Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

Welcome to episode 230 of the Transatlantic Cable podcast. Ahmed and Jeff are unable to attend the taping this week because of travel commitments. Filling in is the ever-dependable Jag. To start, we look at an interesting story from down under, where an impending government policy will force social media companies to   show more ...

unmask online trolls. From there, we move on to a story about facial recognition for goats in China (yes, really.) After that rather unusual bit of news, David chats with David Emm about the recent Kaspersky GReAT APT review. We then look at two stories from the BBC, the first of a cryptocurrency called JRR Token (no relation to JRR Tolkien, according to the creators), the second on proposed legislation in the UK to ban default passwords on smart devices. Smart thinking, I say. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Australia will force social networks to identify trolls, so they can be sued for defamation Facial recognition for goats rolled out in Shanghai Tolkien estate blocks JRR Token crypto-currency Huge fines and a ban on default passwords in new UK law APT annual review 2021

image for How to set app permi ...

 Privacy

With each version of iOS, weve seen developers try to protect user data better. However, the core principle remains unchanged: You, the user, gets to decide what information to share with which apps. With that in mind, weve put together an in-depth review of app permissions in iOS 15 to help you decide which requests   show more ...

to allow and which to deny. Where to find iOS 15 app permission settings iOS 15 offers several ways to manage permissions. Well talk about each of the three methods separately. Managing permissions when you first launch an app Every app requests permission to access certain information the first time you launch it, and thats the easiest time to choose what data to share with the app. But even if you accidentally press Yes instead of No, you can still change it later. Setting up all permissions for a specific app To see and set all permissions for a particular app at once, open the system settings and scroll down to see a list of installed applications. Select an app to see what permissions it has and revoke them if you need to. Setting specific permissions for different applications Go to Settings -> Privacy. In this section, you will find a long list of basic iOS 15 permissions. Click on each permission to see which applications requested it. You can deny access to any of them at any time. Not all permissions are in the Privacy menu; youll need to go to other settings sections to configure some of them. For example, you can disable mobile data transfer for apps in the Mobile section, and permission to use the Internet in the background is configured in the Background App Refresh section. Now you know where to look for what. Next, well go into more detail about all of iOSs permissions. Location Services Tracking Contacts Calendars Reminders Photos Local Network Nearby Interaction Microphone Speech Recognition Camera Health Research Sensor & Usage Data HomeKit Media & Apple Music Files and Folders Motion & Fitness Focus Analytics & Improvements Apple Advertising Record App Activity Mobile Data Background App Refresh Location Services What it is: Permission to access your location. This permission isnt just about GPS; apps can also navigate using mobile network base stations, Bluetooth, and the coordinates of Wi-Fi hotspots you are connected to. Access to location services is used, for example, by maps to plot routes and show you nearby businesses. What the risks are: Having location access enables apps to map your movements accurately. App developers can use that data for marketing purposes, and cybercriminals can use it to spy on you. You may not want to give this permission to an app if you dont fully trust it or dont think it needs that level of information. For example, social networks can do without location access if you dont add geotags to your posts or if you prefer to do so manually. In case you need an app that needs location access to work properly, here are two ways to protect yourself from being tracked: Allow access to location only while using the app to give the app access to your coordinates only when you are actually using it. If the app wants to receive location information in the background, you will be notified and may opt out. Turn off Precise Location to restrict the apps knowledge of your location. In this case, the margin of error will be about 25 square kilometers (or 10 square miles) — thats comparable to the area of a small city. Whats more, iOS has long had an indicator that lets you know that an app is requesting access to your location. With iOS 15, that indicator has become much more prominent, appearing as a bright blue icon with a white arrow at the top of the screen. Where to configure it: Settings -> Privacy -> Location Services Tracking What it is: Permission to access a unique device identifier — the Identifier for Advertisers, or IDFA. Of course, each individual application can track a users actions in its own territory. But access to IDFA allows data matching across apps to form a much more detailed digital portrait of the user. So, for example, if you allow tracking in all applications, then a social network can not only see all of your records and profile information in it, but also find out what games you play, what music you listen to, the weather in cities you are interested in, what movies you watch, and much more. What the risks are: Tracking activity in apps enables the compilation of a much more extensive dossier on the phones owner, which increases advertising efficacy. In other words, it can encourage you to spend more money. Starting in iOS 14.5, users gained the ability to disable tracking requests in apps. Where to configure it: Settings -> Privacy -> Tracking Contacts What it is: Permission to access your address book — to read and change existing contacts and to add new contacts. Data an app can get with this permission includes not only names, phone numbers, and e-mail addresses, but also other information from your list of contacts, including notes about specific contacts (although apps need separate approval from Apple to access the notes). What the risks are: Databases of contacts — with numbers, addresses, and other information — can, for example, be used to attack an organization, send spam, or conduct phone scams. Where to configure it: Settings -> Privacy -> Contacts Calendars What it is: Permission to view, change, and add calendar events. What the risks are: The app will receive all of your personal calendar information, including past and scheduled events. That may include doctors appointments, meeting topics, and other information you dont want to share with outsiders. Where to configure it: Settings -> Privacy -> Calendars Reminders What it is: Permission to read and change existing reminders and add new ones. What the risks are: If you have something personal recorded in your Reminders app, such as health data or information about family members, you may not want to share it with any app developers. Where to configure it: Settings -> Privacy -> Reminders Photos What it is: This permission allows the app to view, add, and delete photos and videos in your phones gallery. The app also can read photo metadata, such as information about where and when a photo was taken. Apps that need access to Photos include image editors and social networks. What the risks are: A personal photo gallery can say a lot about a person, from who their friends are and what theyre interested in to where they go, and when. In general, even if you dont have nude photos, pictures of both sides of your credit card or screenshots with passwords in the gallery, you should be cautious about giving apps access to yours. Starting with iOS 14, Apple developers added the ability to give an app access to individual files without giving them the entire gallery. For example, if you want to post something on Instagram, you can choose precisely which images to upload and keep your other photos invisible to the social network. In our opinion, thats the best option for providing access to your images. Where to configure it: Settings -> Privacy -> Photos Local Network What it is: Permission to connect to other devices on your local network, for example, to play music with AirPlay, or to control your router or other gadgets. What the risks are: With this type of access, applications can collect information about all of the devices on your local network. Data about your equipment can help an attacker find vulnerabilities, hack your router, and more. Where to configure it: Settings -> Privacy -> Local Network Nearby Interaction What it is: Permission to use Ultra Wideband (UWB), which the iPhone 11 and later support. Using UWB lets you measure the exact distance between your iPhone and other devices that support the technology. In particular, its used in Apple AirTag to find things youve tagged. What the risks are: A malicious app with UWB access can determine your location extremely accurately, to an exact room in a house or even more precisely. Where to configure it: Settings -> Privacy -> Nearby Interaction Microphone What it is: Permission to access your microphone. What the risks are: With this permission, the app can record all conversations near the iPhone, such as in business meetings or at a medical appointment. An orange dot in the upper right corner of the screen indicates when an app is using a microphone (the dot becomes red when you turn on the Increase Contrast accessibility feature). When an app is using the microphone, iOS 15 shows an orange dot Where to configure it: Settings -> Privacy -> Microphone Speech Recognition What it is: Permission to send voice-command recordings to Apples servers for recognition. An app needs this permission only if it uses Apples speech recognition service. If the app uses a third-party library for the same purpose, it will need another permission (Microphone) instead. What the risks are: By and large, asking for this permission is indicative of an app developers honest intentions — by using Apples proprietary speech recognition service, they are following the companys rules and recommendations. A malicious app is much more likely to ask for direct access to the microphone. Nevertheless, use caution granting permission for speech recognition. Where to configure it: Settings -> Privacy -> Speech Recognition Camera What it is: Permission to take photos and videos, and to obtain metadata such as location and time. What the risks are: An application can connect to the phones cameras at any time, even without your knowledge, and obtain access to photos metadata (the time and location where they were taken). Attackers can use this permission to spy on you. If an application is currently accessing the camera, a green dot lights up in the upper right corner of the screen. When an app is using the camera, iOS 15 shows a green dot Where to configure it: Settings -> Privacy -> Camera Health What it is: Permission to access data you keep in the Health app, such as height, weight, age, and disease symptoms. What the risks are: App developers may sell your health information to advertisers or insurance companies, which can tailor ads based on that data or use it to calculate health insurance rates. Where to configure it: Settings -> Privacy -> Health Research Sensor & Usage Data What it is: Access to data from the phones built-in sensors, such as the light sensor, accelerometer, and gyroscope. Judging by indirect references in this document, that could also include data from the microphone and facial recognition sensor, as well as from iWatch sensors. The permission can also provide access to data about keyboard usage, the number of messages sent, incoming and outgoing calls, categories of apps used, websites visited, and more. As you can see, this permission can provide a range of sensitive data about the devices owner. Therefore, only apps designed for health and lifestyle research should request it. What the risks are: The permission can allow outsiders to obtain information about you that is not available to ordinary apps. In particular, this data allows examination of your walking pattern, the position of your head while youre looking at the screen, and collecting a lot of information about how you use your device. Of course, you shouldnt provide that much data about yourself to just anyone. Before agreeing to participate in a study and providing permission to the app in question, take a good look at what data the scientists are interested in, and how they plan to use it. Where to configure it: Settings -> Privacy -> Research Sensor & Usage Data HomeKit What it is: The ability to control smart home devices. What the risks are: With this level of access, an app can control smart home devices on your local network. For example, it can open smart door locks and blinds, turn music on and off, and control lights and security cameras. A random photo-filter app (for example) should not need this permission. Where to configure it: Settings -> Privacy -> HomeKit Media & Apple Music What it is: Permission to access your media library in Apple Music and iCloud. Apps will receive information about your playlists and personal recommendations, and they will be able to play, add, and delete tracks from your music library. What the risks are: If you dont mind sharing your music preferences with the app, you probably have nothing to worry about, but be aware that this data may also be used for advertising purposes. Where to configure it: Settings -> Privacy -> Media & Apple Music Files and Folders What it is: Permission to access documents stored in the Files app. What the risks are: Apps can change, delete, even steal important documents stored in the Files app. If youre using Files to store important data, keep access limited to the apps you truly trust. Where to configure it: Settings -> Privacy -> Files and Folders Motion & Fitness What it is: Permission to access data about your workouts and daily physical activity, such as number of steps taken, calories burned, and so on. What the risks are: Just like medical data from the Health app, activity data may be used by marketers to display targeted ads and by insurance companies to calculate health insurance costs. Where to configure it: Settings -> Privacy -> Motion & Fitness Focus What it is: This permission allows apps to see if notifications on your smartphone are currently muted or enabled. What the risks are: None. Where to configure it: Settings -> Privacy -> Focus Analytics & Improvements What it is: Permission to collect and send data to Apple about how you use your device. It includes, for example, information about the country you live in and the apps you run. Apple uses the information to improve the operating system. What the risks are: Your smartphone may use mobile data to send Apple data, potentially draining both the battery and your data plan a bit faster. Where to configure it: Settings -> Privacy -> Analytics & Improvements Apple Advertising What it is: Permission to collect personal information such as your name, address, age, gender, and more, and use it to show targeted ads from Apples ad service — but not to share it with other companies. Disabling this permission will not eliminate ads, but without data collection they will be generic, not targeted. What the risks are: As with any targeted ads, more effective advertising may lead to extra spending. Where to configure it: Settings -> Privacy -> Apple Advertising Record App Activity

image for Ubiquiti Developer C ...

 A Little Sunshine

In January 2021, technology vendor Ubiquiti Inc. [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a   show more ...

fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower. Federal prosecutors say Nickolas Sharp, a senior developer at Ubiquiti, actually caused the “breach” that forced Ubiquiti to disclose a cybersecurity incident in January. They allege that in late December 2020, Sharp applied for a job at another technology company, and then abused his privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service and the company’s GitHub accounts to download large amounts of proprietary data. Sharp’s indictment doesn’t specify how much data he allegedly downloaded, but it says some of the downloads took hours, and that he cloned approximately 155 Ubiquiti data repositories via multiple downloads over nearly two weeks. On Dec. 28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. Assuming an external attacker had breached its security, Ubiquiti quickly launched an investigation. But Sharp was a member of the team doing the forensic investigation, the indictment alleges. “At the time the defendant was part of a team working to assess the scope and damage caused by the incident and remediate its effects, all while concealing his role in committing the incident,” wrote prosecutors with the Southern District of New York. According to the indictment, on January 7 a senior Ubiquiti employee received a ransom email. The message was sent through an IP address associated with the same Surfshark VPN. The ransom message warned that internal Ubiquiti data had been stolen, and that the information would not be used or published online as long as Ubiquiti agreed to pay 25 Bitcoin. The ransom email also offered to identify a purportedly still unblocked “backdoor” used by the attacker for the sum of another 25 Bitcoin (the total amount requested was equivalent to approximately $1.9 million at the time). Ubiquiti did not pay the ransom demands. Investigators say they were able to tie the downloads to Sharp and his work-issued laptop because his Internet connection briefly failed on several occasions while he was downloading the Ubiquiti data. Those outages were enough to prevent Sharp’s Surfshark VPN connection from functioning properly — thus exposing his Internet address as the source of the downloads. When FBI agents raided Sharp’s residence on Mar. 24, he reportedly maintained his innocence and told agents someone else must have used his Paypal account to purchase the Surfshark VPN subscription. Several days after the FBI executed its search warrant, Sharp “caused false or misleading news stories to be published about the incident,” prosecutors say. Among the claims made in those news stories was that Ubiquiti had neglected to keep access logs that would allow the company to understand the full scope of the intrusion. In reality, the indictment alleges, Sharp had shortened to one day the amount of time Ubiquiti’s systems kept certain logs of user activity in AWS. “Following the publication of these articles, between Tuesday, March 30, 2021 and Wednesday March 31, [Ubiquiti’s] stock price fell approximately 20 percent, losing over four billion dollars in market capitalization,” the indictment states. Sharp faces four criminal counts, including wire fraud, intentionally damaging protected computers, transmission of interstate communications with intent to extort, and making false statements to the FBI. News of Sharp’s arrest was first reported by BleepingComputer, which wrote that while the Justice Department didn’t name Sharp’s employer in its press release or indictment, all of the details align with previous reporting on the Ubiquiti incident and information presented in Sharp’s LinkedIn account. A link to the indictment is here (PDF).

 Expert Blogs and Opinion

In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party.

 Malware and Vulnerabilities

The plugin “Variation Swatches for WooCommerce,” installed across 80,000 WordPress-powered retail sites, contains a stored XSS security vulnerability that could allow cyberattackers to inject malicious web scripts and take over sites.

 Malware and Vulnerabilities

Emotet trojan is an infection that spreads using phishing email campaigns with malicious attachments. Once the file gets dropped on the machine, malware can steal emails, credentials, run malware tile TrickBot or Qbot delivered previously.

 Feed

CA Technologies is alerting customers to a vulnerability in CA Network Flow Analysis (NFA). A vulnerability exists that can allow an authenticated user to perform SQL injection attacks and access sensitive data. CA published solutions to address this vulnerability and recommends that all affected customers implement   show more ...

these solutions. The vulnerability occurs due to insufficient input validation. An authenticated user can potentially access sensitive data. CA Network Flow Analysis versions 9.3.8, 9.5, 10.0, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, and 21.2.1 are affected.

 Feed

Red Hat Security Advisory 2021-4902-06 - The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift   show more ...

OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.

 Feed

Ubuntu Security Notice 5168-3 - USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash,   show more ...

resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

 Feed

Ubuntu Security Notice 5168-1 - Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5168-2 - Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Android's vold's incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold's IPC handlers related to incremental-fs (mountIncFs, unmountIncFs, bindMount) allow system_server to   show more ...

specify semi-arbitrary paths, allowing system_server to trigger mounting on directories that shouldn't be under system_server control.

 Feed

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. "These people are at the center of critical communities for public debate," said Nathaniel Gleicher, head of

 Feed

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB drives as the physical transmission

 Feed

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today's open ecosystem When

 Feed

Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive data without the knowledge

 Feed

A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other

 Feed

Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services (NSS) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a heap overflow vulnerability when

 Android

Finland’s National Cyber Security Centre has issued a warning about malicious SMS messages that have been spammed out to mobile users, directing iPhone owners to phishing sites and Android users to download malware. Read more in my article on the Tripwire State of Security blog.

 Feed only

Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! 1Password 8 for Windows is the most modern, productive, and secure version of 1Password yet, helping you manage, access, and protect your sensitive information more easily and securely than   show more ...

ever before. Modern Design … Continue reading "1Password 8 for Windows – improved productivity, and enhanced security & privacy"

 Podcast

Cryptocurrency traders suffer a hamster-related loss, beware of charity scammers this holiday season, and do you have the patience to sit through Peter Jackson's eight-hour Beatles documentary? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

2021-12
Aggregator history
Thursday, December 02
WED
THU
FRI
SAT
SUN
MON
TUE
DecemberJanuaryFebruary