Janus Associates Blog - Bringing You Cybersecutity Industrty News and Threat Reports

Cyber Threat Report: Cyber Security News for 05/27/22

Written by Janus Associates | May 27, 2022 11:45:00 AM

Patch Now: Zoom Chat Messages can Infect PCs, Macs, and Phones with Malware
Zoom recommends updating the app if you have done so yet. Scammers can now send messages through Zoom chat that can cause your vulnerable client app to install malicious code from an arbitrary server, such as malware and spyware. Read More

Department of Justice (DOJ) Revises Policy for Good-Faith Security Researchers
Last week the Department of Justice (DOJ) announced a revised policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA) Read More

Microsoft: How to Defend Windows Against These New Privilege Escalation Attacks
Microsoft is warning Windows domain admins to implement mitigations against an authentication weakness related to Active Directory. Read more

Employees’ Email still Drives Most of the Data Loss at Organizations
Three out of five of the 614 U.S.-based corporate IT security experts who were surveyed in March 2022 said that their own organizations had “experienced data loss or exfiltration caused by an employee mistake on email” in the previous 12 months. Read More

Ad-Tech Firms Grab Email Addresses from Forms Before They're Even Submitted
Researchers find widespread harvesting of info without consent. Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent. Read More

How to Stop Spam Messages on Your iPhone with This
This quick-fix solution can solve all your problems regarding spam text messaging on your iPhone–and with a feature that is already in iOS! Read More

Time to Update: Google Chrome 102 Arrives with 32 Security Fixes, One Critical
Google is urging Chrome users to update the browser now in order to fix a critical flaw. Read More

Twitter to Pay $150 Million Penalty for Allegedly Breaking its Privacy Promises—Again
Twitter asked users for personal information for the express purpose of securing their accounts, but then also used it to serve targeted ads for Twitter’s financial benefit. Read More

Russia Keeps Getting Hacked
Oh, how the tables have turned. In a meeting with the Russian Security Council on Friday, Russian President Vladimir Putin said the number of cyberattacks by foreign "state structures" had increased several times over. Read More

Chicago Public Schools Data Breach Blamed on Third-Party Ransomware Attack
Attackers gained access to 495,448 student records that included names, dates of birth, genders, grade levels, courses taken, and more. Also exposed, is an estimated 56,138 staff records. Read More

Utilities Sector: There is No Path of Least Resistance When It Comes to Cybersecurity Policies
There are too many ‘Chiefs’ with their own biases trying to manipulate and control public opinion and squelch the innovative achievements of technical people looking to solve these problems. Read More

Chatbots Used to Steal User Credentials in New Phishing Campaign
Cybercriminals are finding new ways to trick users into providing their credit card data. A new technique makes use of an artificial chatbot to build trust with victims. Learn more about this threat and how to protect yourself from it. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

In this week's news, Zoom has fixed their latest security breach in the system tracked as the CVE-2022-22787. This bug received a CVSS severity score of 5.9 out of 10, with the capability of accessing a user’s device and implementing malicious code through Zoom’s chat messaging tool. Receiving a chat message could cause your Zoom program to install malicious code from an arbitrary server, such as malware and spyware. Without proper standards put into place, this can leave your network vulnerable. This, in part, is why it is encouraged to perform regularly scheduled updates and system backups.

The Department of Justice just announced a new policy for charging cases under the Computer Fraud and Abuse Act (CFAA). Under the newly implemented policy, security hacks and/or breaches done in ‘good faith’ cannot be charged. DOJ defines ‘good faith’ under the pretense that researchers are performing these acts as a means to help improve current cybersecurity standards. Working with cyber security organizations, like JANUS, that perform CIO and CISO services, can allow organizations the opportunity to receive proper training and monitorization of their systems so that chances of threats decrease.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.