Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Incident Response, Learnings

Maksim Berezan, 37, was arrested in Latvia and extradited to the US, where he pleaded guilty in April 2021 to conspiracy to commit wire fraud affecting a financial institution and conspiracy to commit access device fraud and computer intrusions.

 Trends, Reports, Analysis

Throughout 2021, security incidents remained high, with 29% of businesses experiencing a breach in the past 12 months, according to Thales. Additionally, 43% of IT Leaders admitted to having failed a compliance audit.

 Trends, Reports, Analysis

According to Malwarebytes , there was a 77% increase in malware detections over 2020. Business-focused cyberthreats jumped 143%, while consumer-specific threats rose by 65% to more than 152 million in 2021.

 Malware and Vulnerabilities

Whoever released the cracked Mars Stealer without official support has led threat actors to improperly configure their environment, exposing critical assets to the world.

 Breaches and Incidents

The data, which was published on Monday, contains the names, addresses, and phone numbers of 620 individuals who Ukraine asserts to be officers of Russia’s FSB involved in “criminal activities” in Europe.

 Trends, Reports, Analysis

The infamous Log4Shell vulnerability was exploited as an initial infection vector in 31% of cases monitored by Lacework over the past six months, highlighting risks present in today’s digital supply chain.

 Trends, Reports, Analysis

Veracode researchers also found that the public sector takes around twice as long to fix flaws once detected compared to other industries. In addition, 60% of flaws in third-party libraries in the public sector remain unfixed after two years.

 Laws, Policy, Regulations

The proposed legislation requires CISA to complete a detailed study on cybersecurity risks facing the HPH sector and work with the HHS on a range of cybersecurity measures to boost the sector's virtual defenses.

 Malware and Vulnerabilities

The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack.

 Malware and Vulnerabilities

Muhstik botnet operators were found exploiting a recently disclosed bug in some Redis Debian packages to infiltrate servers and then use it for DDOS attacks. The attackers target the vulnerability CVE-2022-0543 in Redis Debian packages. To protect against this particular attack, users are recommended to update their   show more ...

packages to Redis package version 5.6.0.16.-1 or follow the Debian security advisory or Ubuntu's security bulletin on the issue.

 Identity Theft, Fraud, Scams

Researchers found dozens of trojanized cryptocurrency wallet apps attempting to steal cryptocurrency funds, especially from Chinese users. ESET researchers have revealed over 40 copycat websites of popular cryptocurrency wallets. Smartphone users are suggested to stay vigilant and use genuine mobile wallets and exchange apps downloaded from official app stores explicitly associated with their official websites.

 Feed

Ubuntu Security Notice 5351-2 - USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are

 Feed

SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as CVE-2022-22274 (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that

 Feed

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as of writing – posting images of extracted data and credentials belonging to the company's DevOps

 Feed

A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured

 Feed

For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests. It also has a use in the “soft” side of cybersecurity — like scraping the web for compromised data and detecting bugs.  Featuring nine full-length video courses, The Complete 2022 Python Programmer Bundle helps you

 Feed

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Forcepoint. Thanks to the great team there for their support! Remember when you thought an antivirus was all you needed to keep safe from cybercriminals? Of course, cybersecurity has never truly been that simple. As threats and business operations have   show more ...

grown more complex, … Continue reading "Forcepoint ONE helps firms simplify their security"

2022-03
Aggregator history
Wednesday, March 30
TUE
WED
THU
FRI
SAT
SUN
MON
MarchAprilMay