Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Malware and Vulnerabilities

The US Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report on the December 2021 Log4j event, where a number of vulnerabilities were reported with this Java-based logging framework.

 Threat Intel & Info Sharing

Researchers at Unit 42 observed an operation that targets the Elastix system used in Digium phones. The attacker implants a web shell to exfiltrate data by downloading and executing additional payloads inside the target's Digium phone software.

 Malware and Vulnerabilities

Zscaler exposed new detection evasion attempts by Qakbot malware actors. It is now using ZIP file extensions, catchy file names with common formats, and Excel 4.0 macros to fool victims into downloading attachments containing the malware. To stay protected from such threats, organizations are recommended to train their employees on how to manage attachments and avoid opening suspicious attachments.

 Malware and Vulnerabilities

Cyble uncovered a new C/C++ console-based ransomware operation by a group dubbed Lilith. It has leaked the proof of first victim on its leak site. Before the encryption process starts, Lilith creates and drops ransom notes on all the folders one by one. The note gives three days to contact attackers or else the data will be leaked. Organizations are suggested to stay vigilant and implement adequate security in place.

 Feed

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition

 Feed

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo

 Feed

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an

2022-07
Aggregator history
Saturday, July 16
FRI
SAT
SUN
MON
TUE
WED
THU
JulyAugustSeptember