Researcher Jonathan Leitschuh reports a serious vulnerability in Zoom's Mac video-conferencing tool that allows "any website to forcibly join a user" to a call, complete with camera access.
Microsoft warns that a campaign using the fileless Astaroth information-stealing Trojan is underway. Astaroth lives off the land, which can render detection difficult. On the other hand, as BleepingComputer quotes Microsoft, anomalous behavior might betray Astaroth to systems looking for suspicious behavior.
ESET identifies a campaign using torrents to distribute the familiar GoBot2 backdoor. The bait consists of Korean movies and television shows; most of the victims have been in South Korea.
The fine the UK's Information Commissioner's Office levied against British Airways for a September databreach is confirmed to be £183 million (roughly $229 million), far exceeding the ICO's previous record of £500,000, Forbes observes. High as it is, the fine is shy of the 4% of annual turnover the ICO could have taken. In British Airways' case, 4% would have amounted to £500 million. The airline, which points out that it disclosed the breach within a day of discovery and has since found no sign of large-scale criminal exploitation, intends to appeal. The ICO apparently intends the penalty as a deterrent: any site that handles personal information should take careful note.
NSA's Inspector General rendered the agency's required annual report to Congress. It sees Fort Meade struggling with many of the same cybersecurity issues that concern other Government agencies: no "serious or flagrant problems or abuses," but some "significant" issues.