January 2020 – Page 12 – PossibleThreat Articles

sLoad launches version 2.0, Starslord

January 21, 2020 0 Comments bits, cybersecurity, Endpoint security, Microsoft security intelligence, sload, starslord

Credit to Author: Eric Avena| Date: Tue, 21 Jan 2020 18:00:39 +0000

sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.

The post sLoad launches version 2.0, Starslord appeared first on Microsoft Security .

Fortinet Security

Update: Curveball Exploit (CVE-2020-0601) Starts Making the Rounds

January 21, 2020 0 Comments

Lean more about the recent Microsoft Curveball vulnerability and how FortiClient protects Fortinet customers from exploitation.<img src=”http://feeds.feedburner.com/~r/fortinet/blog/threat-research/~4/iIjPXKQAzq8″ height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Don’t worry about CurveBall just yet — get your Citrix systems patched

January 21, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 21 Jan 2020 08:03:00 -0800

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.”

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781.

To read this article in full, please click here

Security Sophos

Citrix ships patches as vulnerable servers come under attack

January 21, 2020 0 Comments application delivery controller (adc), citrix, Patching, positive technologies, security threats, vpn, vulnerability

Credit to Author: John E Dunn| Date: Tue, 21 Jan 2020 12:32:31 +0000

Citrix has issued its first set of patches fixing a nasty vulnerability that’s been hanging over some of its biggest products.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/k-13b57A6n8″ height=”1″ width=”1″ alt=””/>

Security Sophos

China and US top user data requests in Apple transparency report

January 21, 2020 0 Comments Apple, apple transparency report, australia, brazil, data loss, fraud, iPhone, Law & order, phishing, Privacy, transparency report, transparency reports, US, user data

Credit to Author: Lisa Vaas| Date: Tue, 21 Jan 2020 11:53:00 +0000

Most of the US and China’s requests had to do with investigations into fraud, suspected account access and phishing.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/AMKPqWhR4n0″ height=”1″ width=”1″ alt=””/>

Security Sophos

What do online file sharers want with 70,000 Tinder images?

January 21, 2020 0 Comments data leak, data loss, dating apps, deepfakes, online dating, online privacy, Privacy, Social networks, tinder

Credit to Author: Danny Bradbury| Date: Tue, 21 Jan 2020 10:50:32 +0000

A researcher has discovered thousands of Tinder users’ images publicly available for free online.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/HtlXzKkoA5E” height=”1″ width=”1″ alt=””/>

Microsoft Security

How companies can prepare for a heightened threat environment

January 21, 2020 0 Comments Azure Security, Microsoft 365, Security strategies, Threat protection

Credit to Author: Todd VanderArk| Date: Mon, 20 Jan 2020 17:00:31 +0000

Learn what actions companies can take and controls they can validate in light of the current level of threats, and during any period of heightened risk.

The post How companies can prepare for a heightened threat environment appeared first on Microsoft Security .

Independent Krebs Security

DDoS Mitigation Firm Founder Admits to DDoS

January 20, 2020 0 Comments backconnect security llc, DDoS-for-hire, free software foundation, mirai, Ne'er-Do-Well News, richard stallman, tucker preston, u.s. justice department, vdos

Credit to Author: BrianKrebs| Date: Mon, 20 Jan 2020 23:13:03 +0000

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.

MalwareBytes Security

A week in security (January 13 – 19)

January 20, 2020 0 Comments A week in security, apt40, Cisco, citrix, data enrichment, deepfakes, elastic servers, emotet, rootkit, travelex, weleakinfo

Credit to Author: Malwarebytes Labs| Date: Mon, 20 Jan 2020 16:32:45 +0000

Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more.

Categories:

A week in security

Tags: apt40 Cisco citrix data enrichment deepfakes elastic servers emotet rootkit travelex weleakinfo

(Read more…)

The post A week in security (January 13 – 19) appeared first on Malwarebytes Labs.

Security TrendMicro

Defend Yourself Now and in the Future Against Mobile Malware

January 20, 2020 0 Comments Consumer, Security

Credit to Author: Trend Micro| Date: Mon, 20 Jan 2020 14:09:00 +0000

The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter….

The post Defend Yourself Now and in the Future Against Mobile Malware appeared first on .