Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Will Russia’s cryp ...

 News

To kick off the latest edition of the Kaspersky Transatlantic Cable podcast, Ahmed and I ask Dave the status of his Covid-19 NFT. Unfortunately, he was too busy recovering from the actual virus to create his own NFT. However, we stay on the topic of NFTs for a pair of articles. The first is with our friends on Twitter   show more ...

and how users can now have their profile picture be of an NFT that they have purchased. If that wasnt enough, we then head to Britain where  Julian Lennon is selling off some Beatles historical relics, well at least a digital version of them. While we debate the merits of the auction, we head into another story that is not really up for debate. Instead, we discuss a move from the Russian Federation to ban cryptocurrencies. From Russia, we head back to the UK where lawmakers are taking the battle to weaken encryption to a new level. In a new campaign, those attacking encryption are using the guise of weakening encryption to protect the children. To close out the podcast, we discuss a report of rising fear within the ransomware community following the REvil arrests. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Twitter brings NFTs to the timeline as hexagon-shaped profile pictures The Beatles and John Lennon memorabilia to be sold as NFTs Russia set for complete ban on cryptocurrencies Revealed: UK Govt Plans Publicity Blitz to Undermine Privacy of Your Chats After ransomware arrests, some dark web criminals are getting worried

 Trends, Reports, Analysis

Digital identification is the focus of two reports by the European Union Agency for Cybersecurity (ENISA): an analysis of self-sovereign identity (SSI) and a study of major face presentation attacks.

 Malware and Vulnerabilities

The attack by Konni usually starts leveraging a malicious Office document. When this document is opened by the victim, a multistage attack is started, involving various steps.

 Malware and Vulnerabilities

Tracked as CVE-2021-44228, the flaw was identified in December 2021 in the Apache Log4j logging utility, and has since been exploited in attacks by both cybercriminals and state-sponsored actors.

 Malware and Vulnerabilities

Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS.

 Feed

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged   show more ...

the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

 Feed

Ubuntu Security Notice 5247-1 - It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. It was discovered   show more ...

that vim incorrectly handled memory when opening and searching the contents of certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10.

 Feed

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

 Feed

Red Hat Security Advisory 2022-0181-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54. Issues addressed include a code execution vulnerability.

 Feed

SAP CommonCryptoLib suffers from a null pointer dereference vulnerability. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error causing the system to crash and remain unavailable.

 Feed

Red Hat Security Advisory 2022-0289-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value   show more ...

machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0291-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value   show more ...

machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0294-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value   show more ...

machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0290-06 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value   show more ...

machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0296-03 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This   show more ...

release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0297-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that   show more ...

logic available to the entire business. This release of Red Hat Decision Manager 7.12.0 serves as an update to Red Hat Decision Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.

 Feed

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted

 Feed

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to

 Feed

Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. "

 Feed

There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn’t take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You’d think that this issue no longer

 Feed

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest

 Mobile

Wordle - good or bad for the world? Whatever your opinion, at least someone wants to spoil players' fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

 Guest blog

An independent researcher has received a $100,500 bug bounty from Apple after discovering a security hole in the company's Safari browser for macOS that could allow a malicious website to hijack accounts and seize control of users' webcams. Read more in my article on the Hot for Security blog.

 Data loss

A Canadian man has been handed a three year prison sentence after being found guilty of buying and selling over 1700 stolen identies on a dark web marketplace, and collaborating with the notorious Dark Overlord extortion gang. Read more in my article on the Tripwire State of Security blog.

 Feed only

Graham Cluley Security News is sponsored this week by the folks at HYPR. Thanks to the great team there for their support! The analysts at The Cyber Hut have produced a new guide that explains how Zero Trust can increase business agility, and provides practical guidance for eliminating passwords to accelerate your   show more ...

Zero Trust strategy. … Continue reading "“A Journey to Zero Trust With Zero Passwords” – download the free guide now"

2022-01
Aggregator history
Thursday, January 27
SAT
SUN
MON
TUE
WED
THU
FRI
JanuaryFebruaryMarch