Prior Reconnaissance


Microsoft Corp. and U.S. government officials are still working to understand how a network of suspected Chinese hacking groups carried out an unusually indiscriminate and far-reaching cyberattack on Microsoft email software, more than a month after the discovery of an operation that rendered hundreds of thousands of small businesses, schools and other organizations vulnerable to intrusion.

A leading theory has emerged in recent weeks, according to people familiar with the matter: The suspected Chinese hackers mined troves of personal information acquired beforehand to carry out the attack.

Such a method, if confirmed, could realize long-held fears about the national security consequences of Beijing’s prior massive data thefts. And it would suggest the hackers had a higher degree of planning and sophistication than previously understood.

“We face sophisticated adversaries who, we know, have collected large amounts of passwords and personal information in their successful hacks,” said Anne Neuberger, President Biden’s deputy national security adviser for cyber and emerging technology. “Their potential ability to operationalize that information at scale is a significant concern.”

Soon after the hack on computer systems using Microsoft Exchange Server was discovered in March, senior national security officials in the Biden administration recognized it as a major international cybersecurity problem.

Source…

Eset Internet Security Tested!