Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

Episode 241 of the Transatlantic Cable kicks off with two ransomware stories.  The first looks at what happened when two ransomware gangs attacked the same victim, at the same time.  The second looks at the recent news around Samsung and Nvidia, allegedly hacked by the Lapsus$ gang. From there, the team talk about   show more ...

NFTs and the metaverse, with the first story sure to raise the frustrations of petrol-heads as an artist blew up a $250,000 Lamborghini to create NFTs to sell digitally – yes, were scratching our heads on that one as well. The other NFT / metaverse stories look at an NFT vending machine in New York and WingStop filing a multi-class trademark to enter the metaverse and sell virtual chicken wings. To wrap up, the team look at a story around Second-Life and plans to add tax to most in-game items. If you liked what you heard, please consider subscribing. This is what happens when two ransomware gangs hack the same target Samsung Hack Allegedly Leaks Biometric Unlock Algorithm, Source Code The Curious Case Of Exploding Lamborghinis And NFTs What did I just buy? I tried to use New Yorks first NFT vending machine Even in the metaverse, you cant escape the taxman Wingstop has filed a trademark to sell chicken wings in the metaverse

image for How to spot online s ...

 Tips

Weve already covered the most obvious signs that someone is trying to scam you online. But its not always easy to spot a scam at first glance. So, before you transfer money or enter card details, its worth spending a bit more time and effort on checking e-mails and websites. To help, weve compiled eight tips to help   show more ...

you do just that. 1. Check the e-mail address Before clicking on a link in an e-mail or replying, take a closer look at the letters From field. It consists of two parts: one for the senders name, one (more importantly) for the actual e-mail address. The senders name can be anything, which scammers often exploit by using the name of the company theyre pretending to represent. But replacing the real e-mail address (the bit with the @ sign) is much harder, so this is where attackers can slip up. In most scam e-mails, the senders real address will either have nothing to do with the company being impersonated, or look similar to the real one, but not identical — with one or more characters replaced (for example, the letter O with the number 0?), an extra word, etc. Spotted a typo or inconsistency? Or the senders address is utter gibberish? Do not reply or click any links in it, but send it to the Spam folder straight away. 2. Examine the links in the e-mail If the message contains hyperlinks or buttons like Get a discount, Claim your free gift, Read more, or any other obvious call to action, always check whats behind it. If you hover the mouse cursor over the link or button (taking care not to click by mistake), you will see the actual address of the web resource the senders want you to visit. Find the official website of the company in a search engine and compare the URL with the link in the e-mail. If the addresses do not coincide, for example, the link has a different domain (say .org or some .xyz instead of .com), do not open the page. Always check what actually is behind a button or a link While youre at it, go to the official website from the search results and see if it mentions the discount/gift/promotion the suspicious e-mail is telling you about. If it doesnt, its likely a scam. 3. Take a look at the sites security certificate Some characters are so similar that the naked eye is easily deceived. Therefore, we suggest another quick way to check who owns the site — after youve gone there. Lets consider the example of Google Chrome (in other browsers the names of menu items may differ slightly). Click the padlock to the left of the URL. In the window that appears, select Connection is secure. Click Certificate is valid. Make sure the Issued to field contains the name of the company that owns the site. How to check a sites SSL certificate The padlock indicates the site is certified by an independent organization and data to and from it is encrypted. We just saw the certificate confirming this. Its fairly easy to obtain such a certificate, but not, fortunately, in another companys name. So if the name of the company or organization appears in the certificate, it can usually be trusted (just make sure the name is correct). What if theres no padlock? This means that data sent to and from the site is not protected and can be intercepted not only by the site owners, but by third parties also, so entering confidential information there is definitely a bad idea. 4. Check who registered the domain and when You can view additional information about the site domain using the Whois service. It provides data on all current IP addresses and domain names. Type the URL you want to check into the relevant field and see when the domain was registered and by whom. Difference in Whois between corporate and private domains The domain registration date is shown in the Registered On line. If a site claims to be the official resource of a reputable company with a long history, yet Whois says its only a couple of months old, youre dealing with scammers. Its also worth looking at who the domain is registered to. The owners contact information can be found in the Registrant Contact section. If the company is a serious player, at the very least its name will be shown there, and often also its address, phone number and other details. If the site purports to belong to a large company, but Whois displays Private Person in the owner field, the resource is untrustworthy. Sure, its generally fine for a domain to be registered by an individual, but if the site claims to be part of a huge corporation, its nothing if not suspicious. 5. Check the site content Study the site in more detail: if it consists of just one or two pages, its very likely to be fake. Cybercriminals use such cheap and easy sites to tout fake Burning man tickets, dupe cryptoinvestors or give away PlayStation 5 consoles. Official corporate sites always have lots of sections with useful information: news, company history, products and services, partners, etc. 6. Bookmark important sites Add all sites you frequently visit to your bookmarks and open them only from there — that way you eliminate the risk of accidentally opening a fake page. Its especially important to do this for sites that you enter personal data on, be it social networks, online banks, crypto exchanges or e-mail clients. You can bookmark a site by clicking on the star icon to the right of the address bar. 7. Be extra careful with payments and money transfers Sure, theres no need to study a site in such detail if youre going there just to read an article or watch a video. But if youre planning to enter payment details, you should do so every time. Does the website address look strange? Does the page contain typos or odd design elements? Does the page have a proper SSL certificate (see above)? Enter your details only if everything is in order. 8. Rely on professionals Even the most vigilant users sometimes make mistakes. But theres good news: website verification can be automated by using a reliable solution with spam, phishing and online fraud protection. This will detect and block any threats in real time.

image for Report: Recent 10x I ...

 Latest Warnings

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. John Todd is general   show more ...

manager of Quad9, a free “anycast” DNS platform. DNS stands for Domain Name System, which is like a globally distributed phone book for the Internet that maps human-friendly website names (example.com) to numeric Internet addresses (8.8.4.4.) that are easier for computers to manage. Your computer or mobile device generates DNS lookups each time you send or receive an email, or browse to a webpage. With anycast, one Internet address can apply to many servers, meaning that any one of a number of DNS servers can respond to DNS queries, and usually the one that is geographically closest to the customer making the request will provide the response. Quad9 insulates its users from a range of cyberattacks by blocking DNS requests for known-bad domain names, i.e., those confirmed to be hosting malicious software, phishing websites, stalkerware and other threats. And normally, the ratio of DNS queries coming from Ukraine that are allowed versus blocked by Quad9 is fairly constant. But Todd says that on March 9, Quad9’s systems blocked 10 times the normal number of DNS requests coming from Ukraine, and to a lesser extent Poland. Todd said Quad9 saw a significant drop in traffic reaching its Kyiv POP [point of presence] during the hostilities, presumably due to fiber cuts or power outages. Some of that traffic then shifted to Warsaw, which for much of Ukraine’s networking is the next closest significant interconnect site. Quad9’s view of a spike in malicious traffic targeting Ukrainian users this week. Click to enlarge. “While our overall traffic dropped in Kyiv — and slightly increased in Warsaw due to infrastructure outages inside of .ua — the ratio of (good queries):(blocked queries) has spiked in both cities,” he continued. “The spike in that blocking ratio [Wednesday] afternoon in Kyiv was around 10x the normal level when comparing against other cities in Europe (Amsterdam, Frankfurt.) While Ukraine always is slightly higher (20%-ish) than Western Europe, this order-of-magnitude jump is unprecedented.” Quad9 declined to further quantify the data that informed the Y axis in the chart above, but said there are some numbers the company is prepared to share as absolutes. “Looking three weeks ago on the same day of the week as yesterday, we had 118 million total block events, and of that 1.4 million were in Ukraine and Poland,” Todd said. “Our entire network saw yesterday on March 9th 121 million blocking events, worldwide. Of those 121 million events, 4.6 million were in Ukraine and Poland.” Bill Woodcock is executive director at Packet Clearing House, a nonprofit based in San Francisco that is one of several sponsors of Quad9. Woodcock said the spike in blocked DNS queries coming out of Ukraine clearly shows an increase in phishing and malware attacks against Ukrainians. “They’re being targeted by a huge amount of phishing, and a lot of malware that is getting onto machines is trying to contact malicious command-and-control infrastructure,” Woodcock said. Both Todd and Woodcock said the smaller spike in blocked DNS requests originating from Poland is likely the result of so many Ukrainians fleeing their country: Of the two million people who have fled Ukraine since the beginning of the Russian invasion, more than 1.4 million have made their way to Poland, according to the latest figures from the United Nations. The increase in malicious activity detected by Quad9 is the latest chapter in an ongoing series of cyberattacks against Ukrainian government and civilian systems since the outset of the war in the last week of February. As Russian military tanks and personnel began crossing the border into Ukraine last month, security experts tracked a series of destructive data “wiper” attacks aimed at Ukrainian government agencies and contractor networks. Security firms also attributed to Russia’s intelligence services a volley of distributed denial-of-service (DDoS) attacks against Ukrainian banks just prior to the invasion. Thus far, the much-feared large scale cyberattacks and retaliation from Russia haven’t materialized (for a counterpoint here, see this piece from The Guardian). But the data collected by Quad9 suggest that a great deal of low-level cyberattacks targeting Ukrainians remain ongoing. It is unclear to what extent — if any — Russia’s vaunted cyber prowess may be stymied by mounting economic sanctions enacted by both private companies and governments. In the past week, two major backbone Internet providers said they would stop routing traffic for Russia. Earlier today, the London Internet Exchange (LINX), one of the largest peering points where networks around the world exchange traffic, said it would stop routing for Russian Internet service providers Rostelecom and MegaFon. Rostelecom is Russia’s largest ISP, while MegaFon is Russia’s second-largest mobile phone operator and third largest ISP. Doug Madory, director of research for Internet infrastructure monitoring firm Kentik, said LINX’s actions will further erode the connectivity of these large Russia providers to the larger Internet. “If the other major European exchanges followed suit, it could be really problematic for Russian connectivity,” Madory said.

 Malware and Vulnerabilities

Security researchers at Cisco Talos are urging pro-Ukrainian actors to be wary of downloading DDoS tools to attack Russia, as they may be booby-trapped with info-stealing malware.

 Trends, Reports, Analysis

The cause of all the exposure, an AppOmni report stated, is “a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users.”

 Feed

Ubuntu Security Notice 5321-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute   show more ...

arbitrary code. A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature.

 Feed

Ubuntu Security Notice 5322-1 - Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2022-0821-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0056-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. Issues addressed include bypass, cross site request forgery, denial of service, and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0820-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0818-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0815-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0816-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0817-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0825-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, double free, memory leak, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0826-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2022-0827-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23. Issues addressed include buffer overflow and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0828-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15. Issues addressed include buffer overflow and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0829-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23. Issues addressed include buffer overflow and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0830-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15. Issues addressed include buffer overflow and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0819-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Issues addressed include bypass, code execution, integer overflow, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0832-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3. Issues addressed include a denial of service vulnerability.

 Feed

Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to "automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook said 

 Feed

The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country's unprovoked military invasion of Ukraine. According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic

 Feed

Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of the affected

2022-03
Aggregator history
Friday, March 11
TUE
WED
THU
FRI
SAT
SUN
MON
MarchAprilMay