Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Unsecured Database E ...

 Security

Elasticsearch's database was improperly configured and left unsecured, with no authentication whatsoever, making it easily accessible by a threat actor who just had to enter a valid URL in a browser, according to Hack Read.   Comparitech's report revealed information about an unsecured marketing database   show more ...

that exposed personal data of 35 million U.S. citizens in Los Angeles, San Diego, and Chicago. The database's ownership is unknown at this time. The report points out that the information was gathered over a period of 11 years, from the beginning of 2010 and May this year.  The Elasticsearch database was not password-protected, making it available to anyone who had a web browser and wanted to look up the information. Bob Diachenko, the Head of Securit... (read more)

image for Ransomware Attacks I ...

 Security

According to the SonicWall mid-year update, ransomware attacks increased dramatically in the first half (H1) of 2021, outperforming the entire year of 2020, according to Help Net Security. The worldwide ransomware volume increased by 151% to reach 304.7 million in the first half of this year. Researchers   show more ...

found ransomware rises in multiple industries, including retail (up 264%), healthcare (up 594%), government (up 917%), and education (up 615%). On the other hand, worldwide malware attacks went down, with a 24% decrease in volume most likely due to threats becoming more sophisticated. The number of ransomware attacks in the United States (185%) and the United Kingdom (165%) has increased dramatically, whereas the top three ransomware families were SamSam, Cerber, and Ryuk that accounted for 64% of all known ransomware attacks.  For the same time-frame, cryptocurre... (read more)

image for With Remote Work Bec ...

 Security

An investigation into enterprise IT security specialists revealed that approximately 80% felt  workers are more vulnerable to phishing efforts now that they working from home, according to Help Net Security.  Over 59% believed that it was sufficient to use solutions such as email reminders (20%), video training   show more ...

(27%), and virtual private networks (12%) to mitigate the respondents' top security threats: brand and reputation, as well as legal danger, despite a dramatic increase in threats over the past year.  According to the results of the poll, 81% of IT executives believe that  90% or more ransomware attacks originate through email phishing. 18% believe their employees are unaware or don't comprehend the consequences of email phishing attacks on their firm.  Computer and information technology leaders spent the previous year putting significant eff... (read more)

image for Chinese Military Hac ...

 Security

Emissary Panda (APT27), Naikon, and Soft Cell are the organizations that carried out various hacking activities on the same telecom carriers in Southeast Asia at the same time, according to Cybereason.  Recent cyberattacks conducted by Hafnium cybercriminal gang used vulnerabilities in unpatched Microsoft Exchange   show more ...

servers and the same bugs were used in this particular situation. Threat actors gained access to target networks by exploiting vulnerabilities in Microsoft Exchange Server that had previously been published. Once compromised, the hackers gained access to the sensitive information contained in key network resources such as Domain Controllers (DC), high-level corporate resources such as billing servers that contain call detail record data (CDR), as well as key network components such as telecom carriers' billing servers.  The Cyber... (read more)

image for How to protect your ...

 Tips

Letting your child play on your smartphone or tablet may be perfectly fine, but if you do, you need to know how a few taps can rack up huge expenses, even in kids’ apps that are technically free. Teenagers’ in-game purchases have made the news more than once, but even preschoolers can seriously dent a   show more ...

family’s financial well-being. Here’s how to guard against accidental spending by small children. What are the risks? Very young children are unlikely to bet on e-sports or donate to streamers on YouTube or Twitch. Computers and game consoles, too, are usually the preserve of older kids. That said, a toddler can inadvertently drain your bank account by tapping a flashy banner in a cartoon, buying extra lives and equipment in games, or messing around in the settings. Ads in cartoons Even folks who don’t let their kids play games on their phone tend to let them watch the occasional kid-friendly cartoon on YouTube. It’s not hard to imagine how a small child might tap a brightly colored banner or ad that pops up during the video, but if that tap takes them to Google Play, the App Store, or an online shop, they can easily end up downloading a game or buying something. They might also accidentally subscribe to YouTube Premium or another fee-based service. And spotting the problem won’t be easy; charges often begin only after a free trial period. Mobile games and educational apps Paradoxically, some seemingly harmless free-to-play games can empty your wallet even more comprehensively than paid ones. In the standard model, one of the most lucrative for developers, users get the game free but have to pay for additional options and virtual items. And if you believe that only a teen with a gambling addiction can spend a fabulous sum on a Sword of a Thousand Truths or some other gear, think again. Even a preliterate preschooler restricted to age-appropriate apps can severely deplete the family budget, never realizing they are spending real money. Hard to believe? It’s happened plenty. For just a few examples, a Connecticut 6-year-old spent more than $16,000 playing games on his mom’s iPad, and a 7-year-old in the United Kingdom accidentally paid £1,200 ($1,700) on online games, including £800 ($1,100) on virtual cat food. The preschooler mindset Youngsters are very curious, especially when it comes to new gadgets. Most kids under the age of 5 have not yet learned to read properly, and so they find bright pictures far more attractive than words (as do some adults). Naturally, they tap banners without thinking about the consequences. At that age, there is little point trying to explain the intricacies of the free-to-play model or the principles of online shopping — or that cartoon gems and treats in the fairy-tale world of games and videos cost real money in the real world. To prevent your little angel from bankrupting the family, you’ll have to limit purchases using technical means. Fortunately, almost all devices and services let you do that. Precautionary measures How does your kid get hold of a smartphone or tablet in the first place? The most obvious way is for you to give one to them. Many parents these days buy school-age kids a smartphone for keeping in touch, but for those who don’t, kids may simply borrow their parents’ gadgets, or grab one without asking. Here’s how to protect your bank account regardless. If you give a child your gadget Very few parents have never handed their tablet or smartphone to a child simply to get a moment’s peace, but many do so without considering the security implications. Depending on the age and responsibility level of the child in question, caregivers have a few good options: Enable purchase confirmation in Google Play or the equivalent setting in the App Store to prevent accidental spending by requiring a password or fingerprint verification for all transactions, including in-game purchases; Use guest mode if your phone supports it. Some Android smartphones let you add new users and switch between profiles. On iPhones and iPads, you can use Guided Access to prevent your child from accessing anything except the app you selected. This function also lets you block taps for the whole screen or parts of it, as well as temporarily disable the Home button; Turn on transaction notifications in your banking app to catch accidental purchases before it’s too late; Set a spending limit, if your child is old enough to make small purchases on their own. Many banks allow you to limit spending by category, such as video games; Consider a separate debit card that you can top up as needed. Some banks let you set up a special account from which to view and manage your child’s outlays, and some also offer kids’ versions of their banking apps, which may include budget-planning advice and options for parents to set up payments to children in exchange for completing tasks. If your child has their own gadget Protecting your child’s device is a bit different, largely because you probably don’t have to worry about maintaining a separate, unlimited account for yourself on the gadget. Set up a child account in Google for your kid, or get them their own Apple ID, and then use the operating system’s parental controls to restrict purchases as well as access to inappropriate content such as violent games and movies; Enable confirmation of all purchases. On Android devices, you can block unauthorized downloading of any paid content from Google Play, or limit in-app spending. That way, if your child tries to download something, the system will ask for the account password. On Apple mobile devices, you can monitor requests to download paid apps, and approve what your kid buys with the Ask to Buy feature; Use Screen Time on Apple devices to disable purchases in the App Store and iTunes, as well as block in-app transactions; Download kid-friendly versions of apps to your child’s device, such as YouTube Kids instead of the regular YouTube app. Such apps should display fewer ads, and you can filter their content as well; Install a reliable parental control solution. For example, Kaspersky Safe Kids lets you not only restrict purchases, but also view how much time your child spends on apps and which websites they’ve visited. What if your child takes your phone without asking? Every parent knows they have to plan for the unexpected, and that means understanding your device may fall into someone else’s hands — not just because of theft or loss, but sometimes because your child grabs your phone or tablet while you’re not looking. Enable screen autolock and set a short timeout — 10–15 seconds, max; Keep your password secret, and make it complex enough that an observer can’t pick it up easily; Make a habit of keeping your mobile device on you and do not leave it unattended. What to do if money has already been debited If you see unexpected spending on your bank statement and the culprit turns out to be your child, you can try to get your money back. Note that you probably won’t get a refund for purchases in Google Play unless you enabled authentication. Similar refund procedures for apps and content exist in the App Store and iTunes. Remember, you can always contact the game or app developer directly. Conclusion You won’t have to impose a ban on mobile devices — or wave goodbye to your money — if you take action in advance. By preparing for the ways your kids can use a mobile device to spend money, you can sidestep the inevitable issues and, over time, teach responsible online shopping and general financial literacy.

 Govt., Critical Infrastructure

The bipartisan physical infrastructure deal unveiled on Sunday contains several cybersecurity provisions, including some meant to bolster state and local digital efforts.

 Companies to Watch

Ivanti announced it has acquired vulnerability management software provider RiskSense to drive the next evolution of patch management. The terms of the RiskSense transaction were not disclosed.

 Security Products & Services

Currently, when you visit a secure site, Chrome displays a little locked icon. As most website communication is now secure, Google is testing a new feature that removes the lock icon for secure sites.

 Malware and Vulnerabilities

Experts uncovered an attack campaign by BazaLoader operators. These attacks are tricking users into calling a particular phone number, an actual human at a fake call center, to persuade them into downloading malware. The inclusion of the human element has made this threat even more serious.

 Trends, Reports, Analysis

Crime-as-a-Service is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cybercrime – in particular, it’s often used to create phishing attacks.

 Companies to Watch

Founded in 2017, the Columbus, Ohio-based company provides cybersecurity controls at the firmware layer, in an attempt to secure the device supply chain and mitigate risks to OT and IT environments.

 Threat Actors

Kaspersky documented a new Chinese-speaking threat actor—GhostEmperor—targeting Microsoft Exchange flaws in high-profile attacks in Southeast Asia. The group uses a formerly unknown Windows kernel-mode rootkit to gain remote control over targeted servers. Recently, several Chinese APT groups have been reported targeting government agencies and private organizations across the globe.

 Trends, Reports, Analysis

The National Institute of Standards and Technology is working to develop risk management guidance around the use of artificial intelligence and machine learning, the agency has announced.

 Feed

Red Hat Security Advisory 2021-2998-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-2993-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2021-2992-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include bypass, null pointer, and server-side request forgery vulnerabilities.

 Feed

Ubuntu Security Notice 5029-1 - It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. "The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to

 Feed

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven't participated in the growing and profitable MSSP market as it entailed massive investments in

2021-08
Aggregator history
Tuesday, August 03
SUN
MON
TUE
WED
THU
FRI
SAT
AugustSeptemberOctober