March 2020 – Page 7 – PossibleThreat Articles

Intercept X gets enhanced defenses against fileless attacks

March 17, 2020 0 Comments amsi protection, antimalware scan interface, central endpoint protection, Intercept X, Intercept X Advanced, Intercept X for Server, intercept x with edr, Network

Credit to Author: Alex Gardner| Date: Wed, 04 Mar 2020 17:30:45 +0000

New protection against fileless attacks has been added to Intercept X. Find out what is does and how it can keep you safe.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/rBV0CtLUE6M” height=”1″ width=”1″ alt=””/>

Security Sophos

Slack fixes account-stealing bug

March 17, 2020 0 Comments Bug, bug bounty program, evan custodio, Flaw, hackerone, http, http smuggling, security threats, Slack, software bug, vulnerability

Credit to Author: Danny Bradbury| Date: Tue, 17 Mar 2020 12:33:43 +0000

Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/i-F9hS91EoQ” height=”1″ width=”1″ alt=””/>

Security Sophos

Tor browser fixes bug that allows JavaScript to run when disabled

March 17, 2020 0 Comments anonymity, browser privacy, firefox, java, JavaScript, noscript, Privacy, security threats, the onion router, Tor, tor browser, vulnerability, Web Browsers

Credit to Author: John E Dunn| Date: Tue, 17 Mar 2020 12:16:27 +0000

The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/es39u8LUhmk” height=”1″ width=”1″ alt=””/>

Security Sophos

WordPress to get automatic updates for plugins and themes

March 17, 2020 0 Comments security threats, vulnerability, Wordpress, wordpress plugins

Credit to Author: John E Dunn| Date: Tue, 17 Mar 2020 12:10:14 +0000

Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/25i98IfHHJE” height=”1″ width=”1″ alt=””/>

Security Sophos

Europol busts up two SIM-swapping hacking rings

March 17, 2020 0 Comments 2-factor Authentication, 2fa, europol, Law & order, malware, operation quinientos dusim, operation smart cash, security threats, sim hijackers, SIM hijacking, sim jacking, sim swap, sim swap fraud, SIM swapping, SIM swaps, sim-swapping attacks, two-factor authentication

Credit to Author: Lisa Vaas| Date: Tue, 17 Mar 2020 10:51:21 +0000

What a nightmare: your phone goes dead, and you can’t log into your bank account because it’s controlled by a hacker who’s draining you dry.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/ORrtEW70IY8″ height=”1″ width=”1″ alt=””/>

Security Sophos

Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw

March 17, 2020 0 Comments Flaw, Microsoft, notpetya, Operating Systems, Patching, security threats, smb, smbghost, vulnerability, WannaCry, Windows, Windows 10

Credit to Author: John E Dunn| Date: Mon, 16 Mar 2020 11:58:56 +0000

What’s the difference between a scheduled security update and one that’s out-of-band? In this case, it’s two days.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/OqgpMudTrew” height=”1″ width=”1″ alt=””/>

Fortinet Security

CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server

March 17, 2020 0 Comments

Microsoft recently released a patch for CVE-2020-0796, a critical SMB server vulnerability that affects Windows 10. In this blog post, we attempt to explain the root cause of the CVE-2020-0796 vulnerability and protections customers can apply.<img src=”http://feeds.feedburner.com/~r/fortinet/blog/threat-research/~4/QDLX9BCZjRY” height=”1″ width=”1″ alt=””/>

Security Sophos

Report calls for web pre-screening to end UK’s child abuse ‘explosion’

March 17, 2020 0 Comments age verification, chat apps, child abuse, child abuse imagery, child porn, child safety, children online, Cryptography, encryption, facebook, facetime, iicsa, imessage, Instagram, Law & order, messaging, Messenger, online grooming, online safety, photodna, predators, Privacy, snapchat, whatsapp, yubo

Credit to Author: Lisa Vaas| Date: Mon, 16 Mar 2020 11:57:40 +0000

The IICSA report cited “unprecedented levels of depravity” and said that encryption is getting in the way of current screening.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/ELFeXrr3UeQ” height=”1″ width=”1″ alt=””/>

Fortinet Security

New Variant of TrickBot Being Spread by Word Document

March 17, 2020 0 Comments

Discover how this new variant of Trickbot works in a victim’s machine, what technologies it uses to perform anti-analysis, and how the payload of TrickBot communicates with its C&C server to download the modules.<img src=”http://feeds.feedburner.com/~r/fortinet/blog/threat-research/~4/NC7Po6pjVpA” height=”1″ width=”1″ alt=””/>

Security Sophos

Open source bugs have soared in the past year

March 17, 2020 0 Comments bugs, common vulnerability scoring system, cross-site scripting, cvss, open source bugs, open-source, security threats, software bugs, vulnerability, whitesource

Credit to Author: Danny Bradbury| Date: Mon, 16 Mar 2020 10:55:41 +0000

Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/ex96Deh5Pk4″ height=”1″ width=”1″ alt=””/>