Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.
US Cyber Command has issued an alert about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook, as concerns are raised of a rise in an Iranian-backed hacking group’s activities.
Read more in my article on the Hot for Security blog.
President Trump has authorized a round of cyber attacks against Iran, and U.S. companies and agencies are bracing for counter attacks.
The Washington Post reported that the U.S. cyberattack had disabled Iranian missile control systems. The attack was the latest in escalating tensions between the two countries, which includes the recent downing of an unmanned surveillance drone.
“This operation imposes costs on the growing Iranian cyberthreat, but also serves to defend the United States Navy and shipping operations in the Strait of Hormuz,” said former senior White House cybersecurity official Thomas Bossert.
The Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued an alert warning organizations of potential retaliation from Iranian hackers, including the deployment of “wiper” malware that deletes data from targeted computers and networks.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money,” said CISA director Christopher Krebs
Cyber warfare is in addition to what the U.S. government has called “kinetic” actions, i.e. more traditional military operations. Earlier this month, the U.S. Cyber Command reportedly deployed offensive malware against Russia’s electrical grid.