This week, whilst some vulnerabilities and acquisitions have been announced, Zoom continues to dominate the headlines in the cybersecurity community. Let's go and see what happened.
1. The department of Cyber Security in Taiwan decided that government agencies and some private entities would not be allowed to use specific video conferencing software associated with security and privacy issues. One forbidden software is Zoom which has been rather careless about its service's security, as more and more security flaws are coming to light. Most recently, a team of researchers discovered that the Zoom's videos calls are routed through China, creating fears of data exposure to the Chinese authorities. Even though not explicitly stated, this discovery is likely to be the reason why Taiwan has banned Zoom from the selected agencies, considering the political tension between the two neighbours.
2. A vulnerability researcher has been awarded $75,000 after disclosing seven zero-day vulnerabilities in the Apple Safari browser. Some of those vulnerabilities allow the attacker to compromise the microphone and camera of the victim just by visiting a booby-trapped site. Thankfully, all the vulnerabilities have been patched, with two patchers released in January and March. We want to remind you of the importance of updating your software to avoid compromise.
3. On other news, Microsoft ended up buying the "corp. com" domain name for $1.7 million to protect data of its customers. The domain was faultily translated to be the internal "Active Directory" domain "corp" when a user was logged in from an outside network. This error could allow the owner of "corp. com" to intercept private communications from hundreds of thousands of computers. In a written statement, Microsoft said that it acquired the domain to protect its customers.
4. New research was able to create fake fingerprints using a 3D printer that can defeat the fingerprint authentication on a variety of phones and laptops. The researchers used specific materials to trick optical, capacitive and ultrasonic sensors and managed to have an 80% success rate while using the fake fingerprint. Cracked devices include iPhone 8, Samsung S10, Huawei P30 lite, Macbook Pro 2018 and an AICase Padlock. Following this recent report, we would like to emphasise just how important having two-factor authentication is, especially a strong password and an OTP token.
5. A 39-year-old man has been arrested in the US for spreading misinformation about COVID-19 on his Facebook page. In his post, the man stated that he had paid someone to spread the virus around grocery stores deliberately, which as he said was done to prevent people from going outside. The spread of misinformation is one of the biggest challenges in the cyber world at the moment. On research done by Ofcom, half of UK adults have been exposed to fake news online, something that has forced the UK government to launch a rapid response unit to combat the online misinformation about the virus. Especially now that even state actors like China are trying to create fake conspiracy theories that the pandemic started as a US military plot, people must find accurate, trustworthy and credible sources of news and advice.