Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

The latest episode of the Transatlantic Cable kicks off with talk around the crypto-exchange, JPEX and how theyre being investigated by local authorities. From there, discussion turns to an AI enabled backpack from Microsoft (yes, really), Spotify refusing to ban A.I generated music and fake celebrity nudes are being   show more ...

used to promote a popular shopping site. If you liked what you heard, please consider subscribing. Hong Kong investigates influencer-backed crypto exchange Microsoft patents bizarre AI-powered backpack Spotify will not ban AI-made music, says boss Fake celebrity photo leak videos flood TikTok with Temu referral codes

 Identity Theft, Fraud, Scams

A spearphishing campaign targeting management teams associated with an Azerbaijanian company exploits the conflict between Azerbaijan and Armenia, using malware disguised as an infected memo to gather basic computer information from its targets.

 Malware and Vulnerabilities

The vulnerabilities in Firefox include out-of-bounds write issues, memory leaks, use-after-free conditions, and memory corruption, which could potentially allow attackers to execute arbitrary code or cause crashes.

 Malware and Vulnerabilities

The leaked data from Snatch's victim shaming site reveals that the group's darknet site attracts a significant number of visitors from Russia, potentially indicating their source of victims.

 Malware and Vulnerabilities

While some of these vulnerabilities can be exploited remotely by getting the targeted user to access a specially crafted website, a majority require the presence of a malicious app on the targeted device.

 Malware and Vulnerabilities

Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues.

 Malware and Vulnerabilities

Threat actors meticulously fabricated commit messages to mimic Dependabot's automated contributions to mask the malevolent activities they were indulging in. Between July 8 and July 11, an unidentified threat actor began compromising a multitude of GitHub repositories, affecting both public and private sectors,   show more ...

with a significant number of victims originating from Indonesia. The attackers skillfully manipulated commit messages, leading developers to believe that the real Dependabot had made these contributions.

 Feed

Red Hat Security Advisory 2023-5396-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Ubuntu Security Notice 6369-2 - USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote   show more ...

attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6400-1 - It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information.

 Feed

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

 Feed

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

 Feed

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of

 Feed

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle

 Feed

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team,

 Feed

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code

 Data loss

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

2023-09
Aggregator history
Thursday, September 28
FRI
SAT
SUN
MON
TUE
WED
THU
SeptemberOctoberNovember