Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

During Kaspersky Transatlantic Cable podcast this week, Dave and I focus on two main topics: Facebook vs. Australia (and the EU) and Clubhouse. We kick things off in the spot the cool kids are raving about on the Internets: Clubhouse. The invitation-only, audio-focused iOS app has taken Silicon Valley and the social   show more ...

network conversation by storm, and not for all the right reasons. In these two stories, we look at a developer who created an Android app for Clubhouse and also a short-lived site that scraped and published site content for anyone to see. So, privacy is a wee bit of a concern. From there, we jump over to a recent announcement from Nvidia about altering some graphics cards to discourage cryptomining. To close out the podcast, we take a look at the current showdown between Australia and Facebook. We discuss the current situation, its history, and how this situation could affect other countries or unions (e.g., Europe). My take may not be hugely popular, but maybe some of you will agree with it. If you like the podcast, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: This website made Clubhouse conversations public Devs hack together their own Clubhouse Android apps Nvidia limits crypto-mining on new graphics card Microsoft throws Google under the bus in European news fight Facebook reverses ban on news pages in Australia Facebook’s Australia news ban is the best decision it’s ever made

image for How $100M in Jobless ...

 A Little Sunshine

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity   show more ...

thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud. These prisoners tried to apply for jobless benefits. Personal information from the inmate IDs has been redacted. Image: ID.me A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5 billion in fraudulent jobless benefits — nearly two-thirds of the phony claims it reviewed — was paid out to individuals with Social Security numbers filed in multiple states. Almost $100 million went to more than 13,000 ineligible people who are currently in prison. The OIG acknowledges that the total losses from all states is likely to be tens of billions of dollars. Indeed, just one state — California — disclosed last month that hackers, identity thieves and overseas criminal rings stole more than $11 billion in jobless benefits from the state last year. That’s roughly 10 percent of all claims. Bloomberg Law reports that in response to a flood of jobless claims that exploit the lack of information sharing among states, the Labor Dept. urged the states to use a federally funded hub designed to share applicant data and detect fraudulent claims filed in more than one state. But as the OIG report notes, participation in the hub is voluntary, and so far only 32 of 54 state or territory workforce agencies in the U.S. are using it. Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. Many states also lacked the ability to tell when multiple payments were going to the same bank accounts. To make matters worse, as the Coronavirus pandemic took hold a number of states dramatically pared back the amount of information required to successfully request a jobless benefits claim. 77,000 NEW (AB)USERS EACH DAY In response, 15 states have now allied with McLean, Va.-based ID.me to shore up their authentication efforts, with six more states under contract to use the service in the coming months. That’s a minor coup for a company launched in 2010 with the goal of helping e-commerce sites validate the identities of customers for the purposes of granting discounts for veterans, teachers, students, nurses and first responders. ID.me says it now has more than 36 million people signed up for accounts, with roughly 77,000 new users signing up each day. Naturally, a big part of that growth has come from unemployed people seeking jobless benefits. To screen out fraudsters, ID.me requires applicants to supply a great deal more information than previously requested by the states, such as images of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service. When an applicant doesn’t have one or more of the above — or if something about their application triggers potential fraud flags — ID.me may require a recorded, live video chat with the person applying for benefits. This has led to some fairly amusing attempts to circumvent their verification processes, said ID.me founder and CEO Blake Hall. For example, it’s not uncommon for applicants appearing in the company’s video chat to don disguises. The Halloween mask worn by the applicant pictured below is just one example. Image: ID.me Hall said the company’s service is blocking a significant amount of “first party” fraud — someone using their own identity to file in multiple states where they aren’t eligible — as well as “third-party” fraud, where people are tricked into giving away identity data that thieves then use to apply for benefits. “There’s literally every form of attack, from nation states and organized crime to prisoners,” Hall said. “It’s like the D-Day of fraud, this is Omaha Beach we’re on right now. The amount of fraud we are fighting is truly staggering.” According to ID.me, a major driver of phony jobless claims comes from social engineering, where people have given away personal data in response to romance or sweepstakes scams, or after applying for what they thought was a legitimate work-from-home job. “A lot of this is targeting the elderly,” Hall said. “We’ve seen [videos] of people in nursing homes, where folks off camera are speaking for them and holding up documents.” “We had one video where the person applying said, ‘I’m here for the prize money,'” Hall continued. “Another elderly victim started weeping when they realized they weren’t getting a job and were the victim of a job scam. In general though, the job scam stuff hits younger people harder and the romance and prize money stuff hits elderly people harder.” Many other phony claims are filed by people who’ve been approached by fraudsters promising them a cut of any unemployment claims granted in their names. “That person is told to just claim that they had their identity stolen when and if law enforcement ever shows up,” Hall said. REACTIONS FROM THE UNDERGROUND Fraudsters involved in filing jobless benefit claims have definitely taken notice of ID.me’s efforts. Shortly after the company began working with California in December 2020, ID.me came under a series of denial-of-service (DDoS) attacks aimed at knocking the service offline. “We have blocked at least five sustained, large-scale DDoS attacks originating from Nigeria trying to take our service down because we are blocking their fraud,” Hall said. In May 2020, KrebsOnSecurity examined postings to several Telegram chat channels dedicated to selling services that help people fraudulently apply for jobless benefits. These days, some of the most frequent posts on those channels advertise the sale of various “methods” or tips about how to bypass ID.me protections. Mentions of id.me in cybercrime forums, Telegram channels throughout 2020. Source: Flashpoint-intel.com Asked about the efficacy of those methods, Hall said while his service can’t stop all phony jobless claims, it can ensure that a single scammer can only file one fraudulent application. “I’d say in this space it’s not about being perfect, but about being better,” he said. That’s something of an understatement in an era when being able to limit each scammer to a single fraudulent claim can be considered progress. But Hall says one of the reasons we’re in this mess is that the states have for too long relied on data broker firms that sell authentication services based on static data that is far too easy for fraudsters to steal, buy or trick people into giving away. “There’s been a real shift in the market from data-centric identity verification to verifying through something you have and something you are, like a phone or face or ID,” he said. “And those aren’t in the provenance of the incumbents, the data-centric brokers. When there have been so many data breaches that the toothpaste is basically out of the tube, you need a full orchestration platform.” A BETTER MOUSETRAP? Collecting and storing so much personal data on tens of millions of Americans can make one an attractive target for hackers and ID thieves. Hall says ID.me is certified against the NIST 800-63-3 digital identity guidelines, employs multiple layers of security, and fully segregates static consumer data tied to a validated identity from a token used to represent that identity. “We take a defense-in-depth approach, with partitioned networks, and use very sophisticated encryption scheme so that when and if there is a breach, this stuff is firewalled,” he said. “You’d have to compromise the tokens at scale and not just the database. We encrypt all that stuff down to the file level with keys that rotate and expire every 24 hours. And once we’ve verified you we don’t need that data about you on an ongoing basis.” With such a high percentage of jobless claims now being filed by identity thieves, many states have instituted new fraud filters that ended up rejecting or delaying millions of legitimate claims. Jim Patterson, a Republican assemblyman from California, held a news conference in December charging that ID.me’s system “continually glitches and rejects legitimate forms of identification, forcing applicants to go through the manual verification process which takes months.” ID.me says roughly eight users will pass through its automated self-serve flow for every one user who needs to use the video chat method to verify their identity. “The majority of legitimate claimants pass our automated, self-serve identity verification process in less than five minutes,” Hall said. “For individuals who fail this process, we are the only company in the United States that offers a secure, video chat based method of identity verification to ensure that all users are able to prove their identity online.” Hall says his company also exceeds the industry standard in terms of validating the identities of people with little or no credit history. “If you just rely on credit bureaus or data brokers for this, it means anyone who doesn’t have a credit history doesn’t get through,” he said. “And that tends to have a disproportionate affect on those more likely to be less affluent, such as minority communities.”

 Malware and Vulnerabilities

Cybercriminals are ready for the tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker.

 Companies to Watch

Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO) for less than a year. He arrived at Cisco via its $2.3 billion acquisition of Duo Security in 2018.

 Breaches and Incidents

?nova Yönetim, a Turkish legal advisory company, has inadvertently exposed data on 15,000 cases involving people killed or injured in traffic accidents after a cloud misconfiguration.

 Govt., Critical Infrastructure

Intel sharing on malicious actors is a key component of fighting the bad guys, with both Microsoft and FireEye calling for the government to consider mandatory disclosure of significant breaches.

 Expert Blogs and Opinion

Vulnerabilities are graded on factors such as how the vulnerable component is exposed, how difficult and reliable an attack could be, and the impact on confidentiality, integrity, and/or availability.

 Identity Theft, Fraud, Scams

BTS fans are the target of a massive crypto scam on Twitter. For a little more than two weeks, cryptocurrency-related posts started appearing on timelines of BTS fans, also known as ARMY.

 Trends, Reports, Analysis

Attackers are exploiting the Google App Script domain—script.google.com—to evade Content Security Policy (CSP) controls and malware scan engines.

 Threat Actors

Vietnam-linked Ocean Lotus was found involved in a cyberespionage campaign on the country’s human rights defenders and a nonprofit organization that continued for roughly three years.

 Feed

Ubuntu Security Notice 4752-1 - Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A   show more ...

physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4751-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local   show more ...

attacker could possibly use this to expose sensitive information. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4753-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

 Feed

Ubuntu Security Notice 4750-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained   show more ...

an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4749-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained   show more ...

an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4748-1 - It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. It was discovered that the memory management subsystem in the Linux kernel did not properly   show more ...

handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4747-2 - USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-0100-01 - The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Issues addressed include denial of service and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2020-5364-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.7. Issues addressed include denial of service and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0664-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

 Feed

Red Hat Security Advisory 2020-5633-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. Issues addressed include bypass, denial of service, integer overflow, man-in-the-middle, and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0659-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

 Feed

Red Hat Security Advisory 2020-5634-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0.

 Feed

Red Hat Security Advisory 2021-0656-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

 Feed

Red Hat Security Advisory 2021-0660-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

 Feed

Red Hat Security Advisory 2021-0655-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

 Feed

Red Hat Security Advisory 2020-5635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

 Feed

Ubuntu Security Notice 4698-2 - USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when   show more ...

sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4746-1 - Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 4747-1 - Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most

 Feed

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said

 Feed

It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software

 Podcast

World-chess-champion-turned-activist Garry Kasparov returns to the show as we discuss a romance scammer with plenty of time on his hands, the surge in sextortion, and how social media is being swamped with claims of fake snow. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the web. The FREE Cyber Daily   show more ...

email, highlights trending threats selected from … Continue reading "Recorded Future’s free Cyber Daily newsletter brings trending threat insights straight to your inbox"

 Articles

Although Linux is still a fraction of the market share of Microsoft Windows and Mac OS X, its growth continues to accelerate.  Linux will continue to grow at compounded annual growth rate (CAGR) of 19.2% through 2027.  Some of the primary factors for this growth include: Cloud computing infrastructure,   show more ...

Containerization of applications, and Microsoft’s support […] The post How to Defend Linux from Attacks appeared first on Security Weekly.

2021-02
Aggregator history
Thursday, February 25
MON
TUE
WED
THU
FRI
SAT
SUN
FebruaryMarchApril