Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Malware and Vulnerabilities

A new report offers deeper insight regarding new samples of the Yanluowang ransomware that has been observed targeting U.S. corporations since August. One distinguishing element found in the ransomware samples is that the files are code-signed with a valid digital signature. Enterprises must fortify their backup management software in case of any adversarial event due to this threat.

 Threat Actors

Minerva Labs disclosed that the StrongPity APT group has been distributing malicious Notepad++ installers to infect targets. The malware has the ability to steal files, along with other data. Notepad++ users are suggested to ensure that the installer is downloaded from the official website and always use the latest updated version.

 Malware and Vulnerabilities

A remote code execution flaw exists in log4j2, which is used by basically every Java application on the planet. It’s remotely exploitable, and not just through the front end, but on the back ends.

 Trends, Reports, Analysis

In the attack technique called Bring Your Own Vulnerable Driver (BYOVD), an adversary with administrative privileges installs a legitimately signed driver with a vulnerability on the victim system.

 Companies to Watch

The latest funding round was led by Permira, with participation from Guggenheim Partners, Accel, Bain Capital Ventures, DFJ Growth, Glynn Capital, Goldman Sachs, Insight Partners, Next47, and others.

 Trends, Reports, Analysis

This is likely to be fuelling an increase in data breaches. Remote code execution and remote file inclusion attacks, often used to steal data and hijack websites, surged by 271% over the two years.

 Threat Actors

Symantec revealed that the Iranian MuddyWater group has been targeting telecom operators, IT firms, and a utility company in the Middle East and other parts of Asia. Researchers observed that the attackers made a deliberate attempt to target more and more organizations by mounting a supply-chain attack. Seedworm’s   show more ...

focus on gathering telecom-related intelligence leaves only little for researchers to ponder upon as it cannot be predicted accurately how hackers will exploit it.

 Trends, Reports, Analysis

There is a significant disconnect between security operations center (SOC) leaders and staff, which is reducing the effectiveness of these teams, according to a new report by Devo Technologies.

 Feed

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

 Feed

Red Hat Security Advisory 2021-5142-02 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

 Feed

Red Hat Security Advisory 2021-5140-04 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5133-03 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for   show more ...

Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5138-04 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.8.4 serves as a replacement for   show more ...

Red Hat AMQ Streams 1.8.0, and includes security and bug fixes, and enhancements. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5134-05 - This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of   show more ...

service, deserialization, information leakage, memory leak, privilege escalation, server-side request forgery, and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2021-5132-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.2 replaces Data Grid 8.2.1 and includes bug fixes and enhancements. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5110-05 - The RHEL-8 based Cryostat container images have been updated with a security fix for "CVE-2020-26160 jwt-go: access restriction bypass vulnerability". Users of RHEL-8 based Cryostat container images are advised to upgrade to these updated images, which contain   show more ...

backported patches to correct these security issues, fix these bugs, and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Ecosystem Catalog. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2021-5108-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5093-03 - This release of Red Hat build of Eclipse Vert.x 4.1.5 SP1 includes security updates. For more information, see the release notes listed in the References section. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5126-01 - This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix: log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2021-5130-02 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a code execution vulnerability.

 Feed

Ubuntu Security Notice 5193-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

 Feed

log4j-payload-generator is a plugin for the woodpecker framework to produce log4 jndi injection vulnerability payload. Five types of payloads can be produced with one click.

 Feed

If you are curious about web application firewall (WAF) bypass payloads that can be leveraged to exploit the log4j2 code execution vulnerability, you should look at this tool.

 Feed

log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data parameters. It also supports DNS callback for vulnerability discovery and validation and includes WAF bypass payloads.

 Feed

This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.

 Feed

Fully independent log4j exploit that does not require any 3rd party binaries. The exploit sprays the payload to all possible logged HTTP Headers such as X-Forwarding, Server-IP, User-Agent.

 Feed

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to

 Feed

The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations." The second vulnerability — tracked as CVE-2021-45046 — is rated 3.7 out of a maximum of 10 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9

 Feed

Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response (MDR) services have become a critical aspect of any

 Feed

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes

 Feed

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or service," said

2021-12
Aggregator history
Wednesday, December 15
WED
THU
FRI
SAT
SUN
MON
TUE
DecemberJanuaryFebruary