Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Malware and Vulnerabilities

A decryption key is now available for DeadBolt ransomware only a few days after the strain first appeared. The catch, however, is that it requires a decryption key provided by threat actors to work.

 Trends, Reports, Analysis

The number of COVID-19 test-related phishing scams increased by 521% between October 2021 and January 2022, according to a report published by security firm Barracuda Networks.

 Malware and Vulnerabilities

BlackCat RaaS, also known as ALPHV, first came to light in mid-November and already proved its sophistication. It became the first professional ransomware gang to use Rust-based malware. In less than a month, the gang has amassed more than a dozen victims located in the U.S., Germany, the Netherlands, France, Spain, and the Philippines.

 Trends, Reports, Analysis

Kaspersky uncovered short-lived spyware attack campaigns by major infamous malware familities, wherein criminals managed to steal over 7000 corporate credentials on ICS networks. Attackers also used the stolen data from corporate networks to perform financial fraud or sell the obtained RDP, SSH, VPN, and SMTP   show more ...

credentials online. Organizations can protect themselves by training employees to identify phishing emails, limiting access, and making 2FA mandatory.

 Threat Intel & Info Sharing

The agency stated that Emennet performed conventional cyber exploitation against news, travel, shipping, financial, telecoms, and oil & petrochemical sectors in the U.S., the Middle East, and Europe.

 Feed

This Metasploit module exploits an authentication bypass (CVE-2021-1472) and command injection (CVE-2021-1473) in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Then the upload.cgi   show more ...

binary will use the contents of the HTTP Cookie field as part of a curl request aimed at an internal endpoint. The curl request is executed using popen and allows the attacker to inject commands via the Cookie field. A remote and unauthenticated attacker using this module is able to achieve code execution as www-data. This module affects the RV340, RV340w, RV345, and RV345P using firmware versions 1.0.03.20 and below.

 Feed

Ubuntu Security Notice 5259-1 - It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. Florian Weimer discovered that Cron incorrectly handled   show more ...

certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 5260-1 - Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. Michael Hanselmann discovered that Samba   show more ...

incorrectly created directories. In certain configurations, a remote attacker could possibly create a directory on the server outside of the shared directory.

 Feed

Ubuntu Security Notice 5260-2 - Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root.

 Feed

Red Hat Security Advisory 2022-0331-02 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2022-0325-02 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a null pointer vulnerability.

 Feed

Red Hat Security Advisory 2022-0330-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2022-0328-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2022-0329-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2022-0332-02 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

 Feed

DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020.  Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further, 73% of DDoS attacks in Q3 2021 were

 Feed

Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat (APT) group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target's enterprise,"

 Feed

A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. Cybersecurity firm Immersive Labs, in a technical write-up detailing the findings, said that 42Gears released a series of updates between November 2021 and January 2022 to close out

 Feed

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "vfs_fruit"

 Feed

With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations. Historically, enterprise data was stored inside data centers and guarded by perimeter-based

 Feed

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's

 Feed

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013. In November 2021,

 Feed

In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted

2022-02
Aggregator history
Tuesday, February 01
TUE
WED
THU
FRI
SAT
SUN
MON
FebruaryMarchApril