Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Can your business sw ...

 Business

Open-source applications have firmly established themselves in the IT systems of large and medium-sized businesses. From dominating such segments as web servers, databases and analytics, open-source solutions are now also used extensively for containerization, machine learning, DevOps and, of course, software   show more ...

development. Many businesses are moving to open source for non-IT tasks, such as CRM, visual content production, and blog publishing. According to Gartner, more than 95% of businesses in the IT sector use open-source solutions, but even among non-IT companies the figure is above 40% and rising. And that doesnt include the many cases where open-source libraries are used inside proprietary applications. Choosing between open and closed source is far from easy: its not just a matter of paid versus free, or support versus no support. When deciding on any IT solution, businesses need to consider a number of important aspects. Cost and schedule of implementation Although theres often no license fee for open-source solutions, implementing it isnt free. Depending on the complexity of the solution, you may need to manage the IT teams time budget, bring in expert consultants, or even hire developers wholl constantly adapt the application to the needs of your business. Theres also the hybrid licensing model, which allows you to use a community edition of an application for free, but the extended version with enterprise features still requires a paid license. In addition, many open-source products arent supplied with full and/or up-to-date documentation or training courses for end users. For large implementations, this gap may have to be filled in-house, costing time and money. The advantage of open source at the implementation phase is, of course, that it allows full-fledged testing. Even if you plan to deploy an open-source solution as managed hosting or with the help of a specialized contractor, conducting a pilot (proof of concept) on your own is far more effective than watching video demonstrations of proprietary solutions. Youll immediately see how functional and applicable the solution is for your particular business. When comparing open and closed-source solutions before implementation, its important to understand how much time is available for testing, and whether you have the option to change the product in its early stages. If deadlines are not pressing, and the answer to the second question is yes, then thorough testing of an open-source product makes sense. Support cost The day-to-day support and configuration of many industrial-scale open-source applications, as well as their adaptation to high workloads, require highly specific and in-depth knowhow on the part of the IT team. If that isnt to hand, this knowhow will have to be bought — through either hiring experts or outsourcing. The most common types of outsourcing involve application-specific expert help (Red Hat format), or managed hosting optimized for a specific IT solution (Kube Clusters, WP Engine, or like format). Of course, paid support is also standard for proprietary solutions; its not only open source that needs it. The costs, meanwhile, are comparable. As practice shows, annual technical support for a typical corporate open-source application is only 10–15% cheaper than for proprietary solutions. Bug fixing, new features and scaling Although mature open-source solutions are regularly updated with expanded features and fixes for bugs, it can often happen that developers dont prioritize a bug thats critical for a particular business. This is even more common in the case of feature requests. Here, you either have to sit and wait patiently, or spend your (in-house or hired) developers precious time on writing the necessary code. Whats good is that this is possible at least theoretically; whats bad is that it may turn into a large and unpredictable expense. Note that managed hosting takes the worry out of installing patches and updating applications, but cant help with such individual tweaking. A company that has such a need essentially enters the development market, and must choose the format of the extension they create: a fork of the main software product or an addition to the main development branch in partnership with the original developers of the application. Its here that the strategic advantages of open source come into play — namely flexibility of use and speed of innovation. Integration and cross-platform support For large-scale multicomponent solutions that actively exchange data, integration and compatibility with different platforms can play a major role in the choice of software product. The priority here is support of industry formats for data storage and exchange, plus well-documented application programming interfaces (APIs). Sometimes a single-vendor solution with closed-source code can meet these requirements better than a swarm of open-source solutions — even high-quality ones. But its always useful to estimate the cost of tweaking an open-source solution if it wins on other criteria and has passed the proof-of-concept phase. Risks, security and compliance Open source is often touted as being more secure. After all, if anyone can see the source code and fix bugs, it must be safer than a proprietary black-box offering, right? As ever, the reality is more complicated. First, many open-source applications have millions of lines of code, which no one can audit in full. The large number of updates to this code only complicates the task further. That said, small doesnt mean safe. For example, the Bash-based Shellshock vulnerability went undetected for 20 years! Second, the problem of dependencies is acute, since applications and code have their own supply chain. An open-source application may use a third-party open-source library, which in turn links to another third-party library, and those tasked with checking the application itself are unlikely to check all the libraries. The risks of this chain have been demonstrated many times: a vulnerability in the free Log4j logging library affected thousands of large open-source solutions, impacting such grandees as Amazon, Cloudflare and Elastic; an attack replacing npm libraries with malicious namesakes worked on Apple and Microsoft; and an independent developers decision not to support the tiny left-pad library in the npm repository downed more than a thousand popular applications and sites (including Facebook) for several hours. Source: xkcd.com/2347 Another issue with dependencies is licensing. Open-source licenses are quite specific, and no payment does not mean no copyright holder. The application itself and its libraries may come with various licenses, and violation of the stricter ones (Copyleft) is fraught with litigation. Similar to the well-established process of IT security audit and vulnerability mitigation, major users and developers of open-source software should have a similar process in place for regularly checking license compliance — ideally semi-automated. All of the above doesnt mean that open source is the worst choice from the information security perspective. You just need to understand all the risks: the implementation team needs to assess the development culture and the frequency of security updates in contender applications and to control dependencies and licenses (for example, by using a software bill of materials). Also, if your company is working in software developer field, its a good idea to scan all open source packages for vulnerabilities and malicious functionality.

image for Malicious Automation ...

 agile development

Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data. The post Malicious Automation is driving API Security Breaches appeared first on The Security Ledger with Paul F. Roberts.   show more ...

Related StoriesEpisode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain ThreatsForget the IoT. Meet the IoZ: our Internet of Zombie things2023 Technologies to Secure Your Hybrid Workspace

 Trends, Reports, Analysis

Trend Micro used machine learning web service Gender Analyzer V5 to analyze text written by 50 random users of the Russian-language XSS forum and 50 users of the English-language Hackforums site.

 Govt., Critical Infrastructure

The new EPA memo requires state governments to audit the cybersecurity practices of public water systems — and then use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient.

 Identity Theft, Fraud, Scams

Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters.

 Incident Response, Learnings

As well as the $7.8m fine, BetterHelp will be banned from sharing any more consumer health data, including information on mental health issues, for the purposes of advertising, according to the terms of the order.

 Breaches and Incidents

Sysdig discovered a sophisticated operation, named SCARLETEEL, targeting public-facing web apps running in a self-managed Kubernetes cluster hosted on AWS to steal proprietary data. Cybercriminals camouflage their campaigns as cryptojacking operations, however, their agenda is to steal sensitive data and credentials   show more ...

from targeted systems. Organizations and individuals are suggested to adopt extra measures, such as conducting frequent audits and securing vulnerable applications to reduce the potential attack surface.

 Malware and Vulnerabilities

Trend Micro found PlugX RAT masquerading as an open-source Windows debugger tool, dubbed x32dbg, with an aim to evade security controls and gain control over the target system. Attackers use DLL side-loading to execute malicious code via the DLLs of the debugger tool, allowing attackers to bypass security restrictions and escalate privileges.

 Trends, Reports, Analysis

An opposition-linked Polish mayor had his phone hacked using Pegasus spyware, Gazeta Wyborcza daily reported on Friday, amid allegations that the country's special services have used the technology against government opponents.

 Incident Response, Learnings

It is worth noting that, on January 19, PayPal began contacting nearly 35,000 users with a data breach notification, explaining that their accounts had been hacked between December 6th and 8th, 2022.

 Malware and Vulnerabilities

RIG EK continues to make its mark as a successful exploit kit as it attempted to make roughly 2,000 intrusions daily, with the highest attack success rate of its lifetime of 30%. By exploiting relatively old Internet Explorer vulnerabilities, the exploit kit has been seen distributing various types of malware such as Dridex, SmokeLoader, and Raccoon Stealer. 

 Expert Blogs and Opinion

Tracking devices are a boon to organizations with vast logistical operations and anyone who has ever lost a set of car keys. But trackers can also be a nightmare for cybersecurity, opening up a whole new world of opportunity for intruders.

 Breaches and Incidents

EclecticIQ has revealed that a single connected threat cluster is most likely behind an attack campaign targeting the maritime industry with spearphishing emails to distribute different malware threats. In July 2022, the campaign shifted from Agent Tesla to Formbook using CAB file attachments. However, there’s not much clarity on why the cluster changed its tooling.

 Malware and Vulnerabilities

Researchers uncovered a new LockBit ransomware campaign last December and January using a novel technique involving the use of a .img container to bypass the Mark of The Web (MOTW) protection mechanism. LockBit remained one of the most active ransomware families in successful RaaS and extortion attacks for the second and third quarters of 2022.

 Malware and Vulnerabilities

Hackers in the underground marketplace have introduced a new Exfiltrator-22, or EX-22, post-exploitation framework. According to the CYFIRMA team, LockBit 3.0 affiliates or its members are most probably behind its development. The developers have used the same C2 infrastructure previously exposed in a LockBit 3.0   show more ...

sample. In the latest instance, criminals displayed lateral movement and ransomware-spreading capabilities.

 Threat Actors

Symantec warned against the Chinese state-sponsored Winnti, aka APT41 and Blackfly, hacker group targeting two subsidiaries of an Asian conglomerate in the materials sector. The operation ran from late 2022 to early 2023, with a focus on intellectual property theft. Symantec has provided IOCs to detect and mitigate any threat due to the malicious activity of the Blackfly group.

 Identity Theft, Fraud, Scams

Resecurity identified Digital Smoke, one of the largest investment scam networks, that has been defrauding netizens mostly from Europe, Asia, and Australia. The attackers impersonate Fortune 100 firms from the U.S. and the U.K. Most of the fraudulent schemes pertained to financial services, EV and EV batteries, oil   show more ...

& gas, renewable energy, healthcare, semiconductors, as well as internationally renowned investment corporations and funds with global footprint.

 Feed

Red Hat Security Advisory 2023-1065-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2023-1064-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site request forgery, cross site scripting, and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2023-1066-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2023-1067-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2023-1068-01 - The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Issues addressed include a buffer overflow vulnerability.

 Feed

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

 Feed

Debian Linux Security Advisory 5369-1 - It was discovered that an integer overflow in the RFC3164 parser of syslog-ng, a system logging daemon, may result in denial of service via malformed syslog messages.

 Feed

Debian Linux Security Advisory 5368-1 - It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via malformed IKEv2 packets after peer authentication, resulting in denial of service.

 Feed

Ubuntu Security Notice 5920-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute   show more ...

arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 5918-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP   show more ...

handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute   show more ...

arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 5919-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute   show more ...

arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH

 Feed

Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement

 Feed

Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol. This encompassed

 Feed

Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response

 Feed

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! This move to the cloud has made it easier to scale up applications when they need to grow. However, there is a corollary to this: Budgeting! Chances are, you’re probably overspending.   show more ...

Estimating how … Continue reading "Study reveals companies are wasting millions on unused Kubernetes resources"

2023-03
Aggregator history
Monday, March 06
WED
THU
FRI
SAT
SUN
MON
TUE
MarchAprilMay