Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for DogWalk and several ...

 Business

With this August patch Tuesday Microsoft fixed more than a hundred vulnerabilities. Some of the vulnerabilities require special attention from corporate cybersecurity personal. Among them there are 17 critical ones, two of which are zero-days. At least one vulnerability has already been actively exploited in the wild,   show more ...

so it would be wise not to delay the patch implementation. It is no coincidence that the US Cybersecurity and Infrastructure security agency recommends paying attention to this update. DogWalk (aka CVE-2022-34713) — RCE vulnerability in MSDT The most dangerous of the newly closed vulnerabilities is CVE-2022-34713. Potentially it allows remote execution of malicious code (belongs to the RCE type). CVE-2022-34713, dubbed DogWalk, is a vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT), like Follina, which made some hype in May of this year. The problem lies in how the system handles Cabinet (.cab) archives. To exploit the vulnerability, attacker needs to lure the user to open a malicious file that saves the .diagcab archive to the Windows Startup folder so that its contents will be executed the next time the user restarts his computer and logs in. Actually DogWalk was discovered two years ago, but then the system developers for some reason did not pay enough attention to this problem. Now the vulnerability is fixed, but Microsoft has already detected its exploitation. Other vulnerabilities to watch out for The second zero-day vulnerability closed last Tuesday is CVE-2022-30134. It is contained in Microsoft Exchange. Information about it was published before Microsoft was able to create the patch, but so far this vulnerability has not been exploited in the wild. Theoretically if an attacker manages to use CVE-2022-30134, he will be able to read the victims email correspondence. This is not the only flaw in Exchange that was fixed by the new patch. It also closes the CVE-2022-24516, CVE-2022-21980 and CVE-2022-24477 vulnerabilities that allow attackers to elevate their privileges. As for the CVSS rating, two related vulnerabilities are conditional champions: CVE-2022-30133 and CVE-2022-35744. Both are found in the Point-to-Point Protocol (PPP). Both allow attackers to send requests to the remote access server, which can lead to the execution of malicious code on the machine. And both have the same CVSS score: 9.8. For those who for some reasons cannot immediately install patches, Microsoft recommends closing port 1723 (vulnerabilities can only be exploited through it). However, be aware that this may disrupt the stability of communications on your network. How to stay safe We advise to install fresh Microsoft updates as soon as possible, and do not forget to check all the information in the FAQs, Mitigations, and Workarounds section on the update guide that is relevant to your infrastructure. In addition, it should be remembered that all computers in the company with Internet access (whether they are workstations or servers) must be equipped with a reliable cybersecurity solution, capable to protect them against exploitation of even yet undetected vulnerabilities.

image for The Security Pros an ...

 A Little Sunshine

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an   show more ...

infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website. What is an email alias? When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that prefaced by a “+” sign just to the left of the “@” sign in your email address. For instance, if I were signing up at example.com, I might give my email address as krebsonsecurity+example@gmail.com. Then, I simply go back to my inbox and create a corresponding folder called “Example,” along with a new filter that sends any email addressed to that alias to the Example folder. Importantly, you don’t ever use this alias anywhere else. That way, if anyone other than example.com starts sending email to it, it is reasonable to assume that example.com either shared your address with others or that it got hacked and relieved of that information. Indeed, security-minded readers have often alerted KrebsOnSecurity about spam to specific aliases that suggested a breach at some website, and usually they were right, even if the company that got hacked didn’t realize it at the time. Alex Holden, founder of the Milwaukee-based cybersecurity consultancy Hold Security, said many threat actors will scrub their distribution lists of any aliases because there is a perception that these users are more security- and privacy-focused than normal users, and are thus more likely to report spam to their aliased addresses. Holden said freshly-hacked databases also are often scrubbed of aliases before being sold in the underground, meaning the hackers will simply remove the aliased portion of the email address. “I can tell you that certain threat groups have rules on ‘+*@’ email address deletion,” Holden said. “We just got the largest credentials cache ever — 1 billion new credentials to us — and most of that data is altered, with aliases removed. Modifying credential data for some threat groups is normal. They spend time trying to understand the database structure and removing any red flags.” According to the breach tracking site HaveIBeenPwned.com, only about .03 percent of the breached records in circulation today include an alias. Email aliases are rare enough that seeing just a few email addresses with the same alias in a breached database can make it trivial to identify which company likely got hacked and leaked said database. That’s because the most common aliases are simply the name of the website where the signup takes place, or some abbreviation or shorthand for it. Hence, for a given database, if there are more than a handful of email addresses that have the same alias, the chances are good that whatever company or website corresponds to that alias has been hacked. That might explain the actions of Allekabels, a large Dutch electronics web shop that suffered a data breach in 2021. Allekabels said a former employee had stolen data on 5,000 customers, and that those customers were then informed about the data breach by Allekabels. But Dutch publication RTL Nieuws said it obtained a copy of the Allekabels user database from a hacker who was selling information on 3.6 million customers at the time, and found that the 5,000 number cited by the retailer corresponded to the number of customers who’d signed up using an alias. In essence, RTL argued, the company had notified only those most likely to notice and complain that their aliased addresses were suddenly receiving spam. “RTL Nieuws has called more than thirty people from the database to check the leaked data,” the publication explained. “The customers with such a unique email address have all received a message from Allekabels that their data has been leaked – according to Allekabels they all happened to be among the 5000 data that this ex-employee had stolen.” HaveIBeenPwned’s Hunt arrived at the conclusion that aliases account for about .03 percent of registered email addresses by studying the data leaked in the 2013 breach at Adobe, which affected at least 38 million users. Allekabels’s ratio of aliased users was considerably higher than Adobe’s — .14 percent — but then again European Internet users tend to be more privacy-conscious. While overall adoption of email aliases is still quite low, that may be changing. Apple customers who use iCloud to sign up for new accounts online automatically are prompted to use Apple’s Hide My Email feature, which creates the account using a unique email address that automatically forwards to a personal inbox. What are the downsides to using email aliases, apart from the hassle of setting them up? The biggest downer is that many sites won’t let you use a “+” sign in your email address, even though this functionality is clearly spelled out in the email standard. Also, if you use aliases, it helps to have a reliable mnemonic to remember the alias used for each account (this is a non-issue if you create a new folder or rule for each alias). That’s because knowing the email address for an account is generally a prerequisite for resetting the account’s password, and if you can’t remember the alias you added way back when you signed up, you may have limited options for recovering access to that account if you at some point forget your password. What about you, Dear Reader? Do you rely on email aliases? If so, have they been useful? Did I neglect to mention any pros or cons? Feel free to sound off in the comments below.

image for Microsoft Patch Tues ...

 Time to Patch

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in   show more ...

Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections. In June, Microsoft patched a vulnerability in MSDT dubbed “Follina” that had been used in active attacks for at least three months prior. This latest MSDT bug — CVE-2022-34713 — is a remote code execution flaw that requires convincing a target to open a booby-trapped file, such as an Office document. Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743. The publicly disclosed Exchange flaw is CVE-2022-30134, which is an information disclosure weakness. Microsoft also released fixes for three other Exchange flaws that rated a “critical” label, meaning they could be exploited remotely to compromise the system and with no help from users. Microsoft says addressing some of the Exchange vulnerabilities fixed this month requires administrators to enable Windows Extended protection on Exchange Servers. See Microsoft’s blog post on the Exchange Server updates for more details. “If your organization runs local exchange servers, this trio of CVEs warrant an urgent patch,” said Kevin Breen, director of cyber threat research for Immerse Labs. “Exchanges can be treasure troves of information, making them valuable targets for attackers. With CVE-2022-24477, for example, an attacker can gain initial access to a user’s host and could take over the mailboxes for all exchange users, sending and reading emails and documents. For attackers focused on Business Email Compromise this kind of vulnerability can be extremely damaging.” The other two critical Exchange bugs are tracked as CVE-2022-24516 and CVE-2022-21980. It’s difficult to believe it’s only been a little more than a year since malicious hackers worldwide pounced in a bevy of zero-day Exchange vulnerabilities to remotely compromise the email systems for hundreds of thousands of organizations running Exchange Server locally for email. That lingering catastrophe is reminder enough that critical Exchange bugs deserve immediate attention. The SANS Internet Storm Center‘s rundown on Patch Tuesday warns that a critical remote code execution bug in the Windows Point-to-Point Protocol (CVE-2022-30133) could become “wormable” — a threat capable of spreading across a network without any user interaction. “Another critical vulnerability worth mentioning is an elevation of privilege affecting Active Directory Domain Services (CVE-2022-34691),” SANS wrote. “According to the advisory, ‘An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.’ A system is vulnerable only if Active Directory Certificate Services is running on the domain. The CVSS for this vulnerability is 8.8.” Breen highlighted a set of four vulnerabilities in Visual Studio that earned Microsoft’s less-dire “important” rating but that nevertheless could be vitally important for the security of developer systems. “Developers are empowered with access to API keys and deployment pipelines that, if compromised, could be significantly damaging to organizations,” he said. “So it’s no surprise they are often targeted by more advanced attackers. Patches for their tools should not be overlooked. We’re seeing a continued trend of supply-chain compromise too, making it vital that we ensure developers, and their tools, are kept up-to-date with the same rigor we apply to standard updates.” Greg Wiseman, product manager at Rapid7, pointed to an interesting bug Microsoft patched in Windows Hello, the biometric authentication mechanism for Windows 10.  Microsoft notes that the successful exploitation of the weakness requires physical access to the target device, but would allow an attacker to bypass a facial recognition check. Wiseman said despite the record number of vulnerability fixes from Redmond this month, the numbers are slightly less dire. “20 CVEs affect their Chromium-based Edge browser and 34 affect Azure Site Recovery (up from 32 CVEs affecting that product last month),” Wiseman wrote. “As usual, OS-level updates will address a lot of these, but note that some extra configuration is required to fully protect Exchange Server this month.” As it often does on Patch Tuesday, Adobe has also released security updates for many of its products, including Acrobat and Reader, Adobe Commerce and Magento Open Source. More details here. Please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

image for BrightCloud® Threat ...

 Threat Lab

When was the last time you secretly smiled when ransomware gangs had their bitcoin stolen, their malware servers shut down, or were forced to disband? We hang on to these infrequent victories because history tells us that most ransomware collectives don’t go away—they reinvent themselves under a new name, with   show more ...

new rules, new targets, and new weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. So, what does this mean for your business, your customers, your partners, and even your family as you vie to stay safe online and protect what matters most—data? The OpenText Security Solutions threat intelligence team is sharing mid-year updates to our 2022 BrightCloud® Threat Report. With insight into the latest threats and trends, we are arming organizations with the knowledge they need to pivot and stay ahead of cyber criminals’ around-the-clock reinvention of malware, phishing, and brand impersonations. MALWARE CONTINUES TO ITERATE, AND GROW Malware Solution Option: Windows 11 adoption remains very slow which highlights the importance of incorporating a layered security approach that includes DNS protection to help reduce infection rates. Protective DNS services are essential components of today’s cyber resilience strategies because its protection not only offers added privacy, but also acts as a robust defense against malware. In fact, there are 31% fewer infections when endpoint and DNS protection are combined. PHISHING PREYED ON A VOLATILE MARKET Phishing activity was exceptionally high. Almost 20% of all first half of 2022’s attacks occurring in April, which was likely the result of tax season, the beginning of national gas hikes, and the baby food shortage. Phishing continued to proliferate with 46% of all successful phishing attacks using HTTPS. Brands such as Google, Apple and PayPal were among the top ten so far this year for credential phishing, a process of obtaining login information from users. Phishing Solution Option: Consumers are still more likely to experience an infection than their business counterparts. Yet as more employees use personal phones and tablets for work, businesses must remain vigilant Everyone benefits from ongoing security awareness training to reduce the likelihood of successful attacks that can wreak havoc on a business network and affect continuity. The 2022 BrightCloud® Threat Report mid-year update emphasizes the need to increase cyber resilience using trustworthy and dependable security solutions like antivirus, DNS protection, and backup and recovery to help protect what matters most. To learn more, go to: www.brightcloud.com The post BrightCloud® Threat Report Mid-Year Update: Reinvention is the Name of the Game appeared first on Webroot Blog.

 Malware and Vulnerabilities

A rapidly evolving IoT botnet known as RapperBot has been found in the wild. First appearing in June, the botnet borrows heavily from the original Mirai source code. The botnet targets ARM, MIPS, SPARC, and x86 architectures.

 Malware and Vulnerabilities

A threat actor, dubbed TAC-040, allegedly abused a flaw in Atlassian Confluence servers to deploy a previously unknown backdoor Ljl Backdoor. The attack took place in April and the attackers pilfered 700MB of data from the infected system. Organizations are recommended to perform a routine check-up for their security posture.

 Identity Theft, Fraud, Scams

The North Korean Lazarus APT group is back with a new campaign, which impersonates Coinbase to target people working in the fintech industry. The threat group approaches targets over LinkedIn to offer a job and then hold a preliminary discussion as part of their social engineering scheme.

 Expert Blogs and Opinion

NIST is a non-regulatory government agency that produces and maintains a set of crucial cybersecurity standards for information systems. These aim to help federal agencies meet the requirements of the Federal Information Security Management Act.

 Trends, Reports, Analysis

Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in their strikes.

 Security Culture

Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only public symbols are called ‘stripped symbol files’.

 Identity Theft, Fraud, Scams

Instagram’s explosion in popularity and exclusivity of verification badges has made verification highly desirable for many users — a sentiment that also exists on other social media platforms like Twitter.

 Trends, Reports, Analysis

The cybersecurity firm Nuspire recorded an increase in malware events of over 25%, a doubling of botnet detections, and a rise in exploit activity of 150% versus the first quarter.

 Trends, Reports, Analysis

In June 2022, CPR reported that Emotet had a global impact of 14%. July saw a 50% reduction in Emotet's global impact, down to 7%, but despite this, the malware remains in the top spot.

 Trends, Reports, Analysis

With massive investments made into the metaverse space, it is now necessary to start designing and implementing relevant security measures while the concept is still evolving.

 Malware and Vulnerabilities

Last month, a small cybersecurity firm told a major Indian online insurance brokerage it had found critical vulnerabilities in the company’s internet-facing network that could expose sensitive data from at least 11 million customers.

 Feed

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package   show more ...

manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.

 Feed

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

 Feed

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was   show more ...

discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 5559-1 - It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. It was discovered that Moment.js incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote   show more ...

attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed   show more ...

include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

 Feed

Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was   show more ...

discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was   show more ...

discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.

 Feed

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

 Feed

Ubuntu Security Notice 5558-1 - Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

 Feed

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

 Feed

Gentoo Linux Security Advisory 202208-10 - Multiple vulnerabilities have been found in Spice Server, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.15.0 are affected.

 Feed

Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.

 Feed

Red Hat Security Advisory 2022-5997-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for   show more ...

installing, maintaining, and upgrading Red Hat Ceph Storage. Perf Tools is a collection of performance analysis tools, including a high-performance multi-threaded malloc() implementation that works particularly well with threads and STL, a thread-friendly heap-checker, a heap profiler, and a cpu-profiler.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a

 Feed

As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues

 Feed

Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new

 Feed

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards

 Feed

A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg reported Tuesday. He faces up to 20 years in prison when sentenced. The verdict comes nearly three years

 Feed

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least

2022-08
Aggregator history
Wednesday, August 10
MON
TUE
WED
THU
FRI
SAT
SUN
AugustSeptemberOctober