{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

06/04/2020
linkedin facebook twitter instagram
WorkScoop
Zoom is trying to fix flaws uncovered by Cisco's Talos team. Google is making it easier to use physical security keys on iOS devices. And an email scammer faces up to 20 years in prison in Texas. This is CyberScoop for Thursday, June 4.

More crucial Zoom vulnerabilities

Cisco Talos researchers just uncovered two new flaws in Zoom that could allow attackers to execute arbitrary code on users’ computers, according to their findings. Both flaws relate to how Zoom processes messages. In the first, “Zoom’s zip file extraction feature does not perform validation of the contents of the zip file before extracting it,” Cisco Talos’ Jon Munshaw writes. The second flaw relates to how the Zoom client processes messages that contain animated GIFs. Zoom has partially fixed the vulnerabilities, according to Cisco Talos. Shannon Vavra has the news.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Google update aims for stronger mobile security

Google says Apple product owners will now be able to use Titan Security Keys, which fend off phishing and other threats, on personal and professional Google accounts. Google’s Advanced Protection Program, dedicated to protecting users at risk of targeted malicious software attacks, announced the update in a blog post. Now, by using near-field communication protocols, users should be able to sign in by tapping a security key on the back of an iPhone. Jeff Stone breaks it down.


Pyongyang's newest campaign?

North Korean actors known as Higaisa Group have launched a new campaign that uses decoy documents to distribute malicious shortcut files, according to new Malwarebytes research. Attempted hacks that occurred between May 12 and 31 used several kinds of fake documents, including one labeled as copyright policy, another disguised as an employment letter, and others as International English Language Testing System (IELTS) exam results, writes Malwarebytes’ Jerome Segura. The group ultimately works to deploy several malicious scripts and payloads. Read the blog here.


A guilty plea for a BEC scammer

A 64-year-old man has admitted his role in an email-based fraud scheme that relied on spoofed addresses to con two companies out of more than $500,000. Kenety Kim used email addresses that impersonated legitimate corporate accounts to intercept financial transfers, or to convince a firm to direct money into an account under Kim’s control, according to the plea deal. Business email compromise scams, in which attackers pose as a corporate vendor or trusted associate, accounted for $1.7 billion in reported losses in 2019, the FBI says. Jeff has the court docs.


Chinese hacking group has a new set of toys

Breaching air-gapped networks — those cut off from external network connections — is practically a rite of passage these days for APT groups. So a Chinese-speaking group known as Cycldek is using a hacking tool that relies on USB devices to steal data directly from computers, rather than trying to infiltrate their networks. In new research, Kaspersky traces the group’s activity in the last two years, when it has been rampant in attacking government organizations in Southeast Asia. More details here.


Tweet Of The Day

Image

Ok, this was yesterday, but still...shout out to the classics.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}