February 17, 2020
David Redekop

This Week In Nerd News – February 17, 2020

Your weekly top 5 technical and security issues you should pay attention to:

Escaping the Chrome Sandbox with RIDL.

Attacks only get more sophisticated.

Resource: Escaping the Chrome Sandbox with RIDL 

 

There’s finally a way to remove xHelper

the unremovable Android malware.

It has taken security researchers nearly ten months to discover a reliable method of cleaning smartphones infected with xHelper, a type of Android malware that, until recently, has been impossible to remove.

 

Read More: There’s finally a way to remove xHelper, the unremovable Android malware 

 

Iranian hackers have been hacking VPN servers

to plant backdoors in companies around the world.

A new report published today reveals that Iran’s government-backed hacking units have made a top priority last year to exploit VPN bugs as soon as they became public in order to infiltrate and plant backdoors in companies all over the world.

 

Read More: Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world 

 

Promiscuous Cookies and Their Impending Death

via the SameSite Policy.

Resource: Promiscuous Cookies and Their Impending Death via the SameSite Policy

 

Microsoft Security Essentials To Get Updates After Windows 7 EoS.

Not news, but offering it because there’s lots of confusion around the relative risk of Windows 7 out-of-support.

Microsoft Security Essentials (MSE) will continue to receive definition updates for new malware after Windows 7 reaches End of Support, even though a Microsoft support bulletin states otherwise.

In Microsoft’s FAQ about Extended Security Updates for Windows 7 it states that after Windows 7 reaches EoS, MSE will no longer protect a Windows 7 computer.

 

Read More: Microsoft Security Essentials To Get Updates After Windows 7 EoS

 

Did you know?

Many of you may remember Scott Petry, creator of Postini long before Google bought them and it became fundamental to G Suite. They’ve been building Authentic8.com which operates in a crowded and confusing space but is worth exploring. Zero Trust Browser. Check it out at Authentic8.

Need an IT professional? Request service today.