Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Incident Response, Learnings

A rapid deployment team of FBI cyber experts is heading to Montenegro to investigate a massive and coordinated attack on the tiny Balkan nation’s government and its services, the country’s Ministry of Internal Affairs announced Wednesday.

 Identity Theft, Fraud, Scams

An adversary group erected a whole new play-to-earn community to infect users with different malware, including AsyncRAT, RedLine Stealer, and Raccoon Stealer, to steal their crypto wallets. The phony community developed websites, Discord groups, social media accounts, and a Medium developer site. It is strongly advised that the user change all passwords and create new wallets.

 Threat Actors

Russia-backed NOBELIUM was found deploying the MagicWeb backdoor (for persistence) to target entities in the U.S., Europe, and Asia. The new tools have features similar to the FoggyWeb backdoor, claim experts. The tool requires admin access to the target ADFS server by replacing a DLL with a tainted version.

 Malware and Vulnerabilities

Researchers have spotted the BianLian ransomware in attacks against well-known organizations operating in the BFSI, Education, Healthcare, Media and Entertainment, Manufacturing, and other spheres. The emergence of BianLian shows cybercriminals' dedicated effort to keep hopping tactics so as to avoid detection while keeping security experts on their toes.

 Malware and Vulnerabilities

The HHS has alerted healthcare providers about a rise in cyberattacks by the Karakurt ransomware gang that has targeted at least four providers in the last three months. Karakurt’s impact is escalated by its likely links to the Conti ransomware group, either as a working relationship or as a side business of Conti, according to HC3.

 Malware and Vulnerabilities

A new global malicious campaign by AgentTesla is going after information about victims’ computers and login credentials stored in browsers. The malware capabilities include stealing passwords from browsers, email clients, VPN clients, FTP clients, and clipboards. One of the top indicators of infected email is file extensions pdf.exe and docx.exe used in attachments. 

 Malware and Vulnerabilities

Cyble experts came across a new ransomware variant named Moisha that, with high probability, has been developed for performing highly-targeted attacks. The ransomware employs the RSA and AES encryption algorithms, as well as a hardcoded Base64 encoded RSA public key.

 Trends, Reports, Analysis

Today, cybercriminals are upping the ante, working to develop sophisticated spear-phishing campaigns to trick potential users while abusing trusted platforms like SharePoint, Amazon AWS, Google, and Adobe at more frequent rates.

 Identity Theft, Fraud, Scams

Scammers send direct messages (tells) to other players. Many of the accounts sending these messages appear to have been hijacked themselves. A link is sent to the victim, directing them away from the game to image hosting services.

 Malware and Vulnerabilities

WatchGuard has patched several vulnerabilities in two main firewall brands that have been rated between medium and critical severity. In combination, two of the flaws enable pre-authentication remote root on every WatchGuard Firebox or XTM appliance.

 Expert Blogs and Opinion

A risk-based approach will help IT and OT professionals by standardizing key metrics like life, health, safety, not to mention the impact on production capacity and efficiency.

 Govt., Critical Infrastructure

The new colonel-led, or O-6 level, program office will be under Program Executive Office Intelligence Electronic Warfare and Sensors and will be aptly called Program Manager Cyber and Space, officials told reporters on Tuesday.

 Breaches and Incidents

According to the school, an unknown actor accessed the district's systems in June and took files from the network, including the names and Social Security numbers of students.

 Feed

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-6314-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-6312-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-6313-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2022-6292-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.7 serves as a replacement for Red   show more ...

Hat AMQ Broker 7.8.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a html injection vulnerability.

 Feed

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

 Feed

Gentoo Linux Security Advisory 202208-38 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 91.13.0 are affected.

 Feed

Gentoo Linux Security Advisory 202208-37 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 104:rapid are affected.

 Feed

Gentoo Linux Security Advisory 202208-36 - Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation. Versions less than 6.1.36 are affected.

 Feed

Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.

 Feed

Ubuntu Security Notice 5591-1 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-6147-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.47. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2022-6272-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2022-6266-01 - The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enteprise Linux versions.

 Feed

Red Hat Security Advisory 2022-6133-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.30. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2022-6269-01 - The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux versions.

 Feed

Red Hat Security Advisory 2022-6268-01 - The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux versions.

 Feed

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

 Feed

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant   show more ...

to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

 Feed

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech

 Feed

Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft

 Feed

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in

 Feed

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News. Interestingly, a

 Feed

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm Sentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of

 Feed

So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications,

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured!   show more ...

This means that your Kubernetes … Continue reading "Over 900K Kubernetes clusters are misconfigured! Is your cluster a target?"

 Malware

We’re back from our summer break as we ask how did a cryptomining campaign stay unspotted for years, quiz special guest and infosec rockstar Mikko Hyppönen about his book, and ponder what spiders teach us about misinformation. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

2022-09
Aggregator history
Thursday, September 01
THU
FRI
SAT
SUN
MON
TUE
WED
SeptemberOctoberNovember