Security News

TrickBot’s Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.

TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration, and malware delivery.

Read more »

Microsoft says that Outlook might take a minute to start and display the splash screen on devices running Windows 10, version 1809 or later if User Experience Virtualization (UE-V) is enabled.

This new issue was acknowledged by Microsoft in a Windows support document where the company details the exact scenario that could break Outlook’s startup functionality.

Read more »

Citrix has published an official statement to deny allegations that the company’s network was breached by a malicious actor who also claims that he was also able to steal customer information.

The actor is now selling what he claims to be a database with information on 2,000,000 Citrix customers on the dark web, with a price tag of 2.15 bitcoins (roughly $19,700).

“As recently as today, there are reports of Citrix data for sale on the dark web,” Citrix’s CISO Fermin J. Serna says.”Many of these reports today erroneously imply a Citrix compromise.”

Read more »

The number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, telemetry data shows.

With the increase of remote workers during the COVID-19 period, many users no longer relied on the infrastructure monitored by the company to access sensitive information on the network.

Thousands of daily attacks

Personal device became the main instrument to connect to the work environment via remote desktop services, Windows Remote Desktop Protocol being the most prevalent.

Convenience in this context took precedence and many users set up easy-to-guess passwords without enforcing additional security layers, such as two-factor authentication.

Cybercriminals did not waste this opportunity and increased the number of brute-force attacks targeting RDP services, in an attempt to gain access to the company network, increase privileges to admin level, and deploy their malware.

Read more »

Microsoft acknowledged a new known issue leading to Local Security Authority Subsystem Service (LSASS) critical system process crashes and forced reboots on some Windows 10 devices.

LSASS is responsible for security policy enforcing on Windows systems and it is used by the system to add entries to the security log, as well as to handle user logins, password changes, and access token creation.

When LSASS fails, the user will immediately lose access to any accounts available on the machine, an error will be displayed, and the machine is forced to restart.

Read more »