Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Work from Home is To ...

 Security

With the beginning of the COVID-19 pandemic, corporate cybersecurity resilience has been challenged. Cybercriminals have targeted the financial sector on numerous occasions, and this pattern is expected to continue.  As reported by a recent study, before COVID-19 attackers specifically targeted security   show more ...

vulnerabilities in financial services businesses because the majority of staff had to leave work at the end of the day. Financial Security Board (FSB) have revealed that the COVID-19 pandemic has emphasized the importance of enhancing resilience in the face of rapid economic, financial and technological change. While outsourcing to third-party service providers, such as cloud computing, looks to improve the operational resilience of financial institutions, a growing reliance on those services can result in new challenges and weaknesses. It is vital to have effective risk management thro... (read more)

image for Russian Cybercrimina ...

 Security

A Russian cybercriminal that is known worldwide as the "bot master" has been sentenced to 33 months in prison for federal crimes, according to Security Week. Peter Levashov pleaded guilty three years ago to aggravated identity theft, intentional computer damage, wire fraud, and conspiracy. According to the   show more ...

prosecution's written arguments, Levashov spent more than a decade running botnets, including one that had the potential to infect 200,000 machines, collect email addresses, logins, and passwords from infected systems. Prosecutors also stated that Levashov created forums for the purpose of selling and trading stolen identities and credit card numbers.  The U.S. District Judge Robert Chatigny recommended a sentence of at least 12 years due to the financial harm caused. He went on to say that Levashov was the mastermind behind three of the most prominen... (read more)

image for New Cybersecurity Re ...

 Security

The US Transportation Security Administration issued a regulation on Tuesday requiring oil pipeline owners to implement security measures for business and operational technology (OT) networks against ransomware and further cyber threats, according to Dark Reading.  The TSA directive ranks second in the last two   show more ...

months for oil pipeline operators, signaling growing concern about serious cyber vulnerabilities in U.S. oil and gas infrastructure following the crushing ransomware attack on Colonial Pipeline in May. It also appears to be related to growing concerns about threats to critical U.S. infrastructure from Chinese government cyber threat groups. Just last week, China's Ministry of State Security (MSS) was openly

image for Google Cloud Introdu ...

 Security

Google Cloud announced several new security features designed to assist both private and public enterprises in dealing with the dangers of today, according to Dark Reading. Sunil Potti, vice president and general manager of Google Cloud Security said in a blog post that "most security products seem to focus on   show more ...

solving products created by other security products, rather than the root causes of the issues," Consequently, Google's method entails invisible security with technologies built into the platform, and eliminating operations as a siloed center. Recent updates include Cloud IDS, a malware detection IDS, spyware, command and control attacks, and other network threats.  Cloud IDS builds on the threat det... (read more)

image for Serial Swatter Who C ...

 Ne'er-Do-Well News

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack. Shane   show more ...

Sonderman, of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targets into giving up their valuable Twitter and Instagram usernames. At Sonderman’s sentencing hearing today, prosecutors told the court the defendant and his co-conspirators would text and call targets and their families, posting their personal information online and sending them pizzas and other deliveries of food as a harassment technique. Other victims of the group told prosecutors their tormentors further harassed them by making false reports of child abuse to social services local to the target’s area, and false reports in the target’s name to local suicide prevention hotlines. Eventually, when subjects of their harassment refused to sell or give up their Twitter and Instagram usernames, Sonderman and others would swat their targets — or make a false report to authorities in the target’s name with the intention of sending a heavily armed police response to that person’s address. For weeks throughout March and April 2020, 60-year-old Mark Herring of Bethpage, Tenn. was inundated with text messages asking him to give up his @Tennessee Twitter handle. When he ignored the requests, Sonderman and his buddies began having food delivered to Herring’s home via cash on delivery. At one point, Sonderman posted Herring’s home address in a Discord chat room used by the group, and a minor in the United Kingdom quickly followed up by directing a swatting attack on Herring’s home. Ann Billings was dating Mr. Herring and was present when the police surrounded his home. She recalled for the Tennessee court today how her friend died shortly thereafter of a heart attack. Billings said she first learned of the swatting when a neighbor called and asked why the street was lined with police cars. When Mr. Herring stepped out on the back porch to investigate, police told him to put his hands up and to come to the street. Unable to disengage a lock on his back fence, Herring was instructed to somehow climb over the fence with his hands up. “He was starting to get more upset,” Billings recalled. “He said, ‘I’m a 60-year-old fat man and I can’t do that.'” Billings said Mr. Herring then offered to crawl under a gap in the fence, but when he did so and stood up, he collapsed of a heart attack. Herring died at a nearby hospital soon after. Mary Frances Herring, who was married to Mr. Herring for 28 years, said her late husband was something of a computer whiz in his early years who secured the @Tennessee Twitter handle shortly after Twitter came online. Internet archivist Jason Scott says Herring was the creator of the successful software products Sparkware and QWIKMail; Scott has 2 hours worth of interviews with Herring from 20 years ago here. Perhaps the most poignant testimony today came when Ms. Herring said her husband — who was killed by people who wanted to steal his account — had a habit of registering new Instagram usernames as presents for friends and family members who’d just had children. “If someone was having a baby, he would ask them, ‘What are your naming the baby?’,” Ms. Herring said. “And he would get them that Instagram name and give it to them as a gift.” Valerie Dozono also was an early adopter of Instagram, securing the two-letter username “VD” for her initials. When Dozono ignored multiple unsolicited offers to buy the account, she and many family and friends started getting unrequested pizza deliveries at all hours. When Dozono continued to ignore her tormentors, Sonderman and others targeted her with a “SIM-swapping attack,” a scheme in which fraudsters trick or bribe employees at wireless phone companies into redirecting the target’s text messages and phone calls to a device they control. From there, the attackers can reset the password for any online account that allows password resets via SMS. But it wasn’t the subsequent bomb threat that Sonderman and friends called in to her home that bothered Dozono most. It was the home invasion that was ordered at her address using strangers on social media. Dozono said Sonderman created an account on Grindr — the location-based social networking and dating app for gay, bi, trans and queer people — and set up a rendezvous at her address with an unsuspecting Grindr user who was instructed to waltz into her home as if he was invited. “This gentleman was sent to my home thinking someone was there, and he was given instructions to walk into my home,” Dozono said. The court heard from multiple other victims targeted by Sonderman and friends over a two-year period. Including Shane Glass, who started getting harassed in 2019 over his @Shane Instagram handle. Glass told the court that endless pizza deliveries, as well as SIM swapping and swatting attacks left him paranoid for months that his assailant could be someone stalking him nearby. Judge Mark Norris said Sonderman’s agreement to plead to one count of extortion by threat of serious injury or damage carries with it a recommended sentence of 27 to 33 months in prison. However, the judge said other actions by the defendant warranted up to 60 months (5 years) in prison. Sonderman might have been eligible to knock a few months off his sentence had he cooperated with investigators and refrained from committing further crimes while out on bond. But prosecutors said that shortly after his release, Sonderman went right back to doing what he was doing when he got caught. Investigators who subpoenaed his online communications found he’d logged into the Instagram account “FreeTheSoldiers,” which was known to have been used by the group to harass people for their social media handles. Sonderman was promptly re-arrested for violating the terms of his release, and prosecutors played for the court today a recording of a phone call Sonderman made from jail in which he brags to a female acquaintance that he wiped his mobile phone two days before investigators served another search warrant on his home. Sonderman himself read a lengthy statement in which he apologized for his actions, blaming his “addiction” on several psychiatric conditions — including bipolar disorder. While his recitation was initially monotone and practically devoid of emotion, Sonderman eventually broke down in tears that made the rest of his statement difficult to hear over the phone-based conference system the court made available to reporters. The bipolar diagnoses was confirmed by his mother, who sobbed as she simultaneously begged the court for mercy while saying her son didn’t deserve any. Judge Norris said he was giving Sonderman the maximum sentenced allowed by law under the statute — 60 months in prison followed by three years of supervised release, but implied that his sentence would be far harsher if the law permitted. “Although it may seem inadequate, the law is the law,” Norris said. “The harm it caused, the death and destruction….it’s almost unspeakable. This is not like cases we frequently have that involve guns and carjacking and drugs. This is a whole different level of insidious criminal behavior here.” Sonderman’s sentence pales in comparison to the 20-year prison time handed down in 2019 to serial swatter Tyler Barriss, a California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident.

 Security Products & Services

The open-source tool called capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering.

 Malware and Vulnerabilities

These flaws could have enabled attackers to alter the sequences of the messages sent, identify encrypted messages of a client or a server, recover some plaintext from encrypted messages, and wage man-in-the-middle attacks.

 Malware and Vulnerabilities

Recent Shlayer malvertising campaigns have gone back to using fake Flash updates and social engineering tactics to trick victims into manually installing the malware and compromising their systems.

 Expert Blogs and Opinion

Many security experts and analysts are applauding the U.S. for calling out China's cyber behavior, especially after the White House had focused so much attention on Russia's cyber activities.

 Malware and Vulnerabilities

A never-before-documented Windows malware strain dubbed MosaicLoader is spreading worldwide, acting as a full-service malware-delivery platform that’s being used to infect victims with RATs, Facebook cookie stealers, and other threats.

 Malware and Vulnerabilities

McAfee Labs described the use of DLL sideloading in REvil’s attacks after the group made a sudden exit that surprised everyone. Generally, this technique is used by APT groups to avoid raising any flags on security radars.

 Malware and Vulnerabilities

Security analysts provide proof of Diavol ransomware stealing data from infected systems as opposed to previous claims by the FortiGuard Labs’s researchers. The Diavol group is resilient and evasive in nature. Security professionals need to erect a robust security infra to avoid any unpleasant surprises.

 Malware and Vulnerabilities

Proofpoint discovered a new threat group, TA2721, targeting global organizations across finance, entertainment, and other industries via malspam emails written in Spanish. A highly-targeted campaign by TA2721 suggests that the group has a clear goal and prepares well before launching attacks. Security professionals need to keep an eye on this steadily growing threat to avoid any sudden surprises.

 Trends, Reports, Analysis

Microsoft threat researchers are tracking an increased rise in consent phishing attacks that exploit OAuth request links. The threat actors are attempting to lure targets into providing permission to attacker-owned apps and eventually, sensitive information.

 Feed

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/.php.

 Feed

Ubuntu Security Notice 5020-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to conduct port scans and service banner   show more ...

extractions. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Various other issues were also addressed.

 Feed

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B   show more ...

below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.

 Feed

Red Hat Security Advisory 2021-2737-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host   show more ...

virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a use-after-free vulnerability.

 Feed

Ubuntu Security Notice 4336-2 - USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted   show more ...

file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 5019-1 - It was discovered that an assert could be triggered in the NVIDIA graphics drivers. A local attacker could use this to cause a denial of service. It was discovered that the NVIDIA graphics drivers permitted an out-of-bounds array access. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-2726-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2021-2729-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2021-2717-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

 Feed

Red Hat Security Advisory 2021-2720-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2021-2731-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2021-2796-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a null pointer vulnerability.

 Feed

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. "Starting with Windows 10 build 1809, non-administrative users are granted

 Feed

Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to?  Surprisingly, leaner teams have a much greater chance than

 Feed

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent

 Feed

Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download

 Feed

Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely

2021-07
Aggregator history
Wednesday, July 21
THU
FRI
SAT
SUN
MON
TUE
WED
JulyAugustSeptember