Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Report: Digital Supp ...

 BlueVoyant

Results from a survey of 2,000 enterprises found an increasing supply chain risk, with 98% of respondents reported having been "negatively impacted" by a breach in their supply chain The post Report: Digital Supply Chain Breaches Impact 98% of Organizations appeared first on The Security Ledger with Paul F.   show more ...

Roberts. Related StoriesEpisode 237: Jacked on the Beanstalk – DeFi’s Security Debt Runs Wide, DeepEpisode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPassHybrid Work Is Here: Is Your Security Strategy Ready for It?

 Threat Actors

Previously unknown Chinese APT group Earth Longzhi was spotted targeting organizations in Ukraine, East Asia, and Southeast Asia with custom ‘Symatic’ Cobalt Strike loaders. The group uses a custom Cobalt Strike loader called Symatic loader with detection evasion techniques, along with custom hacking tools. Its victimology and TTPs were found similar to an APT41 subgroup, Earth Baku.

 Trends, Reports, Analysis

A range of automated threats – from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and DDoS attacks – remain a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction.

 Malware and Vulnerabilities

The REST API of Plesk was vulnerable to client-side request forgery (CSRF), which could lead to multiple potential attacks, including malicious file upload and privilege escalation.

 Incident Response, Learnings

One of LockBit's alleged ringleaders has been arrested in Ontario, Canada, and is on his way to the US to face charges related to ransomware attacks against at least a thousand victims, according to the Department of Justice.

 Malware and Vulnerabilities

Successful exploitation of this vulnerability could allow malicious actors to impersonate a user and take over a user’s account, perform any action on behalf of the user and or steal sensitive information such as cookies and session tokens.

 Identity Theft, Fraud, Scams

The phishing attempt starts out via a fraudulent SMS that notifies victims of a supposed reimbursement that they qualify for. According to the SMS, all they need to do to receive the reimbursement is to fill out a form on the agency's website.

 Identity Theft, Fraud, Scams

Kaspersky uncovered two separate scams in which cybercriminals impersonate financial regulators investigating fraud. Under this pretext, they extract an array of personal information from their hapless victims.

 Malware and Vulnerabilities

Cisco this week announced the release of patches for multiple vulnerabilities impacting enterprise firewall products running Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software.

 Feed

Debian Linux Security Advisory 5275-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals   show more ...

to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

 Feed

Ubuntu Security Notice 5721-1 - It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 5709-2 - USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these   show more ...

to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

 Feed

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place

 Feed

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.

 Feed

The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison. Vasiliev has been

 Feed

It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email.  ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are

 Feed

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's

 Feed

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

 Feed

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both.  VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by redirecting your traffic via a server run by a VPN host. It establishes a

 Guest blog

A man with dual Russian and Canadian nationality has been arrested in connection with his alleged part in the LockBit ransomware conspiracy that has demanded more than $100 million from its victims. Read more in my article on the Hot for Security blog.

2022-11
Aggregator history
Friday, November 11
TUE
WED
THU
FRI
SAT
SUN
MON
NovemberDecemberJanuary