Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Malware and Vulnerabilities

Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware.

 Malware and Vulnerabilities

Martin Schobert at Swiss security firm Pentagrid discovered that an attacker could input a series of six consecutive dashes (------) in place of a booking reference number and the terminal would return an extensive list of room details.

 Feed

ZenML allows for remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. This is the proof of concept exploit. All ZenML versions below 0.46.7 are vulnerable, with the exception being patched versions 0.44.4, 0.43.1, and 0.42.2.

 Feed

Red Hat Security Advisory 2024-1688-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, denial of service, privilege escalation, and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1687-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, denial of service, privilege escalation, and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1683-03 - Red Hat OpenShift Container Platform release 4.13.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-1681-03 - Red Hat OpenShift Container Platform release 4.14.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-1679-03 - Red Hat OpenShift Container Platform release 4.12.55 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-1668-03 - Red Hat OpenShift Container Platform release 4.15.8 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka

 Feed

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email

 Feed

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve

 Feed

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure

 Feed

Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 A leading UK provider of veterinary services this morning revealed that a major cyber-incident has caused “considerable operational disruption” at the firm. CVS Group runs hundreds of vet practices as well as a handful of laboratories and crematoria across   show more ...

the UK, Australia, the Netherlands and the Republic of Ireland, employing […] La entrada Veterinary Giant CVS Reveals Major Cyber-Attack – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber security

Source: securityboulevard.com – Author: Tom Eston Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer   show more ...

account passcodes, along with personal information, were compromised due to a leak discovered by […] La entrada Massive AT&T Data Leak, The Danger of Thread Hijacking – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI.   April 07, 2024 •  Dan Lohrmann Adobe   show more ...

Stock/KHUNKORN A few weeks back I was reading LinkedIn […] La entrada Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 articles

Source: securityboulevard.com – Author: Ofir Stein Maintaining a strong security posture is crucial in today’s digital landscape, and it begins with users. Trusting users with access to sensitive data and company assets is a web of complexity, and one bad apple or security gap can knock all the dominos down.   show more ...

  In fact, Verizon’s 2023 Data […] La entrada 9 Best Practices for Using AWS Access Analyzer – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: NSFOCUS Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions   show more ...

are met, an attacker can use this vulnerability to bypass SSH authentication and […] La entrada XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Mayank Parmar Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. Additionally, it brings a big change to Microsoft Teams, letting you use a single app for both your work and personal accounts.   show more ...

However, that is not all that is coming, and […] La entrada The new features coming in Windows 11 24H2, expected this fall – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks. Home Depot is the largest home improvement   show more ...

retailer, with more than 2,300 stores in North […] La entrada Home Depot confirms third-party data breach exposed employee info – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Microsoft is now using a Windows driver to prevent users from changing the configured Windows 10 and Windows 11 default browser through software or by manually modifying the Registry. Windows users can still change their default browser through the   show more ...

Windows settings. However, those who utilized software to make the […] La entrada New Windows driver blocks software from changing default web browser – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Apr 08, 2024NewsroomInvestment Scam / Mobile Security Google has filed a lawsuit against two app developers for engaging in an “international online consumer investment fraud scheme” that tricked users into downloading bogus Android apps from the Google   show more ...

Play Store and other sources and stealing their funds under the guise of […] La entrada Google Sues App Developers Over Fake Crypto Investment App Scam – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Milica D. Djekic The mechatronics systems are a common part of the industrial control systems (ICS) or – in other words – these two assets serve in many control engineering applications. The mechatronics systems exist many years back and they are   show more ...

only the phase in a development of […] La entrada The Case Study: The Exploitation of Mechatronics Systems – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Irina Shi via Shutterstock The sophisticated threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East. Cybersecurity   show more ...

services firm Resecurity analyzed technical details of multiple incidents involving the […] La entrada Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I’ve written before about how much I despise them. The trouble for   show more ...

AT&T (in […] La entrada Weekly Update 394 – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Ironclad compliance through the Zero Trust innovation mindset By Roy Kikuchi, Director of Strategic Alliances at Safous, Internet Initiative Japan (IIJ) Inc. Regulatory requirements like GDPR, CCPA, and data residency have become an increasingly daunting   show more ...

challenge for organizations in today’s digital landscape. Compliance and regulations teams now face a […] La entrada Zero Trust Access: The Transformative Blueprint for Achieving Regulatory Compliance – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Preparing Cybersecurity for a New Era By Sercan Okur, VP of Technology, NextRay In contrast to my previous pieces, I intend to commence this piece with a hypothetical calamitous situation. Suppose that in the year 2030, a significant global incident   show more ...

occurs, showcasing the capricious and devastating potential of quantum […] La entrada The Quantum Shift – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-04
Aggregator history
Monday, April 08
MON
TUE
WED
THU
FRI
SAT
SUN
AprilMayJune