Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for A guide on how to sp ...

 Tips

Thanks to the Internet, we have access to a potentially infinite amount of information, which can often be difficult to sort out and figure out whats true and whats not. Weve all seen headlines like Dutch Scientists Prove Coronavirus Doesnt Exist, Unvaccinated People Held in Concentration Camps in Australia, and   show more ...

HIV-Infected Needles Placed in Movie Theater Seats. These are examples of myths spreading on the worldwide web that nowadays we usually call fake news. Many people believe fake news, regardless of age or social status. For example, a middle-aged tech friend of mine was recently foaming at the mouth proving to us that McDonalds products are unfit for human consumption. He learned this from a TikTok video. In it, a girl said that chef Jamie Oliver had proven in court that the meat in the McDonalds burgers was unfit for human consumption. Just five minutes into the search showed that the story was quite different. There was no trial, just a TV show in which the chef criticized the entire food industry in the United States. A bit later some journalists linked McDonalds subsequent recipe change to that. The whole story took place in 2011–2012. Surprisingly, this myth still lives on in both social networks and various local media. We, of course, laughed and forgot about the dispute. Nevertheless, an important lesson is that information needs to be checked because fake information can be found where you least expect it. We suggest that you look at information based on the following algorithm to figure out where you start unraveling more complex and important stories than the McDonalds meat fail. Find the source of the information The first thing to do is to check where the information came from. There may be several options here. Media outlets, bloggers, messenger channels, and communities on social networks usually have some kind of reputation. It is important to understand that even the most reputable and respected media can publish nonsense. Large outlets such as the BBC, The New York Times and Paris Match have all made mistakes more than once. This stage of verification is mainly necessary to filter out sources marked definitely not to be trusted. Such a verdict may be given to humorous news (even serious journalists sometimes believe fake news from the likes of The Onion) and all kinds of strange WhatsApp messages that should be treated with caution. Find links to primary sources Any information claiming to be reliable must contain links to original sources. An article or post without links should not be trusted. The next step is to check the links themselves. Everything depends on the specifics of the material. For example, if a text describes some events abroad, it should contain links to local publications in the original language. Otherwise, how did the authors learn about the event? References to official publications or scientific studies are also a good sign of plausibility. Check particular facts Any text, video, or audio material has particular facts that can be verified by other sources. Often these are names, dates, geographic locations, some scientific facts, and so on. This data can be verified with a quick Internet search. The search engine companies themselves tell you more about all the features of more complex searches. For example, this material will help you to understand how to properly search for information on Google. If you find more than two or three inaccuracies, the text is probably not worth trusting. This does not always mean that authors are maliciously trying to mislead you. It is very possible that they, in good faith, simply do not know what they are writing about. Figure out the sources agenda The first three tips involve fact-checking, but beyond that, the tone with which information is presented is important. Even if the authors arent spreading outright lies, the right emphasis and carefully chosen facts in an article can distort the picture and influence your opinion. Therefore, it is useful to consider the sources agenda or bias as it will help you to weigh up the information you receive more objectively. Pay attention to details If the basic facts look coherent, pay attention to the details: images, quotations, terms, and frequent use of superlatives. Lets deal with each point separately: Images can be altered using Photoshop and other editing tools. To see if an image has been altered, try searching for the original image with Google image search or TinEye. Quotes are often taken out of context, a recent example being a quote from the World Economic Forum, Youll own nothing. And youll be happy. Even a quick Internet search on the first words usually helps to see the full picture and understand what someone really wanted to say. Authors may use an abundance of smart words to confuse the reader, especially in science-related texts. Dont be lazy — look up the meanings of terms that are key to understanding the material. You dont have to look up specialized publications to know youre being lied to — a couple of clicks and Wikipedia are usually sufficient. This is the most important law in history or Before you is the most honest politician are examples of superlatives. An abundance of them in a text is a red flag. Most likely, authors are trying to convince you of or sell you something. Track the diversity of cases When it comes to the texts that refer to some alleged mass phenomenon, such as the news that after vaccination, people lose the ability to conceive, it is useful to search all possible sources for this query. Its best to focus on things like the name or age of a participant or eyewitness, as well as the place and date of the event. If such key details in the stories match repeatedly, its likely to be an isolated case, and not the mass phenomenon they are trying to convince you it is. Katharin Tai talked more about how to unravel such cases in her presentation at the Chaos Communication Congress. Use resources that specialize in information verification It is, of course, impossible to check every text we see on the Internet. Moreover, it is often unnecessary as professionals have already done this for us. There are media outlets in every country that specialize in debunking myths. Before you go through the above long procedure, you might want to see if it has already been done before you. Here are a couple of well-established English-language media fact checkers: Snopes — to separate fake news from truth, the resource uses a complex rating system that helps you to understand if a story is true, an outright lie, or just an error. Snopes investigates stories from a wide variety of topics: cultural and historical, scientific, and political. PolitiFact, as the name suggests, specializes in political fact checking. PolitiFact mainly deals with the domestic agenda in the US, but also investigates international politics. Like Snopes, PolitiFact uses a rating system and its version has 6 grades of truth. Within each topic category, you can see statistics on how much of the stories are true, mostly true, and so on, down to pants on fire, i.e. blatant untruths. It is worth remembering that just like any other media, fact checkers also make mistakes, which is why it is so important to be able to check the information yourself. With a trained eye, you will soon understand where the error in their reasoning lies. Not all fakes are intentional lies — they often come about due to common mistakes. Anyone can believe fake news — as a rule, neither higher education nor life experience completely protects against that. So be sure to check information, and if not all of it, then at least that which really affects your life. To broaden your knowledge on fact-checking, see the Verification Handbook, edited by Craig Silverman, a journalist and founder of Regret the Error. In the book, verification experts talk about their strategies and techniques. The book can be downloaded for free directly from the official website in English and several other languages.

image for Tapping into the Pow ...

 CISO

Massive growth in Zoom’s customer base as a result of the COVID 19 pandemic brought new business - but also new challenges and security requirements. Establishing a CISO Council gave those customers a voice and a seat at the table, writes CISO Jason Lee. The post Tapping into the Power of the Security Community   show more ...

appeared first on The Security...Read the whole entry... » Related StoriesEpisode 230: Are Vaccine Passports Cyber Secure?Spotlight: COVID Broke Security. Can We Fix It In 2022?Spotlight: COVID, Cloud Sovereignty and Other 2022 Trends with DigiCert

 Trends, Reports, Analysis

When it comes to apps, for every good and useful app that exists, there will nearly always be malicious individuals looking to exploit its popularity to try to steal from unsuspecting individuals.

 Trends, Reports, Analysis

Cybercriminals are meddling with QR codes to redirect users to malicious websites that steal their information, deflect their payments to attacker-controlled accounts, and install malware on their devices.

 Malware and Vulnerabilities

BHUNT is a new crypto stealer family and was spotted by Bitdefender. It is written in .NET and is capable of pilfering wallet content from Electrum, Bitcoin, Ethereum, Exodus, and Atomic, among others. 

 Feed

Ubuntu Security Notice 5193-2 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

 Feed

Red Hat Security Advisory 2022-0268-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0274-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0273-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0265-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0270-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0272-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0269-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0271-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0267-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0266-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.

 Feed

Ubuntu Security Notice 5252-2 - USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.

 Feed

Ubuntu Security Notice 5252-1 - It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.

 Feed

Red Hat Security Advisory 2022-0236-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.

 Feed

This archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation. Adjusting the   show more ...

single_start and modprobe_path offsets should allow it to work on most other Ubuntu versions that have kernel version 5.7 or higher; for versions between 5.1 and 5.7, the spray will need to be improved as in the kctf version. The exploitation strategy relies on FUSE and SYSVIPC elastic objects to achieve arbitrary write. The kctf version achieves code execution as the root user in the root namespace, but has at most 50% reliability - it is targeted towards Kubernetes 1.22 (1.22.3-gke.700). This exploitation strategy relies on pipes and SYSVIPC elastic objects to trigger a stack pivot and execute a ROP chain in kernelspace.

 Feed

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of

 Feed

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's

 Feed

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a

 Feed

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets

 Home + Mobile

If you’ve considered using a virtual private network (VPN) at all, it’s likely to establish a secure connection while working remotely or to connect to public networks. But privacy enthusiasts appreciate the benefits of a VPN even from the comfort of their own homes. Depending on your level of comfort with your   show more ...

internet service provider (ISP) – and what country you live in – setting one up for your household may be a smart bet. Before diving into why, here is a brief refresher on what a VPN is and why they’re useful. The VPN basics Think of a VPN as a tunnel your internet traffic travels through to keep nosy onlookers from being able to see what you’re doing online. More literally, VPNs are tools used to encrypt network traffic and to hide a user’s IP address by masking it with a proxy one – in this case one belonging to the VPN provider. A VPN may route your encrypted traffic through a datacenter located anywhere in the world (though it’s best when it’s nearby so the user’s experience doesn’t suffer). Why would one want to use a VPN? Typically, they’re used by individuals logging onto public networks as an assurance their activities won’t be monitored. In addition to maintaining privacy, this also prevents cybercriminals from stealing sensitive data from banking transfers, paying bills or conducting other sensitive transactions from places like airports or coffee shops. Corporations may also mandate the use of VPNs for remote workers so that sensitive company data is more difficult to compromise. To protect against data breaches or other leaks, network administrators typically encourage encrypting traffic using a tool like a VPN. Check out this post for more on why you should use a VPN on public networks. Do you need to use a VPN at home?  It depends on a number of factors. It depends on where you live and how private you want to keep your web browsing habits. Physical location is a factor because, in the United States, it’s been legal since 2017 for ISPs to sell certain data they’re able to gather unless the customer explicitly opts out. Most major ISPs claim to not sell user data, especially anything that can be used to identify the user, but it’s technically not illegal. In countries where this practice is prevented by law, users may have fewer privacy concerns regarding their ISP. In the European Union, for example, strict privacy standards laid out in the General Data Protection Regulation (GDPR) prevent even the gathering of user data by ISPs. This makes the case for a VPN at home harder to make, since most websites already encrypt data in transit and home networks are unlikely to be targeted by things like man-in-the-middle attacks. For U.S. users, though, using a VPN at home makes good privacy sense. Despite some attempts to learn what major ISPs do with our data, they’re not always forthright with their policies. There are also no guarantees an ISP won’t suddenly change those policies regarding the sale of user data. If you don’t want to leave the issue up to your ISP, shielding personal data with a VPN is a good choice. Choose your VPN wisely If you’re not careful, your VPN can end up doing the same thing you got it to avoid. “If you’re not paying for it, you are the product,” or so the saying goes. This is especially true for many free VPN services. Free solutions often track and sell your browsing data to advertisers to generate revenue. Be sure to choose a “no-log” solution that doesn’t track your online activity for sale to third-parties. It’s also important you choose a VPN from a vendor that: Is established enough to have access to servers worldwideHas a professional support team on-staff and available to assist with any issues  Is easy to configure and simple to use, so you actually will! After checking these boxes, it’s a smart choice to use a VPN at home under some circumstances. For a proven, reliable solution, consider making Webroot® WiFi Security your VPN of choice on the go and at home. The post The Benefits of Using a VPN on Your Home Network appeared first on Webroot Blog.

 Threat Lab

Phishing attacks sustain historic highs In their latest report, IDG and the pros behind Carbonite + Webroot spoke with 300 global IT professionals to learn the current state of phishing. We learned that 93% of IT executives are still concerned about phishing – and it’s no wonder, as companies averaged 28 attacks   show more ...

each over the previous 12 months. Luckily, the report details how to fight back. With the right preparation and the right protection, companies can prevent all but 0.3% of attacks. Phishing capitalizes on COVID Phishing attacks have been part of the cybercriminal arsenal for years. But it’s only recently that phishing has flourished into the scourge it is today. That’s because cybercriminals have found success by targeting COVID-19 fears with their schemes. In fact, phishing attacks spiked by 510% from just January – February 2020, according to the 2021 Threat Report. These increases leveled off by the summer, but phishing attacks still increased 34% from September – October 2020. Overall, 76% of executives report that phishing is still up compared to before the pandemic. COVID-based tactics might purport to have new info on a shutdown, to share COVID stats or even suggest info from your doctor. But in each case, cybercriminals are looking to steal your information. Who’s getting attacked? IT departments are feeling the brunt of these attacks, with 57% of them targeted by phishing. Carbonite + Webroot Sr. Security Analyst Tyler Moffitt says, “Even if malware targets someone with lower-level access, the attack will move laterally to eventually find an IT administrator.” He goes on to say that attackers can then linger for a week or more to find valuable data or steal a balance sheet that gives an indication of how much ransom to charge. Because they often have important credentials, top executives and finance groups are also common targets. Public-facing customer service employees also offer easy access. Consequences of phishing 75% of global IT executives say they’ve suffered negative consequences from phishing attacks. That includes: 37% suffered downtime lasting more than a day37% suffered exposure of data32% lost productivity19% had to pay legal or regulatory fines A layered approach to security But it’s not all bad news. Yes, phishing is using new tactics to target businesses. But there are ways to fight back. The report cites training as one of the most effective tools. But the frequency of training varies greatly, and 25% of those who use it don’t include phishing simulations. By using security awareness training that offers regular simulations, you can reduce phishing by up to 70%. But even with great training, the report notes that people will still click some of the time. That’s why a multi-layered approach gives peace of mind that not all is lost if one person messes up. No layer is 100% effective, but taken together many layers get very close. A defense in depth security posture utilizing DNS and endpoint detection as well as a sound backup strategy can give you confidence that you’re prepared to withstand even a successful phishing attack. Ready to start protecting yourself and your business? Explore how Carbonite + Webroot provide a full range of cyber resilience solutions. Download the IDG report. The post Report: Phishing Attacks Sustain Historic Highs appeared first on Webroot Blog.

2022-01
Aggregator history
Wednesday, January 26
SAT
SUN
MON
TUE
WED
THU
FRI
JanuaryFebruaryMarch