Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for The most spectacular ...

 Threats

The advantages of cryptocurrencies for owners — lax regulation and lack of government control — are major pluses for cyberthieves too. Because the threats to crypto assets are quite varied, we recommend that you study our overview of how to protect your crypto investments, as well as our tips for owners of   show more ...

hardware cryptowallets. But these posts of ours, detailed as they are, still do not disclose the full variety or scale of crypto-related scams. To give you a better grasp of just how attractive crypto finance is to scammers, weve compiled a list of the most striking examples of attacks in recent years. Our police lineup (of cybercriminals) shows you the biggest, most brazen attacks in different categories. We didnt rank them by damage, as this is hard to determine for many types of attacks, and our rating excludes pyramid schemes like BitConnect. 1. The most sophisticated Damage: US$30 000 Method: Trojanized hardware wallet This attack was investigated by our experts, hence we have a detailed post about it. An investor purchased a popular hardware wallet, which looked and worked exactly like a real one — until it didnt. It turned out to be a very crafty fake with pre-flashed private keys known to the cybercriminals and a password-weakening system. When money appeared in the wallet, the hackers simply withdrew it. And thats without the wallet ever connecting to a computer. 2. The biggest Damage: US$540 000 000 Method: server hack For a long time, the largest hack in cryptocurrency history was the theft from Mt. Gox exchange of US$460 million, which caused the exchange to collapse in 2014. But in 2022 this dubious honor passed to Sky Mavis, developer of the popular play-to-earn game Axie Infinity. The attackers compromised the Ronin Bridge system, which handles the interaction between in-game tokens and the Ethereum network, which led to the theft of ether and USDC worth, according to various estimates, US$540–650 million. Without delving into the details of the blockchain bridge hack, the attackers compromised five of the nine validator nodes for verifying Ronin transactions and used them to sign their transfers. Apparently, the network was infiltrated through a combination of malware and legitimate but outdated access credentials that had not been revoked in time. The hackers also hoped to earn even more from the collapse in the market capitalization of the target companies, but the hack was noticed just a week later, and their attempt at short selling failed. 3. The most persistent Damage: unknown Method: fake Chrome extension The attacks, carried out by the BlueNoroff group and detected by us in 2022, were aimed primarily at FinTech companies working with cryptocurrency. In this series of attacks, the hackers penetrated the internal networks of the target companies using phishing emails seemingly from venture capital funds. When the victim opened the malicious email attachment, a Trojan installed itself on the computer allowing the attackers to steal information and install additional malware. If the companys emails were of interest to them, the hackers remained in its network for months. Meanwhile, the crypto theft itself was carried out using a modified Chrome extension called Metamask. By installing their version of Metamask instead of the official one, the cybercriminals were able to observe and modify the victims legitimate cryptocurrency transactions; even the use of a hardware cryptowallet in this case didnt provide sufficient protection. 4. The most obscure Damage: US$35 000 000 Method: unknown On June 2, 2023, attackers targeted the decentralized Atomic Wallet, debiting tokens from the victim. This is the most recent example at the time of posting. The developers confirmed the hack, but have yet to figure out how it was done. Atomic Wallet prides itself on the fact that neither passwords nor private keys are stored on its servers, so the attack must be linked to what takes place on users computers. Cryptocurrency tracking experts say the laundering methods used resemble the modus operandi of the Lazarus group. If it is Lazarus, its most likely an attack either through a fake Trojanized version of Atomic Wallet (similar to the attack on DeFi), or on the developers themselves with a Trojan in the official application. 5. The most cinematic Damage: US$4 000 000 Method: face-to-face meeting To steal cryptocurrencies, some cybercriminals set up Catch Me If You Can-style scams. The targets — companies looking for investors — are approached by investment funds to discuss a potentially large investment in the business. After a few phone calls and emails, face-to-face meetings are scheduled at a luxury hotel with the victims — startup CEOs. There, all legal and financial matters are discussed at length, after which, under a convenient pretext, the conversation turns to investments and cryptocurrency fees. As a result, the scammers sneak a peek on the victims seed phrase or briefly get hold of their cryptowallet, emptying it of all funds. In one case, the victims were hustled for US$4 million; in another, described in detail, for US$206 000. 6. The most elegant Damage: unknown Method: fake letters and wallets This one sounds like a plot for a detective novel: cybercriminals sent paper letters to buyers of Ledger hardware wallets. To get the mailing list, they either hacked into an unnamed third party (likely a Ledger contractor) or capitalized on an earlier user-data leak. The letter informed the recipient that, due to security issues, their Ledger Nano X hardware wallet had to be replaced — and a free replacement wallet under warranty was handily attached to the letter. In fact, the enclosed box contained a malware-infected flash drive disguised as a Nano X. On first startup, the program asked the victim to perform a key import and enter their secret seed phrase to restore access to the wallet — with obvious consequences. Many recipients, however, didnt fall for the ruse: despite the convincing packaging, the letter itself contained a number of spelling mistakes. Vigilance pays dividends! 7. The most inconspicuous Damage: unknown Method: malware Among the most inconspicuous are address-substitution attacks, usually carried out with the help of clipboard-injector malware. After infecting the victims computer, the malware silently monitors the clipboard for cryptowallet addresses: when one arrives, malware replaces it with the address of the attackers wallet. So, by simply copying and pasting addresses during transfers, cybercriminals can easily direct funds their way. 8. The most hurtful Damage: US$15 000 Method: love letters Romantic scams remain one of the most common ways to deceive private crypto investors. Lets take a look at a specific example. Kevin Kok had years of crypto experience, yet even he was hoodwinked by a blossoming romance. Having met a woman on a dating site, he chatted with her for several months, during which time the topic of investments never arose. Then, she suddenly shared information from friends about a handy new app for crypto investments. She was having trouble figuring it out and asked for help so she could deposit her own (!) money there. Kevin, of course, offered to help. Convinced that the app was working fine, he saw his new flames assets rise in value. So he decided to invest his own money and smiled at the high rate of return. Kevin became suspicious only when the woman suddenly disappeared from all messenger apps and stopped replying to his messages. And it was then he discovered it wasnt possible to withdraw funds from the investment system. How to stay safe? Weve already given detailed recommendations for crypto investors, so here well repeat just two: treat all crypto-related offers, emails, letters and innocent questions with maximum suspicion, and always use security software tailored for crypto investments on all relevant devices. And we certainly recommend a Kaspersky Premium subscription for one or more devices, the price of which is a drop in the ocean compared to the potential damage from just one successful scam. Premium includes special tools to protect your crypto investments: Protection against cryptocurrency fraud and unauthorized mining Additional protection for banking apps and financial transactions Anti-phishing Special anti-keylogger protection for password input windows Detection of remote access to the computer Password manager and secure storage for sensitive data Real-time antivirus with application behavior control Warnings about potentially dangerous applications Automatic search for outdated versions of applications and updates from official sources

 Threat Actors

Security experts came across a new campaign—from late 2022 to early 2023—by the Chinese state-sponsored threat group APT15, which used a novel backdoor called Graphican that possesses several capabilities. Symantec has published the IOCs for a better understanding of the threat to protect against it. 

 Malware and Vulnerabilities

The North Korean APT37 (aka ScarCruft and RedEyes) group was found using a new info-stealer with wiretapping features, named FadeStealer, along with a backdoor written in GoLang that abuses the Ably platform. Apart from the ability to listen to private conversations of victims, the malware can steal a wide variety of information from Windows systems.

 Expert Blogs and Opinion

Open source is key to the success of cloud-native security as it facilitates collaboration amongst developers, architects, and users, brings strength in numbers, and allows for diverse innovation.

 Govt., Critical Infrastructure

The project is expected to feature a reference design and an implementation guide addressing four main cybersecurity challenges across the water and wastewater sector, namely asset management, data integrity, remote access, and network segmentation.

 Incident Response, Learnings

A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals.

 Incident Response, Learnings

The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws.

 Breaches and Incidents

The Russian APT28 group has launched a spear-phishing campaign that has affected a regional prosecutor's office, an undisclosed executive authority, a military aviation company, and other government entities in Ukraine. It is suggested that users update the vulnerable Roundcube webmail servers to its latest version.

 Malware and Vulnerabilities

"A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service," Fortinet stated.

 Breaches and Incidents

A third-party vendor lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the Russian Cl0p ransomware gang, according to the Fortune 500 insurer.

 Security Culture

By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.

 Incident Response, Learnings

Fallout for Progress Software continues over a massive data breach that appears to have affected hundreds of private and public sector organizations that use its MOVEit file transfer software.

 Malware and Vulnerabilities

The botnet has been observed targeting IoT devices, routers, DVRs, access control systems, and Solar power generation monitoring systems from brands such as D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek.

 Trends, Reports, Analysis

Out of the 156 threats identified in drone control systems, the top 50 fall into four categories — namely reporting falsified data, denying access to real-time data, impersonation of UAS and its operator, and tempering with telemetry data.

 Feed

Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while   show more ...

the issue in CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.

 Feed

Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.

 Feed

Red Hat Security Advisory 2023-3612-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. Issues addressed include a denial of service vulnerability.

 Feed

Debian Linux Security Advisory 5435-2 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.

 Feed

This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload.

 Feed

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

 Feed

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat   show more ...

OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

 Feed

Ubuntu Security Notice 6188-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.

 Feed

Ubuntu Security Notice 6184-1 - It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or possibly obtain sensitive information.

 Feed

Ubuntu Security Notice 6187-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service.

 Feed

Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2023-3776-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

 Feed

Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary   show more ...

code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

 Feed

Ubuntu Security Notice 6185-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

 Feed

The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition." BlackLotus is an advanced 

 Feed

Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.

 Feed

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor.  With

 Feed

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint 

 Feed

A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates,"

2023-06
THU
FRI
SAT
SUN
MON
TUE
WED
JuneJulyAugust