Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Rockstar “Extremel ...

 Security

The next iteration of Grand Theft Auto made the headlines the past weekend following a major leak that provided the world with an early look at the highly anticipated game. Needless to say, given Rockstar barely talks about GTA 6, it’s no surprise that so many people are eager to see what the game is all about. The   show more ...

leak was therefore received with much enthusiasm by fans from all over the world. But according to Rockstar, the content we got to see was actually early development footage. The company claims its servers were hacked, as someone managed to break into its systems and steal the GTA content. “We recently suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto. At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects,” ... (read more)

image for Revolut Hacked, User ...

 Security

Revolut has recently been the target of a cyberattack, with the company confirming in emails sent to customers that a small number of user accounts have actually been exposed. Worth knowing is that the breach didn’t result in any theft of funds, but on the other hand, customer data has been exposed. The company,   show more ...

however, didn’t reveal what information has been exposed, but it says it’s now reaching out to every user to inform about the breach. “Data varied for different customers. We will contact them individually if necessary,” Revolut says. On the other hand, no card details, PINs, or passwords were accessed, Revolut explains. The company claims only 0.16 percent of the customers were affected, and at this point, no action is required on the user side to further protect accounts. “We recently received a highly targeted cyber attack from an unauthorized third party that may have ... (read more)

 Govt., Critical Infrastructure

Nathaniel Fick will be the Bureau of Cyberspace and Digital Policy's first-ever ambassador-at-large following its launch in April. The bureau was established to deal with international issues related to cyber and emerging technologies.

 Trends, Reports, Analysis

According to a new report by Orca Security, the average attack path is only 3 steps away from a crown jewel asset, meaning that an attacker only needs to find three connected and exploitable weaknesses in a cloud environment to exfiltrate data.

 Identity Theft, Fraud, Scams

A new phishing campaign was found abusing the demise of Her Majesty Queen Elizabeth II to harvest Microsoft credentials. The emails pretend to be from Microsoft Teams. The NCSC, U.K, issued a warning regarding an increased risk of cybercriminals abusing the Queen's death for their own advantage in phishing campaigns and fraud.

 Incident Response, Learnings

The settlement benefits a nationwide Class of individuals whose personal identifying information was compromised in the CSI Financial Services data breach between March 8, 2021, and April 26, 2021.

 Breaches and Incidents

A new cyberespionage campaign by Gamaredon is targeting employees from the Ukrainian government, law enforcement, and defense agencies, with custom-made malware. Researchers claim that its new infostealer is capable of stealing files from attached storage devices (local and remote).

 Malware and Vulnerabilities

Researchers at security firm Onekey warned of an arbitrary code execution flaw via FunJSQ, a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts multiple Netgear router models.

 Laws, Policy, Regulations

Alongside measures promoting ownership transparency and editorial independence, the European Media Freedom Act (EMFA) proposed on Friday will introduce “strong safeguards against the use of spyware against media, journalists and their families.”

 Feed

Ubuntu Security Notice 5617-1 - It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker   show more ...

could use this to expose sensitive information. Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges.

 Feed

Ubuntu Security Notice 5613-2 - USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker   show more ...

could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP   show more ...

implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

 Feed

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only   show more ...

the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after-free vulnerabilities.

 Feed

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's

 Feed

The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine,

 Feed

Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been

 Feed

A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It's said to have infected more than 1,800 victims in 71 countries,

 Feed

American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects," the company said in a notice shared on its

2022-09
Aggregator history
Monday, September 19
THU
FRI
SAT
SUN
MON
TUE
WED
SeptemberOctoberNovember