Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Cyber Attack Halts P ...

 AGCO/Fendt

A cyber attack has disrupted the operations of AGCO/Fendt, a major manufacturer of agricultural equipment, the company has acknowledged. The post Cyber Attack Halts Production at Ag Equipment Maker AGCO Fendt appeared first on The Security Ledger with Paul F. Roberts. Related StoriesFeel Good Ukraine Tractor Story   show more ...

Highlights Ag Cyber RiskDEF CON: Security Holes in Deere, Case IH Shine Spotlight on Agriculture Cyber RiskEpisode 218: Denial of Sustenance Attacks -The Cyber Risk To Agriculture

 Malware and Vulnerabilities

PwC Threat Intelligence documented the existence of BPFDoor. It allows a threat actor to backdoor a system for remote code execution, without opening any new network ports or firewall rules.

 Malware and Vulnerabilities

One of the ways Cobalt Strike operators obfuscate communications between a beacon planted on a victim system and the C2 server is through the use of a malleable profile, that allows masquerading the beacon communication as benign network traffic.

 Breaches and Incidents

It is worth noting that NB65 is the same group that had hacked Russian state-run television and radio broadcaster VGTRK aka All-Russia State Television and Radio Broadcasting Company in April 2022 and leaked 786GB worth of data online.

 Expert Blogs and Opinion

The team creates a highly engineered data pipeline to port all data back into a massive data lake. Next, historical features are created by running queries and pre-processing scripts. Finally, the models are trained on the large collection of data.

 Laws, Policy, Regulations

The US government believes the stolen money is being used to fund North Korea’s nuclear weapons and ballistic missile programs. Given that the North Korean actors msay have stolen $400m during the entirety of 2021, it represents a major haul.

 Trends, Reports, Analysis

The City of London police provided Freedom of Information data to The Guardian which revealed that criminal gangs are increasingly combining physical threats with cyber-knowhow to part individuals with their virtual currency.

 Threat Actors

Proofpoint researchers have spotted low-volume Emotet activity that is much different from typical Emotet threat behaviors, highly likely that the group is testing a new threat before using it. The campaign was spotted between April 4 and April 19. The testing of different attack chains is most probably an attempt to evade detection and stay hidden.

 Malware and Vulnerabilities

Researchers have identified DarkAngels, a new ransomware, that bears an uncanny resemblance between it and the Babuk ransomware. It excludes file extensions such as .exe, .dll, and .babyk from encryption. Organizations are recommended to use reliable anti-malware and internet security solutions.

 Malware and Vulnerabilities

Security researchers issued an alert to F5 BIG-IP admins to immediately update their devices after creating exploits for a recently disclosed critical CVE-2022-1388, an RCE flaw. The vulnerable devices are mostly used in the enterprise and may allow attackers to exploit the flaw for gaining initial access to networks and spreading laterally to other devices.

 Feed

Ubuntu Security Notice 5244-2 - USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

 Feed

FancyBear looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware. The exploit DLL will check if the current directory is "C:WindowsSystem32" and if not we grab our process ID and terminate. We do not need to   show more ...

rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

 Feed

Red Hat Security Advisory 2022-1745-01 - Red Hat OpenShift Serverless Client kn 1.22.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

 Feed

Satana ransomware searches for and loads a DLL named "wow64log.dll" in WindowsSystem32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). The exploit DLL must export the   show more ...

"InterlockedExchange" function or it fails with an error. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

 Feed

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:WindowsSystem32" and if not we grab our process ID and   show more ...

terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

 Feed

Petya ransomware looks for and loads a DLL named "wow64log.dll" in WindowsSystem32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). The exploit DLL must export the "InterlockedExchange"   show more ...

function or it fails with an error. We do not need to rely on hash signature or third-party products as the malware will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

 Feed

Cryakl ransomware looks for and loads a DLL named "wow64log.dll" in WindowsSystem32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). The exploit DLL must export the   show more ...

"InterlockedExchange" function or it fails with an error. We do not need to rely on hash signature or third-party products as the malware will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

 Feed

The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack.

 Feed

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked CVE-2022-1388 (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing

 Feed

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which

 Feed

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access Trojan (RAT) appears to be the work of

 Feed

Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's

 Feed

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information.

2022-05
SUN
MON
TUE
WED
THU
FRI
SAT
MayJuneJuly