Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Supply Chain Hackers ...

 dependency confusion attack

Researchers at Checkmarx say that a cybercriminal group, LofyGang, has targeted the open-source supply chain with hundreds of malicious packages to steal credit card information, stream accounts, and promote hacking tools. The post Supply Chain Hackers LofyGang Behind Hundreds of Malicious Packages appeared first on   show more ...

The Security Ledger with Paul...Read the whole entry... » Related StoriesDEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, CompetitionState of Modern Application Security: 6 Key Takeaways For 2022Spotlight: How Secrets Sprawl Undermines Software Supply Chain Security

 Malware and Vulnerabilities

A new malware strain named Maggie is targeting Microsoft SQL servers and has already backdoored hundreds of machines globally. The malware boasts simple TCP redirection functionality that can allow a remote hacker to connect to any IP address the infected MS-SQL server can reach. The malware’s capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers.

 Malware and Vulnerabilities

Mobile security firm Zimperium uncovered a new Android spyware, dubbed RatMilad, sneaking into users’ mobile devices for the Middle Eastern enterprises. Researchers have warned that the malware could be used by cybercriminals for numerous purposes ranging from cyberespionage to eavesdropping on victims' conversations. On a victim’s device, RatMilad hides behind a VPN connection to steal data.

 Threat Actors

When indicators of compromise associated with Night Sky are discovered, researchers said it’s not uncommon to find ransomware attributed to Cheerscrypt deployed, a report by Sygnia noted.

 Trends, Reports, Analysis

With the growth in cyberattacks, people are increasingly aware of the common tactics used by adversaries. As awareness has improved, BazarCall has ceaselessly adapted and evolved its social engineering tactics accordingly.

 Laws, Policy, Regulations

“U.S. and EU companies large and small across all sectors of the economy rely upon cross-border data flows to participate in the digital economy and expand economic opportunities,” the administration said in a press statement.

 Breaches and Incidents

Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

 Trends, Reports, Analysis

A new Proofpoint report explores boards of directors’ perceptions about their key cybersecurity challenges and risks. 77% of participants agree cybersecurity is a top priority for their board and 76% discuss the topic at least monthly.

 Trends, Reports, Analysis

An internet security mechanism named Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, is broken, according to security experts from Germany's ATHENE, the National Research Center for Applied Cybersecurity.

 Breaches and Incidents

New cybercriminal group Egypt Leaks has been targeting Egyptian financial institutions and leaking huge volumes of compromised payment data from major Egyptian banks on the dark web. The activity was first spotted in a Telegram channel created to leak Excel files carrying details of 12,229 credit cards. Experts warn that leaked data could be used for identity theft and financial fraud.

 Malware and Vulnerabilities

According to threat intelligence firm Cyble, who first reported on the campaign, the websites would automatically prompt users to download an executable named SexyPhotos.JPG.exe that impersonates a JPG image.

 Feed

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide   show more ...

variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

 Feed

Ubuntu Security Notice 5663-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code.

 Feed

Ubuntu Security Notice 5371-3 - USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP   show more ...

Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains.

 Feed

During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a cross site scripting vulnerability in the EBICS banking implementation developed by CREALOGIX AG and used by many banks.

 Feed

This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.

 Feed

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering

 Feed

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021. In a statement shared with

 Feed

BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a cross-chain bridge that drained around $100 million in digital assets. "There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as 'BSC Token Hub,'" it said last week. "The exploit was through a sophisticated forging of

 Feed

A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week

2022-10
Aggregator history
Monday, October 10
SAT
SUN
MON
TUE
WED
THU
FRI
OctoberNovemberDecember