Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Transatlantic Cable  ...

 News

With David on holiday, Ahmed and I are holding down the fort for this week’s Kaspersky Transatlantic Cable podcast. We open the show with a pair of stories about Apple. In the first, the company is holding off on the rollout of its controversial CSAM — for now. Then, we look at the aftermarket for iPhone   show more ...

chargers, which includes the OMG Cable, a charger with a built in hotspot that steals credentials, and Ahmed continues his habit of making me look dumb with his obscure trivia. Getting back to our slate of stories, we discuss a new vulnerability in Confluence that further bolsters our “updates are important” stance. (Despite the patch being available, criminals are exploiting this PoC for those who have yet to update their servers.) From there we head to the infosec drama story of the week, with the ransomware-as-a-service gang. In this story, a former member of the group has leaked the source code for Babuk Locker on a criminal forum. The note attached to the leak is one for the ages, including terminal cancer and the phrase “I will have time to live like a human.” From there, it’s over to Latin America, where El Salvador has become the first country to embrace Bitcoin, including issuing $30 in the cryptocurrency to users who install the government-backed wallet. To close out the podcast, we discuss NFTs and a fraudulent Banksy NFT that sold for more than $330,000. In a happy turn of events, the buyer was refunded most of the money. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Apple delays plans to scan devices for child abuse images after privacy backlash Security researcher develops Lightning cable with hidden chip to steal passwords S. Cyber Command warns of ongoing attacks exploiting Atlassian Confluence flaw Babuk ransomware’s full source code leaked on hacker forum Fear and excitement in El Salvador as Bitcoin becomes legal tender Fake Banksy NFT sold through artist’s website for £244k  

image for Installing unknown a ...

 Tips

For Android users, installing applications from Google Play, and Google Play only, is the wise choice. With its strong safety rules, official app monitoring, plentiful user reviews, and security researcher scrutiny, Android’s official store tends to be a safe place for downloading apps. Even when malware does   show more ...

make it to Google Play, it is quickly identified and removed. Android device owners do, however, also have the option to download and install apps from third-party sources. But does the freedom outweigh the danger? Allowing or denying alternative installation On the one hand, having the ability to shop outside of the Google Play store can be quite useful; not every app is available there. On the other hand, that freedom comes with an increased risk of infection, because outside of Google Play, apps lose Google’s quality and safety oversight. Together with a program’s installer — or even instead of it — dangerous apps can get onto users’ devices and steal personal data, money, or both. Here are just a few examples of such attacks: A popular alternative app store was infected with a Trojan and began distributing malware; Using the permission to install unknown applications, criminals distributed ransomware disguised as a beta version of a game called Cyberpunk 2077; Other criminals passed off Loapi malware as an antivirus utility and an adult-content app. The Trojan turned smartphones into bots for DDoS attacks, made them mine cryptocurrency, or simply flooded them with ads. The above represent a sampling of why new phones come with external software installation disabled. To avoid falling victim to schemes that rely on external installations, don’t be tempted to enable installation of unknown apps, and if you have, turn it off immediately. Here’s how. How to turn off installation of unknown apps in Android 8 and later In the latest versions of Android, the relevant feature is called Install unknown apps, and it is enabled separately for each app. If you have allowed installation from unknown sources for some apps, you will need to disable it separately for each app. Here’s how to do it: Open the system settings on your device; Choose Apps and notifications; Select Advanced and go to Special app access; Select Install unknown apps; Check what is listed under each app installed on your phone. If you see Allowed, select the app in the list and disable installation of unknown applications. How to disable installation of unknown apps in Android 8 and later Please note, we’re using the names of the settings in stock Android. Manufacturers often modify the standard Android interface, so some menu items may have different names on your phone. How to turn off installation from unknown sources in Android 7 and earlier In Android 7 and earlier the setting is called Unknown sources, and there’s just one switch that turns installation of non-Google Play apps on or off for the entire system. Here’s how to find it: Open the system settings on your device; Go to Security; Scroll down to Unknown sources and make sure it’s disabled. How to disable installation of apps from unknown sources in Android 6 and 7 At first glance, managing this setting seems much easier in older versions of Android, but from a security viewpoint, things aren’t that straightforward. If you accidentally allow installation of unknown apps in Android 6 or 7, then any app at all can download malicious files — and that includes apps you install later. How to safely download an app that’s not on Google Play What if a program you need is not available in the official store, but you still need to install it? Search for similar apps. Try looking for alternatives in the official store. Maybe there is an app on Google Play with functions that suit your needs. Scan the file before installing. Even if you can’t do without a third-party source, don’t rush to change your settings. First, download the installation file, and before launching it, scan it with your mobile antivirus solution. Check permissions. Consider the list of permissions the app requests during installation. If a program demands too much, try to find something similar with more modest requests. Disable installation of unknown apps. Remember to change your settings back after installation. Don’t leave your phone open to malware!

 Govt., Critical Infrastructure

The federal government is pushing hard for agencies to adopt zero-trust cybersecurity architectures, with new guidance released Tuesday from the Office of Management and Budget and the CISA.

 Trends, Reports, Analysis

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released the final version of a Cybersecurity Practice Guide for first responders.

 Govt., Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).

 Threat Actors

The TeamTNT malware pushers have a slew of new toys that have inflicted more than 5,000 infections globally as antivirus (AV) tools struggle to catch up with the newest malware.

 Breaches and Incidents

Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances.

 Feed

Ubuntu Security Notice 5069-2 - USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 5070-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's   show more ...

physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-3425-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.3.10 serves as a replacement for Red Hat support   show more ...

for Spring Boot 2.3.6, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and information leakage vulnerabilities.

 Feed

Ubuntu Security Notice 5072-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's   show more ...

physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-3477-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host   show more ...

virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution, out of bounds write, and use-after-free vulnerabilities.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus

 Feed

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. <!--adsense--> Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8,

 Feed

There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety. Software is all around us, and it’s very easy to forget just how much we’re relying on lines of code

 Feed

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain

 Encryption

ProtonMail finds itself in a privacy pickle, the big problem with Facebook's algorithmic amplification, and strange things are happening on Banksy's website. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

2021-09
Aggregator history
Thursday, September 09
WED
THU
FRI
SAT
SUN
MON
TUE
SeptemberOctoberNovember