Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization’s entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw, impacting both desktop and web versions of the app, was discovered by cybersecurity researchers at CyberArk. After the findings were responsibly disclosed on March 23, Microsoft patched the vulnerability in an update released on April 20.
Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named “VictoryGate,” has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised devices.
The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.
The World Health Organization this week disclosed that some 450 active WHO email addresses and passwords were leaked online recently amid a big overall increase in cyberattacks directed at its staff. WHO is one among several groups working to fight the COVID-19 pandemic that have reportedly had their email addresses and passwords dumped online in recent days by an unknown entity. The others allegedly include the Gates Foundation, the US Centers for Disease Control and Prevention (CDC) and the National Institutes of Health, according to the Washington Post, which cited a report from the SITE Intelligence Group.
Malicious actors could potentially harvest data over the air and use it to shake confidence in the public-health system, EFF says. Privacy advocates are urging developers to proceed with caution as they use technology released by Apple and Google to build COVID-19 contact-tracing apps — and are warning against the potential for cybercriminal use.