Weekend Reads 050120

Now that we are all working from home (WFH), the need for encryption must also increase in priority and awareness. Zoom’s popular video conferencing solution got in hot water because they promised “end-to-end” encryption but didn’t deliver on it — prompting some organizations to ban it from use altogether. —Ram Mohan

The COVID-19 Pandemic is causing huge social and financial shifts, but so far its impact on network security has gone under-reported. Yet with thousands of companies worldwide requiring millions of employees to work remotely, network administrators are seeing unprecedented changes in the ways that clients are using their networks and new threats that seek to leverage the current crisis. —Gary Stevens

Imagine installing a fancy deadbolt lock with a state-of-the-art alarm system for your front door but leaving the back door wide open. No one would do that, right? Yet many companies make a similar mistake with their cybersecurity defenses. They put Fort Knox-like security on the front end of their apps. —Kunal Anand

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. —Graham Cluley

There are always trade-offs between these three when developing products and services, with convenience often prevailing as the key requirement. The recent proliferation of activity trackers and voice-activated home automation devices is just one example of this in the world of connected devices, where little thought is given to how the security and privacy of the information being collected can be abused and/or misused. —Merike Kaeo

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse. —Krebs on Security

You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft. —Krebs on Security

In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. —Mohit Kumar

When protocols get standardized there is trust that there has been sufficient community feedback to make the protocol sound. When vendor implementations get shipped, we trust that the vendor has done enough testing to ship a product with no known critical defects and security-conscious defaults. When operation teams put a system into production the expectation is that there was enough testing and internal feedback to ensure a robust system. And when reading best practice configuration documents the expectation is that they are current best practices. —Merike Kaeo

My knowledge on databases accumulated over time, but along the way our design mistakes caused data loss and outages. In data-heavy systems, databases are at the core of system design goals and tradeoffs. Even though it is impossible to ignore how databases work, the problems that application developers foresee and experience will often be just the tip of the iceberg. —Jaana Dogan