Independent – Page 72 – PossibleThreat Articles

Live Coronavirus Map Used to Spread Malware

March 17, 2020 0 Comments azorult, coronavirus malware, coronavirus map, covid-19 malware, johns hopkins university, Latest Warnings, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 12 Mar 2020 15:53:26 +0000

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.

Independent Krebs Security

Crafty Web Skimming Domain Spoofs “https”

March 17, 2020 0 Comments .ps, A Little Sunshine, Akamai, cheney bros. inc., content security policy, denis sinegubko, grandwesternsteaks.com, jerome segura, malwarebytes, privacy.com, publicwww, ryan barnett, subresource integrity, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 12 Mar 2020 00:28:57 +0000

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site’s source code: “http[.]ps” (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).

Independent Krebs Security

Microsoft Patch Tuesday, March 2020 Edition

March 17, 2020 0 Comments animesh jain, application inspector, cve-2020-0688, cve-2020-0852, cve-2020-0872, Qualys, recorded future, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 10 Mar 2020 23:44:29 +0000

Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs.

Independent Krebs Security

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

March 17, 2020 0 Comments antichat, Breadcrumbs, firsov arrest, firsov indictment, hm@mail.ru, isis, kirill firsov, Ne'er-Do-Well News, xeka

Credit to Author: BrianKrebs| Date: Tue, 10 Mar 2020 14:17:42 +0000

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday. Prosecutors with the U.S. District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations.

Independent Krebs Security

U.S. Govt. Makes it Harder to Get .Gov Domains

March 17, 2020 0 Comments .gov, cybersecurity and infrastructure security agency, john levine, other, the internet for dummies, U.S. Department of Homeland Security, u.s. general services administration

Credit to Author: BrianKrebs| Date: Sat, 07 Mar 2020 15:01:21 +0000

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain. In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov.

ComputerWorld Independent

12 security tips for the ‘work from home’ enterprise

March 17, 2020 0 Comments Apple, iOS, Macs, Mobile, Security

Credit to Author: Jonny Evans| Date: Fri, 13 Mar 2020 06:26:00 -0700

If you or your employees are working from home while our governments lurch awkwardly through the current crisis, then there are several security considerations that must be explored.

Your enterprise outside the wall

Enterprises must consider the consequences of working from home in terms of systems access, access to internal IT infrastructure, bandwidth costs and data repatriation.

What this means, basically, is that when your worker accesses your data and/or databases remotely, then the risk to that data grows.

While at normal times the risk is only between the server, internal network and end user machine, external working adds public internet, local networks and consumer-grade security systems to the risk mix.

To read this article in full, please click here

ComputerWorld Independent

Take your time, get it right for March Patch Tuesday

March 17, 2020 0 Comments Microsoft Office, PCs, Security, Windows

Credit to Author: Greg Lambert| Date: Thu, 12 Mar 2020 11:41:00 -0700

This is a big update to the Windows platform for the Microsoft March Patch Tuesday release cycle. Consisting of 115 patches, mostly to the Windows desktop, with almost all of the critical issues relating to browser-based scripting engine memory issues, this will be a difficult set of updates to release and manage.

The testing profile for the Windows desktop platform is very large, with a lower than usual exploitability/risk rating. For this month, we do not have any reports of publicly exploited or disclosed vulnerabilities (zero-days), so my recommendation is to take your time, test the changes to each platform, create a staged rollout plan and wait for future (potentially) imminent changes from Microsoft.

To read this article in full, please click here

ComputerWorld Independent

Come on, Microsoft! Is it really that hard to update Windows 10 right?

March 17, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 11 Mar 2020 07:47:00 -0700

Yesterday, on Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop). Word emerged that Microsoft had accidentally leaked news about a new Server Message Block (SMB) bug with a maximum severity rating, a.k.a. SMBGhost. The leak also said that this bug wasn’t patched in that day’s releases.

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday’s tomorrow. We're in uncharted territory. Get Automatic Updates paused.

March 17, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 09 Mar 2020 07:06:00 -0700

It’s always a good idea to pause Windows updates just before they hit the rollout chute. This month, we’re facing two extraordinary issues that you need to take into account. Wouldn’t hurt if you told your friends and family, too.

Take last month’s Windows patches. Please. We had one patch, KB 4524244, that slid out on Patch Tuesday, clobbered an unknown number of machines (HP PCs with Ryzen processors got hit hard), then remained in “automatic download” status until it was finally pulled on Friday. We had another patch, KB 4532693, that gobbled desktop icons and moved files while performing a nifty trick with temporary user profiles. Microsoft never did fix that one.

To read this article in full, please click here