Cybersecurity Weekly: Industrial VPN flaws, Zoom bug, New side-channel attacks
Industrial VPN flaws let attackers target critical infrastructures. A new Zoom bug allowed snoopers to crack private meeting passwords in minutes. A new attack leverages HTTP/2 for effective remote timing side-channel leaks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Industrial VPN flaws let attackers target critical infrastructures
Cybersecurity researchers discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks. These flaws could allow hackers to overwrite data, execute malicious code and compromise industrial control systems.
Read more »
2. Zoom bug allowed snoopers to crack private meeting passwords in minutes
Zoom meetings are by default protected by a six-digit numeric password, but the lack of rate limiting enabled an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private Zoom meetings. The company addressed this vulnerability by issuing a patch shortly after discovery.
Read more »
3. New attack leverages HTTP/2 for effective remote timing side-channel leaks
Security researchers outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion. The new method leverages multiplexing of network protocols and simultaneous execution by applications, thus making the attacks immune to network conditions.
Read more »
For more cybersecurity news stories like these, check out the blog »
Looking for certification prep and technical skills development content? Visit our website to check out Infosec Skills! The platform has 70 learning paths, 600 courses and 150 virtual labs where you can try out new skills in a sandboxed environment. Try it free for 30 days with promo code: infoseccommunity