Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Main risks of open-s ...

 Business

IT companies were the first to go open source, and many large businesses followed suit. After all, the ability to reuse and independently modify code as well as fix bugs spurs rapid innovation and cost reduction. But open source has some inherent negative characteristics too — due to the blurred responsibilities for   show more ...

creating and maintaining the code. Endor Labs, aided by over 20 CISOs and CTOs of large IT firms, carried out a systematic analysis to produce this top-10 risk list. Known vulnerabilities The most significant risk identified was the presence of vulnerabilities both in the open-source project itself and in its dependencies — that is, external open-source components used in the project. Vulnerabilities in dependencies can cause critical issues for dozens of large commercial software suites, as was the case with the modest Apache Log4j library (CVE-2021-44228). Safeguards: Regularly scan your applications for known vulnerabilities — including vulnerabilities in both direct and indirect dependencies. Apply available fixes promptly. To optimize company resources, patches can be prioritized based on the severity of a given vulnerability and the likelihood of its exploitation in the software youre using. Compromised legitimate packages Since up to 80% of open-source project code is inherited from other projects in the form of those said dependencies, theres always a chance that third-party components used in your application have been trojanized. This can happen when the developer of these components gets hacked, or the component distribution system (that is, the package manager) is found to contain a vulnerability that allows the package to be spoofed. In this case, third-party malicious code suddenly appears inside your application, which in practice is often used to steal information or for various illicit enrichment schemes (spam, adware scams, mining). Safeguards: No mature methodology currently exists to safeguard against this threat, so a combination of measures is called for: manual and automatic systems for analyzing source code and monitoring repositories; local storage of trusted versions of components; use of Threat Intelligence to detect such attacks in their early stages (before they have time to affect packages used in the companys open-source applications). Attack of the namesakes Attackers create packages with names that resemble legitimate packages, or copy the names of legitimate packages written in other programming languages or posted on other distribution platforms. This creates the risk that your open-source developers might integrate a malicious namesake package instead of the genuine one. Safeguards: Instruct developers to be vigilant. As part of a standard procedure, before use, developers need to check the source code of packages for peculiarities such as encrypted fragments in the code, hijacking of functions and the like. And its advisable to check the digital signatures of packages (if any). Unsupported code Developers of open-source components, packages and applications can pull support for them at any time and for any reason. This often happens with small packages developed by 1–2 people. If this does happen, theres no one to update the package for compatibility with new technologies or eliminate information security risks. Safeguards: Assess the projects maturity level and development/support prospects before integrating it into business processes and your own code. Pay attention to the number of developers maintaining the project and the frequency of releases. Check for long-term support (LTS) releases and when they came out. For some stable projects, however, its quite normal for releases to be infrequent and to only fix bugs. Outdated software The use of old versions of components in projects makes patching much more difficult. This problem is especially acute in the event of risk number one: vulnerabilities in components. Typically, an issue with deprecated dependencies arises when a new version of a component differs significantly from previous iterations in terms of syntax or semantics. In this scenario, an outdated version can remain in use for many years without any security updates. Safeguards: Allow developers time to work with dependencies — including refactoring your code to update to the latest versions of in-use components. Untracked dependencies Since almost every application uses third-party components — which in turn use other third-party components — the developers of the main application are often unaware that a particular component is in their code. In this case, it doesnt get checked for all the other risks in the list. The status of updates, vulnerabilities and the rest is simply unknown. Safeguards: Maintain a detailed Software Bill of Materials (SBOM) with the use of scanning tools that can detect even dependencies that are used without a package manager. Regulatory and licensing risks Despite being open-source, every open-source application and package comes with its own usage license. Risks arise if the license turns out to be incompatible with using the application for the intended purpose, or the licenses of some application components are incompatible with each other. Its also possible for one or more dependency components to violate applicable laws or regulatory requirements imposed on the company. Safeguards: The already mentioned SBOM and code-scanning tools should be used to keep track of licenses and licensing requirements applicable to open-source applications and components used within the company. And it makes sense to work with the legal department to develop a list of standard licenses acceptable to the company, detailing their compatibility with the purpose of the software used. Software with incompatible licenses or no license at all should be removed. Immature software Using components developed by a team that lacks maturity entails a number of inconveniences and risks. The problems associated with immature software range from insufficient or inaccurate code documentation to instability and error-prone operation and the absence of a set of tests for regression testing. Whats more, immature code is more likely to harbor critical vulnerabilities. All of this makes immature software impractical to use, and increases both the costs involved and the risks of critical events and downtime. Safeguards: Before deploying an application or component, make sure the developers are using the best current practices. Indicators of this include having full and up-to-date documentation, CI/CD pipelines for regression testing, as well as detailed information about test coverage and even the number of packages that already use the given component. Unapproved changes The components used by an application can change in ways that are completely invisible to its developers. This situation can arise if components are downloaded from a server without strict version-control and/or over unencrypted communication channels, and are not verified using hashes and digital signatures. In this case, the applications assembly can theoretically produce a different result each time. Safeguards: Be strict in applying secure development practices. During development, use resource identifiers that clearly indicate the component version. Additionally, verify downloaded components using digital signatures. Always use secure communication protocols. Dependencies too large or too small These days, developers can integrate a component with just three lines of code. At the same time, its equally detrimental when the entire component consists of four lines of code (very small) and when code you intend to use is just one of thousands of component features — the rest of which are not used in the companys application. In this case, the developers are burdened with maintaining yet another dependency for the sake of very little functionality. Safeguards: Avoid dependencies with little functionality; develop such functionality inside the main application.

image for The Internet Reform  ...

 Feed

An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.

 Malware and Vulnerabilities

Cybercriminals were found using ChatGPT and Google Bard's popularity to spread the RedLine Stealer malware in at least 10 countries and steal private user information. The highest number of impacted users are in Greece, followed by those in India, the U.S. Mexico, and Bangladesh.

 Malware and Vulnerabilities

If you get a Google Chrome automatic update failure pop-up on your screen, be cautious. It might just be hackers waiting to compromise your systems to mine Monero. The campaign began in November 2022, however, went a little aggressive after February 2023.

 Malware and Vulnerabilities

FortiGuard Labs detected a malicious document masquerading as a communication from Energoatom, a state-run entity responsible for managing Ukraine's nuclear power stations. Threat actors were found using the Havoc Demon backdoor camouflaged as a legitimate component of Microsoft Office. It was even signed with an invalid portal[.]office[.]com certificate.

 Malware and Vulnerabilities

Researchers warned that the Money ransomware actors employ a human-operated intrusion approach, evidenced by the method of data exfiltration and the execution of the malware sample.

 Expert Blogs and Opinion

TikTok is not the first app to be scrutinized over the potential exposure of U.S. user data, but it is the first widely used app that the U.S. government has proposed banning over privacy and security concerns.

 Emerging Threats

Manarium uses the architecture comprising a Client-Side (in Unity) and a Service (Firebase data store), and for the winner prize distribution, the Admin will do the process, fetching the data, and calling the Smart Contract to execute a pay function.

 Trends, Reports, Analysis

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access.

 Identity Theft, Fraud, Scams

Zelle, the widely used and highly acclaimed money-transfer service, is now a prime target for cybercriminals. The simplicity of sending funds to friends or businesses through Zelle has made it appealing for hackers looking to cash in.

 Malware and Vulnerabilities

On April 11th, 2023, a software update was released to patch a severe vulnerability within the Limit Login Attempts WordPress security plugin. With over 600,000 installations, it’s among the most popular WordPress plugins in use.

 Incident Response, Learnings

The Dutch Police, in collaboration with international police organizations, has launched an investigation into Raidforums.com, leading to the platform’s shutdown and the seizure of a dataset containing user information.

 Trends, Reports, Analysis

The volume of compromised credit cards offered for sale on cybercrime markets has dropped sharply over the past few years, although UK figures rose, according to Cybersixgill.

 Malware and Vulnerabilities

AhnLab has discovered a fresh attack strategy that spreads Qbot malware through malevolent PDF attachments added to replies or forwarded messages in already-existing emails. Qbot or Qakbot follows a destructive attack pattern, shifting from one tactic to another for maximum profits. 

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Ubuntu Security Notice 6012-1 - It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code.

 Feed

Ubuntu Security Notice 6015-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions,   show more ...

cross-site tracing, or execute arbitrary code. Paul Menzel discovered that Thunderbird did not properly validate OCSP revocation status of recipient certificates when sending S/Mime encrypted email. An attacker could potentially exploits this issue to perform spoofing attack.

 Feed

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma   show more ...

Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

 Feed

Ubuntu Security Notice 6008-1 - It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution.

 Feed

Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

 Feed

OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up to

 Feed

The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world

 Feed

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages,"

 Feed

An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and

 Feed

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported.  Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on

 Feed

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the education

 Feed

Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. "The 'Read The Manual' Locker gang   show more ...

uses affiliates to ransom victims, all of whom are forced to abide by the gang's strict rules,"

 Feed

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from

 Data loss

Everyone's talking juice-jacking - but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn't been hacked. And Carole hosts the "AI-a-go-go or a no-no?" quiz for Dave and Graham. All this and much much more is discussed in the latest edition of the "Smashing   show more ...

Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

2023-04
Aggregator history
Thursday, April 13
SAT
SUN
MON
TUE
WED
THU
FRI
AprilMayJune