Νέα Ασφάλειας

Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.

With 2FA, Zoom users will have an extra layer added to the authentication process, blocking attackers from take control of their account by guessing their password or using compromised credentials.

This is because, Zoom accounts secured using 2FA will require you to enter a one-time code from a mobile authenticator app or received via SMS or phone call, in addition to the account’s password, before allowing you to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room. Read more »

Microsoft today said that it worked with the LLVM and Rust development teams to add support for the Windows Control Flow Guard (CFG) platform security feature into the Clang and rustc compilers.

CFG is designed to block malicious code from changing the default control flaw of Windows programs, it extends other exploitation mitigation tech like /GS (Buffer Security Check)Data Execution Prevention (DEP), and Address Space Layout Randomization (ASLR), and it makes it more difficult to run arbitrary code by exploiting memory bugs such as buffer overflows.

CFG was first released with the Windows 8.1 KB3000850 update in November 2014 and is available today on all Windows 10 devices, with the Windows kernel now compiled with CFG support since Windows 10 Creators Update (Windows 10, version 1703).

Read more »

TrickBot’s Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.

TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration, and malware delivery.

Read more »

Microsoft says that Outlook might take a minute to start and display the splash screen on devices running Windows 10, version 1809 or later if User Experience Virtualization (UE-V) is enabled.

This new issue was acknowledged by Microsoft in a Windows support document where the company details the exact scenario that could break Outlook’s startup functionality.

Read more »

Citrix has published an official statement to deny allegations that the company’s network was breached by a malicious actor who also claims that he was also able to steal customer information.

The actor is now selling what he claims to be a database with information on 2,000,000 Citrix customers on the dark web, with a price tag of 2.15 bitcoins (roughly $19,700).

“As recently as today, there are reports of Citrix data for sale on the dark web,” Citrix’s CISO Fermin J. Serna says.”Many of these reports today erroneously imply a Citrix compromise.”

Read more »