This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On June 28, 2019

Monday 6/24

Getting Started with Citrix Workspace and On-Premises Virtual Apps and Desktops

For those customers that still have on-premises Virtual Apps and Desktop deployments, implementing the Workspace service offers an excellent opportunity to evaluate the user experience of Citrix Cloud and Workspace app. Customers can keep their on-premises NetScaler and StoreFront deployments, and still integrate their Virtual Apps and Desktops sites into Workspace.

Hackers Are Targeting 1.5 Billion Gmail and Calendar Users. Here’s What You Can Do to Protect Yourself

According to Kaspersky, the problem centers on a feature in Google Calendar and Gmail that allows malicious hackers to create a calendar event and then have users automatically receive a notification about it.

TrendMicro Detects Crypto Mining Malware Affecting Android Devices

A new cryptocurrency-mining botnet has been detected exploiting Android Debug Bridge ports, a system designed to resolve app defects installed on a majority of Android phones and tablets.

Tuesday 6/25

Symantec Research Finds More Than Half of Enterprises Believe Security Can’t Keep Up With Cloud Adoption

“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realize... In fact, our research shows that 69% of organizations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud,” said Nico Popp, senior vice president, Cloud & Information Protection, Symantec.

Microsoft: We’re fighting Windows malware spread via Excel in email with bad macro

A new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs.

Wednesday 6/26

Malicious URL attacks using HTTPS surge across the enterprise

HTTPS is an updated version of HTTP which makes use of encryption and a security certificate which is validated by your browser on request when visiting a website implementing the system. However, unsavory web developers are able to use HTTPS, too, through free, stolen, or fake security certificate issuers.

The $1.5 Million Email

But with ransomware attacks continuing to unleash a post-internet world on any unsuspecting target at any time, many targets are finding that, as much as they thought they lacked the resources to prevent such attacks, they’re even less prepared for the aftermath.

New Mac malware abuses recently disclosed Gatekeeper zero-day

The new OSX/Linker malware abuses a security flaw that was disclosed in Gatekeeper, a macOS security system that scans and approves for execution apps downloaded from the Internet.

Thursday 6/27

New Silex malware is bricking IoT devices, has scary plans

Silex works by trashing an IoT device's storage, dropping firewall rules, removing the network configuration, and then halting the device. It's as destructive as it can get without actually frying the IoT device's circuits.

5 tips for a smooth journey to Citrix Cloud

With relinquishing control of core infrastructure, learning to use cloud services, and planning a roll out, your journey to the cloud can be a daunting experience. But with the Citrix Workspace intelligent experience just around the corner, there has never been a better time to begin using Citrix Cloud!

Security Flaws in Electronic Arts’s Origin Platform

In a similar manner to Check Point Research’s previous discoveries into another hugely popular online game, Fortnite, the vulnerabilities found in EA’s platform similarly did not require the user to hand over any login details whatsoever. Instead, it took advantage of EA Games’ use of authentication tokens in conjunction with the oAuth Single Sign-On (SSO) and TRUST mechanism that is built into EA Game’s user login process.

Friday 6/27

New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update

The newly disclosed bugs affect Cisco's Data Center Network Manager (DCNM) software and once again are in its web-based management interface. Both flaws can be exploited by anyone on the internet and are rated as critical, with severity ratings of 9.8 out of 10.

How organizations face risks by relying too much on cloud vendors for security

Many businesses are making a mistake by expecting their cloud vendors to take on all or most of the responsibility for security, says a Wednesday report released by CyberArk.

This phishing campaign uses an odd tactic to infect Windows PCs with two forms of Trojan malware

Both malware families, LokiBot and Nanocore, provide attackers with backdoors onto infected Windows PCs and the ability to steal data, as well as enabling additional payloads to be installed. Nanocore is particularly dangerous as it captures clipboard data and keystrokes.

How hackers turn Microsoft Excel’s own features against it

An Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks. Power Query allows users to combine data from various sources with a spreadsheet—like a database, second spreadsheet, document, or website.