Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Spotlight: SIEMs suc ...

 AirBnB

I interview Jack Naglieri, CEO of Panther about the failures of the current SIEM technology and the need for what Naglieri terms “detection engineers." The post Spotlight: SIEMs suck. Panther is out to change that.  appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen.   show more ...

Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko HyppönenEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mikko HyppönenEpisode 240: As Stakes Of Attacks Grow, Can Cyber Policy “Shift Right”?

 Malware and Vulnerabilities

Evina researcher Maxime Ingrao uncovered Symoo, a fake Android SMS app with 100,000 downloads. It acts as an SMS relay service for account creation for the likes of Google, Instagram, Microsoft, Telegram, and Facebook. It was observed that Symoo exfiltrates SMS data to a domain in use by another application on Google Play, Virtual Number (not available anymore).

 Incident Response, Learnings

Europol warned that a growing number of counterfeit items are made today inside the EU, and that IP-related offenses are increasingly linked to serious and organized crime.

 Malware and Vulnerabilities

A previously reported ransomware strain has been rebranded as Trigona and researchers claimed to have found multiple victims of the new strain. Moreover, hackers behind it have released a new negotiation site on Tor where they ask for ransom in Monero. However, It remains obscure how hackers penetrate the target networks to deploy ransomware.

 Trends, Reports, Analysis

SMBs are increasingly exposed via their cloud infrastructure, with over half experiencing an increase in the volume (56%) and complexity (59%) of attacks over the past year, according to Sophos.

 Malware and Vulnerabilities

The ‘Invisible Body' challenge on TikTok is being exploited by cybercriminals to install malware on thousands of devices through a fake software offer. The fake software, in fact, installs the WASP Stealer malware. Through this, hackers attempt to pilfer passwords and compromise cryptocurrency wallets and Discord accounts. These videos had already garnered over a million views.

 Malware and Vulnerabilities

A new variant of Punisher ransomware was discovered recently. The malware spreads through a fake COVID tracking application and its victims are users from Chile. Threat actors take advantage of the victims’ need to track COVID-related information.

 Companies to Watch

The woman-owned company led by Rita Gurevich said the $31 million Series B was led by growth equity firm Edison Partners. Forgepoint Capital, the venture capital firm that led Sphere’s Series A, also invested in the new round.

 Identity Theft, Fraud, Scams

Cybercriminals are targeting World Cup fans through unauthorized Hayya Cards and FIFA-themed crypto tokens and coins. Cybercriminals are also selling stolen credit card details to conduct unauthorized transactions. Please take a look at the various kinds of threats and their impact on organizations and audiences.

 Malware and Vulnerabilities

NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.

 Breaches and Incidents

Swedish furniture giant IKEA confirmed that its franchises in Kuwait and Morocco are dealing with a cyberattack that caused a disturbance on some operating systems. They were added to the leak site of the Vice Society ransomware group on Monday.

 Feed

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

 Feed

perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web   show more ...

servers. This vulnerability was patched in perfSONAR version 4.4.5. Versions 4.x through 4.4.4 are affected. There is a whitelisting function that will mitigate, but is disabled by default.

 Feed

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared   show more ...

library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS release.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

 Feed

Ubuntu Security Notice 5718-2 - USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 5749-1 - Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash.

 Feed

Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was   show more ...

discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2022-8679-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

 Feed

Red Hat Security Advisory 2022-8680-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.

 Feed

Ubuntu Security Notice 5745-2 - USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation.

 Feed

Ubuntu Security Notice 5748-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5689-2 - USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.

 Feed

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September

 Feed

The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,

 Feed

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an

 Feed

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for

 Feed

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation

 Feed

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5

 Feed

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing

 Twitter

As of September 2022, Twitter had challenged 11.72 million accounts, suspended 11,230 accounts, and removed over 97,674 pieces of misleading content related to COVID-19 worldwide. Today? It’s not doing anything. As an update on the company’s COVID-19 misinformation report webpage notes: Effective November   show more ...

23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. … Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformation anymore"

2022-11
Aggregator history
Wednesday, November 30
TUE
WED
THU
FRI
SAT
SUN
MON
NovemberDecemberJanuary