Sophos – Page 121 – PossibleThreat Articles

Credit to Author: Alice Violet| Date: Thu, 13 Feb 2020 14:38:45 +0000

Listen now!<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/Cq2ETGlwMro” height=”1″ width=”1″ alt=””/>

Firefox six-weekly security fixes are out – get them now!

February 13, 2020 0 Comments Exploit, firefox, fortytwosday, Mozilla, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 13 Feb 2020 14:16:11 +0000

No zero-day bugs, so by updating promptly you are keeping ahead of the crooks, not merely catching up!<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/–nLqi3_4XY” height=”1″ width=”1″ alt=””/>

Security Sophos

Dell fixes privilege elevation bug in support software

February 13, 2020 0 Comments arbitrary code execution, Bug, Dell, dll, dynamic-link libraries, Patch, security threats, supportassist, update, vulnerability

Credit to Author: Danny Bradbury| Date: Thu, 13 Feb 2020 13:43:39 +0000

Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/qWZIGKgr3WU” height=”1″ width=”1″ alt=””/>

Security Sophos

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

February 13, 2020 0 Comments Adobe, Adobe Flash, Internet Explorer, Microsoft, Operating Systems, Patch Tuesday, Patching, RDP, vulnerability, Web Browsers, Windows, zero-day vulnerability

Credit to Author: John E Dunn| Date: Thu, 13 Feb 2020 12:52:59 +0000

Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/JI_KRna6j1I” height=”1″ width=”1″ alt=””/>

Security Sophos

FBI: Cybercrime tore a $3.5b hole in victims’ pockets last year

February 13, 2020 0 Comments 2fa, BEC, eac, extortion, fake tech support, FBI, IC3, internet crime report, investment fraud schemes, Law & order, payroll funds, phishing, rat, scams, security threats, smishing, spoofing, tech support

Credit to Author: Lisa Vaas| Date: Thu, 13 Feb 2020 12:45:23 +0000

The FBI’s Internet Crime Report shows that business email comprise is the biggest money-maker for cybercriminals.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/z_YNbnD3_LU” height=”1″ width=”1″ alt=””/>

Security Sophos

Google to force Nest users to turn on 2FA

February 13, 2020 0 Comments 2-factor Authentication, 2fa, automated attacks, credential stuffing, Google, login notification, Nest, recaptcha enterprise, safer internet day

Credit to Author: Lisa Vaas| Date: Thu, 13 Feb 2020 11:06:09 +0000

Nest users who aren’t using 2FA or a Google account will be required to take an extra step by verifying their identity via email.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/LX4OPw0ys9w” height=”1″ width=”1″ alt=””/>

Security Sophos

Mozilla issues final warning to websites using TLS 1.0

February 12, 2020 0 Comments Apple, chrome, Edge, firefox, Google, Google Chrome, Microsoft, Microsoft Edge, Mozilla, netscape, Safari, ssl/tls, TLS, tls 1.0, Web Browsers

Credit to Author: John E Dunn| Date: Wed, 12 Feb 2020 16:13:57 +0000

From March, the Firefox, Chrome, Safari and Edge browsers will show warnings when users visit websites that only support TLS versions 1.0 or 1.1.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/3oMQ9dp5jKA” height=”1″ width=”1″ alt=””/>

Security Sophos

US charges four Chinese military members with Equifax hack

February 12, 2020 0 Comments Breach Notification, china, chinese military, credit monitoring, data breach, data loss, Equifax, financial data, identity theft, Law & order, PII, Privacy, rce, security threats

Credit to Author: Lisa Vaas| Date: Wed, 12 Feb 2020 11:48:41 +0000

The indictment suggests the hack was part of a series of major data thefts organized by Chinese military and intelligence agencies.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/2euIheG1QVA” height=”1″ width=”1″ alt=””/>

Security Sophos

Data about inmates and jail staff spilled by leaky prison app

February 12, 2020 0 Comments amazon, amazon s3, amazon simple storage service (s3) bucket, Cloud, cloud storage, correctional facility, correctional risk services, crs technologies, Cryptography, data breach, data leak, data loss, exposed database, google cloud, inmates, jailcore, jailhouse, Law & order, PII, port scanning, prescriptions, prison, prisoners, Privacy, privacy policy, s3 bucket, security threats, sha-256, ssl certification, terms of service, tos, vpnMentor, web mapping

Credit to Author: Lisa Vaas| Date: Wed, 12 Feb 2020 10:16:24 +0000

A web-mapping project came across detainees’ prescriptions and other PII that could be used by identity thieves to victimize prisoners.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/ypFJWLIWMOE” height=”1″ width=”1″ alt=””/>

Security Sophos

February, 2020 Patch Tuesday brings a century of updates to Microsoft, Adobe products

February 11, 2020 0 Comments acrobat, Adobe, flash, Microsoft, Patch Tuesday, SophosLabs Uncut, Windows

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Feb 2020 20:50:22 +0000

For this second Patch Tuesday of 2020, Microsoft has released a hundred patches to Windows and other Microsoft software, including 12 vulnerabilities flagged as Critical, and 87 flagged as Important. In addition, Adobe also published updates for its Flash Player, Acrobat, Framemaker, Experience Manager, and Digital Editions products in notifications timed to coincide with Microsoft’s […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zpsWY9HeJhU” height=”1″ width=”1″ alt=””/>