Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for It

 Business

Many people know that using a personal mail account for business correspondence is a bad idea, yet they see nothing wrong with using a corporate address to register on social networks, online services, and other nonwork resources. It’s handy, after all, to receive all work and personal messages in one mailbox.   show more ...

That said, you’d be hard-pressed to find a reputable resource recommending it. From work-life imbalance to privacy violations (management and administrators may have access to your work mail), loss of access to services in case of dismissal, and more, the reasons not to mix business e-mail with personal are legion. In fact, the first consideration that should stop an employee from using a corporate mail account for personal matters is information security. 1. It makes profiling easier Before sending a phishing e-mail to a specific employee, cybercriminals harvest information online, using specialized tools to learn which address someone uses on social networks, online platforms, and so forth. Using a corporate address for nonbusiness purposes makes you easier to profile by helping attackers build a social portrait of you, thereby making you more vulnerable to spear-phishing in the first stage of an attack on the company. 2. It facilitates spear-phishing Cybercriminals choose the tricks they think will best ensnare their victims. If they learn you’ve used your corporate mail address to register elsewhere, they know you’re likely to fall for a phishing e-mail. All they have to do is disguise their message as a legitimate notification from a service that you really are registered on. 3. It provides criminals with a smoke screen Typically, all a cybercriminal needs for an attack to succeed is time. That’s why many services send a note to the account holder if you or anyone else tries to log in from an unknown IP address or attempts to change the password. Of course, to get ahead of the hackers, you need to know about those warnings as soon as possible. To that end, arrange a riot of notifications in your mailbox. If you’ve linked your address to outside resources, when hackers (or their bots) begin trying to brute-force your social network and other personal accounts, your inbox will quickly fill with warnings and alerts. 4. More mass phishing and malware in the inbox When it comes to securing customers’ data, not all online resources were born equal — hence the near-daily headlines about online leaks. And leaked databases are very popular with mass spammers, who simply buy lists of addresses to flood with malicious links or phishing messages. Essentially, the more resources you tie to your corporate mail account, the more potential threats you’ll see in your inbox. 5. The eyes glaze over Speaking of seeing more messages in your inbox, that extra volume can lead to trouble. With greater variety — for example, nonwork e-mails among business messages — dangerous items become harder to spot. The more personal e-mails you read during business hours, the more likely you are to accidentally click on a malicious attachment or follow a phishing link. Even if you don’t use a work address for personal matters, it’s important to deploy technical means to protect against spam and phishing. The more layers of protection, the better. We recommend securing the corporate infrastructure against phishing at both the mail server and the workstation levels.

image for Microsoft Patch Tues ...

 Time to Patch

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible   show more ...

for patching Windows 10 PCs and Windows Server 2019 machines. Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates. Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privilege” vulnerability that affects Windows 10 and Windows Server 2019, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system. “CVE-2021-36948 is a privilege escalation vulnerability – the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts,” said Kevin Breen of Immersive Labs. “In the case of ransomware attacks, they have also been used to ensure maximum damage.” According to Microsoft, critical flaws are those that can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer — and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software. Last month, the company rushed out an emergency update to patch “PrintNightmare” — a critical hole in its Windows Print Spooler software that was being attacked in the wild. Since then, a number of researchers have discovered holes in that patch, allowing them to circumvent its protections. Today’s Patch Tuesday fixes another critical Print Spooler flaw (CVE-2021-36936), but it’s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own, said Dustin Childs at Trend Micro’s Zero Day Initiative. “Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this Critical-rated bug,” Childs said. Microsoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service. “Today we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges,” Microsoft said in a blog post. “This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies the change. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.” August brings yet another critical patch (CVE-2021-34535) for the Windows Remote Desktop service, and this time the flaw is in the Remote Desktop client instead of the server. CVE-2021-26424 — a scary, critical bug in the Windows TCP/IP component — earned a CVSS score of 9.9 (10 is the worst), and is present in Windows 7 through Windows 10, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates). Microsoft said it was not aware of anyone exploiting this bug yet, although the company assigned it the label “exploitation more likely,” meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system. For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that are causing problems for Windows users. On that note, before you update please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

 Malware and Vulnerabilities

Group-IB detected more than 3,000 email addresses from the operators of Prometheus Traffic Distribution System (TDS) who are targeting multiple sectors, including banking and finance, energy, healthcare, and cybersecurity. Prometheus TDS operates as a service to help other malware gangs in spreading different malware in their attacks.

 Trends, Reports, Analysis

As more workloads and data assets move to the cloud and WFH becomes a more common reality, the private network has become more of a security overlay on the public internet than a separate entity.

 Trends, Reports, Analysis

Reinvention is a crucial survival skill in the threat landscape. The primary motive of this technique is to temporarily distract investigators or throw them in another direction.

 Malware and Vulnerabilities

A Cobalt Strike DoS exploit has been found that permits the blocking of beacon of C2 communication channels and deployments. This can help security teams block intrusion attempts.

 Malware and Vulnerabilities

In the first half of 2021, McAfee saw a surge in XLSM malware delivering different payloads. In XLSM, adversaries make use of Macrosheets to enter their malicious code directly into the cell formulas.

 Breaches and Incidents

IBM’s X-Force found that ITG18, with alleged ties to Charming Kitten, pilfered nearly 120GB of sensitive data from approximately 20 individuals in Iran either through LittleLooter, a newly found Android malware, or social engineering tactics.

 Trends, Reports, Analysis

A new poll by Anomali and The Harris Poll has revealed that American and British adults would be put off using a virtual vaccination card for the fear that their personal data may not be protected.

 Trends, Reports, Analysis

The Australian Cyber Security Centre (ACSC) issued an alert warning of increasing attacks on Australian organizations across multiple industry sectors by the LockBit 2.0 ransomware.

 Malware and Vulnerabilities

According to Trend Micro researcher Monte de Jesus, Chaos has been around since June, and has already cycled through four different versions, with the last one being released on August 5.

 Breaches and Incidents

On the heels of cyber attacks on the Illinois Attorney General's Office and the Illinois Department of Employment Security, comes word of trouble for the Illinois State Police (ISP).

 Feed

RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this   show more ...

advisory shows the compromise of the server's certificate and private key. Versions 7.0 through 7.3 are affected.

 Feed

Red Hat Security Advisory 2021-3079-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.

 Feed

Red Hat Security Advisory 2021-3073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3076-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a memory exhaustion vulnerability.

 Feed

Red Hat Security Advisory 2021-3066-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-3081-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.

 Feed

Red Hat Security Advisory 2021-3061-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and   show more ...

interacting with the virtualized systems. Issues addressed include buffer overflow, denial of service, and out of bounds access vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3074-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3063-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Issues addressed include buffer overflow, double free, and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3075-01 - libuv is a multi-platform support library with a focus on asynchronous I/O. Issues addressed include information leakage and out of bounds read vulnerabilities.

 Feed

Ubuntu Security Notice 5034-1 - Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks.

 Feed

Facebook for Android is vulnerable to a permission issue which allows anyone with physical access to the Android device, to accept friend requests without unlocking the phone. Facebook does not consider this a security issue. Version 29.0.0.29.120 on Android 10 is affected.

 Feed

Red Hat Security Advisory 2021-3058-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-3088-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3057-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and privilege escalation vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3044-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.

 Feed

Red Hat Security Advisory 2021-2983-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.4. Issues addressed include a memory exhaustion vulnerability.

 Feed

Red Hat Security Advisory 2021-2984-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.4. Issues addressed include a memory exhaustion vulnerability.

 Feed

Red Hat Security Advisory 2021-3042-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Issues addressed include buffer overflow, double free, and integer overflow vulnerabilities.

 Feed

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers

 Feed

A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019. FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world

 Feed only

Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! The shift to remote and hybrid work has created an ecosystem of new vulnerabilities, putting your critical data at risk. With less oversight into security protocols and employee behaviors,   show more ...

it’s more important than … Continue reading "Learn how to build a culture of security with 1Password"

 Business + Partners

The issue at the heart of ransomware insurance will be familiar to most parents of young children: rewarding bad behavior only invites more of the same, so it’s generally not a good idea. But critics of the ransomware insurance industry argue that’s exactly what the practice does. Ransomware insurance has   show more ...

by now long been suspected of excusing lax security practices and inspiring confidence among cybercriminals that they’ll receive a timely payment following a successful breach. Exactly how widespread ransomware claims by businesses are is difficult to determine since companies don’t exactly jump at the chance to discuss their run-ins with ransomware publicly. But it’s safe to assume that claims have risen alongside an undeniable surge in ransomware attacks. Another issue with the cyber insurance industry stems from the fact that paying a ransom is no guarantee that data will be returned. In our recent report on the hidden costs of ransomware, nearly 20 percent of respondents were not able to recover their data even after making an extortion payment. The Paris-based insurance giant AXA broke new ground this year by announcing it would stop insuring against cyberattacks, citing a lack of guidance from French regulators about the practice. It’s worth remembering that the FBI “does not support paying a ransom in response to a ransomware attack.” So, if U.S.-based insurers were to follow AXA’s logic, they too would stop covering ransomware payments. So far, few have. For now. Doomed to be a short-lived sector? The industry publication InsuranceJournal.com recently wrote in a post on its site that “pressure is building on the industry to stop reimbursing for ransoms.” Before ransomware went rampant, the article notes, cybersecurity insurance was a profitable sub-category of the insurance business as a whole. But those days may be numbered. The sector is now “teetering on the edge of profitability” according to the post’s author. It’s well-known within cybersecurity circles that ransomware actors will conduct advanced research to determine if a potential target is insured. If so, it’s hardly a deterrent since it increases the likelihood a payment will be made. It winds up being a self-reinforcing cycle. As ProPublica wrote in its study of the industry, “by rewarding hackers, it encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.” A commonly cited defense of ransomware insurance is that they not only protect against the cost of the ransom, but also against knock-on expenses from ransomware like downtime, reallocation of tech resources and reputational damage. We know from our own research that these costs can be significant, so there’s some validity to this argument. The post It’s time to ask: Is ransomware insurance bad for cybersecurity? appeared first on Webroot Blog.

2021-08
Aggregator history
Tuesday, August 10
SUN
MON
TUE
WED
THU
FRI
SAT
AugustSeptemberOctober