Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Public and private c ...

 Business

The benefits to be had from cloud technologies are promoted to any and every business these days — from bakeries to banks. Meanwhile, computer clouds have progressed through several evolution steps already, and the generic term cloud now describes a number of essentially different approaches. Therefore, it makes   show more ...

sense to figure out specifically which cloud technology your company needs, what the cost should be, and what security measures need to be in place. Cloud benefits In the general sense, cloud technologies imply the use of certain computer resources (data storage capacity, computing power, or a specific app) distributed from a remote server via the internet. Youre using cloud solutions when editing a document in Google Docs, launching a site on a virtual hosting platform, or sending an e-mail through Microsoft 365. Clouds have the following main advantages: Speedy launch of apps and services: you can begin using cloud services almost instantly without procuring any servers or installing any apps. Financial flexibility: you pay only for the services you use, without any capital investment whatsoever. Easy scalability: you can increase server capacity in a matter of minutes, or roll it back to the previous performance and price levels just as easily when no longer needed. Cloud types: private, public, and hybrid The public cloud concept implies that the computing capacities are owned by a commercial provider, which sells them piecemeal to anyone who wants them. If the company wants to have high-performance computing resources and bulletproof availability, or follows strict data-processing environment requirements, it may procure the necessary infrastructure for its sole use. This is called a private cloud. Servers can reside within the organizations perimeter (on premises) for greater security, or be leased from a commercial data processing center (hosted private cloud). Hybrid clouds combine the two approaches, keeping data and services either in the public or private part of the cloud depending on their importance. SaaS, IaaS, and assorted other aaS All abbreviations ending in aaS denote things provided as a service. The most popular one, SaaS, stands for software as a service. All the popular application services — including Microsoft 365, Dropbox, Slack, Zoom, and Salesforce — are SaaS. The user pays for a particular solution without paying any attention to what servers and apps are behind it or where it resides. DBaaS, PaaS and FaaS, which are commonly used in software development, work the same way: these services, via the cloud, provide databases, platforms, and functions for new apps, respectively. But those are beyond the scope of this blogpost. At the other end of the complexity scale, theres IaaS — infrastructure as a service. In this case, the cloud provider supplies virtual servers or containers in which clients run server applications by themselves. Clients can change server count and capacity in just a few clicks, but they also need to employ their own configuration and maintenance professionals to make the whole thing work. For those preferring to have their own servers, but unwilling to build a data processing center, theres DCaaS — data center as a service. The provider supplies the spaces, cooling and the rest of the engineering infrastructure, but the physical computers belong to the client organization. SaaS services always operate in a public cloud, whereas IaaS may be public, private, or hybrid. Cloud solution costs Although many cloud deployments require very limited initial investments, one should pay close attention to calculating the total cost of ownership (TCO) and its growth as the workload increases. Costs to consider include the cloud providers services, equipment for on-premises solutions, salaries of IT administrators and developers, and licenses for related apps and services. Public clouds usually provide an inexpensive and quick way to deploy small solutions, but private or hybrid clouds will be increasingly attractive as grow in size as a company. Cloud solution risks Cloud providers tend to advertise security as one their key advantages, but security is far from being an inherent property of the cloud. Moreover, cloud solutions bring new types of risks. The main risk: lack of both awareness and vigilance. Users — even IT administrators for that matter — believe that their cloud system is automatically protected, with everything taken care of by the cloud provider; therefore, they hardly even consider security. But in reality the cloud provider is unable to solve some issues, so these need to be addressed by the client organization. Here is a list of main cloud service risks: Every SaaS/IaaS solution features dozens — sometimes even hundreds or thousands — of adjustable settings, making it easy for the administrator to make mistakes, for example, by leaving an important database exposed to the internet, or by failing to block access to privileged functions. Cloud solutions from different providers have different — and not wholly compatible — configuration settings, so even competent administrators may find it hard to ensure the integrity of security policies. The misconfiguration problem has been accountable for most of the high-profile data leaks in recent years. This problem is relevant for SaaS; acutely so for IaaS/DCaaS. Leakage of account details. Gaining access to information in a cloud is easy — but this advantage turns into a disadvantage as soon as your employees password ends up in the hands of threat actors. They can get hold of account data using phishing, or by bruteforcing a weak password, or by using a data leak from a third-party service and giving the leaked passwords a try with the users corporate accounts. This problem is relevant for all cloud types. Legal issues. In cloud environments, its more difficult to comply with legal data storage requirements; for example, not to send clients personal data abroad or to have particular safety measures in place at data centers. In some cases, its not clear at all in which country the data is stored. Insufficient monitoring. Organizations often find that the cybersecurity, access control, and data-leak prevention tools they use across their office networks dont work in cloud environments. As a result, cloud systems events (including logging in and downloading large volumes of data) may go unnoticed for weeks or even months. And the problem is relevant for all cloud types. Accidental data leaks. Careless use of the share function can make internal information accessible to outsiders. Vulnerabilities. Server apps are often found to contain vulnerabilities, and attackers find it convenient to exploit them in cloud environments. Firstly, cloud solutions can be accessed via the internet, and secondly, theyre often all configured in the same way — making it easy to replicate a successful attack against new victims. In SaaS, all vulnerabilities must be patched by the provider, with few or no options left for the user. In IaaS, the clients IT service deals with most of the issues, and they must be really quick about it. The correct cloud strategy Choice of the most appropriate strategy varies greatly depending on your organizations size, IT maturity, and objectives. The strategy must take into account whether the IT system was created from scratch or migrated from a cloudless system, what scale of operations needs to be ensured from day one, how to accommodate the regulators requirements, and so on. Dont forget to plan out your security measures early on in the project and to use specialized security systems for cloud environments. Heres a brief summary table to help you estimate the costs, complexity and risks:   SaaS IaaS DCaaS Deployment costs + ++ ++++ Scaling speed ++++ +++ ++ IT/information security support costs + +++ ++++ Costs in case of a major surge in volumes/usage +++++ +++ ++ Support complexity for IT specialists + +++ ++++ Support complexity for information security specialists ++ ++++ +++ Information security risk level ++ +++ +++ Information security incident investigation and correction complexity ++++ +++ ++

 Breaches and Incidents

A press release published yesterday by the South East Regional Organised Crime Unit (SEROCU) explains that in February 2018, the convict, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack.

 Trends, Reports, Analysis

The use of legitimate websites for masking malicious URLs to avoid detection and minimize suspicion is a technique that cybercriminals have used for a long time. These websites are often used as referrer URLs that redirect to the malicious URLs.

 Malware and Vulnerabilities

ASEC’s AhnLab discovered a spam email campaign that distributes the DarkCloud info-stealer malware. The email contents urge recipients to review the attached payment statement, which purportedly pertains to their company account. Additionally, the threat actor installs ClipBanker on infected devices to steal a user’s crypto wallet address.

 Breaches and Incidents

Amazon Pharmacy’s PillPack arm recently began informing a subset of users that their accounts were accessed by an unknown actor. Of the 19,032 hacker accounts, 3,614 contained prescription information.

 Companies to Watch

Cyware today announced the appointment of two industry veterans, Brett Candon as VP Europe, and Dan Bridges as Technical Director Europe, to lead Cyware’s launch in the European region.

 Trends, Reports, Analysis

As per a new report, despite the recognition of business threats posed by cyberattacks, UK CEOs have a lower level of understanding of cybersecurity risks than their international counterparts, with just 16% saying they have a complete understanding.

 Breaches and Incidents

Security analysts at Scam Sniffer exposed a crypto phishing and scam service Inferno Drainer that swindled about $5.9 million worth of cryptocurrencies from 4,888 victims. It reportedly crafted over 689 counterfeit websites since March 27, 2023.  Deploy a real-time anti-scam protection solution for internet users across organizational networks.

 Trends, Reports, Analysis

Law enforcement and regulatory action over the past year in the US most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022.

 Malware and Vulnerabilities

Latvian network equipment manufacturer MikroTik has shipped a patch for a major security defect in its RouterOS product and confirmed the vulnerability was exploited five months ago at the Pwn2Own Toronto hacking contest.

 Malware and Vulnerabilities

Trend Micro revealed that the BlackCat ransomware group is using a signed kernel driver for evasion tactics. The driver was utilized in conjunction with a separate user client executable, with the intention of manipulating, pausing, and terminating specific processes associated with the security on the targeted endpoints. Windows admins must ensure that 'Driver Signature Enforcement' is enabled.

 Feed

Ubuntu Security Notice 6103-1 - It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code.

 Feed

Red Hat Security Advisory 2023-3276-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.

 Feed

Ubuntu Security Notice 6074-3 - USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an   show more ...

attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. Anne van Kesteren discovered that Firefox did not properly validate the import call in service workers. An attacker could potentially exploits this to obtain sensitive information. Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicious favicon file, an attacker could cause a denial of service.

 Feed

Ubuntu Security Notice 6101-1 - It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that GNU binutils did not properly verify the version definitions   show more ...

in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04.

 Feed

Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only   show more ...

allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

 Feed

Red Hat Security Advisory 2023-3218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

 Feed

Ubuntu Security Notice 6102-1 - It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only   show more ...

affected Ubuntu 20.04 LTS. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 5996-2 - USN-5996-1 fixed vulnerabilities in Liblouis. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6098-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that Jhead did not properly handle   show more ...

certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

 Feed

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only   show more ...

allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

 Feed

Ubuntu Security Notice 6042-2 - USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a regression on Ubuntu 20.04 LTS resulting in a possible loss of networking. This update fixes the problem. James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

 Feed

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to deploy malware. "The

 Feed

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In

 Feed

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical

 Feed

Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality

 Feed

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,"

 Feed

At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected

2023-05
Aggregator history
Wednesday, May 24
MON
TUE
WED
THU
FRI
SAT
SUN
MayJuneJuly