Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Constant Contact Ema ...

 Security

Nobelium, the Russian hacking group responsible for last year's big SolarWinds hack, has struck again. This time, it used cloud email marketing firm Constant Contact in a phishing attempt that compromised 3,000 email accounts across 150 companies, according to CRN.  According to Tom Burt, Microsoft’s corporate   show more ...

vice president of customer security and trust, "Nobelium launched this week’s attacks by gaining access to the Constant Contact account of the United States Agency for International Development".  In a blog post dubbed Another Nobelium Cyberattack, Microsoft highlighted the newest intrusion from the state-sponsored hackers, warning that part of Nobelium's playbook is to get access to trusted technology suppliers and infect their clients.  According to Microsoft, Nobelium initiated the attack this week not by... (read more)

image for Malicious Acts Can b ...

 Security

Researchers discovered serious vulnerabilities in popular software apps that can be exploited to disable their defenses and take control of permission list apps to perform malicious actions, according to The Hacker News.   The twin attacks, described by researchers at the University of Luxembourg and the University   show more ...

of London, aim to defeat the secured folder feature of antivirus apps to encrypt files (also known as cut-and-mouse) and disable their real-time protection by faking mouse click events (also known as Ghost Control).  Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg

image for Google Buried Locati ...

 Security

According to court filings unsealed earlier this week, Google made location settings harder to locate in its Android phone software so customers would not turn them off, a move intended at sustaining the data collecting operations that power the Internet giant's lucrative ad business.  According to the documents,   show more ...

the decision was made after Google conducted an investigation that found a significant increase in devices disabling the settings despite offering them readily available options. The search giant saw the change as a problem and urged other Android phone manufacturers to do the same.  The documents are part of a consumer fraud lawsuit filed against Google by Arizona Attorney General Mark Brnovich last year. The Arizona Mirror was the first to report on the unsealed documents.  An unredacted passage from the lawsuit notes ... (read more)

image for FBI: Ransomware Atta ...

 Security

According to the FBI, Mega was one of two cloud storage platforms used by hackers behind large-scale operations, including those on healthcare systems, as RNZ states.   Another alert that was issued in March by the FBI said that the cyber attackers uploaded stolen material to MEGA.NZ either through the website or by   show more ...

installing the client application directly on a victim's PC. Mega stated that there was no way to prevent hackers from utilizing legitimate software because they had complete control over the system they hacked. Then again, it is also impossible to tell what i... (read more)

image for EUCC Receives First ...

 Security

The EUCC was the first cybersecurity certification scheme application received by European Union Agency for Cybersecurity (ENISA) under the Cybersecurity Act in July 2019, according to Helpnet Security.  This scheme is intended to be a replacement for the existing SOGIS MRA-based schemes (Senior Officials Group   show more ...

Information Systems Security Mutual Recognition Agreement).  It covers the certification of ICT products using Common Criteria ISO/IEC 15408 and serves as the basis for a European Cybersecurity certification framework.  The latter will include a series of programs designed to steadily increase confidence in ICT products, services, and processes certified under these programs while reducing costs within the Digital Single Market. The scheme was first published and put out for consultation on 1 July 2020, allowing certification stakeholders and inte... (read more)

image for NYOB Acts Against th ...

 Security

A group of online privacy campaigners announced Monday that it is suing hundreds of websites for using pop-up banners requesting users to accept cookies, according to Euractiv.   The Vienna-based NOYB group (an acronym for none of your business) announced that it would present more than 500 draft complaints to firms   show more ...

on what is called the cookie banner terror, that has turned the Internet into a frustrating experience for people all throughout Europe.  According to NOYB, many of the consent pop-ups that have become practically ubiquitous on the Internet violate EU legislation, particularly the landmark General Data Protection Regulation (GDPR).  According to the Group, the aforementioned pop-ups do not provide the user with the basic yes or no to data collection that the law requires. Moreover, the banners are often structured in... (read more)

image for Hijacked home router ...

 Business

From a cybersecurity perspective, the worst aspect of the mass move to remote work has been the loss of control over workstations’ local network environments. Particularly dangerous in this regard are employees’ home routers, which have essentially replaced the network infrastructure normally under IT   show more ...

specialists’ control. At RSA Conference 2021, researchers Charl van der Walt and Wicus Ross reported on ways cybercriminals can attack work computers through routers, in “All your LAN are belong to us. Managing the real threats to remote workers.” Why employee home routers are a major problem Even if corporate security policies could cover updating every work computer’s operating system and all other relevant settings, home routers would still lie beyond corporate system administrators’ control. With regard to remote-work environments, IT can’t know what other devices are connected to a network, whether the router’s firmware is up-to-date, and whether the password protecting it is strong (or if the user even changed it from the factory default). That lack of control is only part of the issue. A huge number of home and SOHO routers have known vulnerabilities that cybercriminals can exploit to gain complete control over the device, leading to huge IoT botnets such as Mirai that combine tens and sometimes even hundreds of thousands of hijacked routers for a variety of purposes. In this regard it is worth remembering that every router is essentially a small computer running some distribution of Linux. Cybercriminals can accomplish many things using a hijacked router. The following are a few examples from the researchers’ report. Hijacking a VPN connection The main tool companies use to compensate for remote workers’ unreliable network environments is a VPN (virtual private network). VPNs offer an encrypted channel through which data travels between the computer and the corporate infrastructure. Many companies use VPNs in split tunneling mode — traffic to the company’s servers, such as by RDP (Remote Desktop Protocol) connection, goes through the VPN, and all other traffic goes through the unencrypted public network — which is usually fine. However, a cybercriminal in control of the router can create a DHCP (Dynamic Host Configuration Protocol) route and redirect RDP traffic to their own server. Although it gets them no closer to decrypting the VPN, they can create a fake login screen to intercept RDP connection credentials. Ransomware scammers love using RDP. Loading an external operating system Another clever hijacked router attack scenario involves exploiting the PXE (Preboot Execution Environment) feature. Modern network adapters use PXE to load computers with an operating system over the network. Typically, the feature is disabled, but some companies use it, for example, to remotely restore an employee’s operating system in case of failure. A cybercriminal with control over the DHCP server on a router can provide a  workstation’s network adapter with an address of a system modified for remote control. Employees are unlikely to notice, let alone know what’s really going on (especially if they’re distracted by update installation notifications). In the meantime, the cybercriminals have full access to the file system. How to stay safe To protect employees’ computers from the above and similar attack options, take the following steps: Opt for forced tunneling instead of split. Many corporate VPN solutions allow forced tunneling with exceptions (by default passing all traffic through an encrypted channel, with specific resources allowed to bypass the VPN); Disable Preboot Execution Environment in the BIOS settings; Fully encrypt the computer’s hard drive using full disk encryption (with BitLocker in Windows, for example). Focusing on the security of workers’ routers is vital to increasing the security level of any corporate infrastructure that includes remote or hybrid-mode work. In some companies, technical support staff consult employees on the optimal settings for their home router. Other companies issue preconfigured routers to remote workers, and allow employees to connect to corporate resources only through those routers. In addition, training employees to counteract modern threats is fundamental to network security.

image for Episode 215-2: Leave ...

 Companies

In part II of our interview with Jeremy O’Sullivan of the IoT startup Kytch. We hear about how what Kytch revealed about Taylor’s soft ice cream hardware put him at odds with the company and its long-time partner: McDonald’s. The post Episode 215-2: Leave the Gun, Take the McFlurry appeared first on The Security   show more ...

Ledger with Paul F. Roberts. Related StoriesEpisode 215-1: Jeremy O’Sullivan of Kytch On The Tech Serving McDonald’s Ice Cream MonopolyEpisode 214: Darkside Down: What The Colonial Attack Means For The Future of RansomwareEpisode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli

 Expert Blogs and Opinion

Each ransomware group effectively has a positive-spin P.R. strategy and employs a customer-success team to ensure that their “customers” have a positive experience when they pay a ransom.

 Malware and Vulnerabilities

It is a free and powerful tool, making the distribution of software easier. Unfortunately, its qualities are known not only to legitimate developers but also to malware distributors.

 Emerging Threats

Researchers identified a new type of cybercrime groups, dubbed privateers, that have partial support from global governments as they remain financially motivated and act upon their own agendas. Though these groups fall below those tier1 APT groups sponsored by governments, they have the potential to cause huge damage both in terms of financial and cyberespionage attacks.

 Trends, Reports, Analysis

SOC and IT security teams are suffering from high levels of stress outside of the working day – with alert overload a prime culprit, a recent Trend Micro research reveals.

 Malware and Vulnerabilities

Security experts are warning about new ransomware written in the Go language called Epsilon Red. It reportedly targeted a U.S.-based business in the hospitality industry. It is expected to expand to other countries and sectors as well. 

 Threat Actors

Nobelium is now gaining access to the infrastructure of genuine technology providers and targeting their customers. The Russian gang behind SolarWinds’ supply chain attack, recently infiltrating the accounts of the United States Agency for International Development’s (USAID) on an email marketing service, impacting thousands of associated email accounts.

 Feed

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

 Feed

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

 Feed

Red Hat Security Advisory 2021-2180-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

 Feed

Red Hat Security Advisory 2021-2179-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include code execution and denial of service vulnerabilities.

 Feed

Ubuntu Security Notice 4971-1 - It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 4973-1 - It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions.

 Feed

Ubuntu Security Notice 4972-1 - Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. Andres Freund discovered that PostgreSQL incorrect handled certain INSERT ... ON   show more ...

CONFLICT ... DO UPDATE commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-2175-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-2170-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-2174-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-2171-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-2173-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

CHIYU IoT devices suffer from multiple cross site scripting vulnerabilities. Versions affected include BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC.

 Feed

Ubuntu Security Notice 4970-1 - It was discovered that GUPnP incorrectly filtered local requests. If a user were tricked into visiting a malicious website, a remote attacker could possibly use this issue to perform actions against local UPnP services such as obtaining or altering sensitive information.

 Feed

Red Hat Security Advisory 2021-2172-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based

 Feed

Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed

 Business + Partners

In a previous post, we talked a bit about what pen testing is and how to use the organizations that provide them to your benefit. But, what about when one of them hands a client a failing grade? Consider this, you’re an MSP and you get a letter or email from one of your customers that reads: “Dear ACME MSP,   show more ...

We regret to inform you that you’ve had a Penetration Test Failure produced by: “FreindlyHacker-Pentesting Inc” and we’d like to discuss the details further to determine if you have what it takes to continue to handle our security needs. Regards, Largest MSP Customer.” A customer may not pass along this exact wording, but the implications are clear. The results can be embarrassing or at worst devastating. When a customer reaches out after failing penetration testing, it can put an MSP on its heels and create unnecessary angst. Should the MSP have been more involved in the testing? Did my tools cause the failure Has the MSP soured its relationship with its client? Will the business be lost? So, how should an MSP respond when a customer fails a pen test? Some MSPs turn to self-doubt and start wondering if the layers of protection they’ve put in place are worth the costs. Others will immediately start pointing fingers at the tools that were identified in the pen test report. When a report comes through with a failure, it’s usually unexpected and can take time away from more important activities. To save time and effort if this should happen to you, here are a few key elements of a good response to a pen test failure. Immediately start asking questions. What kind of penetration testing was involved?Who performed the testing and what are their credentials?How was the penetration testing organization positioned to start taking action?Where the testers acting as “Red Team” or “Blue Team” actors?When did the testing take place?May I examine the data and reporting? Review your tools configurations. Rather than immediately assume bad tech, it’s best to step back and evaluate each tool identified in the pen test report and the associated configurations, policies and control points. Often, a security tool is designed to identify, evaluate and/or stop bad actors along the threat chain. If it failed, it could be that a setting was disabled or miss-configured. Review all tools’ “best practice” guides, documents and suggestions before making assumptions. Ask for partnership with the customer during their next review. If the customer did not provide a heads up or pretesting communication, request that you be more involved during their next review. If pen testing is important enough for them to do once, it’s probably that they’ll do it bi-annually or annually, depending on the industry and regulatory concerns. It’s always good to be involved in advanced than after the fact. Blue Teams vs. Red Teams: Which type of test was conducted? The difference between a Blue Team and Red Team is how much previous access they have to a target’s networks and devices. This can make a huge difference in how the results of a pen test are interpreted. When a Blue Team—with some previous knowledge of an organization and its IT systems—is able to breach a business, it may not be representative of real-world circumstance. It could be an internal IT admin who was able to find a vulnerability after poking around in a system she previously had access to. When a Red Team compromises a client, on the other hand, it’s time to examine the reporting closely. Starting with zero knowledge of an organization’s systems, this type of breach could point to serious flaws in the defenses an MSP has set up for a client. Likely there are real holes here which need to be patched. Evaluate the pen testing organizations While there are many levels of testing capability, keep in mind that pen testers come from many IT walks of life. Former sysadmins, hackers and network administrators make the most common tester. They come with their own experiences, specialties and biases. One question to always ask is, what are the testing organizations credentials? What is their background and how did they come to the business? How long have they been testing? The goal is to guage whether the individuals who’ve conducted the test are knowledgeable enough to make judgments about your organization’s defenses? Did they actually breach the defenses or are they simply reporting on a “potential” for a breach? Not all testers are alike, not all testing organizations are alike.  Each has to successfully make the case of its own expertise in coming to the conclusion that it has. As I say, trust but verify. And be prepared to ask LOTS of questions if a client ever fails a pen test. The post Oh no! A client failed a pen test. Now what? appeared first on Webroot Blog.

2021-06
Aggregator history
Tuesday, June 01
TUE
WED
THU
FRI
SAT
SUN
MON
JuneJulyAugust