Jiuma's Security Digest

  Source:  Zoom Announces Post-Quantum End-to-End Encryption for Meetings (cybersecuritynews.com) One of the most widely used videoconferencing platforms worldwide, namely Zoom, has recently announced the implementation of its engineering team's groundbreaking encryption innovation into meetings conducted by its end users via the software. Known commonly as post-quantum end-to-end encryption (E2EE), it will be employed as a critical safeguard of confidentiality for meetings held via the platform for the foreseeable future and will play a tangible role in allaying customer fears regarding the potential of future cyber threats.  This  is because such an enhancement will allow Zoom to protect its users better from present and future quantum decryption capabilities, ensuring that meetings held via its site aren't dependent on weak or potentially vulnerable encryption algorithms.  Zoom's engineering team has been working in a proverbial race against the clock, trying...

 Source:  APT Hackers Attacking Manufacturers With Keyloggers, Infostealers, & Proxy Tools (cybersecuritynews.com) South Korean manufacturers have recently appeared as the prime target behind attacks conducted by the Andariel Advanced Persistent Threat (APT) group.  Its attackers centered around  the use of  keyloggers, proxy tools, and infostealers to target manufacturers, construction firms, and educational institutions  all  throughout South Korea.   The attack methodology  is initiated  by  the exploitation of  preexisting vulnerabilities within Apache Tomcat servers to install backdoors such as Nestdoor, which affords the attackers several different privileges on victim systems,  which include  remote control, data exfiltration, and command execution.   This attack  bears a resemblance to  previous campaigns and other APT groups that have been linked to the North Korean government, as research ...