Zoom and TikTok Improve Security Posture, Security Cameras, and Microsoft's Legal Battle

Your Weekly Cybersecurity News Roundup

Byte Sized News has gone to video! Check out the newest episode in video form below. Don’t worry though, you can still read the transcript below if you prefer to get your news in text-form.

As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.

Learn more about PlexTrac and the platform we provide to security professionals here.

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Our first story from the week comes from Krebs on Security!

Microsoft has executed a coordinated legal sneak attack in an attempt to disrupt the malware-as-a-service botnet Trickbot. For those who may not know, Trickbot has been a global menace in the cybersecurity industry and has infected millions of devices.

In a win for the good guys, a Virginia court granted Microsoft control over many of the servers that Trickbot uses to compromise infected systems. While this is great news, Trickbot isn’t dead yet. Obtaining these servers was a major blow to their key infrastructure, preventing the spread of new infections. But the infections already out in the wild will still need to be defended against.

You can read the full article by clicking this link

Zoom Finally Rolls Out End-to-End Encryption

Our next story comes to us from InfoSecurity Magazine!

Zoom has been in the headlines a lot in 2020, whether it’s details on their massive growth and success, or numerous security issues within the platform. This story is a positive one in the InfoSec sphere though, as Zoom has announced end-to-end-encryption for all of their users.

End-to-end-encryption, or E2EE, is vital to ensuring that the privacy and security of their users is maintained throughout all phases of the application The functionality will be available to all of Zoom’s paid AND free users and can host up to 200 participants in a meeting. Previously it was announced that E2EE would only be available to paid users but Zoom quickly backtracked after massive backlash.

There are caveats to this new feature, though. In the first phase of E2EE’s release the feature will not be available in some features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and reactions.

You can read the full article by clicking this link

Hackers Claim to Have Access to 50,000 Home Security Cameras

Our third story on the week also comes from InfoSecurity Magazine!

A hacking group that claims to have access to 50,000 home security systems is now selling access to them. The group, which has over 1000 members, has taken to the popular app Discord to advertise its illegal wares.

Access to cameras is being sold for a $150 one-off subscription, and the group claims to have shared over 3 terabytes of footage to this point. This group claims to have footage from all over the globe, including Thailand, South Korea, Singapore, and Canada.

This story just goes to show how important it is to secure all of your devices, whether they’re in the office or at home.   

We won’t share all of the details with you here, as they’re deeply disturbing, but you can read more on the topic by navigating to this link

TikTok Expands Disclosure Efforts on Cybersecurity Threats

Our fourth story from the week comes to us from The Hill and focuses on the fastest-growing Social Media app in the world — TikTok.

TikTok, much like Zoom, has been at the center of cybersecurity controversy in 2020. However, TikTok seems committed to strengthening its security.

This commitment was announced in a blog post on their website in which they announced a partnership with HackerOne. HackerOne is a vulnerability coordination and bug bounty platform that has a community of more than 750,000 ethical hackers and security researchers, according to TikTok.

The partnership between these two companies includes the launch of a new initiative, the creation of a “global bug bounty program” for TikTok. This bug bounty program aims to expand its current disclosure program and give an opportunity for both users and security professionals to identify and fix vulnerabilities on the platform.

You can read up on the full story by clicking this link

Half of All Virtual Appliances Have Outdated Software and Serious Vulnerabilities

Our last story from the week comes to us from CSO Online.

Virtual appliances are a popular way for software vendors to distribute their products to enterprise customers, but they aren’t without their issues. A new study from Orca Security scanned more than 2,200 virtual appliance images from 540 vendors and found that half of the appliances they scanned had included serious security issues.

The appliances with security concerns were highly vulnerable to compromise. Many vendors, including well-established ones, do a poor job of updating and patching the appliances, which only further compounds the problem.

In total, Orca found 401,571 vulnerabilities across 2,218 appliances. This announcement led to 287 products being updated and 53 being removed from distribution all together.

You can read more information on the story, including how Orca scored the appliances, by clicking this link

Check Out Our Latest Posts