Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Interview with Jeffr ...

 Special Projects

Jeffrey lives outside Boston with his wife and two kids. While brewing beer is still a great passion of his, his main hobby now is gardening — growing peppers for making super-hot sauces with. But in this interview, Jeff tells us how his life is greatly influenced by his work — as the Head of Regional Social Media   show more ...

at Kaspersky. – Lets start from the beginning. When you were a child, you werent even able to dream about working for a cybersecurity company, since there was no such thing back then. So what did you dream about? – When I was a kid I wanted to be a Transformer! Like most kids, my mind was filled with fantasies and things that could take you outside whats normal. A lot of the things that I liked were tied to the sci-fi world. As I got older, I wanted to work in something where I could write or be a teacher. – Wow, I tried to be a writer myself. Did you get published? – Ive had some short stories and poetry published, but it never paid well so I looked for something in a different field. When it came to writing I wound up in sports public relations; I did really well there and turned down an offer of free higher education to become a university professor. – How come you switched from sports to cybersecurity? – I had the problem that occurs in many stories. Boy meets girl, they fall in love, blah, blah, blah. I met my then-wife while on a cruise ship and we had a long-distance relationship for a year. Then we decided it may work, so I quit and took a job in the e-commerce industry and moved to Boston. After eight years with that company I was looking for something new. A friend worked at Kaspersky and we connected. To be honest, I thought it was a boring industry and would be something short term. Boy, was I wrong. On my third day we announced the discovery of Duqu 2.0. – Aha, Duqu is a good example to explain what your job is about. What exactly you were doing when this research was revealed? – The night before, we were called to an obligatory meeting at 6am the next morning. At the time, I was like damn that sucks; what the hell is this?! I will never forget the calm voices of my colleagues discussing what happened and what we would be doing regarding the press conference, release, etc. Then came the message from Serge (the Head of Social Media) to meet him at the office at 8am to discuss things and to make sure that all the information for the blog was ready to go. Since this was only my third day, I had no clue what to expect. I was manning our social media accounts for the first time: every tweet, Facebook message or comment on blogs/news sites/reddit were coming to me. I did my best at the replies, but I had Serge with me in the States helping approve the messages. It was then that I knew this job was not going to be boring! Fast forward to today — with over a dozen crisis moments and major APT announcements — and Ive a whole different view on how things are handled. Now I am involved in the crafting of messaging, responses, and also what we should and shouldnt say publicly and on social media. And its funny, but we use Duqu as an example of how we were forged as a strong team. – Working for a foreign company, what kind of new experiences does it bring? – I had a bunch of questions at the outset that were playing off some stereotypes I had growing up during the Cold War in the U.S. I used to look at things through my narrow American lens. However, having worked here now for quite a long time managing a multinational team, Ive learned a lot. A lot of the conceptions I had were really changed. – Do you always understand your multinational colleagues? How often do they not understand what you are saying? – Yes, I have to slow how I speak and make sure that things are uttered perfectly —especially for those who dont have English as their first language. There are times when I still have to do a lot of retakes for how things are said. It still happens at least once a week now. When it comes to understanding, I think that we have a lot of good people who make it work — no matter the language. That is not just on social media, but with our larger team as well. I tried learning Russian and got to the level of maybe a preschool child, but had to stop due to lack of time. But even that taught me that the language barrier is real — you can understand how hard it is for others not speaking their mother tongue to communicate all day long, and that flips your perspective. – What were your main surprises about the real Russia when you first visited, if any? For example, one of my big surprises about the U.S. were the constant smiles on peoples faces! – The first thing that surprised me was that Russians are not as cold and hard as is often thought. Russian people are very warm: not something thats portrayed in movies. But one thing that I did not expect was just how cold — and also how hot — it can get in Russia. And the thing that I really have enjoyed with our colleagues is getting to learn more about how people were brought up, and the laughs that we can have regarding the political BS during the Cold War. Look at guys like me or you — we have a beer and we have a lot of things in common and we just want to lead good lives. Yes, there are differences, but, for real — were all people. And this is one of my favorite things; learning the culture and also trying out things like foods that are a bit different to what we have in the U.S. – Is it difficult to explain this view when you are back in the U.S.? How do Americans treat you when they learn you are working for Kaspersky? – When I first took the role, there were a lot of jokes that played into the Rocky IV movie with Ivan Drago and stuff like that. And no, while it sounds commonplace, I have yet to see a bear driving a car. From a family perspective, one of my nephews is convinced that Im a spy and tells people that that is what I do. Hell, I had a really interesting parent teacher conference when one of my kids told their teacher that I was a spy and thats why I travel so much for my job and why I go to Russia so much. One of the most common questions I get about going to Russia is whether or not its safe, if folks are scary, and things like that. A lot of it is still Cold War BS that comes up. When it comes to social media, you grow a thick skin. A lot of people make personal attacks. Nowadays its a lot of dealing with people who say that Kaspersky is part of the government — which is untrue. How I look at things: if you can have an educated conversation, its great, but if you have someone who just wants to be an ignorant ass — well, they really arent your friend to begin with. – Have you had a hard time over last two months coping with the social media storm against Kaspersky. What was the most difficult thing in this work? – I think that the people of Ukraine have it a lot harder — as do my friends and colleagues in Russia where economic sanctions are bringing them hardships. This is the life part that matters — not someone posting on social media. From a business standpoint, I look at a lot of the things that come at our company and at Eugene Kasperskys accounts. There are bots of course. Then there are social-signalers — people who reply to any account posting on particular topic or trend. In the current situation, these accounts are replying to any company or entity that hasnt stopped serving the Russian market. And of course theres no lack of random trolls who jump into any conversation. When it comes to personal accounts, perhaps the most tricky breed of trolling comes from people whom you know really well. The bigger issue has been talking to our employees and coaching them on how to reply to people and what can or cannot be said. This has been especially prominent with our EU colleagues. They are going to work and collecting pay and happen to work for a Russia-founded company. So they get questions. The problem is that many people are now tying working at a Russian company to being akin to working for the Russian government. Which is obviously not the case at all. – Finally, lets try to look into the future. In your opinion, how will the situation in cybersecurity change after this conflict? For example, some Western politicians tell folks not to use Kaspersky products just because theyre from a Russia-based company. Arent they opening their doors to hackers? – This is a tricky question. From a future standpoint, the private and public sector need to work better together. Cybercrime is not going away and neither are state-sponsored attacks. One of the things that makes Kaspersky unique is that we frankly dont care where a threat comes from. We report on them all and will work with any law enforcement body to stop cybercriminals. We have in the past helped out the U.S. and EU governments who now shun us publicly — but that is politics. It would do a disservice to everyone if countries will stop cooperating on cybersafety or split this cooperation by arbitrary bloc borders. I really just hope that people will realize that were a global society and not just lines drawn on a map. Any company that is not looking to actively protect their customers against cybersecurity risks is really failing.

 Malware and Vulnerabilities

Tracked as CVE-2022-27505, the newly resolved high-severity issue in SD-WAN is a reflected cross-site scripting (XSS) vulnerability that exists because input isn’t properly neutralized during web page generation.

 Malware and Vulnerabilities

Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick.

 Breaches and Incidents

The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. In the past, it targeted the defense, government, and engineering sectors.

 Malware and Vulnerabilities

Windows hosts running the Server Message Block protocol (SMB protocol) are vulnerable to this bug. SMB protocols allow users to share access to files and tools on remote servers.

 Threat Actors

Microsoft linked the Chinese-backed Hafnium group to a defense evasion malware Tarrask used by cybercriminals to attain persistence on compromised Windows environments. Researchers uncovered a recent malicious activity wherein hackers abused an unpatched zero-day vulnerability for their initial attack vectors.   show more ...

Experts suggest finding these hidden tasks by closer manual inspection of the Windows Registry and looking for scheduled tasks without an SD Value within their Task Key.

 Feed

Red Hat Security Advisory 2022-1373-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

 Feed

Ubuntu Security Notice 5378-4 - USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.

 Feed

Ubuntu Security Notice 5378-3 - USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.

 Feed

Red Hat Security Advisory 2022-1361-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

 Feed

Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for   show more ...

Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2022-1248-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.48. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2022-1360-01 - This release of Red Hat Fuse 7.10.2 serves as a replacement for Red Hat Fuse 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

 Feed

Red Hat Security Advisory 2022-1372-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

 Feed

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, compromise, and control

 Feed

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The

 Feed

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a

 Feed

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore

 Feed

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full control of the victim's crypto wallet to steal funds," Check Point researchers Roman Zaikin, Dikla

 Feed

A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet

 Data loss

Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but how? And armchair detectives are helping investigating cold cases involving DNA - but should they? All this and much more is   show more ...

discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

 Guest blog

Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure. Read more in my article on the Tripwire State of Security blog.

2022-04
Aggregator history
Thursday, April 14
FRI
SAT
SUN
MON
TUE
WED
THU
AprilMayJune