Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Exim Bugs Put Millio ...

 Security

Multiple critical vulnerabilities have been discovered in the Exim email server software by the Qualys Research Team. Some of these flaws can be chained together to achieve full remote unauthenticated code execution and root privileges.  Exim is a widely used mail transfer agent (MTA) that even comes pre-installed on   show more ...

some Linux distributions. It is estimated that roughly 60% of Internet mail servers run Exim.  The wide availability of Mail Transfer Agents over the Internet makes them an attractive target for hackers. Once an MTA is accessed, sensitive settings on the mail servers can be altered and hence, permit the creation of new accounts on the target servers. The bugs, dubbed '21Nails,' include 11 vulnerabilities that require local access to the server and ten others that can be exploited remotely. Qualys discovered the problems and le... (read more)

image for Critical Flaw Expose ...

 Security

Dell desktops, laptops, and tablets built after 2009 can be abused to grant rogue users and malware system-administrator access. According to reports, hundreds of millions of computers can be hacked.  This is possible due to by five security flaws present in a system driver, found on all DELL brand computers. Labeled   show more ...

as CVE 2021-21551, the group of vulnerabilities can be used to crash systems, steal information, and escalate privileges to gain complete power. Then again, the exploits can be done by a logged-in user or applications that are already running on the machine. Kasif Dekel, senior security researcher at SentinelOne, warns that "While we haven’t seen any indicators that these vulnerabilities have been explo... (read more)

image for Belgium Hit by Massi ...

 Security

Belgium was hit by a major cyberattack on Tuesday, according to Belgian media, affecting many of the country's most important institutions. Its source is still unknown.  The attack was a major distributed denial of service (DDoS) attack that took down both internal and public-facing networks.  Hackers   show more ...

targeted Belnet, Belgium's government-founded Internet Service Provider that connects national government organizations such as the Parliament, ministries, educational institutions, and research centers. In addition, all the websites hosted on the .be top-level domain were affected. It is estimated that more than 200 Belgian government agencie... (read more)

image for Android May 2021 Upd ...

 Security

Google's Android operating system update for May 2021 addresses a total of 42 vulnerabilities, four of which are marked as critical severity.   The new security patch 2021-05-01 fixes three main critical flaws which were identified in the System component. All these three security breaches could be exploited to   show more ...

run arbitrary code on a vulnerable Android device. As Google explains, "The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process." Also, they are stating that the severity's impact grade on the vulnerability is more likely to be higher if the platform and service mitigations ar... (read more)

image for 60% of U.S. School A ...

 Security

Students are often encouraged to use education-focused mobile applications to help with learning, classwork, and other day-to-day activities. Many of these applications gather data from children and share it with third-party partners.  The Me2B Alliance, a non-profit industry organization dedicated to respectful   show more ...

technology, released a research report today to raise awareness about the data sharing practices of education applications used by schools. According to the results of the study, 60% of school apps are sending student data to various third parties, including ad networks like Google and Facebook.  Me2B Alliance Product Testing analyzed 73 mobile apps employed by 38 schools across 14 states. The mobile platforms are used by at least half of million people (including students, educators, and parents). The data flow of all 73 apps was examined by analyzing the SDKs... (read more)

image for QR code fraud | Kasp ...

 Technology

You can find QR codes on everything from yogurt containers to museum exhibitions, from utility bills to lottery tickets. People use them to open websites, download apps, collect loyalty program points, make payments and transfer money, and even to give to charity. The accessible and practical technology is convenient   show more ...

for many, including, as always, cybercriminals, who have already rolled out a variety of QR-based schemes. Here’s what can go wrong with those ubiquitous black-and-white squares, and how you can use them without fear. What QR codes are, and how they are used Nowadays, almost everyone owns a smartphone. Many of the latest models have a built-in QR scanner, but anyone can download an app that reads all QR codes, or opt for a special one, for example, for a museum. To scan a QR code, a user simply opens the scanner app and points the phone’s camera at the code. Most of the time, the smartphone will prompt you to go to a certain website or download an app. There are other options, however, which we’ll get to in a bit. Specialized scanners use a specific set of QR codes. You might find such a code on a sign for a historically important tree in a park, for example, in which case scanning it with the park’s official app might start a guided tour, whereas a standard scanner would simply open a description on the park’s website. Furthermore, some apps can create QR codes to give certain information to anyone who scans them. For example, they might receive the name and password of your guest Wi-Fi network, or bank account details. How cybercriminals use QR codes QR codes are just a more advanced version of bar codes, so what could go wrong? Plenty, as it turns out. Humans can’t simply read QR codes or otherwise check in advance what scanning them will do, so we rely on the integrity of their creators. We also can’t know everything a QR code includes, even when we create our own. The system is very exploitable. Fake links A QR code created by cybercriminals might point to a phishing site that looks like the login page of a social network or online bank. That’s why we recommend always checking links before tapping or clicking. A QR code, however, affords no such accessibility. Moreover, attackers often use short links, making it harder to spot a fake when the smartphone asks for confirmation. Similar schemes can trick users into app download errors, for example, by downloading malware instead of the intended game or tool. At that point, the sky’s the limit; malware can steal passwords, send malicious messages to your contacts, and more. QR-encoded commands Beyond linking to a website, a QR code may contain a command to perform certain actions. There, again, the possibilities are extensive; what follows is just a taste: Add a contact; Make an outgoing call; Draft an e-mail and populate the recipient and subject lines; Send a text; Share your location with an app; Create a social media account; Schedule a calendar event; Add a preferred Wi-Fi network with credentials for automatic connection. The common thread is the automation of common actions. For example, by scanning a QR code, you can add contact details from a business card, pay for parking, or grant access to a guest Wi-Fi network. Those broad capabilities make QR codes ripe for manipulation. For example, scammers can add their contact info to your address book under the name “Bank” to lend credibility to a call attempting to defraud you. Or call a toll number on your dime. Or find out where you are. How cybercriminals mask QR codes For attackers to harm you using a QR code, they first have to persuade you to scan it. To do that, they have a couple of tricks. Malicious sources. Cybercriminals can place a QR code with a link to their creation on a website, in a banner, in an e-mail, or even in a paper-based ad. The point is typically to get the victim to download a malicious app. In many cases, the Google Play and App Store logos are placed alongside the code for added credibility. Substitution. It is not unusual for attackers to piggyback on the work and reputation of legitimate parties, replacing a real QR code on a poster or sign with a fake one. Incidentally, QR code mischief is not limited to cybercriminals; unscrupulous social activists have begun using QR code substitution to disseminate their ideas. In Australia, for example, a man was recently arrested for allegedly tampering with the QR codes on check-in signs at COVID-19 centers so they led visitors to an antivaccination website. Again, the possibilities are practically limitless. QR codes are common sights on utility bills, pamphlets, office signage, and almost anywhere else you might expect to find information or instructions. How to avoid QR trouble For safety, follow a few simple rules when using QR codes: Do not scan QR codes from obviously suspicious sources; Pay attention to the links displayed when scanning the code. Be especially wary if the URL has been shortened, because with QR codes, there is no compelling reason to shorten any link. Instead, use a search engine or official store to find what you’re looking for; Do a quick physical check before scanning a QR code on a poster or sign to make sure the code isn’t pasted over the original image; Use a program such as Kaspersky’s QR Scanner (available for Android and iOS) that checks QR codes for malicious content. QR codes can also hold valuable information such as e-ticket numbers, so you should never post documents with QR codes on social media.

image for Malicious Office 365 ...

 Latest Warnings

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of   show more ...

the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that be at microsoft.com or their employer’s domain. After logging in, the user might see a prompt that looks something like this: These malicious apps allow attackers to bypass multi-factor authentication, because they are approved by the user after that user has already logged in. Also, the apps will persist in a user’s Office 365 account indefinitely until removed, and will survive even after an account password reset. This week, messaging security vendor Proofpoint published some new data on the rise of these malicious Office 365 apps, noting that a high percentage of Office users will fall for this scheme [full disclosure: Proofpoint is an advertiser on this website]. Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy, said 55 percent of the company’s customers have faced these malicious app attacks at one point or another. “Of those who got attacked, about 22 percent — or one in five — were successfully compromised,” Kalember said. Kalember said Microsoft last year sought to limit the spread of these malicious Office apps by creating an app publisher verification system, which requires the publisher to be a valid Microsoft Partner Network member. That approval process is cumbersome for attackers, so they’ve devised a simple work around. “Now, they’re compromising accounts in credible tenants first,” Proofpoint explains. “Then, they’re creating, hosting and spreading cloud malware from within.” The attackers responsible for deploying these malicious Office apps aren’t after passwords, and in this scenario they can’t even see them. Rather, they’re hoping that after logging in users will click yes to a approve the installation of a malicious but innocuously-named app into their Office365 account. Kalember said the crooks behind these malicious apps typically use any compromised email accounts to conduct “business email compromise” or BEC fraud, which involves spoofing an email from someone in authority at an organization and requesting the payment of a fictitious invoice. Other uses have included the sending of malware-laced emails from the victim’s email account. Last year, Proofpoint wrote about a service in the cybercriminal underground where customers could access various Office 365 accounts without a username or password. The service also advertised the ability to extract and filter emails and files based on selected keywords, as well as attach malicious macros to all documents in a user’s Microsoft OneDrive. A cybercriminal service advertising the sale of access to hacked Office365 accounts. Image: Proofpoint. “You don’t need a botnet if you have Office 365, and you don’t need malware if you have these [malicious] apps,” Kalember said. “It’s just easier, and it’s a good way to bypass multi-factor authentication.” KrebsOnSecurity first warned about this trend in January 2020. That story cited Microsoft saying that while organizations running Office 365 could enable a setting to restrict users from installing apps, doing so was a “drastic step” that “severely impairs your users’ ability to be productive with third-party applications.” Since then, Microsoft added a policy that allows Office 365 administrators to block users from consenting to an application from a non-verified publisher. Also, applications published after November 8, 2020, are coupled with a consent screen warning in case the publisher is not verified, and the tenant policy allows the consent. Microsoft’s instructions for detecting and removing illicit consent grants in Office 365 are here. Proofpoint says O365 administrators should limit or block which non-administrators can create applications, and enable Microsoft’s verified publisher policy — as a majority of cloud malware is still coming from Office 365 tenants that are not part of Microsoft’s partner network. Experts say it’s also important to ensure you have security logging turned on so that alerts are generated when employees are introducing new software into your infrastructure.

 Breaches and Incidents

The attack comes less than a month after Glovo raised 450 million euros ($541 million) in funding, riding a wave of interest in delivery services, which have boomed during the COVID-19 pandemic.

 Threat Intel & Info Sharing

ATT&CK v9 adds container-related attack techniques, which is the result of a project conducted by MITRE’s Center for Threat-Informed Defense and sponsored by Microsoft, Citigroup, and JPMorgan Chase.

 Laws, Policy, Regulations

The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule, which went into effect 20 years ago.

 Feed

The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named '21Nails,' the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be exploited remotely. The

 Feed

A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners

 Feed

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" that comes pre-installed on

2021-05
Aggregator history
Wednesday, May 05
SAT
SUN
MON
TUE
WED
THU
FRI
MayJuneJuly