Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Expert Blogs and Opinion

Zero trust is more than a philosophy; it’s an outcomes-based approach to coordinating both existing and new security capabilities, a Google Cloud executive told government leaders at CyberScoop’s Zero Trust Summit on April 6.

 Expert Blogs and Opinion

A Forrester report found that while 65 percent use staff training to ensure compliance with data protection policies, 55 percent said their users have found ways to circumvent those same policies.

 Geopolitical, Terrorism

The Spanish government reported days after it had detected the Pegasus spyware in the mobile phones of Prime Minister Pedro Sanchez and Defence Minister Margarita Robles. ERC legislator Gabriel Rufian supported the decision to sack Esteban.

 Laws, Policy, Regulations

Joe Biden has signed The Better Cybercrime Metrics Act - a bill that aims to improve how the federal government tracks and prosecutes cybercrime. It also gives the DoJ to establish a category in the National Incident-Based Reporting System.

 Malware and Vulnerabilities

The vulnerability was mitigated on April 15, with no evidence of exploitation before fixes were released. The vulnerability could have allowed an attacker to perform remote command execution across IR infrastructure not limited to a single tenant.

 Malware and Vulnerabilities

Based on the various techniques and modules (pen-testing suites, custom anti-detection wrappers, final stage trojans) used in the campaign, a researcher noted that the entire campaign “looks impressive.”

 Trends, Reports, Analysis

Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks. This blog entry takes a closer look at the Black Basta ransomware and analyzes this newcomer’s familiar infection techniques.

 Breaches and Incidents

Around three-quarters (75%) of these credentials are thought to have been stolen via conventional data breaches, while around a quarter was obtained via individually targeted malware infections.

 Breaches and Incidents

The targets include both car manufacturers and car dealerships in Germany, and the threat actors have registered multiple lookalike domains for use in their operation by cloning legitimate sites of various organizations in that sector.

 Security Products & Services

Microsoft rolled out a new suite of new managed services aimed at the mid-market, betting that short-staffed organizations will need outside help to reduce bloating attack surfaces and mitigate an ongoing surge in malware attacks.

 Trends, Reports, Analysis

New information released by the EU, UK, US and other allies suggests that Russian threat actors were responsible for the DDoS attack on commercial communications firm Viasat in Ukraine on February 24, the day Russia launched its full-scale invasion.

 Feed

An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe in Printix's "Printix Secure Cloud Print Management" versions 1.3.1106.0 and below allows a local or remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.

 Feed

A "Creation of Temporary Files in Directory with Insecure Permissions" vulnerability in PrintixService.exe in Printix's "Printix Secure Cloud Print Management" versions 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the creation of the Installer's temp.ini file.

 Feed

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request   show more ...

parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.

 Feed

Ubuntu Security Notice 5179-2 - USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the corresponding updates for Ubuntu 16.04 ESM. It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip   show more ...

archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-1756-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Issues addressed include an information leakage vulnerability.

 Feed

Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.

 Feed

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory

 Feed

Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972, has been codenamed "SynLapse" by researchers from Orca Security, who reported the flaw to Microsoft in January 2022. <!--adsense--> "The vulnerability was specific to

 Feed

The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management (

 Feed

The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a

 Feed

TL;DR:  Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business

 Feed

Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an analysis last week. "The stealer also steals data from various locations across the system and

2022-05
Aggregator history
Tuesday, May 10
SUN
MON
TUE
WED
THU
FRI
SAT
MayJuneJuly