Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for REvil Ransomware to  ...

 Security

New worrying repercussions have emerged as a result of the large chain reaction that followed the Friday cyberattack, according to Wired. Among the organizations affected are the Swedish Coop, a pharmacy chain, and a railway operator.  Cybersecurity specialists are beginning to comprehend how cybercriminals were able   show more ...

to launch such a large-scale attack. It all started with a vulnerability discovered in Kaseya's IT services' updating process, a flaw that was just about to be patched. Sean Gallagher, a senior threat researcher at Sophos stated, “What’s interesting about this and concerning is that REvil used tru... (read more)

image for New Botnet Dubbed Mi ...

 Security

The Mirai botnet is an IoT malware that allowed cybercriminals to compromise over 300,000 devices. Routers, digital video recorders (DVR), and wireless cameras are among the impacted devices, according to E Hacking News.  The sophisticated malware scans these types of devices and attempts to connect to them using   show more ...

default passwords. Once connected, it starts executing DDoS attacks on numerous websites, networks, and servers. Cybersecurity researchers have recently released information about a new version of the Mirai botnet known as Mirai Ptea, that was inspired by the Mirai botnet. In short, cybercriminals employed the malware to perform a distributed denial of service attack against a KGUARD DVR by exploiting a previously undiscovered vulnerability in the device. According to Netlab 360, a Chinese security group, the first flaw discovery was made on March 23, 2... (read more)

image for Moroccan Hacker Dr H ...

 Security

Dr Hex has been active for several years and used phishing, credit card fraud, and malware attacks to target a number of victims in France as part of a worldwide operation to steal money from big companies, telecom companies, and banks, according to The Hacker News.  According to media reports, the investigation   show more ...

known as Operation Lyrebird resulted in the detention of a Moroccan man who goes by the pseudonym Dr. HeX. Cybersecurity firm Group-IB released a report detailing the findings of the investigation.  During the cyberattacks, phishing kits were used by the bad actor which consisted of web pages imitating legitimate financial entities. Numerous victims fell into the rogue websites traps by entering login credentials, data that was  subsequently transferred to the cybercriminal's email address. At least three unique phishing kits have been uncovered, all ... (read more)

image for Diavol Ransomware Al ...

 Security

The newest Diavol ransomware outbreak, according to FortiGuard analysts, is linked to the Wizard Spider cybercriminal gang, a group that has been involved in wire fraud in the past. Furthermore, the Diavol and Conti payloads were used in ransomware attacks that took place in early June against a variety of target   show more ...

devices, according to Cyware.  The payload encrypts the data via Asynchronous Procedure Calls (APCs) encryption type and an asymmetric encryption method. This architecture distinguishes itself by enabling a more rapid encrypting method than other types of malware.  The modus operandi entails retrieving the source code from the image PE resource section. The malware is run in a buffer with various permissions.Since it doesn't rely on packing or anti-disassembly methods, it lacks any type of obfuscation and instead it stores its procedure ... (read more)

image for Phishing with online ...

 Business

The latest in phishers’ battle for corporate e-mail credentials involves notifications allegedly from Adobe online services. And because they’ve begun using an online PDF file (supposedly stored on Adobe’s website), we created a real file to highlight the signs of a fishy e-mail and a fake   show more ...

“online PDF.” Adobe PDF Online phishing message In the phishing messages, the first thing that stands out is the description of the file — shared with you through “secure Adobe PDF online.” Right away, ask yourself, does the service actually exist? It sounds plausible, and a quick Google search will tell you Adobe does indeed have a service for storing PDF files online, and that service does enable users to share encrypted files. But you won’t find the name “Adobe PDF online” anywhere on a real Adobe website. It’s either “Adobe Acrobat online” or “Adobe Document Cloud.” Curious, I asked a colleague to send a file to me so I could compare the notifications. The real message is on the right Let’s assume you don’t know what a real file-sharing e-mail from Adobe looks like. Here are some signs. Not one of the following is a guarantee of fraud, and there are exceptions to every rule, but each should raise your suspicions and prompt you to pay close attention and investigate further: The sender. If an e-mail is from an online service, that should be obvious from the sender’s name and address. Conversely, if the sender is a specific person, a message from them won’t look like a notification from a service; The subject line. If you’re writing to someone called Leo, would you write something like “leonides@gmail.com received a PDF file” as the subject? The name of the service. You don’t have to remember the name of every single online service, but if you’re not totally sure, use a search engine to check it; Hyperlink/icon. Before clicking on a Download or Open icon, hover your cursor over them to inspect the hyperlink and make sure it goes where it should; E-mail footer. An e-mail from Adobe is highly unlikely to end with an assurance that Microsoft respects your privacy; The words “please read our Privacy Statement” without a hyperlink. Not Adobe Document Cloud’s website At the moment, we can still depend on phishers to make stupid mistakes, but nothing is stopping them from doing a good job. Suppose the e-mail looks great. Now it’s time to check out the website, which in this case looks like an authentication window obscuring the blurred interface of Adobe Acrobat Reader DC. That’s actually plausible, although only if the person who received the e-mail doesn’t know what the real website for Adobe’s online services and its password request window look like. Password request on phishing website (top) and on Adobe’s real website Here, the warning signs vary somewhat. Start with the blurred background: fairly unprofessional protection for confidential data; some of the text is easy to decipher with the naked eye. The URL. The website for an Adobe service should have an Adobe domain in its address; Despite the blurring, you can still make out the filename: EMInvoice_R6817-2.pdf. That doesn’t match the authentication window, which says the file available for download is called “Wire Transfer Receipt.pdf”; Mixed-up terms. The blurred document has “Invoice” written on it (as in, request for payment), but the filename says “receipt,” (confirming payment already received); Program versions. The name “Adobe Acrobat Reader DC” is apparent in the blurred background, whereas the program named in the authentication window is Adobe Reader XI. Someone who rarely uses PDFs might not know XI is an older version of the software, but the discrepancy should stand out regardless; AdobeDoc Security. You might not keep track of the names Adobe uses for its technologies, but there’s a registered trademark symbol next to “AdobeDoc,” and that’s worth checking; Request for an e-mail password. A legitimate Adobe service does not need your e-mail password, period. How to protect corporate e-mail from phishers To keep company employees safe from phishing: Regularly increase employee awareness of current cyberthreats to help them avoid falling for phishing tricks; Install an antiphishing solution on the corporate e-mail server to keep most phishing e-mails from reaching employees’ inboxes; Install security products with antiphishing components on every work computer; their filters will prevent employees from opening phishing links.

 Trends, Reports, Analysis

Ransomware has become an existential threat for some insurers. At a time of mounting losses and rising public criticism, a RUSI paper argues for a reset in the cyber insurance industry.

 Trends, Reports, Analysis

The concerns come after a year of escalating cyberattacks against a range of institutions and as global tensions have skyrocketed during the course of the COVID-19 pandemic.

 Trends, Reports, Analysis

The most common type of fraud and cybercrime in Q2 was related to online shopping and auctions, comprising one in five police reports (14,868) according to a report by money.co.uk.

 Breaches and Incidents

While a ransomware attack was launched against the Alabama-based Wiregrass Electric Cooperative during the weekend, officials have verified that no data have been compromised.

 Malware and Vulnerabilities

Kryptos Logic Threat Intelligence researchers have revealed a new report about a new TrickBot modulel that bears precise resemblance to the Zeus attack pattern.

 Trends, Reports, Analysis

Ransomware attacks are evolving rapidly to target ICS endpoints worldwide with a significant rise in activity during the past year. Four ransomware families, namely Ryuk, Nefilm, Revil, and LockBit, account for over half of these attacks, a new Trend Micro report says.

 Trends, Reports, Analysis

Researchers uncovered a Privacy Tool campaign that purports to offer file protection via encryption and decryption services. In fact, it is loaded with malware. The latest campaign shed some light on the increasing amount of efforts attackers are putting into making such privacy-themed lures realistic and effective. Users are recommended to stay protected by using reliable anti-malware solutions.

 Feed

Red Hat Security Advisory 2021-2660-01 - The linuxptp packages provide Precision Time Protocol implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces offered by the Linux kernel.

 Feed

Red Hat Security Advisory 2021-2657-01 - The linuxptp packages provide Precision Time Protocol implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces offered by the Linux kernel.

 Feed

Red Hat Security Advisory 2021-2659-01 - The linuxptp packages provide Precision Time Protocol implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces offered by the Linux kernel.

 Feed

This Metasploit module allows an attacker with an unprivileged windows account to gain admin access on windows system and start a shell. For this module to work, both the NSClient++ web interface and ExternalScripts features must be enabled. You must also know where the NSClient config file is, as it is used to read the admin password which is stored in clear text.

 Feed

Gentoo Linux Security Advisory 202107-6 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 91.0.4472.114 are affected.

 Feed

Red Hat Security Advisory 2021-2555-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.19. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

 Feed

Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme. The two-year investigation, dubbed Operation Lyrebird by the international,

 Feed

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious

2021-07
Aggregator history
Tuesday, July 06
THU
FRI
SAT
SUN
MON
TUE
WED
JulyAugustSeptember