Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Kaspersky Transatlan ...

 News

For the 182nd edition of the Kaspersky Transatlantic Cable podcast, Dave and I tackle the biggest story of 2021 so far: the ramifications of the insurrection at the US Capitol, which include Twitter bans and plenty more. To kick off the podcast, we talk about an op-ed on ZDNet about the cybersecurity fallout of last   show more ...

week’s storming of the Capitol. (I am pretty sure everyone knows about the event, but you can check out more here.) Mainstream news outlets have not provided much insight into the cyberimpact of it all. During the occupation, rioters had physical access to computers, and they even stole a few. The ZDNet piece goes down some paths we won’t follow, but it also speaks to important cybersecurity considerations. Following that, we move on to Parler, from its ban to its takedown. Somewhere in that timeline, hackers downloaded all of the public data from the platform — even things believed to be deleted. This will be an interesting story to keep an eye on, and not only for the doxing that is sure to come. Sticking with this topic, we look at Twitter’s ban of many accounts, including the US president’s account and those of about 70K QAnon members. In our chat, we talk not only about the reasons for the ban, but also about what the future may hold for online privacy and speech rights. To close things out, we consider German Chancellor Angela Merkel’s take on the banning of Donald Trump. If you liked the podcast, please consider subscribing and sharing with your friends. For more information on the stories we covered, visit the links below: Capitol attack’s cybersecurity fallout: Stolen laptops, lost data and possible espionage Parler is gone, but hackers say they downloaded everything first Twitter suspends 70,000 accounts sharing QAnon content Germany’s Merkel hits out at Twitter over ‘problematic’ Trump ban

 Malware and Vulnerabilities

The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs. This included flaws found in Cisco’s AnyConnect Secure Mobility Client, as well as Cisco RV110W, RV130, RV130W, and RV215W small business routers.

 Breaches and Incidents

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.

 Expert Blogs and Opinion

Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.

 Feed

Ubuntu Security Notice 4692-1 - Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS   show more ...

and Ubuntu 18.04 LTS. Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-0114-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Runtime 3.1.11.

 Feed

Red Hat Security Advisory 2021-0110-01 - This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an XML injection vulnerability.

 Feed

Ubuntu Security Notice 4691-1 - Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2021-0030-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

 Feed

Red Hat Security Advisory 2021-0106-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that   show more ...

logic available to the entire business. This release of Red Hat Decision Manager 7.9.1 serves as an update to Red Hat Decision Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0105-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This   show more ...

release of Red Hat Process Automation Manager 7.9.1 serves as an update to Red Hat Process Automation Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0145-01 - Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Red Hat OpenShift Serverless Client kn 1.12.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.12.0, and includes   show more ...

security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include code execution and cross site scripting vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0136-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.

 Feed

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed "Operation Spalax" — began in 2020, with the modus operandi sharing some similarities to an APT

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Orca Security. Thanks to the great team there for their support! You’re probably familiar with the shared responsibility model. The basic idea is that public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud   show more ...

Platform (GCP) keep their platforms … Continue reading "Orca Security public cloud security report reveals how most large cloud breaches happen"

 Law & order

Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with CrowdSec's Philippe Humeau.

2021-01
Aggregator history
Thursday, January 14
FRI
SAT
SUN
MON
TUE
WED
THU
JanuaryFebruaryMarch