Monday 6/24
Getting Started with Citrix Workspace and On-Premises Virtual Apps and Desktops
For those customers that still have on-premises Virtual Apps and Desktop deployments, implementing the Workspace service offers an excellent opportunity to evaluate the user experience of Citrix Cloud and Workspace app. Customers can keep their on-premises NetScaler and StoreFront deployments, and still integrate their Virtual Apps and Desktops sites into Workspace.
http://bit.ly/2N98iaO
Hackers Are Targeting 1.5 Billion Gmail and Calendar Users. Here’s What You Can Do to Protect Yourself
According to Kaspersky, the problem centers on a feature in Google Calendar and Gmail that allows malicious hackers to create a calendar event and then have users automatically receive a notification about it.
http://bit.ly/2Y8LA3p
TrendMicro Detects Crypto Mining Malware Affecting Android Devices
A new cryptocurrency-mining botnet has been detected exploiting Android Debug Bridge ports, a system designed to resolve app defects installed on a majority of Android phones and tablets.
https://yhoo.it/2WWvkRS
Tuesday 6/25
Symantec Research Finds More Than Half of Enterprises Believe Security Can’t Keep Up With Cloud Adoption
“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realize... In fact, our research shows that 69% of organizations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud,” said Nico Popp, senior vice president, Cloud & Information Protection, Symantec.
https://bwnews.pr/2ZUeghl
Microsoft: We’re fighting Windows malware spread via Excel in email with bad macro
A new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs.
https://zd.net/2xaJc0h
Wednesday 6/26
Malicious URL attacks using HTTPS surge across the enterprise
HTTPS is an updated version of HTTP which makes use of encryption and a security certificate which is validated by your browser on request when visiting a website implementing the system. However, unsavory web developers are able to use HTTPS, too, through free, stolen, or fake security certificate issuers.
https://zd.net/2LgGjmZ
The $1.5 Million Email
But with ransomware attacks continuing to unleash a post-internet world on any unsuspecting target at any time, many targets are finding that, as much as they thought they lacked the resources to prevent such attacks, they’re even less prepared for the aftermath.
http://bit.ly/2ZLzH3S
New Mac malware abuses recently disclosed Gatekeeper zero-day
The new OSX/Linker malware abuses a security flaw that was disclosed in Gatekeeper, a macOS security system that scans and approves for execution apps downloaded from the Internet.
https://zd.net/2FyU6BA
Thursday 6/27
New Silex malware is bricking IoT devices, has scary plans
Silex works by trashing an IoT device's storage, dropping firewall rules, removing the network configuration, and then halting the device. It's as destructive as it can get without actually frying the IoT device's circuits.
https://zd.net/2ZRiF4s
5 tips for a smooth journey to Citrix Cloud
With relinquishing control of core infrastructure, learning to use cloud services, and planning a roll out, your journey to the cloud can be a daunting experience. But with the Citrix Workspace intelligent experience just around the corner, there has never been a better time to begin using Citrix Cloud!
http://bit.ly/2KGccpq
Security Flaws in Electronic Arts’s Origin Platform
In a similar manner to Check Point Research’s previous discoveries into another hugely popular online game, Fortnite, the vulnerabilities found in EA’s platform similarly did not require the user to hand over any login details whatsoever. Instead, it took advantage of EA Games’ use of authentication tokens in conjunction with the oAuth Single Sign-On (SSO) and TRUST mechanism that is built into EA Game’s user login process.
http://bit.ly/2Jc4no6
Friday 6/27
New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
The newly disclosed bugs affect Cisco's Data Center Network Manager (DCNM) software and once again are in its web-based management interface. Both flaws can be exploited by anyone on the internet and are rated as critical, with severity ratings of 9.8 out of 10.
https://zd.net/2JbvhNc
How organizations face risks by relying too much on cloud vendors for security
Many businesses are making a mistake by expecting their cloud vendors to take on all or most of the responsibility for security, says a Wednesday report released by CyberArk.
https://tek.io/2IU0NjG
This phishing campaign uses an odd tactic to infect Windows PCs with two forms of Trojan malware
Both malware families, LokiBot and Nanocore, provide attackers with backdoors onto infected Windows PCs and the ability to steal data, as well as enabling additional payloads to be installed. Nanocore is particularly dangerous as it captures clipboard data and keystrokes.
https://zd.net/2XhkIlB
How hackers turn Microsoft Excel’s own features against it
An Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks. Power Query allows users to combine data from various sources with a spreadsheet—like a database, second spreadsheet, document, or website.
http://bit.ly/2Nh58l7