The Cyber Insecurity Show: Home Networks, Zoom Zero Day, Mobile App Fraud and Emergency Management
Welcome to the second episode of Cyber Insecurity, eLearnSecurity’s weekly show on all things cyber security. You can check us out on YouTube or on INE’s The IT Experts Network wherever you listen to podcasts.
This week Neal Bridges, Jeff Golz and Matt Kreisher tackle a number of topics related to the increased threat landscape due to COVID-19. Cyber security teams have been working non-stop since the beginning of the pandemic to secure networks, build out VPN infrastructure and test applications for security vulnerabilities. But sometimes it feels like facing a tidal wave with a Boogie Board.
Check out this week’s episode for more information on consumer network vulnerabilities, another zoom zero day, mobile application attacks, and cyber security’s role in emergency management.
Here’s a rundown of today’s show topics:
New Study Reveals the Insecurity of Home Routers
New research from Germany’s Fraunhofer Institute for Communications (FKIE) found that home routers across seven different vendors were riddled with security vulnerabilities. The institute tested 127 routers and found that the most secure contained at least 21 critical vulnerabilities.
On top of that, more than a third of routers used a Linux kernel (2.6.36) that was last updated for security in February of 2011. The large-scale failure of hardware vendors to secure their routers now brings new anxieties for many organizations. Most workforces are relying heavily on a remote workforce, and companies that do not deploy VPN technology are leaving themselves vulnerable to attack.
Zoom Patches Another Zero-Day Flaw
Zoom’s security concerns have lived under a microscope since the beginning of the Coronavirus pandemic. The company was unprepared for the influx in users it experienced since many companies transitioned to virtual meetings. Since March, security threats like “zoom bombs” have been making headlines nearly every week.
The company is once again struggling with bad press after another vulnerability was discovered and patched. This one affected legacy windows systems using Windows 7 or earlier operating systems. While it’s easy to single out Zoom for scrutiny, the truth is that CISOs are constantly struggling to secure their information from insecure software such as Zoom. Neal and Jeff talk about how security personnel can manage the influx still sleeping at night.
Mobile Fraud Shifts from Browsers to Apps in Q1
According to RSA’s Fraud and Risk Intelligence team, consumer-facing industries are experiencing a possible evolution in mobile application fraud deployment. While phishing remains the preferred fraud method, the tactics criminals use to deploy their TTPs changed in Q1 of 2020, with a dramatic shift away from mobile browsers in favor of mobile applications.
While this could be the natural ebb and flow of cyber criminality, more evidence is needed to understand how these changes will affect businesses moving forward. It’s possible that we’re seeing a coronavirus related change to TTPs, but CISOs should also understand that tides turn quickly in cyber security and mobile browsers could once again see the brunt of attacks in the last half of 2020.
Cyber Security’s Role in Emergency Management
What is cyber security’s role in the next natural disaster or pandemic? That’s the question John Breth and Corye Douglas are asking in a new article for CPO Magazine. The COVID-19 emergency has taught cyber security professionals how vital their roles are when businesses shift technology priorities as quickly as many did in early-March.
We hope you enjoyed this episode of Cyber Insecurity. Please rate and subscribe our podcast or leave a comment on YouTube.