Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Kaspersky VPN Secure ...

 Products

VPN applications make the digital lives of millions of users both easier and more secure. Many use the technology to change their virtual location, getting access to movies, TV shows and other media content not available in their region. A VPN also encrypts users internet traffic and secures data transmitted online.   show more ...

And some, of course, use a VPN to hide their real IP address. If for some reason you dont have a reliable VPN yet, its time to consider getting one. This post looks at the latest improvements in Kaspersky VPN Secure Connection that make it even more convenient, more functional, and faster. Accelerating time and expanding space One of the key issues for VPN users is connection speed. Accordingly, weve paid special attention to it: Kaspersky VPN Secure Connection is now three times faster than ever before. Independent researchers have also noted our improvements on speed. For example, AV-TEST reports that Kaspersky VPN Secure Connection offers speed above industry standard. The proximity of the server that provides your connection often determines VPN speed. The closer the server is, the faster the VPN works. For this reason, we continue to increase the number of server locations offered in Kaspersky VPN Secure Connection. Now users can choose from 90 locations in 72 territories. That is, the user can select not only a country, but also a specific city. Kaspersky VPN Secure Connection: more server locations than ever before Easier access to content anywhere Many people use a VPN app to access content thats not available in their region. The updated version of Kaspersky VPN Secure Connection supports access to global streaming services: Netflix, Hulu, Amazon Prime Video, HBO Max, Disney+, BBC iPlayer and others. In addition, theres now a special For streaming mode, optimized for watching movies and TV shows. This means no more wondering which of the dozens of servers available in Kaspersky VPN Secure Connection to connect to. With this mode on, you can simply choose the content of whichever service and region you want to watch (for example, Netflix in the US). The application will then offer a list of optimal servers: it remains only to click Connect and enjoy your favorite TV show. Selecting a server to watch streaming content Theres also one more new mode For torrenting, which lets you quickly find the fastest server for downloading even large files from BitTorrent. Selecting a server for the best torrenting experience Easy to use Weve covered changing ones virtual location. But sometimes the opposite is needed: some services block access from foreign IP addresses. In this case a VPN can get in the way, meaning you have to keep turning it on and off. This is inconvenient (and annoying), but, perhaps more importantly, you might not always remember to switch it back on — leaving your internet traffic exposed. Kaspersky VPN Secure Connection handles this problem with split tunneling. This feature allows Windows users to create two groups of applications: one groups traffic is sent through a secure connection using the IP address of your chosen VPN server, while the second groups traffic uses your actual IP address bypassing the VPN tunnel. Split tunneling allows you to select which apps use VPN connection and which bypass it This does away with the need to constantly turn the secure connection on and off. You just need to configure everything correctly once, and thats it. For example, you can set up a VPN for one browser, allowing you to open websites from behind a foreign IP. And you can use another browser without a VPN for opening websites that work only with local addresses. Current versions of popular browsers have been tested and are all compatible with this feature of Kaspersky VPN Secure Connection. Another handy feature: Kaspersky VPN Secure Connection can now establish a secure connection directly from your Wi-Fi router using the built-in OpenVPN client. This lets you protect all internet traffic from all devices in your home network in one go. Transparency means trust If you have a VPN, most of your internet traffic goes through it. This logically gives rise to several questions: what data do developers have about you? How do they collect it? Where is it stored, and who do they share it with? In the case of Kaspersky VPN Secure Connection, everything is clear and transparent. Kaspersky VPN neither stores nor shares with third parties data on users online activity, names, e-mail addresses, or out-of-session IP address information. Detailed information on how the service responds to data requests from governments and law enforcement agencies can be found here. There are still both Free and Unlimited versions Theres a lot thats new in Kaspersky VPN Secure Connection, but the availability of both our free and paid versions remains unchanged. Users of the paid version get access to a whole variety of features, including unlimited VPN traffic, the choice of any location in the list, the Kill Switch feature, and much more. The free version provides a slightly more modest feature set, a limited amount of encrypted traffic (200 MB per day per device), and only one location available for connection by default. Nevertheless, whether you use the paid or free version, your data wont be recorded anywhere or shared with third parties, and the connection will be protected by the trusty AES-256 encryption algorithm.

image for How Card Skimming Di ...

 All About Skimmers

When people banking in the United States lose money because their payment card got skimmed at an ATM, gas pump or grocery store checkout terminal, they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans —   show more ...

those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do anything about it. California’s EBT card does not currently include a chip. That silver square is a hologram. Over the past several months, authorities in multiple U.S. states have reported rapid increases in skimming losses tied to people who receive assistance via Electronic Benefits Transfer (EBT), which allows a Supplemental Nutrition Assistance Program (SNAP) participant to pay for food using SNAP benefits. When a participant uses a SNAP payment card at an authorized retail store, their SNAP EBT account is debited to reimburse the store for food that was purchased. EBT is used in all 50 states, the District of Columbia, Puerto Rico, the Virgin Islands, and Guam. EBT cards work just like regular debit cards, in that they can be used along with a personal identification number (PIN) to pay for goods at participating stores, and to withdraw cash from an ATM. However, EBT cards differ from debit cards issued to most Americans in two important ways. First, most states do not equip EBT cards with smart chip technology, which can make payment cards much more difficult and expensive for skimming thieves to clone. Alas, it is no accident that all of the states reporting recent spikes in fraud tied to EBT accounts — including California, Connecticut, Maryland, Pennsylvania, Tennessee, and Virginia appear to currently issue chip-less cards to their EBT recipients. The Massachusetts SNAP benefits card looks more like a library card than a payment card.  Oddly enough, both are reliant on the same fundamentally insecure technology: The magnetic stripe, which stores cardholder data in plain text that can be easily copied. In September, authorities in California arrested three men thought to be part of a skimming crew that specifically targeted EBT cards and balances. The men allegedly installed deep insert skimmers, and stole PINs using tiny hidden cameras. “The arrests were the result of a joint investigation by the Sheriff’s Office and Bank of America corporate security,” reads a September 2022 story from The Sacramento Bee. “The investigation focused on illegal skimming, particularly the high-volume cash-out sequence at ATMs near the start of each month when Electronic Benefits Transfer accounts are funded by California.” Armed with a victim’s PIN along with stolen card data, thieves can clone the card onto anything with a magnetic stripe and use it at ATMs to withdraw cash, or as a payment instrument at any establishment that accepts EBT cards. Skimming gear seized from three suspects arrested by Sacramento authorities in September. Image: Sacramento County Sheriff’s Office. Although it may be shocking that California — one of America’s wealthiest states — still treats EBT recipients as second-class citizens by issuing them chip-less debit cards, California behaves like most other states in this regard. More critical, however, is the second way SNAP cards differ from regular debit cards: Recipients of SNAP benefits have little to no hope of recovering their funds when their EBT cards are copied by card-skimming devices and used for fraud. That’s because in the SNAP program, federal law bars the states from replacing SNAP benefits using federal funds. And while some of these EBT cards have Visa or MasterCard logos on them, it is not up to those companies to replace funds in the event of fraud. Victims are encouraged to report the theft to both their state agency and the local police, but many victims say they rarely receive updates on their cases from police, and, if they hear from the state, it’s usually the agency telling them it found no evidence of fraud. Maryland’s EBT card. That’s according to Brenna Smith, a reporter at The Baltimore Banner who recently wrote about the case of a Maryland mother of three who lost nearly $3,000 in SNAP benefits thanks to a skimmer installed at a local 7-Eleven. Maryland [Department of Human Services] spokesperson Katherine Morris told the Banner there was evidence of “a nationwide EBT card cloning scheme.” The woman profiled in Smith’s story contacted all of the retailers where her EBT card was used to buy thousands of dollars worth of baby formula. Two of those retailers agreed to share video surveillance footage of the people making the purchases at the exact timestamps specified in her EBT account history: The videos clearly showed it was the same fraudster making both purchases with a cloned copy of her EBT card. Even after the police officer assigned to the victim’s case confirmed they found a skimmer installed at the 7-Eleven store she frequented, her claim — which was denied — is still languishing in appeals months later. (Left) A video still showing a couple purchasing almost $1,200 in baby formula using SNAP benefits. (Right) A video still of a woman leaving from the CVS in Seat Pleasant. Image: The Baltimore Banner. The Center for Law and Social Policy (CLASP) recently published Five Ways State Agencies Can Support EBT Users at Risk of Skimming. CLASP says while it is true states can’t use federal funds to replace benefits unless the loss was due to a “system error,” states could use their own funds. “Doing so will ensure families don’t have to go without food, gas money, or their rent for the month,” CLASP wrote. That would help address the symptoms of card skimming, but not a root cause. Hardly anyone is suggesting the obvious, which is to equip EBT cards with the same security technology afforded to practically everyone else participating in the U.S. banking system. There are several reasons most state-issued EBT cards do not include chips. For starters, nobody says they have to. Also, it’s a fair bit more expensive to produce chip cards versus plain old magnetic stripe cards, and many state assistance programs are chronically under-funded. Finally, there is no vocal (or at least well-heeled) constituency advocating for change.

 Malware and Vulnerabilities

The malicious file appears to have been part of a phishing campaign designed to look like a LinkedIn-based job offer. The mark would have to allow the macro in the Word document to run for an infection to be successful.

 Threat Actors

The Kaspersky research team has uncovered a threat group named DiceyF that has been targeting online casino development and operations in Southeast Asia for the past few years. GamePlayerFramework, a complete C# rewrite of the PuppetLoader C++/assembly malware, consists of two new branches namely Tifa and Yuna.

 Malware and Vulnerabilities

A threat actor is selling a new UEFI bootkit that comes with an anti-virtual machine (anti-VM), anti-debug, and code obfuscation features to block malware analysis attempts. Named BlackLotus, the malware is linked to APT41 threat actors and can be used to load unsigned drivers for launching Bring Your Own Vulnerable Driver (BYOVD) attacks.

 Malware and Vulnerabilities

Kaspersky researchers said that several unknown APT groups are actively exploiting a flaw in Zimbra Collaboration Suite worldwide. It observed two successive attack waves targeting this bug. Identified as CVE-2022-41352, with a CVSS score of 9.8, the bug lets an attacker upload arbitrary files to vulnerable   show more ...

instances. The Zimbra Collaboration Suite was impacted with a zero-day and remained unpatched for nearly 1.5 months.

 Threat Actors

Recent observations by researchers say a threat group, maybe TeamTNT, has returned. The copycat group is imitating the routines of TeamTNT and has been deploying an XMRig cryptocurrency miner.

 Malware and Vulnerabilities

The threat actors operate globally without discrimination, demanding between 0.03 and 0.05 bitcoin (less than $1000) from end users for a decryption key. However, unusually for ransomware, the group also seeks to extort the NAS vendors themselves.

 Trends, Reports, Analysis

Akamai reported a 167% rise in web app attacks in the gaming sector that impacted a million users around the world. Infostealers are often used to acquire valid gaming credentials, which are then sold on underground marketplaces. Extortion and DDoS attacks have surged significantly.

 Breaches and Incidents

It has informed its customers that their name, address, telephone number and email address may have been compromised. Customers' credit card/bank information has not been compromised, since it’s not stored on company servers.

 Malware and Vulnerabilities

Researchers say, we found that these vulnerabilities are unlikely to be perceived as mass exploits, but several of them potentially present a mechanism for knowledgeable attackers to hack high-value sites via tailored attacks.

 Trends, Reports, Analysis

The cyber workforce count for the most recent 12-month period is over 1.1 million. For the public sector in particular, 47,114 cyber jobs were listed and 72,599 workers were employed.

 Feed

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

 Feed

Red Hat Security Advisory 2022-7023-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7020-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7024-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7026-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7022-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7021-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-7025-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Ubuntu Security Notice 5687-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP   show more ...

implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

 Feed

Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

 Feed

Red Hat Security Advisory 2022-6996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

 Feed

Ubuntu Security Notice 5685-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled processing certain BGP messages. A remote attacker could   show more ...

possibly use this issue to cause FRR to crash, resulting in a denial of service, obtain sensitive information, or execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-6998-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-6997-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2022-6983-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2022-6995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

 Feed

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.

 Feed

This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.

 Feed

Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).

 Feed

Ubuntu Security Notice 5688-1 - It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the

 Feed

An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of

 Feed

In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it.  What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy?  For small security teams, this is particularly challenging as they contend with limited resources. Luckily,

 Feed

Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at

 Feed

Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last week. Orca

2022-10
Aggregator history
Wednesday, October 19
SAT
SUN
MON
TUE
WED
THU
FRI
OctoberNovemberDecember