It seems lately not an hour goes by without news of another ZoomBombing happening, just as I was preparing this story comes this headline from Vermont Senate committee Zoom hearing derailed by porn hacker
A Vermont Senate Committee on Agriculture Zoom hearing, which was being live-streamed on Youtube, was interrupted by a hacker Thursday who screen shared pornographic videos before reaching into his pants.
The sudden outburst came as the committee had been in the midst of discussing school lunch access and how farms were faring during the COVID-19 crisis.
The first sign of trouble began with a sudden outburst of “p—- ass” and a racial slur before a video from the site Pornhub began to play.
Without blaming the Zoom administrators, many of these stories of ZoomBombings remind me of early conversations about using Amazon Web Services and hearing minds blown about insecure EC2 instances. I can’t tell you how many enterprises thought the workloads they ran in AWS were completely secure by default. More than a few shops were counting their stars nothing happened.
I suspect a number of Zoom users naturally feel the same way as early AWS users, but fear not, Zoom has a guide with a number of recommendations to keep your video conferencing secure.
When you share your meeting link on social media or other public forums, that makes your event … extremely public. ANYONE with the link can join your meeting.
Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is basically one continuous meeting and you don’t want randos crashing your personal virtual space after the party’s over. Learn about meeting IDs and how to generate a random meeting ID (at the 0:27 mark) in this video tutorial.
Familiarize yourself with Zoom’s settings and features so you understand how to protect your virtual space when you need to. For example, the Waiting Room is an unbelievably helpful feature for hosts to control who comes and goes. (More on that below.)
Manage screen sharing
The first rule of Zoom Club: Don’t give up control of your screen.
You do not want random people in your public event to take control of the screen and sharing unwanted content with the group. You can restrict this — before the meeting and during the meeting in the host control bar — so that you’re the only one who can screen-share.
Follow this link for more tips on how to keep your Zoom conferences secure.
Also, Founder and CEO of Zoom, Eric S. Yuan said in a blog posting today that effective immediately, Zoom will have a feature freeze for the next 90 days, and shifting all engineering resources to focus on their biggest trust, safety, and privacy issues.
- Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
- Preparing a transparency report that details information related to requests for data, records, or content.
- Enhancing our current bug bounty program.
- Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
- Engaging a series of simultaneous white box penetration tests to further identify and address issues.
- Starting next week, Yuan will host a weekly webinar on Wednesdays at 10 am PT to provide privacy and security updates to our community.
As we try to get used to the new normal, InfoSec News understands many cyber and information security professionals (including myself) are looking for their new security forever homes. As I find these calls for security professionals, I’m hopeful this might be the catalyst for breaking what has been broken forever. Hiring experienced professionals and competent security-aware people that can be trained to be that unicorn that many HR departments have been looking for.
The popular Infosec R&D company Grimm (https://grimm.rip), famous for only
taking on “difficult projects” is still hiring at a time when many of their
competitors are going out of business. The lack of competitors also means tons
of work coming in, so job security is solid. If you were laid off and have a
heavy Security Engineering (& DevSecOps) Exploit Dev and/or AppSec background
and want to work with some of the objectively smartest people in Infosec, check
out their job postings here https://www.grimm-co.com/caree
“General Resume Submission” link at the bottom if you want to be considered for
Research Analyst, Cyber Policy Initiative
Cyber Policy Initiative
The Carnegie Endowment for International Peace is seeking a Research Analyst to
work with scholars in our Washington DC-based Cyber Policy Initiative. Founded
in 1910, Carnegie is a top-ranked policy think tank with a unique global network
research centers in Russia, China, Europe, the Middle East, India, and the
United States. The Cyber Policy Initiative is part of Carnegie’s Technology and
International Affairs program, which also focuses on artificial intelligence and
The Research Analyst will primarily help build a project exploring how to
leverage market incentives to improve cyber risk management. For example, it
researches and promotes ways in which commercial insurers, major asset-holding
corporations, and credit-rating agencies, can set de facto standards that
promote cybersecurity more quickly, flexibly, and internationally than
governmental regulatory processes often do.
The Research Analyst will work closely with scholars to develop and execute
original research and writing projects such as policy briefs and longer research
reports and build partnerships within the private sector. Additional activities
include: Engaging with policymakers in the U.S. Congress and administration;
preparing and delivering briefings; attending and reporting back on relevant
events in the policy community; contributing to other areas of the Initiative’s
work on cyber policy and strategy; and occasional administrative support, such
as organizing public and private events.
The ideal candidate will have deep interest in technology policy, a willingness
to dive into new research topics, and possess the ability to perform within a
challenging program environment. Up to two years of relevant post-graduate
experience is a plus, but not required. Strong writing and research skills are
Located in Dupont Circle in Washington, DC, we offer an outstanding benefits
package. When applying, please include your resume/C.V. and cover letter. Please
apply via the Carnegie Endowment website:
All qualified applicants will receive consideration for employment without
regard to race, color, religion, sex, national origin, disability, protected
veteran status, sexual orientation, gender identity, or any other protected
Principal Technician (Cyber Security)-200286
Primary Location Belgium-Mons
NATO Body NATO Communications and Information Agency (NCI Agency)
Salary (Pay Basis) : 4,449.34Euro (EUR) Monthly
NATO offers you more than a job. It gives you a mission: building peace and
security for one billion people in Europe and North America. The NATO
Communications & Information Agency is leading NATO’s Digital Endeavour.
We are NATO’s technology and cyber leaders, helping NATO Nations to communicate
and work together in smarter ways. Our work is challenging and meaningful, and
you will develop and apply your expertise as part of a dynamic international
team of civilian and military professionals.
What do we offer?
Genuinely meaningful work as part of the most successful alliance in history
3 year contract with competitive tax-free salary and household and children’s
Privileges for expatriate staff including expatriation and education allowances
(where appropriate) and additional home leave
Excellent private health insurance scheme
Generous annual leave of 30 days plus official holidays
Retirement Pension Plan
About the job
Based in Mons, Belgium you will join the Agency as we embark on a journey to
transform our IT services to support NATO’s Digital Endeavour. You will be
responsible for production and management of Security Hardening, Configuration
and Installation guidelines; providing security expert assistance and support in
analysis of security incidents and resolution; reviewing documents to be
published on NCSC Portals, or provided to NCSC customers, as part of projects
For a full list of duties, please review the job description. Here.
We’re looking for a talented and knowledgeable Principal Technician (Cyber
Security) professional with ideally a higher vocational training in a relevant
discipline with 3 years post-related experience; or, a secondary educational
qualification with 5 years post-related experience A different qualification
coupled with particularly relevant experience may also be considered.
Knowledge of English, both written and spoken, is essential.
Not that McAfee!
Actress Alexis Bledel, best known for her role as Rory Gilmore in network television’s “Gilmore Girls,” tops McAfee’s U.S. list of most dangerous celebrities to search for online. For the thirteenth year, McAfee researched which famous individuals generate the riskiest results that could potentially expose their fans to malicious websites and viruses.
Referred to as a “good girl” and “bookworm” in her role in “Gilmore Girls” and Netflix’s sequel “Gilmore Girls: A Year in the Life,” it may come as a surprise that Alexis Bledel was found to be the most dangerous celebrity by McAfee. Her repertoire also includes roles in the “Sisterhood of the Traveling Pants” movies, and more recently, playing Ofglen in Hulu’s acclaimed “The Handmaid’s Tale,” which came to a series end in August 2019.
Trailing Bledel at No. 2 is beloved Late Late Night talk show host James Corden, followed by “Game of Thrones” star Sophie Turner (No. 3), actress Anna Kendrick (No. 4), “Us” leading lady Lupita Nyong’o (No. 5), SNL and talk show star Jimmy Fallon (No. 6), martial arts master Jackie Chan (No. 7), rappers and musicians Lil Wayne (No. 8) and Nicki Minaj (No. 9), and finally Marvel actress Tessa Thompson (No. 10).
The truth is consumers are faced with endless options to feed their obsession with celebrities. They are interacting with content across multiple devices and conducting potentially dangerous searches across the internet to find the latest information or gossip without fear of consequence. For cybercriminals, this creates a field day to lure unsuspecting consumers to malicious websites that may install malware or steal personal information and passwords.
“Consumers may not be fully aware that the searches they conduct pose risk, nor may they understand the detrimental effects that can occur when personal information is compromised in exchange for access to their favorite celebrities, movies, TV shows or music,” said Gary Davis, chief consumer security evangelist at McAfee. “Criminals use deceptive websites to dupe unsuspecting consumers into accessing malicious files or content. It is essential that consumers learn to protect their digital lives from lurking cybercriminals by thinking twice before they click on suspicious links or download content.”
The top 10 celebrities from this year’s U.S. study are:
McAfee’s most dangerous actresses, Alexis Bledel and Sophie Turner, are well known for their powerful roles in their respective series – Hulu’s “The Handmaid’s Tale” and HBO’s “Game of Thrones.” Additionally, their names are strongly associated with searches including the term “torrent.” With many popular shows available via streaming services, consumers have access to more content than ever before, yet they still choose to put their digital lives at risk in exchange for pirated content.
This finding indicates that people may be pursuing “free” options to avoid paying a subscription fee. However, it’s important for these viewers to understand the risks associated with torrent or pirated downloads, as they may open up themselves to savvy cybercriminals and end up having a much higher cost to pay.
The Reality is, Reality TV Stars are not that Popular
Unlike 2018’s list of most dangerous celebrities, reality TV stars ranked low on this year’s list. Kim Kardashian is the highest-ranked reality star at No. 99 followed by “The Hills” Audrina Patridge (No. 108), “Vanderpump Rules’” Kristen Doute (No. 119) and Jax Taylor (No. 169). Kristen Cavallari and Kourtney Kardashian who found themselves in last year’s top 10 list dropped to number 214 and 222, respectively.
Tips to Help Consumers Stay Safe Online:
- Be careful what you click. Users looking for a sneak-peek of Star Wars: Rise of Skywalker starring Lupita Nyong’o should be cautious and only stream and download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
- Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites is the equivalent of spreading the Mad King’s wildfire to your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
- Protect your online realm with a cybersecurity solution. Send your regards to malicious actors with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
- Use a Web Reputation tool. Using a Web reputation tool such as freely available McAfee WebAdvisor alerts users when they are about to go to a malicious website.
- Use parental control software. Kids are fans of celebrities too, so ensure that limits are set for your child on the devices they use and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
For More Information:
- To learn more about the study, check out:
- Blog post from Gary Davis: https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2019/
- Twitter: Follow @McAfee_Home for online safety tips, and use the hashtag #RiskyCeleb to discuss the Most Dangerous Celebrities of 2019
- Local lists broken down by country are available upon request
McAfee used the Google API Console to search for popular mobile, PC and platform games coupled with search modifying terms (e.g. celebrity + torrent). “Most dangerous” really means that these celebrities are likely popular search subjects.
Search terms used this year:
- Fix gamble
- Free mp3
- Pirated download
Using McAfee WebAdvisor data, resulting domains and URLs were measured and assigned a risk of “high,” “medium” and “unverified.” URLs were then given a score between negative 127 and positive 127 with higher scores indicating a riskier website. The score was calculated using the following formula:
Danger = 1*(high count) + 0.5*(medium count) + 0.1*(unverified count)
The University of Minnesota College of Science and Engineering announced on Wednesday, October 8, 2019, a three-year collaboration with Target that includes a $250,000 donation from Target to fund programs that will educate the next generation of cybersecurity experts. The collaboration will kick off tonight at Target’s Cyber Security Day at the University of Minnesota, an event for students interested in cybersecurity careers.
The donation, provided by Target’s Cyber Security department, is Target’s first major gift to the University’s College of Science and Engineering. The gift helps build course curriculum and offers hands-on information security experiences, student scholarships, fellowships, and grants, as well as opportunities for students to network with cybersecurity experts.
“We’re grateful to Target for supporting the University in our efforts to build the pipeline of high-tech workers in this state and around the world,” said Mostafa Kaveh, dean of the University of Minnesota College of Science and Engineering. “When industry and academia work together to solve problems, great things can happen. We look forward to collaborating with Target for many years.”
One of the highlights of the new collaboration is a year-long, in-depth capstone project in the Department of Computer Science & Engineering where the University and Target will provide students with hands-on technical experience prior to graduation. In this course, the instructor and students will work with leadership at Target to solve a real-world industry problem and develop innovative solution considerations.
“Over the next 10 years, it’s predicted that half of all cybersecurity positions in the U.S. will be vacant,” said Rich Agostino, Chief Information Security Officer at Target. “As one of the largest employers in the Twin Cities, we know we have a responsibility to help build the cybersecurity talent pipeline. Our team has been working closely with the University of Minnesota on a unique collaboration that not only helps educate the next generation of cybersecurity leaders but also provides training and leadership opportunities to Target’s team.”
Target’s donation also includes funding to directly support students. Target will award seven undergraduate student scholarships at $5,000 each that started with the Fall 2019 semester.
“I’m honored to be one of the first Target scholarship recipients,” said Melanie Humphrey, a University of Minnesota junior majoring in computer science who will be interning at Target next summer. “The Target scholarship process confirmed my decision to pursue a career in cybersecurity. I was excited to learn that I could have an impact on everything from protecting our private data to national security.”
In addition to the capstone course and scholarships, Target will provide funding to computer science-related student groups for events such as conferences, workshops, and hackathons.