Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

With COVID-19 continuing to rain on our holidays, events, and even workplace parties, trying to get everybody together is proving tough. To that end, Dave and Jeff talked with Alexander Ilin, senior internal communications manager here at Kaspersky to learn about his time managing internal events. From tools and apps   show more ...

needed, right through to what to do to keep your guests entertained — if you’re looking to host a family Christmas party or even a last-minute business party, be sure to tune in. Like what you hear? Be sure to subscribe!

 Identity Theft, Fraud, Scams

A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked.

 Expert Blogs and Opinion

Organizations like the Cybersecurity and Infrastructure Security Agency, local and state governments, and private sector have all taken significant steps to mitigate and respond to cyber incidents.

 Companies to Watch

White Ops Announces Its Acquisition A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.

 Malware and Vulnerabilities

“In October the most common secondary payloads were TrickBot, Qakbot and ZLoader; today we observed TrickBot,” according to Brad Haas, a researcher at phishing prevention firm Cofense.

 Incident Response, Learnings

The IT staff of the Vermont healthcare network said that the ransomware attack was launched through a server vulnerability and the hackers were demanding an enormous sum as ransom.

 Companies to Watch

HelpSystems, a Minneapolis, Minnesota-based software company, announced on Wednesday that it has acquired cloud-based data protection solution provider Vera for an undisclosed amount.

 Trends, Reports, Analysis

The Pay2Key ransomware is only the latest wave in a series of Iranian based targeted ransomware attacks deployed against Israeli organizations and this appears to be a growing trend.

 Feed

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote   show more ...

code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.

 Feed

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.

 Feed

Gentoo Linux Security Advisory 202012-20 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 84.0 are affected.

 Feed

Gentoo Linux Security Advisory 202012-9 - Multiple vulnerabilities have been found in Cherokee, the worst of which could result in a Denial of Service condition. Versions less than or equal to 1.2.104-r2 are affected.

 Feed

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting

 Feed

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as CVE-2020-0986, the flaw

2020-12
Aggregator history
Thursday, December 24
TUE
WED
THU
FRI
SAT
SUN
MON
DecemberJanuaryFebruary