IT Security Newsletter

IT Security Newsletter - 4/30/2020

Written by Cadre | Thu, Apr 30, 2020

Google Play has been spreading advanced Android malware for years

Hackers have been using Google Play for years to distribute an unusually advanced backdoor capable of stealing a wide range of sensitive data, researchers said on Tuesday. Researchers from security firm Kaspersky Lab have recovered at least eight Google Play apps that date back to 2018, a Kaspersky Lab representative said, but based on archive searches and other methods, the researchers believe malicious apps from the same advanced group seeded Google's official market since at least 2016. READ MORE...

How to improve Zoom video chat privacy and security

Zoom has rocketed in popularity around the world, since the start of the Coronavirus lockdown. But the video conferencing app has also been criticised for a number of privacy and security issues. Here are some top tips for making Zoom more secure and if after reading you feel the video conferencing platform isn't for you, some recommendations for alternatives. READ MORE...

Bugs in WordPress plugins for online courses let students cheat

Popular WordPress plugins for creating learning management systems (LMS) are rife with vulnerabilities that can be exploited to take control of the platform, get test answers, and modify grades. These days, such platforms have become the main instrument for delivering courses. Teachers, professors, and possibly hundreds of thousands of students for hundreds of thousands of students rely on them to keep education at levels as close to normal as possible. READ MORE...

Millions of Brute-Force Attacks Hit Remote Desktop Accounts

A rash of brute-forcing attempts aimed at users of Microsoft's proprietary Remote Desktop Protocol (RDP) has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the COVID-19 pandemic, researchers noted. RDP is used to connect to an image of an employee's desktop as though the person were at their desk. READ MORE...

High-Severity Cisco IOS XE Flaw Threatens SD-WAN Routers

Cisco has patched a high-severity vulnerability in its router software, which if exploited could enable a local, authenticated attacker to execute arbitrary commands with root privileges. The flaw exists in Cisco IOS XE. This Linux-based version of Cisco's Internetworking Operating System (IOS) is used in Cisco software-defined wide area network (SD-WAN) routers. READ MORE...

Critical Vulnerability in Salt Requires Immediate Patching

The Salt community has been aware of a critical vulnerability in Salt Master versions since late last week. It was informed that the vulnerability has a CVSS rating of 10.0, that Salt Masters should not be exposed to the internet, and that fixes would be released this week. Salt is an open source project managed by SaltStack, and is a popular configuration tool for managing servers in data centers and cloud environments. READ MORE...

  • ...in 1789, George Washington is sworn in as the first U.S. president.
  • ...in 1916, mathematician and engineer Claude Shannon, known as "the father of information theory", is born in Petosky, MI.
  • ...in 1945, Adolf Hitler commits suicide in his personal bunker, as Soviet troops topple Berlin's defenses.
  • ...in 1969, The Beatles record "Let It Be" at Abbey Road Studios.