Security News > 2020 > July

UPDATE. A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The company told Threatpost: "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.".

With a few quick clicks, you can detect network abuse with Wireshark. Jack Wallen shows you how.

Find out what tech jobs and skills are most in-demand and where the positions are located. SEE: IT job and salary guide: Highest tech salaries, top-paying cities, and compensation-boosting tips.

In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft. A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.

A new variant of the infamous Joker malware has once again made it onto Google Play, with Google removing 11 malicious Android applications from its official app marketplace, researchers disclosed Thursday. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people."

If you have Ubuntu Servers in your data center, you should consider adding Canonical Livepatch to keep them up to date with kernel security patches. Canonical has made using Livepatch incredible easy when a GUI is involved.

The advantages of having decent threat intelligence in place are many and various, as the threat landscape continues to widen year-on-year. The problem, as with any complex big-data project, is cutting through the inevitable data deluge to correctly identify the bits you need - the people, places, technology, and other moving parts to build the picture.

Microsoft this week announced Kernel Data Protection, new technology that aims to protect the Windows kernel and drivers from data corruption attacks. KDP builds upon the technology included by default in Secured-core PCs and adds another layer of protection for configuration data.

Always a thorn in Google's side, the Joker malware arrived as a new variant a few months ago and evaded Google Play Protect to infect legitimate apps and sign people up to premium services. Check Point researchers disclosed its findings to Google, which removed 11 identified apps from Google Play by April 30, 2020.

German authorities have reportedly seized a server hosting the massive BlueLeaks data dump, which was released earlier in June and exposed thousands of sensitive police department and law enforcement files. "We have received official confirmation that #DDoSecrets' primary public download server was seized by German authorities," said Emma Best, founder of DDoSecrets, in a Tuesday Twitter post.