Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for FBI Issues Warning o ...

 Security

The Federal Bureau of Investigation, or the FBI, has issued a warning about a series of spoofed domains that are being used by cybercriminals in an attempt to steal user information. Spoofed domains typically look like real domains, only that malicious actors turn to a very simple trick: they change one letter, the   show more ...

Internet domain, or add more words that make sense for each target, all in an attempt to trick users into thinking they’re loading the legitimate site. In most cases, hackers publish content that encourages users to provide information like personal details and credit card numbers. The FBI says it has already detected a number of spoofed domains, as well as others that no longer resolve, which means they have been suspended (though there’s also a chance they might be reactivated at a later time). Users who want to visit the FBI’s official site should check the URL in the address bar and make sure ... (read more)

image for Malware in Minecraft ...

 Threats

The first version of Minecraft was released way back in 2009, but the game remains incredibly popular to this day. That should come as no surprise; not only is it enormous fun, but it’s a platform for kids and adults alike to create their own worlds. Some even use it for urban planning — and some teachers use   show more ...

it in the classroom. Unfortunately, as with any successful project, cybercriminals are eager for a piece of the action. Since July of this year, we have detected more than 20 apps on Google Play claiming to be modpacks for Minecraft, when in fact their primary purpose is to display ads on smartphones and tablets in an extremely intrusive manner. We explain what these apps are and how to protect Android devices against such threats. Fake Minecraft mods on Google Play At the time of this writing, most of the unscrupulous apps we found on Google Play had already been removed. The five that remained were: Zone Modding Minecraft, Textures for Minecraft ACPE, Seeded for Minecraft ACPE, Mods for Minecraft ACPE, Darcy Minecraft Mod. The humblest of them had more than 500 installations, and the most popular more than 1 million. Although the apps have different publishers, two of the fake modpacks carried almost the exact same description, down to the typos. Apps with different publishers, same description The app reviews are contradictory. Average ratings hover around the 3-star mark, but overall, scores are highly polarized, mostly 5s and 1s. That kind of spread suggests that bots are leaving rave reviews but real users are very unhappy. Unfortunately, in this case, the cybercriminals are targeting kids and teenagers, who may not pay attention to ratings and reviews before installing an app. The apps receive either five stars or one. Suspicious! We informed Google about the malicious apps mentioned above, and the apps were deleted from Google Play by the time this post was published. Nevertheless, it’s worth mentioning that: After apps are deleted from Google Play, they remain on the smartphones of any users who already installed them; The malware creators can try to get their apps back in the store by modifying them and publishing them from a different developer’s account. Fake mods on the device Meanwhile, users rightly curse the apps for not doing what they promised. Having landed on a smartphone, the “modpack” lets itself be opened once, but it doesn’t load any mods (in fact, the app we studied closely did nothing useful at all). The frustrated user closes the app, which promptly vanishes. More precisely, its icon disappears from the smartphone’s menu. Users complain that the app doesn’t work and seemingly deletes itself Because the “modpack” seemed glitchy from the start, most users, especially kids and teens, won’t waste time looking for it. They may even forget it and not bother trying to remove it. Unbeknownst to the user, however, the app remains on the smartphone — and not merely there, but hard at work. Concealed from the user, the fake modpack starts displaying ads. The sample we examined automatically opened a browser window with ads every two minutes, greatly interfering with normal smartphone use. In addition to the browser, the apps can open Google Play and Facebook or play YouTube videos, depending on the C&C server’s orders. Whatever the case, the constant stream of full-screen ads makes the phone practically unusable. How to remove malicious Minecraft modpacks Perhaps the most annoying thing about the fake Minecraft mods is that their victims have a very hard time figuring out why their browser (or Google Play, or Facebook, or YouTube) keeps opening. They are likely to conclude that the problem lies in the browser (or whichever app the fake modpack loads). However, uninstalling and reinstalling the browser will not fix the issue, and neither will tinkering with settings. The only way to defeat the problem is to get rid of the malicious app. But that means locating it, which may be tricky; affected users may not remember what exactly they installed before their phones started acting up. After identifying the malicious app, you’ll need to find it in device settings (Settings → Apps and notifications → Show all apps) and delete it from there. Fortunately, the misbehaving modpacks get removed entirely with deletion and do not try to restore themselves. If you’re having trouble figuring out which app is to blame for the smartphone’s odd behavior, or you just want to clean your child’s gadget quickly and easily, install a reliable security solution and scan the device. For example, Kaspersky Internet Security for Android recognizes fake Minecraft modpacks with the verdict not-a-virus:HEUR:AdWare.AndroidOS.HiddenAd.os, and prompts the user to delete any that are already on the smartphone or tablet. For the future, to prevent your child from downloading malware, teach them about the potential dangers of apps, including ones on Google Play. In particular, focus on poorly written descriptions and wildly varying ratings and reviews — warning signs the developer or publisher might not be on the up-and-up. And just to repeat, be sure to install a mobile antivirus utility on their smartphone.

 Trends, Reports, Analysis

Dragos researchers have found multiple ransomware strains, such as Clop, EKANS, and Megacortex, adopting ICS-aware functionality, including the ability to kill industrial processes.

 Breaches and Incidents

Turkish hackers hacked and defaced Joe Biden’s Presidential campaign 'Vote Joe’ website. As per the note left by the hackers on the hacked site, “RootAyyildiz” has claimed responsibility for the hack.

 Feed

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

 Feed

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

 Feed

Red Hat Security Advisory 2020-5175-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a remote SQL injection vulnerability.

 Feed

Red Hat Security Advisory 2020-5174-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a remote SQL injection vulnerability.

 Feed

Ubuntu Security Notice 4634-2 - USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2020-5170-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This   show more ...

release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2020-5173-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This   show more ...

release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2020-5168-01 - Eclipse is an integrated development environment. The rh-eclipse packages have been upgraded to version 4.17, which is based on the Eclipse Foundation's 2020-09 release train. For instructions on how to use rh-eclipse, see Using Eclipse linked from the References section.

 Feed

Red Hat Security Advisory 2020-5165-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.198. Issues addressed include a use-after-free vulnerability.

 Feed

At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall is the first line

 Malware

Last Friday, the day before it was scheduled to play a football match against West Bromwich Albion, Manchester United revealed that it had fallen victim to a cyber attack. What Manchester United chose not to do is give any details of the “cyber attack” it had suffered.

 Industry Intel

REvil Ransomware Strikes Hosting Provider In recent days the web hosting provider Managed.com has been working to recover from a ransomware attack targeting many of their core systems. While the company was able to stop the spread of the attack by shutting down their systems and client websites, it remains unclear   show more ...

what information may have been encrypted and sent elsewhere. The demanded ransom is equal to $500,000 in Monero cryptocurrency and is set to double if not paid in the next week. Cyberattack Shuts Down Americold Operations Cold storage provider Americold revealed this week it was forced to shut down many of its systems after discovering evidence of a cyberattack. Some variant of ransomware is thought to be responsible for the attack, which has disabled several customer-facing services and could still be affecting Americold. Fortunately, the company responded quickly and was able to stop the attack from spreading across its network, which could have caused significantly more damage, especially if financial information was accessed. Ticketmaster Receives Fine for 2018 Data Breach More than two years after Ticketmaster announced a data breach had compromised a significant amount of customer information, the Information Commissioner’s Office (ICO) has settled on a fine of £1.25 million. The attack was significant because, while multiple organizations warned Ticketmaster of the breach, the company did nothing to resolve the security lapse. Officials also discovered that upwards of 60,000 customer payment cards were used for additional fraudulent activity after the Ticketmaster breach. Healthcare Remains Easiest Target for Cyberattacks A recent survey of healthcare organizations found that 73% had computer systems totally unprepared to repel a cyberattack. Attackers are improving their operations rapidly compared to security improvements being implemented by these organizations, even with the increasing year-over-year cybersecurity spending. To make matters worse, pressure put on the healthcare industry by the COVID-19 pandemic has forced many facilities to put security improvements on hold as they deal with increased patient numbers. Severity of Capcom Breach Continues to Rise A ransomware attack on Capcom that was initially suspected to not affect customer data has been found to be more severe than first thought. Upwards of 135,000 customers, employees and other individuals with ties to the company may have had sensitive personal information compromised. While Capcom has confirmed that payment data is processed through a third-party and isn’t stored on their systems, internal documents and statements seem to have been compromised by the attack. The post Cyber News Rundown: REvil Ransomware Strikes appeared first on Webroot Blog.

2020-11
Aggregator history
Monday, November 23
SUN
MON
TUE
WED
THU
FRI
SAT
NovemberDecemberJanuary