Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Malware and Vulnerabilities

Upon execution, the loader base64 decodes a Black Basta payload using the CryptStringToBinaryA() API function. Black Basta is then injected into a process instance of the loader and executed in memory.

 Malware and Vulnerabilities

The Magniber ransomware popped up with a new upgrade to target targeting Windows 11 users. However, the program can compromise multiple versions of the OS. Magniber uses the RSA+AES encryption to encrypt files, in which RSA uses 2048 bits, which is challenging to crack. Experts suggest users avoid downloading unknown programs from unknown sources.

 Malware and Vulnerabilities

The DHS' cybersecurity agency has urged U.S. federal government agencies to update or remove VMware products from their networks in the wake of two critical vulnerabilities. A Proof-of-Concept (PoC) exploit code has been issued by Horizon3 security researchers for the critical authentication bypass vulnerability.   show more ...

It is highly recommended to implement a robust patch management system to timely update software with the latest patches.

 Trends, Reports, Analysis

The FBI alerted that credentials stolen from the higher education sector are being sold on multiple public and dark web marketplaces. In some cases, VPN and network access credentials are being sold for thousands of dollars. The FBI recommends colleges and universities pay special attention to connections via remote desktop protocols.

 Trends, Reports, Analysis

A recent study estimates that a staggering $39.5 billion was lost to phone scams this past year, which is the highest number recorded since Truecaller began researching scam and spam calls in the U.S. eight years ago.

 Breaches and Incidents

The personal data that may have been comprised is akin to the information found in an annual statement. It includes items like name, addresses, ages, email addresses, telephone numbers, member account numbers and member balances.

 Mobile Security

One of the schemes used by scammers which has been becoming more popular since last year are scam apps for receiving social benefits. These apps redirect to a webpage asking for personal data to claim a large sum of money.

 Feed

Schneider Electric C-Bus Automation Controller (5500SHAC) version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up (init) script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with root privileges that will grant full control of the device.

 Feed

Ubuntu Security Notice 5452-1 - It was discovered that NTFS-3G was incorrectly validating NTFS metadata in its ntfsck tool by not performing boundary checks. A local attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-4801-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

 Feed

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on   show more ...

systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

 Feed

Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Ubuntu Security Notice 5431-1 - It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2022-4765-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

 Feed

Red Hat Security Advisory 2022-4768-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

 Feed

Red Hat Security Advisory 2022-4766-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

 Feed

Red Hat Security Advisory 2022-4776-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

 Feed

Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week. "The Robin Hood-like group claims to be interested in

 Feed

Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations," the U.S.

 Feed

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document ("05-2022-0438.doc") that was uploaded to VirusTotal from an IP address in Belarus. "It uses Word's

 Feed

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes.  An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecting an app they need with their Google workspace or M365 environment, etc. Simple actions that users

 Feed

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services

2022-05
Aggregator history
Monday, May 30
SUN
MON
TUE
WED
THU
FRI
SAT
MayJuneJuly