Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Links in conflict: t ...

 Threats

On this blog, you will often see posts that discuss how cybercriminals will take every advantage that is at their disposal to make a quick buck or gain a foothold into a corporate infrastructure. In the past, weve seen targeting focused on the coronavirus, World Cups, Olympics, elections and basically any other major   show more ...

event. And the reason is simple — these items are passionate topics that people resonate with. Passion, at times, will undermine the usual cautiousness that people have in terms of questioning what they see or click on or share with their friends, family, co-workers and just about anybody on social media. Fast forward to today and we are seeing the eyes of the world turned toward the geopolitical conflict in Ukraine. The increased focus on this conflict has seen a growth in people looking at how to get involved – including cybercriminals looking to make a quick buck. If youre on any social network, you have probably seen people jumping on hashtags or flooding feeds with information on the current events. In some areas, it will seem like friends youve known for years have turned into bots blindly sharing. However, there are those that want to do more and join the cause. In particular, there are some folks who look to joining hacktivism groups even if they dont particularly have the technical skills to carry out hacks. More technically savvy hacktivists have made it easy for their less-techy brethren with links to easily join up and have scripts run for them. While we understand that people want to get involved and support these efforts, we have to point out that depending on where you live, or what you are doing, these activities are illegal. If you are someone that wants to join into these efforts, please make sure that you understand what you are doing from both the ethical and legal angles, as well as those in your heart. Whats more, you should keep in mind security concerns. Unfortunately, this trend has been taken up by crooks as well: our colleagues over at Talos recently conducted research on how malefactors were creating similar packages that were, in fact, malware. Aside from that, some activists are also calling for their supporters to bombard commercial organizations with demands to provide some sort of assistance, or, conversely, to abandon some types of activities. Among these calls are also quite dangerous ones — for example, to replace security software with less effective products. These calls to action in hacktivist groups are also ripe for impersonation for criminals that are opportunistic. These targeted campaigns may also lead to spear phishing attacks. Tips to stay safe Think for yourself. We cant tell you what to do, but we have to remind you that any decision you make has to be based on solid facts, not on fake news. Always do your own research and try to figure out the full consequences of your actions as best as you can. Check e-mail senders. One of the first things to do when it comes to avoiding falling victim to a malicious e-mail is to look at who the sender is. While the name may seem familiar, make sure that the e-mail is from a trusted source or legitimate company/person reaching out to you. Confirm links. Similar to looking at the sender, take a look and make sure that the links are from legitimate sites and tied to the sender when clicking through. As mentioned earlier, acting with emotions can cloud judgement, so be sure to keep your security vigilance up when clicking e-mail links. Dont install suspicious packages. Growing up, we all heard not to take candy from strangers. Similarly, you shouldnt download things from an e-mail or site that you are not sure if it is trustworthy. And if youre going to download it anyway, at the very least scan it with a reliable antivirus.

image for Lawmakers Probe Earl ...

 Ne'er-Do-Well News

Aleksei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Image: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov, a cybercriminal who long operated two of Russia’s most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought   show more ...

Burkov’s extradition to the U.S. for four years — even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison. But a little more than a year later, he was quietly released and deported back to Russia. Now some Republican lawmakers are asking why a Russian hacker once described as “an asset of supreme importance” was allowed to shorten his stay. A native of St. Petersburg, Russia, Burkov admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded online community that attracted some of the world’s most-wanted Russian hackers. But Burkov’s cybercriminal activities spanned far beyond mere credit card fraud. A 2019 deep dive into Burkov’s hacker alias “K0pa” revealed he also was co-administrator of the secretive Russian cybercrime forum “Mazafaka.” Like DirectConnection, Mazafaka’s member roster was a veritable “Who’s Who?” of the Russian hacker underground, and K0pa played a key role in vetting new members and settling disputes for both communities. K0pa’s elevated status in the Russian cybercrime community made him one of the most connected malicious hackers ever apprehended by U.S. authorities. As I wrote at the time of Burkov’s extradition, the Kremlin was probably concerned that he simply knew too much about Russia’s propensity to outsource certain activities to its criminal hacker community. “To my knowledge, no one has accused Burkov of being some kind of cybercrime fixer or virtual badguy Rolodex for the Russian government,” KrebsOnSecurity wrote in 2019. “On the other hand, from his onetime lofty perch atop some of the most exclusive Russian cybercrime forums, K0pa certainly would have fit that role nicely.” Burkov was arrested in December 2015 on an international warrant while visiting Israel, and over the ensuing four years the Russian government aggressively sought to keep him from being extradited to the United States. When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians imprisoned Israeli citizen Naama Issachar on trumped-up drug charges in a bid to trade prisoners. Nevertheless, Burkov was extradited to the United States in November 2019. And if there were any doubts Issachar was jailed for use as a political pawn, Russian President Vladimir Putin erased those by pardoning her in January 2020, just hours after Burkov pleaded guilty in the United States. In June 2020, Burkov was sentenced to nine years in prison. But a little more than a year later — Aug. 25, 2021 — Burkov was released and deported back to Russia. According to a letter (PDF) sent Monday by four Republican House lawmakers to White House National Security Advisor Jake Sullivan, U.S. Immigration and Customs Enforcement (ICE) officials escorted Burkov onto a plane destined for Moscow shortly after his release. “An ICE spokesperson stated that Burkov is wanted by Russian authorities, and a DOJ spokesperson denied that a prisoner exchange took place,” the letter reads. “The decision to prematurely release Burkov is curious given the lengths to which the U.S. government went to secure Burkov’s arrest.” The letter, signed by the ranking members of the House Judiciary, Homeland Security, Intelligence and Foreign Affairs committees, demanded to know why Burkov was released prematurely, and whether the U.S. received anything in return. The lawmakers also asked for a list of all Russian nationals convicted of crimes in the U.S. who were released early since President Biden took office. Records show Burkov was in the custody of either Israeli or U.S. authorities for almost five years prior to his sentencing in 2020. At the time of his release, Burkov had already been incarcerated for nearly six years. So where did the other years of his sentence go? That remains unclear, but it is possible he cut some sort of deal to lessen his sentence. On June 16, 2021, a “sealed pleading” was added to Burkov’s court record, followed by a sealed document entered on Aug. 18 — a week before Burkov’s deportation. The motion to seal these and other documents related to the pleading was made by U.S. federal prosecutors, and those documents remain hidden from public viewing.

 Incident Response, Learnings

The UK data protection regulator has fined a leading legal practice £98,000 ($128,000) after security failures that enabled ransomware actors to steal sensitive information on scores of court cases.

 Malware and Vulnerabilities

The initial installers were masquerading as legitimate installers, but the programs were also packaged with malicious scripts and payloads to perform automated reconnaissance and download the Zloader trojan, and in some cases, Cobalt Strike.

 Expert Blogs and Opinion

The December ransomware attack against workforce management company Ultimate Kronos Group hindered the ability of its customers to process payrolls. The attack, which has far-reaching ramifications, has stakeholders looking for who is to blame.

 Threat Actors

Iranian MuddyWater APT launched a new series of attacks targeting Turkey and the Arabian Peninsula. The recent intrusions appear to be a continuation of a November 2021 campaign targeting Turkish entities. Its malicious activities shows group's peaked interest in the region and geopolitics.

 Malware and Vulnerabilities

The credential-stealing Raccoon Stealer is spotted using the chat app to store and update C2 addresses as adversaries find creative new ways to distribute the malware. The cybercriminals are attempting to evade detection by packing the credential stealer, using Themida or malware packers. Experts think that the developers of this malware will continue to add new features to it to make it efficient.

 Malware and Vulnerabilities

One of the most active banking trojans has been spotted tweaking its technique but using the same old infrastructure to target its victims in banking the sector. The attackers use fake banking templates impersonating Portuguese organizations to bait victims. Organizations are recommended to make use of provided IOCs for better detection of such threats.

 Feed

Red Hat Security Advisory 2022-0892-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

 Feed

Red Hat Security Advisory 2022-0925-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0886-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-0891-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include null pointer and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0855-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with enhancements, security updates,   show more ...

and bug fixes. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory.

 Feed

Apple Security Advisory 2022-03-14-4 - macOS Monterey 12.3 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Apple Security Advisory 2022-03-14-2 - watchOS 8.5 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

 Feed

Apple Security Advisory 2022-03-14-1 - iOS 15.4 and iPadOS 15.4 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Apple Security Advisory 2022-03-14-3 - tvOS 15.4 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Apple Security Advisory 2022-03-14-5 - macOS Big Sur 11.6.5 addresses bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Apple Security Advisory 2022-03-14-6 - Security Update 2022-003 Catalina addresses bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0856-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private   show more ...

cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. Issues addressed include a bypass vulnerability.

 Feed

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate (INCD) said in a tweet. "As a result, access to several websites, among them

 Feed

Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company

 Feed

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable ("

 Feed

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the

 Data loss

Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data, including hashed passwords, from graphics card maker NVIDIA. Of course, you would hope that any sensible NVIDIA employee would have chosen a sensible hard-to-crack password, and ensured that they weren’t using the same password anywhere else on the internet...

2022-03
Aggregator history
Tuesday, March 15
TUE
WED
THU
FRI
SAT
SUN
MON
MarchAprilMay