Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Episode 242: Hacking ...

 Agriculture

In our latest podcast, Paul caught up with Sick Codes (@sickcodes) to talk about his now-legendary presentation at the DEF CON Conference in Las Vegas, in which he demonstrated a hack that ran the Doom first person shooter on a John Deere 4240 touch-screen monitor. The post Episode 242: Hacking the Farm (and John   show more ...

Deere) with Sick Codes appeared...Read the whole entry... » Click the icon below to listen. Related StoriesDEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, CompetitionFeel Good Ukraine Tractor Story Highlights Ag Cyber RiskEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

 Malware and Vulnerabilities

Hackers are turning to the Sliver toolkit as an alternative for Cobalt Strike beacon to launch a variety of attacks including ransomware operations. Sliver has been used in several campaigns aimed at a wide range of organizations, including government, research, telecommunications, and higher education. 

 Expert Blogs and Opinion

Among other commitments, the proposed amendments would require that financial institutions offer current reporting about “material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents.

 Malware and Vulnerabilities

Cyble researchers spotted and analyzed a new JavaScript skimmer used by the Magecart threat group to target Magento e-commerce sites and steal payment data. The malicious JS code is loaded with standard skimmer anti-detection features. Magento e-commerce site owners should deploy the right tools to detect any anomaly on their portal. 

 Threat Actors

The Dridex trojan, propagated by Evil Corp, is capable of affecting the confidentiality and availability of operational systems and data, including financial and health information.

 Malware and Vulnerabilities

A new ransomware family, dubbed Agenda, was found targeting organizations in Thailand, Indonesia, South Africa, and Saudi Arabia. It has a customized ransom note that demands a ransom between $50,000 and $800,000. Some similarities were observed between Agenda and other ransomware, including Black Matter, REvil, and Black Basta.

 Threat Actors

MuddyWater APT is hunting down unprotected SysAid Server instances by abusing the Log4Shell vulnerability. It uses eHorus and Ligolo for C2 communication during the intrusion. Despite SysAid fixing the Log4Shell flaw after its disclosure, several organizations haven’t applied the patch yet.

 Expert Blogs and Opinion

With organizations expanding their vendor base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cybersecurity measures to assess how much risk vendors pose.

 Malware and Vulnerabilities

A now-patched, high-severity flaw in the Android version of TikTok could have resulted in attackers hijacking user accounts with a single click - disclosed Microsoft. Attackers can use that access to modify users' TikTok profiles and sensitive information, such as sending messages, posting private videos, and uploading videos on behalf of users.

 Feed

This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine   show more ...

allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the lockdown-sensor command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that support the ASA FirePOWER module (at least Cisco ASA-X with FirePOWER Service, and Cisco ISA 3000). The vulnerability has been patched in ASA FirePOWER module versions 6.2.3.19, 6.4.0.15, 6.6.7, and 7.0.21. The following versions will receive no patch: 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*.

 Feed

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide   show more ...

variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

 Feed

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages.   show more ...

GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

 Feed

Ubuntu Security Notice 5595-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel   show more ...

did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5596-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did   show more ...

not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5591-4 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the

 Feed

A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate,

 Feed

Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows

 Feed

Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or

2022-09
Aggregator history
Monday, September 05
THU
FRI
SAT
SUN
MON
TUE
WED
SeptemberOctoberNovember