Every day we read stories about data breaches and cyberattacks on business and government websites, and the resulting the loss of personally identifiable information. Cybercrime is on the rise, and given the ever-evolving methods of attack, meaningful relief and reliable measures to fend off cybercriminals are unlikely in the foreseeable future. Companies need to insure against cybertheft.

A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer without a user's permission. The vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without a user's permission, explained Jonathan Leitschuh, a senior software engineer at Gradle.

It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.

An AI technology called "deepfake" may be the next big threat we face as a society. Consider a recent video clip of Facebook CEO Marc Zuckerberg saying some outlandish things. You might think it is real -- but it's a deepfake. It's his image, and it sure sounds like him, but he never actually made that speech. "Can't be," you might think. "That has to be Zuckerberg talking." Wrong.

While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue vs. allowing a risky situation to persist longer than it needs to.

Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have reported. The campaign, dubbed "Operation Soft Cell," has been active since 2012, according to Cybereason. There is some evidence suggesting even earlier activity against the telecommunications providers, all of whom were outside North America.

Payment processing company Stripe has launched Chargeback Protection, a machine learning-based system to limit the impact of fraudulent credit card transactions on merchants. A chargeback is a demand by a credit card provider for a retailer to make good on a fraudulent or disputed transaction by repaying the full purchase amount plus a chargeback fee.

Building and sustaining a brand has gotten more challenging. The global marketplace, empowered by the Internet, has delivered a raft of opportunities to businesses, but it also has opened the door for challenges. These challenges include increased competition as the result of a wider market, and increased possibilities for brand abuse. Added to that mix is the ever-present cyberthreat.

Is anyone surprised to learn that in just the first quarter of 2019 more than $1.2 billion worth of cryptocurrency was stolen? Probably not. This story follows the old line from bank robber Willie Sutton who is credited with saying that he robbed banks "because that's where the money is." So not much has changed. Cryptocurrencies are not exactly money, though, even if they do have a market value.

In IT, we've been hearing about the "cybersecurity skills shortage" for a few years. There is no shortage of statistics and data about it: More than 70 percent of participating organizations reported being impacted by the skills shortage, according to an ESG/ISSA research report. Likewise, more than half of the organizations surveyed for an ISACA report noted unfilled cybersecurity positions.

The high-tech industry once again is in a tizzy over flaws discovered in Intel CPUs -- four new MDS vulnerabilities have come to light. MDS is a sub-class of previously disclosed vulnerabilities that sample data leaked from small structures within the CPU using a locally executed speculative execution side channel. The practical exploitation of MDS flaws is a very complex undertaking, however.

Many users of Facebook's WhatsApp messaging software are scrambling to patch the program in response to news of a flaw that allowed spyware to be installed on mobile phones running Android and iOS. "This new type of attack is deeply worrying and shows how even the most trusted mobile apps and platforms can be vulnerable," said Mike Campin, vice president of engineering at Wandera.

Spring may be my favorite time of year. The snow is melting, the sun is shining, and the air smells just a little bit fresher. It's as though the world is setting an example for the rest of us, letting us know that it's time to start fresh. It's time for spring cleaning -- and in the security world, spring cleaning means more than just wiping down countertops and lighting a few scented candles.

Almost two years after the infamous Equifax breach, many organizations still struggle to identify and manage open source risk across their application portfolios. Meanwhile, the latest report tracking open source security shows a 40 percent rise in the average number of open source components detected in each codebase analyzed. The scanned software includes commercial applications.

Tesla sure didn't have a good week last week, given the kind of press coverage it got. I'm not that worried about Tesla going away, though, as its products are far too popular for it to disappear. On the other hand, management clearly needs to be fixed. What got me started looking at Tesla last week was that it pretty much announced that Nvidia was its Kryptonite.

Cybersecurity experts at Microsoft's Windows Defender Security Intelligence Team this week reported their discovery of two new email-based phishing campaigns. One targets Amex users while the other targets Netflix customers. Both campaigns reportedly are very well-crafted, featuring legitimate logos and even fill-in forms that closely mimic those on the respective company's own websites.

Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also will end at that time. Windows 7 enterprise customers can subscribe to Extended Security Updates.

Following a natural disaster that causes property damage to businesses and homes -- say a hurricane, fire or flood -- how often do you hear suggestions that the victims were at fault for their misfortune, or that they could have done something to prevent the event from occurring in the first place? Not often, right? We all know that events like that are possible. We plan around those possibilities, and we don't blame the victims.

A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files. The new ransomware threat and the ransom of 20 bitcoins -- about $75,000 -- first came to light last week in a forum post. A client's website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated.

JPMorgan Chase on Thursday announced that it has created and successfully tested a digital coin. Each JPM Coin represents $1 in funds held in designated accounts at JPMorgan Chase N.A. The token was created using Quorum, a variant of Ethereum developed by JPMorgan Chase, to enable instantaneous payment transfers between its clients' institutional accounts.

The e-ticketing systems of eight airlines, including Southwest Airlines and Dutch carrier KLM, have a vulnerability that can expose passengers' personal data, mobile security vendor Wandera has reported. They use unencrypted links that hackers can intercept easily. The hackers then can view and, in some cases, even change the victim's flight booking details, or print their boarding passes.

There's been a lot of hype about blockchain over the past few years. Nowadays though, there are signs that we may be on the cusp of moving from the "blockchain will solve all your problems" segment of the hype cycle into the "blockchain may be useful for a few targeted applications" segment. Utility-based Darwinism is at work -- we're starting to see the less likely applications fall away.

A new year means a fresh start, but it doesn't mean that old threats will go away. In fact, in the world of cybersecurity things could get far worse before they get better. Cybercrime continues to increase, as it allows nefarious actors to operate at a safe distance from victims -- and more importantly, law enforcement. Cybercrime often doesn't get the same attention as other types of crimes.

BlackBerry this week introduced its new Security Credential Management System. SCMS -- a free service for the public and private sectors -- could encourage efforts to develop autonomous and connected vehicle pilot programs. BlackBerry undertook development of this technology to provide the critical infrastructure for vehicles and traffic lights to exchange information securely.

Supermicro CEO Charles Liang has informed the company's customers that a leading third-party investigations company found "absolutely no evidence of malicious hardware" on its motherboards. The investigation was undertaken in response to a recent claim that bad actors had inserted spy chips in the firm's motherboards on behalf of the Chinese People's Liberation Army.

The DoJ has revealed an unsealed indictment of eight defendants for crimes related to their involvement in widespread digital advertising fraud. The DoJ alleges the eight individuals were behind two global schemes, 3ve and Methbot, which stole tens of millions of dollars through a scam that used fake Web traffic and fake websites to reap ad view revenue from unwitting advertisers.

Cybersecurity has been becoming a larger and larger concern for organizations. Nowadays, most organizations -- regardless of size, industry, location, or profit vs. nonprofit status -- find themselves directly or indirectly impacted by cybersecurity. Even though the topic itself is increasing in importance, many smaller organizations don't have specialized security expertise on staff.

An apparent prefix leak from an errant router misconfiguration caused Google to lose control of several million of its IP addresses for more than an hour on Monday. During the event, Internet traffic was misrouted to China and Russia from Nigeria. The incident initially sparked concerns that it might have been a hijacking. The mishap made Google services unavailable to many users intermittently.

Hackers planted malware on StatCounter to steal bitcoin revenue from Gate.io account holders, according to Eset researcher Matthieu Faou, who discovered the breach. The malicious code was added to StatCounter's site-tracking script last weekend, he reported. The malicious code hijacks any bitcoin transactions made through the Web interface of the Gate.io cryptocurrency exchange.

We made it. The holiday shopping season is here once again! This is a great opportunity for you as an e-commerce retailer. If you're like many other merchants out there, the run-up to Christmas is one of the most profitable, and busiest, times of the year. You may need some extra help to handle the surge in traffic and maximize your return. That means hiring seasonal employees.