Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Attacks on Google Cl ...

 Business

At the end of 2021, Google released its first report on typical threats to cloud users, focusing on the security of Google Cloud Platform. The service provides corporate clients with multiple scenarios for building cloud systems, ranging from simply hosting and running individual applications to deploying   show more ...

high-performance computing. Reasons for attacking Google Cloud Platform instances The report focuses on the causes and consequences of attacks on custom GCP instances, analyzing 50 recent successful attacks on custom servers or applications. Of the cases Google analyzed, 48% were the result of a weak password (or no password) for server-based accounts. In 26% of cases, hackers used a vulnerability in the cloud-server software. Server or application misconfiguration enabled 12%, and only 4% were a result of password or access key leaks. The latter category includes an error not uncommon to developers: uploading authentication data along with source code to a public repository on GitHub or a similar service. According to a report by GitGuardian, up to 5,000 secrets (API keys, password/username pairs, certificates) are uploaded to GitHub every day, and 2020 saw 2 million leaks. Vulnerabilities leaving servers open to hacking, according to Google. Weak or absent passwords enabled most of the attacks. Source. Google notes that cybercriminals tend not to target specific companies, instead regularly scanning the full range of IP addresses belonging to Google Cloud Platform in search of vulnerable instances. The implication of this automation is clear: If you make an unprotected server accessible from the Internet, it will almost certainly be hacked, and probably soon (in a number of cases, the attack began within 30 minutes of a new instance being raised). The time between hacking and the start of malicious activity is even shorter, with most attacked servers being put into illegal operation within half a minute. Why attackers go for Google Cloud Platform instances What do cybercriminals do with cloud resources after hacking them? In the vast majority of cases (86%), a cryptominer (a program that uses the resources of others to generate cryptocurrency) was installed on the server. Most commonly, these are CPU/GPU resources, but the report also mentions the mining of Chia cryptocurrency, which involves the exploitation of free disk space. In another 10% of cases, compromised servers were used for port scanning — to search for new victims. In 8% of cases, an attack on other network resources was made from the server. Rarer types of illegal activities that involve hijacked cloud-platform servers include: hosting malware, prohibited content, or both; carrying out DDoS attacks; and distributing spam. Types of malicious activity on hacked cloud servers. In some cases, several types of illegal operations were carried out simultaneously. Source. If someone hacks a cloud service and installs a cryptominer, their actions not only harm the clients reputation and puts access to their own application or website at risk, but victims could face eye-watering service bills as well, even from just a few hours of activity. Recommendations for securing GCP instances In most of the cases Google studied, users could have avoided trouble by following minimal security requirements: employing strong passwords and additional authorization factors; ensuring due diligence when uploading source code; and regularly updating installed software to patch known vulnerabilities. In general, cloud systems require the same protection measures as any other type of infrastructure. They need, at a minimum, regular audits, monitoring of suspicious activity, and isolation of critical data. But deploying infrastructure in public cloud services involves a few extra recommendations — and not only for organizations using Google Cloud Platform. One of the main ones, as Google notes, is to set automatic conditional alerts to determine when resource consumption exceeds certain thresholds or to spot a rapid increase in costs.

image for ‘Wormable’ Flaw  ...

 Latest Warnings

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws   show more ...

fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another. Nine of the vulnerabilities fixed in this month’s Patch Tuesday received Microsoft’s “critical” rating, meaning malware or miscreants can exploit them to gain remote access to vulnerable Windows systems through no help from the user. By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “HTTP Protocol Stack.” Microsoft says the flaw affects Windows 10 and Windows 11, as well as Server 2019 and Server 2022. “While this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug,” said Dustin Childs from Trend Micro’s Zero Day Initiative. “Test and deploy this patch quickly.” Quickly indeed. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online. Microsoft also fixed three more remote code execution flaws in Exchange Server, a technology that hundreds of thousands of organizations worldwide use to manage their email. Exchange flaws are a major target of malicious hackers. Almost a year ago, hundreds of thousands of Exchange servers worldwide were compromised by malware after attackers started mass-exploiting four zero-day flaws in Exchange. Microsoft says the limiting factor with these three newly found Exchange flaws is that an attacker would need to be tied to the target’s network somehow to exploit them. But Satnam Narang at Tenable notes Microsoft has labeled all three Exchange flaws as “exploitation more likely.” “One of the flaws, CVE-2022-21846, was disclosed to Microsoft by the National Security Agency,” Narang said. “Despite the rating, Microsoft notes the attack vector is adjacent, meaning exploitation will require more legwork for an attacker, unlike the ProxyLogon and ProxyShell vulnerabilities which were remotely exploitable.” Security firm Rapid7 points out that roughly a quarter of the security updates this month address vulnerabilities in Microsoft’s Edge browser via Chromium. “None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today,” Rapid7’s Greg Wiseman said. “This includes two Remote Code Execution vulnerabilities affecting open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.” Wiseman said slightly less scary than the HTTP Protocol Stack vulnerability is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server. “Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website,” he said. “Thankfully the Windows preview pane is not a vector for this attack.” Other patches include fixes for .NET Framework, Microsoft Dynamics, Windows Hyper-V, Windows Defender, and the Windows Remote Desktop Protocol (RDP). As usual, the SANS Internet Storm Center has a per-patch breakdown by severity and impact. Standard disclaimer: Before you update Windows, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

 New Cyber Technologies

Security experts developed a three-phased approach that leverages electromagnetic field emanations to detect evasive malware on IoT devices including the unseen variants. The electromagnetic emanation calculated from the device is nearly undetectable by the malware. Thus, malware evasion tactics cannot be applied directly in this case.

 Feed

Ubuntu Security Notice 5043-2 - USN-5043-1 fixed vulnerabilities in Exiv2. The update introduced a new regression that could cause a crash in applications using libexiv2. This update fixes the problem. It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 5219-1 - It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5218-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the eBPF implementation in the Linux   show more ...

kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5217-1 - It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the eBPF implementation in the Linux kernel   show more ...

did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and

 Feed

The European Union's data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity. "Datasets older than six months that have not undergone this Data Subject Categorisation must be erased," the European Data Protection Supervisor (EDPS) said in a press statement. "This means that Europol

 Feed

Moxie Marlinspike, the founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as the chief executive of the non-profit in a move that has been underway over the last few months. "In other words, after a decade or more, it's difficult to overstate how important Signal is to me, but I now feel very comfortable replacing myself as CEO based on the

 Feed

Lookout, an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022.  1 — Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches One area organizations need to continue to monitor in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end-users to

 Feed

Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives

 Feed

With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. At least some systems, if not all. You might even have installed the latest patch – at the time of writing, that is 2.17.1, but, if the last rapid patching cycle persists, it might have

2022-01
Aggregator history
Tuesday, January 11
SAT
SUN
MON
TUE
WED
THU
FRI
JanuaryFebruaryMarch