Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Episode 248: GitHubâ ...

 Apple

In this episode of the Security Ledger Podcast, Paul speaks with Jill MonĂ©-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space - first at product security at Apple and now at   show more ...

GitHub, a massive development...Read the whole entry... » Click the icon below to listen. Related StoriesEpisode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPassEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko HyppönenEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mikko Hyppönen

 Malware and Vulnerabilities

The bug, tracked as CVE-2022-47523, is an SQL injection vulnerability found in the company's Password Manager Pro secure vault, PAM360 privileged access management software, and Access Manager Plus privileged session management solution.

 Malware and Vulnerabilities

The infamous RCE vulnerability, CVE-2022-41082, aka ProxyNotShell bug, is back in headlines as researchers unveiled that approximately 60,000 Exchange servers are yet to be patched against the threat. Successful exploitation of the bug allows adversaries to escalate privileges and gain arbitrary code-writing access on compromised servers.

 Breaches and Incidents

The carmaker recently learned that some of the source code for its T-Connect website was unintentionally posted on GitHub. The report stated that around 296,000 customer records may have been compromised due to this issue.77

 Incident Response, Learnings

Rackspace says the ransomware-wielding attackers who disrupted its hosted Microsoft Exchange Server environment last month wielded a zero-day exploit to gain remote access to servers, multiple news outlets report.

 Trends, Reports, Analysis

At least 44 universities or colleges and 45 U.S. school districts were hit by ransomware attacks in 2022. The total marks the slightest possible increase from the 88 education institutions impacted the year prior, according to Emsisoft.

 Breaches and Incidents

The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of OG and special usernames.

 Breaches and Incidents

Swansea Public Schools canceled classes Wednesday due to a ransomware attack that shut down the district’s network, according to Superintendent John Robidoux. No student or staff’s personal information is believed to have been compromised.

 Geopolitical, Terrorism

The explosive growth in the interconnectivity of cyber-physical systems (CPS), coupled with the rapidly evolving geopolitical landscape and opportunistic criminals, makes for a dangerous situation.

 Incident Response, Learnings

Xiaoqing Zheng, 59, of Niskayuna, New York, was convicted of conspiracy to commit economic espionage, after a four-week jury trial that ended in March last year, according to the Department of Justice (DoJ).

 Breaches and Incidents

Slack suffered a security incident over the holidays affecting some of its private GitHub repositories. The incident involves threat actors gaining access to its externally hosted GitHub repositories via a "limited" number of stolen employee tokens.

 Incident Response, Learnings

A legal saga between Meta, Ireland, and the EU has reached a conclusion for now that forces Meta to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million in fines.

 Trends, Reports, Analysis

Research by Emsisoft revealed that ransomware attacks in 2022 affected 105 counties, 45 school districts, 44 universities, and 24 healthcare providers in the U.S. Overall, the number of incidents and the overall impact was more than that observed in 2021. Organizations are encouraged to implement the recommendations from CISA and the FBI to stay safe.

 Trends, Reports, Analysis

While the agencies emphasized that banks are not discouraged from providing services to crypto-asset customers, they said it is vital the risks related to this sector “that cannot be mitigated or controlled do not migrate to the banking systems.”

 Malware and Vulnerabilities

The ASEC analysis team uncovered a new shell script compiler (shc)-based Linux malware dropping XMRig miner on compromised systems. The hackers pulled off the attack through a dictionary attack on mismanaged Linux SSH servers. An attack chain spotted in the campaign included both the shc downloader malware and a Perl-based DDoS IRC bot.

 Identity Theft, Fraud, Scams

A phishing campaign by an actor group has been spotted taking advantage of the increasing interest of the security community in the Flipper Zero tool, a multi-functional portable cybersecurity tool. They are creating fake shops to fool security experts into giving up their personal details and cryptocurrency is nothing new.

 Trends, Reports, Analysis

Besides email, hackers are now shifting toward other delivery methods such as video conferencing platforms, workforce messaging apps, cloud-based file-sharing platforms, and SMSs. Hackers are actively using multi-stage cloud phishing techniques that combine traditional phishing with second-phase or even third-phase actions.

 Feed

Ubuntu Security Notice 5787-1 - It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2022-9098-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.46. Issues addressed include a code execution vulnerability.

 Feed

SimpleRmiDiscoverer is a JMX RMI scanning tool for unsecured (without enabled authentication) instances of JAVA JMX. It does not use standard Java RMI/JMX classes like other available tools but rather communicates directly over TCP. The tool is written in Java and is very useful in red teaming operations because JVM is still ubiquitous in corporate environments. It can be executed by unprivileged (non-admin) users.

 Feed

Ubuntu Security Notice 5786-1 - It was discovered that GNOME Files incorrectly handled certain filenames. An attacker could possibly use this issue to cause GNOME Files to crash, leading to a denial of service.

 Feed

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in card_scan_decoder.php via the No and door HTTP GET parameter. Successful exploitation results in command execution as the root user.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

The Irish Data Protection Commission (DPC) has fined Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection

 Feed

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected to be shared in the coming days. "Immediately rotate any and all secrets stored in CircleCI,"

 Feed

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a

 Feed

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP

 Feed

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software, said in a

 Feed

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric said in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the

 Feed

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there

 Feed

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the

2023-01
Aggregator history
Thursday, January 05
SUN
MON
TUE
WED
THU
FRI
SAT
JanuaryFebruaryMarch