Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Three ways to unmask ...

 Privacy

On their face, spying apps might seem like something out of a thriller, of concern to high-rolling politicians, prominent business people, and celebrities, not regular folks. In reality, though, you don’t have to be Jeff Bezos for someone to want to track you. It could be that your employer (or other half) wants   show more ...

to know what you’re getting up to outside the office (or home). If you suspect that someone might be spying on you through your smartphone — or even if you don’t — use these tips to investigate. How to find a mobile spy by yourself Although spying apps try to conceal themselves, most reveal their presence in one way or another. Mobile data running out quicker than expected or the battery dying similarly fast are two red flags. If you notice either problem, be on your guard and check which apps are consuming your phone’s resources. The settings you need have different names depending on the device; look for something like Data usage and Battery, respectively. If the device turns on Wi-Fi, mobile Internet, or geolocation, even though you turned them off, again, look at which apps are eating data and accessing your location. For more information, see our post about checking Android permissions, or read about iOS permissions on Apple’s website. If you don’t find anything on your Android phone, but you still suspect someone may be spying on you, check which apps have access to Accessibility (Settings -> Accessibility). Accessibility lets apps snoop on other programs, alter settings, and do a lot of other things acting as the user. That makes the permission very useful to spyware. When we say Accessibility is one of the most potentially dangerous permissions in Android, we really mean it. Give that kind of access to your antivirus utility, but nothing else. How to find a mobile spy using Kaspersky Internet Security for Android Not up for a manual search and destroy? Android device owners should check out our mobile security solution. Kaspersky Internet Security for Android will unmask any traitors, even if you have the free version. Because of the legally disputed status of stalkerware, many security solutions classify some problem apps as not-a-virus. You’ll still get a warning about it, though, so always read antivirus alerts carefully. That said, that method does have one drawback: Some surveillance apps notify their owners if antivirus protection is installed on the device. If you’re worried about being tracked by, say, a jealous spouse, it may be better not to let them know about your suspicions, so, to help users spot a spy without giving themselves away, we created a mobile spycatcher called TinyCheck. TinyCheck works equally well for Android and iOS. How to find a mobile spy with TinyCheck We originally developed TinyCheck to help victims of domestic abuse, but we quickly realized it could be of use to anyone at all. The current version does require some technical know-how and a willingness to fiddle with hardware, however. That’s because TinyCheck is installed on a separate device, like a Raspberry Pi microcomputer, not on a smartphone. This separate device must be configured to act as an intermediary between the router and the Wi-Fi-connected gadget — but the payoff for that work is knowing that any spyware on the phone can’t see our software. Once it’s installed, all of your Internet traffic will pass through TinyCheck, which analyzes it in real time. If your smartphone sends a lot of data to a known spyware server, for example, TinyCheck will notify you. Here’s how it looks in practice: Detailed technical requirements and instructions for setting up TinyCheck are available on the solution’s GitHub page. TinyCheck addendum for the nongeeky If you think a Raspberry Pi is something to buy in a bakery, you’ll probably be better off getting an IT pro to configure TinyCheck for you. Better yet, find someone you know and trust 100%. You should obviously avoid asking anyone you suspect might be connected to the spyware; if you give them access, they’ll probably whitelist the app to keep it off TinyCheck’s radar. In any case, soon you’ll be able to go the TinyCheck route without IT friends, when we release a user version of TinyCheck, which will be much easier to work with. How to avoid surveillance If one of the above methods unearths spyware on your smartphone, think twice before deleting it. The person who installed it will notice, and that could make things worse. (Uninstalling the program also could erase evidence that you might need later.) As with all facets of security, take protective measures first. For example, if you’re being tracked by a potentially violent partner, before doing anything with the spy app, contact a help center for victims of domestic abuse (see here for information). In some cases, it’s easier to replace your smartphone altogether, and then make sure that no one can install spying apps on the new device: Protect it with a strong password that you never share with your partner, friends, or colleagues; Install a reliable security solution immediately, and scan the device regularly; Change the passwords for all of your accounts, and don’t share them with anyone either; Download apps only from official sources such as Google Play or the App Store. For more information about spyware and how to deal with it, visit the Coalition Against Stalkerware, which brings together domestic abuse organizations and the security community.

image for U.S. Treasury, Comme ...

 Data Breaches

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base,   show more ...

experts say the incident may be just the first of many such disclosures. Some of SolarWinds’ customers. Source: solarwinds.com According to a Reuters story, hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. Reuters reports the attackers were able to surreptitiously tamper with updates released by SolarWinds for its Orion platform, a suite of network management tools. In a security advisory, Austin, Texas based SolarWinds acknowledged its systems “experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.” In response to the intrusions at Treasury and Commerce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of issuing an emergency directive ordering all federal agencies to immediately disconnect the affected Orion products from their networks. “Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” CISA advised. A blog post by Microsoft says the attackers were able to add malicious code to software updates provided by SolarWinds for Orion users. “This results in the attacker gaining a foothold in the network, which the attacker can use to gain elevated credentials,” Microsoft wrote. From there, the attackers would be able to forge single sign-on tokens that impersonate any of the organization’s existing users and accounts, including highly privileged accounts on the network. “Using highly privileged accounts acquired through the technique above or other means, attackers may add their own credentials to existing application service principals, enabling them to call APIs with the permission assigned to that application,” Microsoft explained. Malicious code added to an Orion software update may have gone undetected by antivirus software and other security tools on host systems thanks in part to guidance from SolarWinds itself. In this support advisory, SolarWinds says its products may not work properly unless their file directories are exempted from antivirus scans and group policy object restrictions. The Reuters story quotes several anonymous sources saying the intrusions at the Commerce and Treasury departments could be just the tip of the iceberg. That seems like a fair bet. SolarWinds says it has over 300,000 customers including: -more than 425 of the U.S. Fortune 500 -all ten of the top ten US telecommunications companies -all five branches of the U.S. military -all five of the top five U.S. accounting firms -the Pentagon -the State Department -the National Security Agency -the Department of Justice -The White House. It’s unclear how many of the customers listed on SolarWinds’ website are users of the affected Orion products. But Reuters reports the supply chain attack on SolarWinds is connected to a broad campaign that also involved the recently disclosed hack at FireEye, wherein hackers gained access to a slew of proprietary tools the company uses to help customers find security weaknesses in their computers and networks. The compromises at the U.S. federal agencies are thought to date back to earlier this summer, and are being blamed on hackers working for the Russian government. FireEye said its breach was the work of APT 29, a.k.a. “Cozy Bear,” a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. In its own advisory, FireEye said multiple updates poisoned with a malicious backdoor program were digitally signed with a SolarWinds certificate from March through May 2020, and posted to the SolarWindws update website. FireEye posits the impact of the hack on SolarWinds is widespread, affecting public and private organizations around the world. “The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” the company’s analysts wrote. “We anticipate there are additional victims in other countries and verticals.”

 Threat Actors

The operation from Bangladesh primarily focused on compromising the integrity of accounts across the social media platform and had targeted local activists, journalists, and religious minorities.

 Malware and Vulnerabilities

Of these, the first one is the most critical and received a CVSS score of 9.9, as it can be used by an unauthenticated attacker to achieve RCE, requires no user interaction, and is wormable.

 Feed

Red Hat Security Advisory 2020-5410-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked   show more ...

to in the References section of this erratum. Issues addressed include XML injection and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5408-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include buffer overflow, out of bounds access, and privilege escalation vulnerabilities.

 Feed

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also   show more ...

identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

 Feed

Red Hat Security Advisory 2020-5259-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

 Feed

Ubuntu Security Notice 4660-2 - USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the perf   show more ...

subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

LibreNMS version 1.46 suffers from an authenticated remote SQL injection vulnerability in the MAC Account Graph. Original discovery of SQL injection in this version is attributed to Punt in May of 2020.

 Feed

Red Hat Security Advisory 2020-5402-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5260-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

 Feed

Ubuntu Security Notice 4658-2 - USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the binder   show more ...

IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4659-2 - USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the binder   show more ...

IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2020-5394-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5393-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5395-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5396-01 - The libexif packages provide a library for extracting extra information from image files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

 Feed

State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign. The Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the

 Feed

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M" (short for Sophos-ReversingLabs – 20 Million), as it's called, is a dataset containing metadata, labels

 Podcast

Following the popularity of the YouTube livestream we did to celebrate 200 episodes of the “Smashing Security” podcast a couple of months ago, Carole Theriault and I have made the bold and some would say foolhardy decision to hold a live Christmas party this Thursday (December 17th). And you are invited!

 Business + Partners

The cybersecurity industry and end-of-year predictions go together like Fall and football or champagne and the New Year. But on the heels of an unprecedented year, where a viral outbreak changed the landscape of the global workforce practically overnight, portending what’s in store for the year ahead is even   show more ...

trickier than usual.   One thing the cybersecurity experts at Webroot agree on is that work from home is here to stay for 2021, or at least it won’t recede to pre-pandemic levels in even the medium-term. What is likely to change is how companies respond to their remote workforces. The security measures they take (or don’t), the educational opportunities they provide (or fail to) and their commitment to innovation (or lack thereof) will likely separate the winners from the losers in the year ahead. Yes, cybersecurity for remote workforces will likely be a prevailing concern throughout 2021, even following positive news on the vaccine development front, according to Webroot experts. Another prevailing theme from the professionals here, when asked to make their annual predictions for the new year, is that a cybersecurity skills gap will continue to haunt businesses and pose opportunities for those looking to start their careers in the field or make the switch to it. As such, automation and the adoption of AI technologies will be critical to plugging the gap. Read on for more details from leading engineers, security analysts and product specialists from around our organization for complete cybersecurity predictions for 2021. Take heart because, whatever happens, 2020 won’t be easily outdone (knock on wood). On remote workforces and the problem of personal devices David Dufour, VP of engineering, Carbonite + Webroot In 2021, many businesses will continue to operate remotely as a result of the pandemic and there must be an emphasis on training employees on security best practices, how to identify modern threats such as phishing, and where company data is being accessed and stored. Phishing is going to remain one of the most prominent ways to attack users and will become more sophisticated as it’s tailored to take advantage of work-from-home setups and distractions.   Grayson Milbourne, security intelligence director, Carbonite + Webroot The biggest change for 2021 will be securing remote workforces and remote perimeters, which include home networks and home devices, particularly personal devices. These all add their own challenges. Home networks and their configurations are diverse. Many use out-of-date routers with insecure settings. Personal devices are often used for work and, as we saw in our 2020 Threat Report, are twice as likely as business devices to encounter infections. If not addressed, this could have a serious impact on businesses in the coming year. Hal Lonas, CTO and SVP of SMB engineering, Carbonite + Webroot We shouldn’t overlook the incredible societal and behavioral changes underway right now. These put all of us in new situations we’ve never encountered before. These new contexts create new opportunities for social engineering attacks like phishing and scare tactics to get us to open emails and click on fraudulent links. Tyler Moffitt, Sr. security analyst, Carbonite + Webroot It really doesn’t matter the company or the length of the work-from-home stint, one thing that’s constant is that professionals at home are using their personal devices and personal network. Securing the remote perimeter is going to be the biggest challenge for cybersecurity professionals now through 2021 because laptops issued to professional workforce are much more secure than personal devices. Personal devices are twice as likely to be infected than business devices. Even more worrying, we saw with our new COVID-19 report that one-third of Americans will use personal devices when working from home. Businesses will need to account for that. Jamie Zajac, VP of product management, Carbonite + Webroot I predict that in 2021 vulnerable industries like hospitality, travel and retail will start to use even more remote access platforms like Square and others. This transfers a lot of control to a third-party, so it’s essential companies make sure their data is protected on their end, that their vendors are trustworthy and that their reputation is safe from the damage an internal breach could cause On the cybersecurity skills shortage Briana Butler, engineering services manager, Carbonite + Webroot Moving forward, cybersecurity professionals will need greater data analysis skills to be able to look at large sets of data and synthesize the information so organizations can derive actionable value from it. In 2021, organizations need to start implementing programs to upskill their current cybersecurity workforce to focus on the skills they’ll need for the future such as analyzing complex data, developing algorithms, and understanding machine learning techniques. David Dufour, VP of engineering, Carbonite + Webroot The cyber skills gap will continue to be an issue in 2021 because companies continue to believe they understand cybersecurity and, as a result, tend to spend less on external cybersecurity resources. This leads to a feeling of false security and, unfortunately, inadequate security. Cybersecurity requires a financial investment to truly meet an organizations’ needs and to enact processes for securing systems. It’s much more effective to invest in a few, solid security processes and to address gaps at the outset than it is to implement an inexpensive, broad security solution that falls short in key areas. Hal Lonas, CTO and SVP of SMB engineering, Carbonite + Webroot The pandemic has also changed the game for managed service providers (MSPs). They’re used to running a thin-margin business, but this has become even more difficult as their small business customers struggle. MSPs are fortunately heavily automated, but now they are under increasing pressure to deliver more with less. MSPs more than ever need automated solutions that make it easy for them to manage, secure and restore customers when incidents do occur. Some of that automation will come from AI, but auto-remediation, backup and restore capabilities are also important. Looking ahead to 2021 Whatever 2021 is, at least 2020 will be over, right? But in all seriousness, the virus does not respect our calendar transitions and its implications will certainly bleed over into the New Year. Much has been made of a supposed “new normal,” but to truly arrive there, companies must account for the new realities of pervasive remote work and an exacerbated cybersecurity skills shortage. If there’s one takeaway from our experts’ predictions for 2021, it’s that. The post Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021 appeared first on Webroot Blog.

2020-12
Aggregator history
Monday, December 14
TUE
WED
THU
FRI
SAT
SUN
MON
DecemberJanuaryFebruary