Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Transatlantic Cable  ...

 News

Our streak of a two-man booth for the Kaspersky Transatlantic Cable podcast continues, with Ahmed and me kicking things off in the cryptocurrency world. More specifically, we discuss some proposed legislation in the EU that would remove a level of anonymity for all transactions. While we have some fun with the topic,   show more ...

this is something that has been brewing and will be an interesting topic to follow. From there, we discuss Borat – unfortunately not the Sacha Baron Cohen flick – a new RAT making the rounds in criminal circles. For our third story, we put on our tinfoil hats and talk about some new patents from the US Navy that, well lets face it, sound a lot like alien technology. To close out the podcast, we discuss the metaverse and a newish system that seems a lot like a pyramid scheme. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: EU draft law adds security checks to all crypto transactions Borat RAT: Multiple threat of ransomware, DDoS and spyware S. Navy Has Patents on Tech It Says Will Engineer the Fabric of Reality The Metaverse Has Bosses Too. Meet the Managers of Axie Infinity

 Malware and Vulnerabilities

Threat actors frequently use OSINT to perform reconnaissance. Secureworks CTU researchers identified several APIs that access the internal information of any organization that uses Azure AD.

 Malware and Vulnerabilities

The hacker disguised the phishing email as a payment notification from a trusted bank and asked the recipient to open the attached Excel file that is protected by a password.

 Malware and Vulnerabilities

The most critical of the vulnerabilities, with a CVSS score of 9.1, is CVE-2022-26851. Affected versions of the PowerScale OneFS software contain “a predictable file name from observable state”.

 Malware and Vulnerabilities

In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 (AppleAVD bug) and CVE-2022-22674 (Intel Graphics Driver bug) in macOS Monterey were not backported to macOS Big Sur or macOS Catalina.

 Malware and Vulnerabilities

Kaspersky claims that at least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool we call Fendr and which has only been observed in BlackMatter activity.

 Malware and Vulnerabilities

FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites. When installing these downloads, FFDroider will also be installed, but disguised as the Telegram desktop app to evade detection.

 Malware and Vulnerabilities

Cyble discovered a new RAT, dubbed Borat. With a builder, feature modules, and a server certificate, it offers ransomware and DDOS attack services. It is not known whether Borat is being sold or freely shared among cybercriminals. While analyzing the campaign and digging into its origin, a researchers group discovered the payload executable to be AsyncRAT, depicting a connection between the two.

 Malware and Vulnerabilities

In the past few days, several attackers have been observed exploiting new zero-day vulnerabilities in commonly used software products by Google, Apple, and others. Apple has released emergency fixes for two zero-day flaws. Trend Micro fixed a high-severity vulnerability in its Apex Central. Meanwhile, Google recently fixed a high-severity zero-day bug in the Google Chrome.

 Malware and Vulnerabilities

An Android spyware impersonates a process manager app to target users and steal their data. While analyzing the spyware, the research team discovered that it downloads additional payloads to compromised devices. Organizations and users are suggested to always monitor and review the app permissions in their phones.

 Malware and Vulnerabilities

A Mirai variant called Beastmode was found exploiting disclosed vulnerabilities in TOTOLINK routers. Attackers abused five new exploits within a month. Beastmode has also added some older bugs for a variety of routers from different vendors, all rated 9.8 on the CVSS scale. TOTOLINK device users are suggested to visit the vendor's download center to apply updates.

 Threat Actors

Deep Panda was found exploiting Log4Shell to deploy the new Fire Chili rootkit in compromised networks of organizations in the travel, finance, and cosmetic industries. Fire Chili helps keep file operations, registry key additions, processes, and malicious network connections concealed from the user and security software running on the targeted machine.

 Feed

Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host   show more ...

virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.

 Feed

Ubuntu Security Notice 5368-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the network traffic control implementation   show more ...

in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5366-1 - It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. It was discovered that FriBidi incorrectly   show more ...

validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code.

 Feed

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager

 Feed

The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used

 Feed

During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on

 Feed

As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it

 Feed

Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an

 Feed

A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said

 Feed

A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and

 Data loss

There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.

2022-04
Aggregator history
Thursday, April 07
FRI
SAT
SUN
MON
TUE
WED
THU
AprilMayJune