The Federal Motor Carrier Safety Administration (FMCSA) has declared a regional emergency in 17 states and the District of Columbia because of the ransomware attack on Colonial Pipeline's networks. Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs) are temporarily exempted, allowing show more ...
alternate transportation of gasoline, diesel, and refined petroleum products to address supply shortages caused by the attack. The "unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States" prompted such an eme... (read more)
A new trojan targeting Android was reported on Monday. The malware steals users' credentials and SMS messages to ease fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. The malware, dubbed "TeaBot" (or Anatsa), is allegedly in its initial stages of development. show more ...
While TeaBot's activity was known from January, more malicious attacks targeting financial apps started in late March 2021. More serious attacks targeted banks from Belgium and Netherlands in the first week of May. Cleafy, the Italian cybersecurity, and online fraud prevention firm stated that "The main goal of TeaBot is stealing victim's credentials and SMS messages for enabling frauds scenarios against a predefined list of banks," "Once TeaBot is successfully installed in the victim's device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibilit... (read more)
According to the National Cyber Security Centre, Namecheap hosted more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020. This number appears in the center's fourth annual Active Cyber Defence report, that boasts about how much digital filth it has removed show more ...
from the internet. According to the NCSC, there were 700,000 scam sites spread across 1.4 million URLs. It also came across sites impersonating Capita TV Licensing, the BBC's outsourced subscription sales arm, as well as the usual COVID-themed ones we've all become familiar with over the last year – fake copies of the NHS Test and Trace app laced with malware. Email scams were also popular, with 26,000 accounts being closed after netizens reported four million suspicious messages to the NCSC's email reporting portal. The NCSC's bread and butter is the Active Cyber Defenc... (read more)
A group of security researchers claim to stumble across a massive bot farm aimed at influencing public opinion on Facebook during the 2020 presidential election and the pandemic. According to Paul Bischoff of Comparitech, a British cybersecurity firm, the network includes 13,775 unique Facebook accounts that each show more ...
post about 15 times per month, resulting in a weekly output of more than 50,000 posts. According to Bischoff, the accounts appear to have been used for political manipulation, with half of the posts related to political topics and another 17% related to COVID-19. Each account comes with a profile photo and a friends list, which the researchers believe is made up mostly of other bots. All joined "specific Facebook groups where their posts are more likely to be seen and discussed by legitimate users." The researchers discovered that “Trump” w... (read more)
The operator of a major U.S. fuel pipeline (Colonial Pipeline), that was recently hit by a cyberattack, stated on Monday that it expects services to be mostly restored by the end of the week. FBI and administration officials managed to identify the perpetrators as a gang of criminal hackers. Colonial Pipeline, which show more ...
transports about 45% of the fuel consumed on the East Coast, shut down operations last week after discovering a ransomware attack that had affected some of its systems. On Monday, U.S. officials sought to allay concerns of price spikes or economic damage by highlighting that the fuel supply has not been disrupted so far. Moreover, the company was working to substantially restore operational service. Nonetheless, the attack highlighted the vulnerability of the country's energy sector and other criti... (read more)
Microsoft and Darktrace plan to work together on developing new ways to protect businesses from increasingly sophisticated threats such as ransomware. Darktrace has announced a new partnership with Microsoft. The Cambridge-based firm and the tech behemoth plans to increase security and focuses on automatically show more ...
detecting threats, particularly those delivered via malicious emails, under the terms of the agreement. Darktrace, a cybersecurity company founded in 2013, has been at the forefront of developing artificial intelligence that detects and responds to suspicious activity and threats. Darktrace and Microsoft partner up to develop new ways to detect and protect against increasingly sophisticated attacks, such as ransomware, which last week crippled a major U.S. gas pipeline. Clare Barclay, chief executive of Microsoft UK, s... (read more)
A great desk may not produce great work, but a bad work space can cause all sorts of problems — from poor work to serious health problems. In this post, we discuss in brief the five main ergonomic problems in the workplace, and how you can fix them all. 1. Upgrade furniture Using uncomfortable furniture that lacks show more ...
back and neck support can often lead to poor posture such as slouching or tucking your legs under the chair, which constricts blood flow and increases pressure on the spine, causing discomfort, swelling, and pain. If you start your workday with a nice, straight back and end it like a shrimp with scoliosis, take a hard look at your chair. You may need one with adjustable back and height. If during or after sitting you get a tingling sensation in your lower back, try tucking a pillow behind it. If there’s no room for your legs except tucked under, your elbows droop, and the monitor is very close, then you need a higher and more spacious desk. Use a calculator to find the right chair and desk for your height. Using a laptop on a couch or in bed changes head tilt and overloads neck muscles, causing pain and discomfort. If you have the option to use a nonstandard work setup, take a look at standing workstations, laptop stands, and other options that may suit your body better. Many people now prefer to work standing up Don’t rush to buy the shiniest gear out there; price reflects quality to some extent, but spending more doesn’t guarantee you’ll get what you need. Shop around and try out different models. Listen to your body, not salespeople. 2. Modernize equipment When using the keyboard or mouse, do your forearms go numb, or do you get wrist spasms? Those may be early symptoms of carpal tunnel syndrome, which can lead to neuropathy and other problems. We recommend checking with your doctor, but at the same time, look at keyboard and mouse options that may relieve your stressed extremities. A keyboard that is too high or too low holds wrists in an unnatural position, and working on a regular straight keyboard can cause swollen and tired muscles in the hands. Ergonomic keyboards might look weird, with their curves and differently proportioned keys, but they place less strain on the hands and wrists, making it easier to type. Also, if your mouse is the wrong shape for you, or has buttons that require too much force to press, look for one designed with ergonomics in mind. For example, a vertical mouse (held from the side rather than on top) can feel strange at first, but it will also reduce wrist and forearm stress. A vertical mouse reduces strain on wrists and forearms With laptops, things are more complicated. It’s easy to swap one mouse for another, but changing a laptop’s integrated keyboard would be problematic. One option is to place the device on a different surface, making sure to position it best for your wrists, not forcing them to flex up or hang down. Speaking of laptops, forget the name and don’t hold yours on your lap, which can be harmful to the device (blocking an air vent, for example), but more important, to you. Finally, consider your displays. Determine the angle at which you look at your screen or screens. Too high will strain your eyes; too low and you’ll end up hunched over and hurting your neck and back. If you find yourself straining forward, you may need a larger display. Pay attention to how your eyes feel throughout the workday. If looking at the screen is uncomfortable, try changing its brightness. 3. Adjust lighting If you suffer from headaches and eye strain during or after work, improper, insufficient, or excessive lighting may be the culprit. Ideally, light should be evenly distributed throughout the room, not, for example, just surrounding a table lamp when darkness falls. Choose lamps with the same color temperature (different shades in the same room can irritate the eyes and cause headaches), and remember to replace the bulbs regularly. Cold light — meaning light with a color temperature above 5300 Kelvin — is more suitable for workplace environments; warm tones are relaxing and cold tones may improve concentration. Bear in mind that not all Kelvin and lumen levels are equal. Two bulbs with the same color temperature and brightness can shine very differently. That is because, in addition to the simple and understandable characteristics that manufacturers print on boxes, spectral qualities of LEDs and strobing effects can be a bit more abstruse. In many cases, cheap bulbs emit a strongly flickering light with a distinctly yellowish, blueish, or greenish tint. Such light irritates some people, either noticeably or subconsciously. We advise reading online about light bulb tests, then trying out different options for yourself. Getting the lighting right is one of the most effective ways to create a comfortable environment Natural light is important for healthy vision, so it’s best to set up your workstation near a window if possible. That said, try to avoid having the sun shine directly on your display; the screen glare can be annoying and affect concentration. You’ll get better results from a window off to your side — and drawing the blinds or curtains as needed. 4. Calm the environment Invasive noises, external odors, an uncomfortable temperature, and low humidity can all affect mood, concentration, productivity, and general well-being. If you get tired quickly and feel uncomfortable in general, think about the conditions in which you work. Ventilate the room to reduce CO2 level and even out the humidity level (a humidifier or dehumidifier can help as well), good air condition helps to avert breathing problems, headaches, and dry sinuses. Dampen noises with noise-canceling headphones and other tricks. Organize your work space: Piles of paper, dirty mugs, and other unnecessary stuff is distracting, and it’s hard enough to concentrate for eight hours a day even without any mess. 5. Increase mobility No matter how ergonomic your workplace is, you still have to move around and stretch your limbs. Try a combination or sequence of positions, sitting in a different chair, lying down (if you use a laptop), and standing up (if your desk accommodates it). The Internet is full of useful exercises that take less than five minutes but help loosen up a stiff body. Bored with the usual bending and squatting? Try yoga designed for desk workers or office breaks. Conclusion If you’re experiencing health problems, a poorly arranged workstation may be only partly to blame. For pain that won’t go away, seek treatment from a doctor. And if you feel fine at work, there’s no need to splurge on extra fancy equipment — your space already ticks the ergonomic box.
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, show more ...
as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue. Colonial Pipeline has shut down 5,500 miles of fuel pipe in response to a ransomware incident. Image: colpipe.com New York City-based cyber intelligence firm Flashpoint said its analysts assess with a moderate-strong degree of confidence that the attack was not intended to damage national infrastructure and was simply associated with a target which had the finances to support a large payment. “This would be consistent with DarkSide’s earlier activities, which included several ‘big game hunting’ attacks, whereby attackers target an organization that likely possesses the financial means to pay the ransom demanded by the attackers,” Flashpoint observed. In response to public attention to the Colonial Pipeline attack, the DarkSide group sought to play down fears about widespread infrastructure attacks going forward. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives [sic],” reads an update to the DarkSide Leaks blog. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims. DarkSide says it targets only big companies, and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits. Like other ransomware platforms, DarkSide adheres to the current badguy best practice of double extortion, which involves demanding separate sums for both a digital key needed to unlock any files and servers, and a separate ransom in exchange for a promise to destroy any data stolen from the victim. At its launch, DarkSide sought to woo affiliates from competing ransomware programs by advertising a victim data leak site that gets “stable visits and media coverage,” as well as the ability to publish victim data by stages. Under the “Why choose us?” heading of the ransomware program thread, the admin answers: An advertisement for the DarkSide ransomware group. “High trust level of our targets. They pay us and know that they’re going to receive decryption tools. They also know that we download data. A lot of data. That’s why the percent of our victims who pay the ransom is so high and it takes so little time to negotiate.” In late March, DarkSide introduced a “call service” innovation that was integrated into the affiliate’s management panel, which enabled the affiliates to arrange calls pressuring victims into paying ransoms directly from the management panel. In mid-April the ransomware program announced new capability for affiliates to launch distributed denial-of-service (DDoS) attacks against targets whenever added pressure is needed during ransom negotiations. DarkSide also has advertised a willingness to sell information about upcoming victims before their stolen information is published on the DarkSide victim shaming blog, so that enterprising investment scammers can short the company’s stock in advance of the news. “Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges,” DarkSide explains. “If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information.” DarkSide also started recruiting new affiliates again last month — mainly seeking network penetration testers who can help turn a single compromised computer into a full-on data breach and ransomware incident. Portions of a DarkSide recruitment message, translated from Russian. Image: Intel 471. “We have grown significantly in terms of the client base and in comparison to other projects (judging by the analysis of publicly available information), so we are ready to grow our team and a number of our affiliates in two fields,” DarkSide explained. The advertisement continued: “Network penetration testing. We’re looking for one person or a team. We’ll adapt you to the work environment and provide work. High profit cuts, ability to target networks that you can’t handle on your own. New experience and stable income. When you use our product and the ransom is paid, we guarantee fair distribution of the funds. A panel for monitoring results for your target. We only accept networks where you intend to run our payload.” DarkSide has shown itself to be fairly ruthless with victim companies that have deep pockets, but they can be reasoned with. Cybersecurity intelligence firm Intel 471 observed a negotiation between the DarkSide crew and a $15 billion U.S. victim company that was hit with a $30 million ransom demand in January 2021, and in this incident the victim’s efforts at negotiating a lower payment ultimately reduce the ransom demand by almost two-thirds. The DarkSide ransomware note. The first exchange between DarkSide and the victim involved the usual back-and-forth establishing of trust, wherein the victim asks for assurances that stolen data will be deleted after payment. Image: Intel 471. When the victim counter-offered to pay just $2.25 million, DarkSide responded with a lengthy, derisive reply, ultimately agreeing to lower the ransom demand to $28.7 million. “The timer it [sic] ticking and in in next 8 hours your price tag will go up to $60 million,” the crooks replied. “So, you this are your options first take our generous offer and pay to us $28,750 million US or invest some monies in quantum computing to expedite a decryption process.” Image: Intel 471. The victim complains that negotiations haven’t moved the price much, but DarkSide countered that the company can easily afford the payout. “I don’t think so,” they wrote. “You aren’t poor and aren’t children if you f*cked up you have to meet the consequences.” Image: Intel 471. The victim firm replies a day later saying they’ve gotten authority to pay $4.75 million, and their tormentors agree to lower the demand significantly to $12 million. Image: Intel 471. The victim replies that this is still a huge amount, and it tries to secure additional assurances from the ransomware group if it agrees to pay the $12 million, such as an agreement not to target the company ever again, or give anyone access to its stolen data. The victim also tried to get the attackers to hand over a decryption key before paying the full ransom demand. Image: Intel 471. The crime gang responded that its own rules prohibit it from giving away a decryption key before full payment is made, but they agree to the rest of the terms. Image: Intel 471. The victim firm agrees to pay an $11 million ransom, and their extortionists concur and promise not to attack or help anyone else attack the company’s network going forward. Image: Intel 471 Flashpoint assesses that at least some of the criminals behind DarkSide hail from another ransomware outfit called “REvil,” a.k.a. “Sodinokibi” (although Flashpoint rates this finding at only “moderate” confidence). REvil is widely considered to be the newer name for GandCrab, a ransomware-as-a-service offering that closed up shop in 2019 after bragging that it had extorted more than $2 billion. Experts say ransomware attacks will continue to grow in sophistication, frequency and cost unless something is done to disrupt the ability of crooks to get paid for such crimes. According to a report late last year from Coveware, the average ransomware payment in the third quarter of 2020 was $233,817, up 31 percent from the second quarter of last year. Security firm Emsisoft found that almost 2,400 U.S.-based governments, healthcare facilities and schools were victims of ransomware in 2020. Last month, a group of tech industry heavyweights lent their imprimatur to a task force that delivered an 81-page report to the Biden administration on ways to stymie the ransomware industry. Among many other recommendations, the report urged the White House to make finding, frustrating and apprehending ransomware crooks a priority within the U.S. intelligence community, and to designate the current scourge of digital extortion as a national security threat. Further reading: Intel 471’s take on the Colonial Pipeline attack.
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a show more ...
wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser. While May brings about half the normal volume of updates from Microsoft, there are some notable weaknesses that deserve prompt attention, particularly from enterprises. By all accounts, the most pressing priority this month is CVE-2021-31166, a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to remotely execute malicious code at the operating system level. With this weakness, an attacker could compromise a host simply by sending it a specially-crafted packet of data. “That makes this bug wormable, with even Microsoft calling that out in their write-up,” said Dustin Childs, with Trend Micro’s ZDI program. “Before you pass this aside, Windows 10 can also be configured as a web server, so it is impacted as well. Definitely put this on the top of your test-and-deploy list.” Kevin Breen from Immersive Labs said the fact that this one is just 0.2 points away from a perfect 10 CVSS score should be enough to identify just how important it is to patch. “For ransomware operators, this kind of vulnerability is a prime target for exploitation,” Breen said. “Wormable exploits should always be a high priority, especially if they are for services that are designed to be public facing. As this specific exploit would not require any form of authentication, it’s even more appealing for attackers, and any organization using HTTP.sys protocol stack should prioritize this patch.” Breen also called attention to CVE-2021-26419 — a vulnerability in Internet Explorer 11 — to make the case for why IE needs to stand for “Internet Exploder.” To trigger this vulnerability, a user would have to visit a site that is controlled by the attacker, although Microsoft also recognizes that it could be triggered by embedding ActiveX controls in Office Documents. “IE needs to die – and I’m not the only one that thinks so,” Breen said. “If you are an organization that has to provide IE11 to support legacy applications, consider enforcing a policy on the users that restricts the domains that can be accessed by IE11 to only those legacy applications. All other web browsing should be performed with a supported browser.” Another curious bug fixed this month is CVE-2020-24587, described as a “Windows Wireless Networking Information Disclosure Vulnerability.” ZDI’s Childs said this one has the potential to be pretty damaging. “This patch fixes a vulnerability that could allow an attacker to disclose the contents of encrypted wireless packets on an affected system,” he said. “It’s not clear what the range on such an attack would be, but you should assume some proximity is needed. You’ll also note this CVE is from 2020, which could indicate Microsoft has been working on this fix for some time.” Microsoft also patched four more security holes its Exchange Server corporate email platform, which recently was besieged by attacks on four other zero-day Exchange flaws that resulted in hundreds of thousands of servers worldwide getting hacked. One of the bugs is credited to Orange Tsai of the DEVCORE research team, who was responsible for disclosing the ProxyLogon Exchange Server vulnerability that was patched in an out-of-band release back in March. Researcher Orange Tsai commenting that nobody guessed the remote zero-day he reported on Jan. 5, 2021 to Microsoft was in Exchange Server. “While none of these flaws are deemed critical in nature, it is a reminder that researchers and attackers are still looking closely at Exchange Server for additional vulnerabilities, so organizations that have yet to update their systems should do so as soon as possible,” said Satnam Narang, staff research engineer at Tenable. As always, it’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any kinks in the new armor. But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.
For over 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency sites.
On April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by ransomware.
The DoJ said that Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, alongside Lithuanian Aleksandr Skorodumov and Pavel Stassi, from Estonia, operated a bulletproof host from 2009 to 2015.
Developed in collaboration with Linux Foundation’s sigstore project, the technology company said the motivation for cosign is “to make signatures invisible infrastructure.”
The FBI said in a TLP:GREEN flash alert that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, healthcare, and other private sector organizations around the world.
When you add a security key to SSH operations, you can use these devices to protect you and your account from accidental exposure, account hijacking, or malware, a GitHub security engineer wrote.
Rensselaer Polytechnic Institute is three days into dealing with a cyberattack that shut down much of its network, impacting the university’s students as they go into finals for the spring semester.
Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods.
In the latest move to improve the privacy of the Chrome browser, Google is adding support for a new HTML tag that prevents user tracking by isolating embedded content from the page embedding it.
A ransomware group that claimed to be retiring after an audacious attack on Washington DC’s police department appears to be back in action after reportedly targeting a Japanese firm.
A computer science professor from Sweden has discovered an arbitrary code execution vulnerability in the Universal Turing Machine, one of the earliest computer designs in history.
Tencent's Blade Team, a security research group, showed they could circumvent payment schemes at electric vehicle charging stations by using a Raspberry Pi to conduct the attack.
As Rachel Tobac of SocialProof Security highlighted in a tweet, if a user sends another a tip via PayPal, the receiver can find out the sender's address by opening the receipt from the tip received.
At a press conference today, President Joe Biden said the US intelligence community has no evidence that the Russian government had any kind of involvement in the Colonial Pipeline hack.
Researchers disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
Chrome components affected by these issues include Web App Installs, Offline, Media Feeds, Aura, Tab Groups, Notifications, V8, Autofill, File API, History, Reader Mode, Payments, and Tab Strip.
The Roaming Mantis threat actor group has improved its attack tactic to steal more funds while evading detection. The group is now using whitelisting to spread two new malware families. Researchers suspect that this could be the work of more than one group of attackers working together.
Iran's Islamic Revolutionary Guard Corps has been accused of running a state-sponsored ransomware operation through a contracting company known as Emen Net Pasargard.
Israeli security startup Cycode, which specializes in securing the DevOps pipeline, today announced that it has raised a $20 million Series A funding round led by Insight Partners.
A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by United Valor, a vendor working for the Veterans Administration, according to an analyst.
The infections were the result of legitimate developers writing apps using a counterfeit and malicious copy of Xcode, Apple’s iOS and OS X app development tool, dubbed XcodeGhost.
Research by ESET showed that the vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 were exploited by at least 10 APT groups since the release of the patches.
Of the 14 advisories published this week, nine cover 60 vulnerabilities related to third-party components. The remaining advisories cover only 7 flaws that are specific to Siemens products.
The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service.
Arkose Labs, a startup developing a platform to detect and mitigate online fraud, today announced that it raised $70 million in a funding round led by SoftBank Vision Fund 2.
The Cuba Ransomware group and the operators behind the Hancitor downloader have reportedly united for easy access to compromised corporate networks. For years, Cuba ransomware has been in and out of the ransomware game; it came to the limelight after the ATFS attack.
Researchers from Kaspersky uncover an ongoing espionage campaign called TunnelSnake targeting Asian and African diplomats and some high-profile organizations. The attack is being allegedly conducted by Chinese actors.
Red Hat Security Advisory 2021-1532-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
Red Hat Security Advisory 2021-1531-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and out of bounds write vulnerabilities.
Ubuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to show more ...
server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.
Ubuntu Security Notice 4942-1 - A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code.
Ubuntu Security Notice 4941-1 - It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. show more ...
It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Various other issues were also addressed.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
Ubuntu Security Notice 4944-1 - This update fixed multiple vulnerabilities in MariaDB. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48. Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29. Ubuntu 20.10 has been updated to MariaDB 10.3.29. Ubuntu 21.04 has been updated to MariaDB 10.5.10.
Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot" (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021,
The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs), allowing alternate transportation of
The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever been before. On the other hand, are we really prepared to hand the reins over to completely
Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries to exploit for valuable intelligence. The analysis, which aims to identify and assess risks and vulnerabilities introduced by 5G adoption, was
So, what do you do if you're a ransomware gang which has just caught the attention of not just the world's media, but also the FBI and the President of the United States?
