Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for U.S. to Give Ransomw ...

 Security

In the aftermath of the Colonial Pipeline hack and the increasing damage done by cybercriminals, the U.S. Department of Justice is intensifying investigations into ransomware assaults to the same level of severity as terrorism, according to a senior department official, as Reuters notes.   Internal instructions   show more ...

provided to U.S. prosecutors across the country on Thursday said that information about ransomware investigations in the field will be coordinated centrally with a newly formed task force in Washington.  John Carlin, principle associate deputy attorney general at the Justice Department stated, "It's a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain... (read more)

image for The White House is U ...

 Security

Following back-to-back attacks by Russian hackers on critical oil and food processing industries, the White House has sent a rare open letter to firms urging them to tackle the threat of ransomware assaults with greater urgency, according to CNN.   Anne Neuberger, the National Security Council's top cyber   show more ...

official, writes to corporate executives and industry leaders in a memo sent out Thursday morning that the private sector must better grasp its essential role.  Neuberger noted that all organizations need to know that no company, regardless of size or location, is immune to ransomware attacks.  "We urge you to take ransomware crime seriously and ensure your corporate cyber defense match the threat".  The letter comes after

image for Google Security Expe ...

 Security

As more and more companies rely on open source components in their software, securing these components becomes increasingly important.   This was the premise of a Google event today in which open source experts highlighted the many issues in securing open source software. The discussion also included topics on what   show more ...

companies should prioritize, and what steps to take to improve the overall status of open source security, according to Dark Reading.  Synopsys notes that the average software program relies on at least 500 open source libraries and components, a 77% growth from 298 dependencies in 2 years. More than 75% of the code in the average software application consisted of open source libraries and components, 84% of applications had at least one vulnerability, and the average application had 158.   In a talk on open source... (read more)

image for Exchange Servers Tar ...

 Security

According to the ransom note, bad actors may be behind a series of PowerShell scripts used as a weapon to exploit vulnerabilities in corporate networks, according to Threat Post.   Threat actors have released new ransomware based on a series of PowerShell scripts designed for encryption and exploiting gaps in   show more ...

unpatched Exchange Servers generally used in corporate network.   Sophos researchers discovered the new ransomware, known as Epsilon Red while investigating an attack on a US hotel company, Sophos Principal Researcher Andrew Brandt wrote in a post published online.  The name is a reference to an obscure adversarial character in the Marvel's X-Men and was coined by the attackers themselves. According to Brandt, the character is a super soldier of Russian origin armed with four mechanical tentacl... (read more)

image for Chinese Hackers Usin ...

 Security

Researchers have found a new cyber espionage weapon they believe was developed and is being used by SharpPanda. A previously undiscovered Windows backdoor allows remote access and collection of large amounts of live data - but only during Chinese business hours, according to Security Week.   A Southeast Asian   show more ...

country's Ministry of Foreign Affairs is the target of an ongoing campaign. It begins with the spear-phishing emailing of a weaponized document, but in some ways, it started earlier, with the attackers obtaining real documents from another department within the same government to give validity to the actual campaign.  The documents are weaponized with the RoyalRoad RTF exploit kit and then distributed ... (read more)

image for Cryptoscammers targe ...

 Threats

Following the helicopter money and fake cryptocurrency exchange scams, the Discord scam saga continues, this time with cybercriminals hitting ICO investors. What ICOs are, and how they work ICO is short for Initial Coin Offering. Before making them available for free trading on cryptoexchanges, makers of new   show more ...

cryptocurrencies release some tokens — typically to raise initial funds for the project. On the buyer side, speculators are hoping to profit — that the market rate will increase. That makes ICOs similar to IPOs (initial public offerings) on the stock market. The ICO concept is gaining momentum. According to PwC analysts, ICOs increased from only 49 ICOs in 2016 to more than 1,000 in 2018. The financial increase is no less impressive: from $252 million to $19.7 billion. ICO types Several initial placement options are available. Broadly, there are capped and uncapped placements. In the former case, the issuer clearly states the sum to be collected and the number of tokens up for trading — as a result, there may not be enough coins to cover the demand. Uncapped placements continue, as the name suggests, nonstop throughout the ICO. The organizers never stop collecting money, hoping to bring in as many investors and as much money as possible. But an unlimited supply may dampen investor interest, of course, so organizers have to hype the placement. There are also several distribution options. For example, in some ICOs, advance requests are processed based on an FCFS (First Come First Serve) basis; in others, whoever offers the highest price wins the assets at auction. Then we have the randomized queue, an alternative format that’s been gaining traction of late, in which the traders register on the project website well in advance but learn their number only after they are in the queue and trading begins. In other words, potential cryptoinvestors can’t know until the last moment whether they will get the coveted assets. Those who get nothing risk falling victim to FOMO (fear of missing out, a term investors use for anxiety due to lost profit or opportunity) — that is, getting nervous and letting their guard down. An ICO that never happened FOMO is at the heart of many scams. Lately, for example, we’ve been seeing mass messaging to members of cryptocurrency communities in Discord, with emoji-rich text advertising a new round of an uncapped ICO allegedly being held by a (real) leading-edge blockchain startup — Mina in our example, but there are others as well. Just like every other fraud scheme, this one tries to rush potential victims into following a link to the “official” website. Incidentally, the real Mina did hold a placement not long ago, in the randomized queue format, and many who registered got no coins. The new scheme exploits that history. Scammers warning about scammers in one of the messages in Discord The message contains links to what looks like the real Mina page. The Mina project is dedicated to creating a minimalistic blockchain, so the Mina website is also minimalistic to the extreme — which spared the scammers the effort of building a comprehensive fake. Visitors are required to complete a simple registration: name, e-mail address, and, for some reason, a link to their social network page. The rogue site’s overall style is similar to Mina’s The scammers claim to have streamlined the ICO process: “Make a cryptocurrency payment to the specified wallet and get your tokens.” In fact, the next prompt, right after registration, requests a cryptocurrency selection and payment amount. The token “purchasing” process is designed to be as simple as possible — select one of three popular cryptocurrencies … … and then specify the sum you mean to part with (forever) Once the currency and sum are specified, the payment alone remains — the website offers to copy the address of the scammers’ cryptocurrency wallet or scan its QR code. Almost there: time to pay Once they have pocketed the money, the criminals apologize for the delay, citing necessary confirmations in the blockchain network, which, unfortunately, is under heavy load at the moment. They ask investors to be patient and wait for three hours before contacting support, should the coins fail to arrive. Everything is fine, and the coins are on their way (not really) It should come as no surprise that the investors will never get their coins — their money are gone for good. Apparently, some people have already fallen victim to the scheme. For example, as of the time of this publication, the wallet specified on the fake Mina page had received 0.2 BTC in payments (more than $7,000 — again, as of the time of this publication). How to avoid ICO cryptoscams To stay clear of the scheme described, follow these simple rules — they’re good for just about any situation. Think. Consider the incoming message soberly. In the fake Mina example, ask yourself why such a generous (weird but generous) offer would have no buzz in specialized communities? Could the sender be trying to exploit your FOMO? Why the need to use no link but the one in the letter? Why does the letter ask you to spread the information among your contacts? There’s no proof of scam here, but plenty of food for thought. Check. Visit the issuer’s official website by typing its address into your browser’s address bar. Read any coverage of the ICO project on specialized resources. Check the real cryptoproject servers in Discord, which stay on top of scams and post warnings. However you choose to research and verify, never drop your guard: Scammers have built entire fake news sites to lend credibility to cyberscams. Protect. The human factor is not infallible; we need automatic defenses for added security. A reliable protection solution, such as Kaspersky Internet Security, will warn you if someone tries to redirect you to a malicious, phishing, or scam website.

 Trends, Reports, Analysis

In a very short time, NFTs have gained huge popularity and have become one of the most promising utilizations of blockchain technology. However, they come with significant security risks.

 Malware and Vulnerabilities

Cisco’s Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system.

 Malware and Vulnerabilities

Facefish, analyzed recently by Qihoo 360 NETLAB team, can be used to steal device information and login credentials, execute arbitrary commands, and bounce shell on infected Linux systems.

 Breaches and Incidents

20/20 Hearing Care Network is notifying nearly 3.3 million individuals that their personal and health information was accessed or downloaded - and then deleted - by an "unknown" actor in January.

 Trends, Reports, Analysis

Since most DEXes are based on public blockchain such as Ethereum, front-runners can see each incoming transaction that has been locked into a smart contract and use bots to raise the transaction fee.

 Identity Theft, Fraud, Scams

Following the helicopter money and fake cryptocurrency exchange scams, the Discord scam saga continues, this time with cybercriminals targeting online ICO investor communities.

 Feed

Ubuntu Security Notice 4983-1 - Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Piotr Krysiuk and Benedict Schlueter discovered that the   show more ...

eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

 Feed

This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user,   show more ...

as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.

 Feed

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

 Feed

There is a heap corruption bug that can occur when QT processes a malformed TIFF image. It happens because the size of the QImageData backing the image is calculated is calculated using the format of the image, meanwhile TIFFReadScanline calculates the length to be read based on TIFFScanlineSize, which determines the size base on three tags in the TIFF file, width, samples per pixel and bits per sample.

 Feed

Ubuntu Security Notice 4982-1 - Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service. Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate   show more ...

memory in certain error situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4981-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. Joshua Rogers discovered that Squid incorrectly handled requests to the Cache   show more ...

Manager API. A remote attacker with access privileges could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Various other issues were also addressed.

 Feed

Google on Thursday said it's rolling new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered "trusted."

 Feed

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive

 Feed

Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple's move to enable iPhone and iPad users to opt-out of ad tracking, was first reported by the Financial Times.  Once the

2021-06
Aggregator history
Friday, June 04
TUE
WED
THU
FRI
SAT
SUN
MON
JuneJulyAugust