Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Researchers Identify ...

 Cybersecurity News

GitHub repositories have become a crucial part of modern software development, allowing teams to collaborate, build, and deploy code. However, a critical vulnerability has been discovered in the way GitHub Actions artifacts are handled that poses a significant threat to the security of these repositories. This attack   show more ...

vector can lead to high-level access to cloud environments, compromising sensitive data and potentially affecting millions of consumers. Many organizations, including some of the biggest in the world such as Red Hat, Google, AWS, Canonical (Ubuntu), Microsoft, OWASP and others, were discovered to be vulnerable to this attack. GitHub Actions Artifacts Could Reveal Authentication Secrets GitHub Actions workflows frequently use secrets to interact with cloud services and GitHub itself. These secrets include the ephemeral GITHUB_TOKEN, which is used to perform actions against the repository. However, when workflows are run, artifacts are generated and stored for up to 90 days. In open-source projects, these artifacts are publicly available for anyone to consume. Researchers from Unit 42 Palo Alto Networks found this to be a straightforward method for identifying potential security risks. [caption id="attachment_86867" align="alignnone" width="1369"] Source: https://unit42.paloaltonetworks.com[/caption] An automated process was created to download and scan artifacts from popular open-source projects, revealing working tokens for various cloud services and GitHub tokens. These tokens were not part of the repository code but were found in repository-produced artifacts. The most common mistake that led to the exposure of GitHub tokens was the default behavior of the actions/checkout GitHub action, which persists credentials and writes the GITHUB_TOKEN to the local git directory. Another common mistake was the use of super-linter, a widely used open-source code linter, which logs environment variables, including GitHub tokens, in its log file. These logs are often uploaded as build artifacts, exposing sensitive tokens. The vulnerability had been disclosed to the maintainers of super-linter, with the issue receiving an official fix. Abusing Leaked GitHub Tokens While GITHUB_TOKENs are ephemeral and expire when the job ends, ACTIONS_RUNTIME_TOKENs, which are JWTs with a six-hour expiration, can be used to manage cache and artifacts. An automated process was created to download an artifact, extract the ACTIONS_RUNTIME_TOKEN, and use it to replace the artifact with a malicious one. Subsequent workflow jobs often rely on previously uploaded artifacts, creating a vulnerability to remote code execution (RCE) on the runner that runs the job consuming the malicious artifact. The discovery of this vulnerability has led to a significant update in GitHub's artifacts feature, allowing for the download of artifacts from the UI or API while the workflow run is in progress. This change has the potential to mitigate this threat, but it is essential for developers to be aware of the potential risks and take steps to secure their GitHub repositories. The research focuses on the critical importance of maintaining a high level of credential hygiene in CI/CD environments, as in the case of GitHub's deprecation of Artifacts V3. The researchers recommend reducing Github workflow permissions of runner tokens according to least privilege principles and regular review of the artifact creation in enterprise CI/CD pipelines. Organizations can study the potential impact of insecure usage of GitHub Actions artifacts to take the necessary steps to secure their software development pipelines and protect their customers from the consequences of such vulnerabilities.

image for Russian National Rec ...

 Cybersecurity News

Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for his role as a prolific vendor of stolen financial information, login credentials, and other personally identifiable information (PII) on the criminal internet marketplace Slilpp. Kavzharadze, also known as   show more ...

"George" and by his online monikers "TeRorPP," "Torqovec," and "PlutuSS," pleaded guilty to conspiracy to commit bank fraud and wire fraud in February 2024. A Brief History of Slilpp and the Investigation Slilpp, an online marketplace for stolen login credentials, had been operating since 2012, selling usernames and passwords for various online accounts, including bank accounts, online payment accounts, and mobile phone accounts. The platform allowed vendors to sell and customers to buy stolen login credentials, facilitating unauthorized transactions worth millions of dollars. In June 2021, the FBI, in collaboration with international law enforcement partners, conducted a coordinated operation to disrupt the Slilpp marketplace. During this operation, the FBI seized the platform's infrastructure and domain names, effectively dismantling the operation. The database of the marketplace contained a wealth of information about vendors, customers, and transactions, including subscriber and payment details. Kavzharadze's Involvement in Slilpp The coordinated efforts of law enforcement agencies, both domestic and international, have successfully disrupted the Slilpp marketplace and held Kavzharadze accountable for his role in this extensive fraud scheme. Kavzharadze, using the alias "TeRorPP," listed over 626,100 stolen login credentials for sale on Slilpp between 2016 and 2021, selling more than 297,300 of them. His activities were linked to over $1.2 million in fraudulent transactions. The login credentials included access to accounts with banks in New York, California, Nevada, and Georgia, and were sold for Bitcoin. An FBI analysis connected Kavzharadze to withdrawals of over $200,000 in Slilpp profits from his Bitcoin account. On August 24, 2021, Kavzharadze was charged with conspiracy to commit bank fraud and wire fraud, bank fraud, access device fraud, and aggravated identity theft. He was subsequently extradited to the United States, and his initial appearance occurred on May 18, 2022, in U.S. District Court. Kavzharadze has been detained since his extradition to the United States. Kavzharadze was charged with conspiracy to commit bank fraud and wire fraud, bank fraud, access device fraud, and aggravated identity theft in August 2021. He was extradited to the United States and has been detained since his initial appearance in U.S. District Court in May 2022. On top of his prison sentence, Judge Colleen Kollar-Kotelly ordered Kavzharadze to pay $1,233,521.47 in restitution. This conviction serves as a significant blow to the dark web's cybercrime ecosystem and demonstrates the U.S. Department of Justice's commitment to combating online threats to financial security.

image for Highly-Personalized ...

 Cybersecurity News

A widespread and highly-personalized spear phishing campaign has been targeting non-governmental organizations, media, individuals, and government personnel in the West and Russia. This campaign, attributed to the Russian Federal Security Service (FSB) through the threat actor COLDRIVER, employs personalized and   show more ...

highly-plausible social engineering tactics to gain access to online accounts. COLDRIVER Campaign Targeted Russian Dissidents The targets of this phishing campaign span a range of communities, from prominent Russian opposition figures living in exile to staff at nongovernmental organizations in the U.S. and Europe, as well as funders and media organizations. A common thread is a focus on Russia, Ukraine or Belarus. Some targets still reside and work within Russia, placing them at considerable risk. The investigators at Citizen Lab as well as its partners have chosen to withhold the names of most targets to protect their privacy and safety. The investigators found the level of personalization in these communications striking, as the level of intimacy expressed suggested the attackers have a deep understanding of their targets' work and networks. In some cases, the attackers had followed up with targets who failed to enter their credentials. One notable target was identified as Polina Machold, the publisher of Proekt Media, a Russian investigative news outlet. The attackers impersonated an individual known to Machold in an attempt to compromise her account. Proekt is known for its high-profile reporting on corruption and abuses of power within the Russian government. The investigators had also observed targeting of former U.S. officials and academics in the think tank and policy space, such as former U.S. Ambassador to Ukraine Steven Pifer, who was approached by an attacker impersonating a fellow former ambassador. COLDRIVER Attack Flow The typical attack flow involves the following steps: The threat actor initiates an email exchange with the target, masquerading as someone known to them. The target is asked to review a document, often with a PDF file containing a phishing link. If the target clicks on the link, their browser fetches JavaScript code from the attacker's server, which computes a fingerprint of the target's system and submits it to the server. The server may show a CAPTCHA to the user prior to redirecting them to a phishing page designed to look like a legitimate login page for the target's email service. If the target enters their password and two-factor code, the attacker uses the credentials to access the target's email account. Extensive Infrastructure and Overlaps The investigation revealed that the attackers had leveraged a network of first-stage domains, often registered through Hostinger and hosted on shared servers with rotating IP addresses, making the campaign more difficult to track and block. The malicious PDFs used in this campaign share consistent characteristics, including the formatting and placement of the phishing link, the PDF metadata, and the use of fake English-language author names. These overlaps suggest the use of automated tools or name lists in the generation of these documents. The investigators shared the following recommendations to protect against this highly-personalized campaign: Be cautious of personalized and urgent emails, verify sender information, and use strong passwords and two-factor authentication to protect online accounts. Be wary of PDFs with embedded links, especially if they are from unknown senders, and avoid clicking on suspicious links. Implement robust security measures, such as email filtering and antivirus software, and regularly update systems and software with the latest security patches. Additionally, train employees on phishing awareness and monitor account activity to detect and report any suspicious activity.

image for Cloud Extortion Camp ...

 Cybersecurity News

Researchers have uncovered an extortion campaign that targeted more than 100,000 domains by using misconfigured AWS environment variable files (.env files) to ransom data in cloud storage containers. The sophisticated cloud extortion campaign used automation techniques and extensive knowledge of cloud architecture to   show more ...

increase the speed and success of the campaign, underscoring the need for cloud security best practices such as robust authentication and access controls, data encryption, secure configuration management, and monitoring and logging. Multiple Security Failures Fueled AWS Cloud Extortion Campaign The researchers, from Palo Alto Networks’ Unit 42, said the attackers were able to leverage .env files that contained sensitive information such as credentials from numerous applications because of multiple security failures on the part of cloud users. These include: Exposed environment variables Use of long-lived credentials Absence of a least privilege architecture The attack campaign set up its infrastructure within organizations’ AWS environments and “used that groundwork to scan more than 230 million unique targets for sensitive information,” the researchers wrote. The campaign targeted 110,000 domains, resulting in more than 90,000 unique variables in the .env files. Of those variables, 7,000 belonged to organizations' cloud services and 1,500 variables were traced back to social media accounts. Attackers used multiple networks and tools in their operation, such as virtual private server (VPS) endpoints, the onion router (Tor) network for reconnaissance and initial access operations, and VPNs for lateral movement and data exfiltration. Attackers successfully ransomed data hosted within cloud storage containers, the researchers said. They didn’t encrypt the data before ransom, but instead exfiltrated it and placed a ransom note in the compromised container (example below). [caption id="attachment_86909" align="aligncenter" width="625"] AWS S3 ransom note (Unit 42)[/caption] “The attackers behind this campaign likely leveraged extensive automation techniques to operate successfully and rapidly,” the researchers said. “This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.” They emphasized that the attack “relied on misconfigurations in victim organizations that inadvertently exposed their .env files. It did not result from vulnerabilities or misconfigurations in cloud providers’ services.” It’s not clear where the threat actors were located or if they were affiliated with any known threat groups, but the researchers found one ISP IP address geolocated in Ukraine that was part of early-stage privilege escalation activity, and a second ISP IP address that was geolocated in Morocco and was associated with S3 access and exfiltration. “Based on the user-agents and time between API calls, we determined the threat actor manually performed these access operations, which leaked the threat actor's possible physical location,” they wrote. Initial Access Came From Leaked AWS IAM Credentials Environment files let users define configuration variables used within applications and platforms, and often contain secrets such as hard-coded cloud access keys, SaaS API keys and database login information, which the threat actors used for initial access. “The attack pattern of scanning the internet for domains and exploiting credentials obtained from exposed environment variable files follows a larger pattern we believe propagates through other compromised AWS environments,” the researchers said. The threat actors were able to obtain exposed AWS Identity and Access Management (IAM) access keys by scanning and identifying exposed .env files hosted on unsecured web applications. “We continue to see a growing trend of attackers targeting cloud IAM credentials leading to initial access of organizations’ cloud environments,” they wrote. “The most common initial access vectors for this particular threat originate from organizations inadvertently misconfiguring servers, subsequently exposing sensitive files to the public internet, with the most frequently exposed files being .env files.” While the IAM credentials did not have administrator access to all cloud resources, the attackers discovered that the IAM role used for initial access “did have the permissions to both create new IAM roles and attach IAM policies to existing roles. Using these capabilities, the attacker successfully escalated their privileges within victim cloud environments by creating new IAM resources with unlimited access.” From there, the attackers were able to create new AWS Lambda functions for their automated scanning operation.

image for 5,000 AI-Controlled ...

 Cybersecurity News

Researchers have uncovered a network of at least 5,000 fake X (formerly Twitter) accounts that appear to be controlled by AI in a disinformation campaign linked to China – and the activity appears to be heating up as the U.S. election approaches. The X disinformation network, dubbed “Green Cicada” by   show more ...

researchers, “primarily engages with divisive U.S. political issues and may plausibly be staged to interfere in the upcoming presidential election.” The network has also amplified divisive political issues in other democracies, including Australia, western Europe, India, Japan and other democratic countries. The finding is the latest example of attempted interference in the U.S. presidential election, which just this month has seen reports of increasing activity by Iran, a warning from the FBI and CISA about potential DDoS attacks, and a hack of the campaign of former President Donald Trump that resulted in stolen documents that U.S. media has yet to publish, a sharp departure of the media’s treatment of the 2016 Hillary Clinton campaign after the Democratic National Committee was hacked by Russia-linked actors. X Disinformation Network Linked To China The researchers, from CyberCX, said the network is “almost certainly controlled in concert by an artificial intelligence (AI) Large Language Model (LLM) based system. ... We assess that the system controlling the network is likely to be an information operation capability in a development or experimental state, based on inferred system architecture and patterns in malformed outputs. We assess the system is designed, at least in part, to 'launder' politically divisive narratives by rewording organic content as new posts and replies and to amplify organic divisive content on X through engagement.” The researchers said the network is unlikely to be very effective in its current state, but they added that it “is plausible that the network operators are preparing to increase activities in the lead up to the U.S. presidential election.” Most accounts on the network are currently dormant, but activity increased sharply in July. The network has been rectifying operational errors over time - including reducing malformed outputs - which could make its activities more effective and harder to detect over time. The network uses a Chinese-language LLM system and links to an AI researcher affiliated with Tsinghua University and Zhipu AI, a prominent Chinese AI company. So far the actors haven’t had specific political leanings, but instead have focused on amplification of divisive content, “consistent with China’s information operation playbook,” the researchers said. [caption id="attachment_86899" align="aligncenter" width="550"] Disinformation accounts on X amplifying content across the political spectrum (CyberCX)[/caption] X’s Disinformation Controls Found Inadequate The researchers said their findings “indicate that X has become a more permissive platform for information operations. ... Our findings also indicate key gaps in X’s willingness and ability to detect inauthentic content. While we have observed X taking sporadic action against Green Cicada Network accounts during our period of monitoring, we have observed a failure to take systemic action against overtly linked accounts. “We note that X has reversed initiatives put in place by Twitter to combat inauthentic activity, including efforts to detect, label and/or ban inauthentic accounts.” The researchers said the network is a sign of things to come, with generative AI able to produce “a significant scale of malicious output with limited human oversight, at low cost and with low barriers to entry. It is possible that the system underpinning the network is operated by high-end consumer-grade hardware and is developed by just one individual. “We assess that a more mature, future version of the system underlying the Green Cicada Network would be extremely difficult for parties other than X to detect.”

image for How deepfakes threat ...

 Technology

While humanity is trying to figure out how to recoup the hundreds of billions of dollars invested in generative AI, cybercriminals are already adopting the technology. For example, theyve discovered that AI can be used to create virtual money mules — dummy accounts used to transfer stolen funds. Deepfakes allow   show more ...

criminals to successfully bypass customer identity verification (KYC, Know Your Customer) procedures used by financial institutions, thereby eliminating the need for living accomplices. Lets delve into the details. What is KYC? The KYC procedure is a financial-sector practice for verifying a customers identity thats used to combat various illegal financial activities — including fraud, money laundering, tax evasion, financing terrorism, and more. More specifically, KYC often refers to biometric identity verification systems in fully remote services — that is, when a customer signs up online without any personal contact with employees of the financial institution. Typically, this procedure requires the customer to upload photos of their documents and take a selfie, often holding the documents. An additional security measure has also recently become popular: the customer is asked to turn on their smartphone camera and turn their head in different directions, following instructions. This method is sometimes also used to verify transactions, but its generally designed to protect against authentication using static photos that might have been stolen somehow. The problem is that criminals have already figured out how to bypass this protection: they use deepfakes. AI tools for fraud Not long ago, experts from the deepfake detection startup, Sensity, released an annual report describing some of the most common ways that cybercriminals maliciously use AI-generated content. In this report, the experts publish the total number of AI content creation tools worldwide. They counted 10,206 tools for image generation, 2298 tools for replacing faces in videos and creating digital avatars, and 1018 tools for generating or cloning voices. The report also highlights the number of specialized utilities designed specifically to bypass KYC: they counted as many as 47 such tools. These tools allow cybercriminals to create digital clones that successfully pass customer identity verification. As a result, fraudsters can remotely open accounts in financial institutions — banks, cryptocurrency exchanges, payment systems, and more. Deepfakes are used to bypass KYC procedures worldwide (regions where these attacks occur most frequently are highlighted in red on the map). Source These accounts are later used for various criminal activities — mainly for direct financial fraud, as well as laundering profits from illegal operations. Digital clone store Recently, 404 Media reported on an underground website selling photos and videos of people for bypassing KYC. According to the journalists, traders of digital duplicates have entire collections of such content. They find volunteers in disadvantaged countries and pay them relatively small amounts ($5-$20) for the footage. The resulting content is then sold to anyone interested. The collections are quite extensive and include people of different ages, genders, and ethnicities. The sites services are fairly inexpensive: for example, the journalists purchased a set for only $30. The sets include photos and videos in different clothing, as well as images with a white card and a blank sheet of paper in hand, which can be replaced with an ID or some other document. An online store for scammers, selling photo and video content to bypass KYC. Source The service is extremely customer-oriented. The website has reviews from grateful buyers, and even features a special mark for those photos and videos that have been purchased the least number of times. Such fresh clones are more likely to successfully pass anti-fraud system checks. In addition to ready-made digital identities, the sites administrators offer exclusive content sets created individually for the buyer — on demand and probably for more serious money. AI-generated fake documents Journalists from the same media also discovered a website specializing in selling realistic photos of fake documents created using AI. A fake photo of a drivers license, supposedly belonging to a California resident. Source According to an expert from a company that deals with such fraud, some services of this kind sell ready-to-use sets that include both fake documents and photos and videos of their fake owners. Thus, AI tools and such content collections make the work of fraudsters much easier. Just a few years ago, money mules — real people who directly handled dirty money, opened accounts and made transfers or cash withdrawals — were the weakest link in criminal operations. Now, such physical mules are rapidly becoming unnecessary. Criminals no longer need to interact with unreliable flesh bags who are vulnerable to law enforcement. Its just a matter of creating a certain number of digital clones for the same purposes and then targeting those financial services that allow you to open accounts and conduct transactions completely remotely. So whats next? In the future, the ease of bypassing current KYC procedures will likely lead to two consequences. On the one hand, financial organizations will introduce additional mechanisms for verifying photos and videos provided by remote customers based on detecting signs of AI forgeries. On the other hand, regulators will likely tighten requirements for fully remote financial operations. So its quite possible that the simplicity and convenience of online financial services, which weve already become accustomed to, will be threatened by artificial intelligence. Unfortunately, the problem doesnt end there. As noted by experts, the widespread availability of AI tools for generating photo, video, and audio content fundamentally undermines trust in digital interactions between people. The higher the quality of AI creations, the harder it becomes to believe what we see on our smartphones and computers.

image for Transatlantic Cable ...

 News

Episode 359 kicks off with discussion around the recent riots in the U.K. and how the UK government is looking to leverage facial recognition to combat trouble makers. From there, the team discuss a strange story concerning how police forces in the U.S were able to locate a criminal via a lock-screen picture left at   show more ...

the scene of a crime. To wrap up the team discuss news that artificial intelligence is being leveraged to help find the next Olympians – however, results may vary. If you liked what you heard, please consider subscribing. Keir Starmer says facial recognition tech is the answer to far-right riots Cops Used Facial Recognition on Lost iPhone Lock Screen to Find Post Office Robbers The AI tech aiming to identify future Olympians

 Threat Intel & Info Sharing

South Korea's ruling party, the People Power Party (PPP), has reported that hackers from North Korea have stolen important technical data related to the country's main battle tank, the K2, as well as its spy planes known as "Baekdu" and "Geumgang."

 Identity Theft, Fraud, Scams

Rapid7 identified multiple intrusion attempts by threat actors utilizing social engineering tactics on June 20, 2024. The threat actors use email bombs followed by calls to offer fake solutions, with recent incidents involving Microsoft Teams calls.

 Incident Response, Learnings

The FBI is investigating a suspected hack of the Trump campaign, following accusations of Iranian involvement. The Trump campaign blames foreign sources and cited a Microsoft report linking Iranian hackers to covert efforts to influence the election.

 Malware and Vulnerabilities

A new vulnerability has been discovered in Microsoft Outlook by security researchers, labeled as CVE-2024-38173 with a CVSS score of 6.7. This Form Injection RCE flaw is similar to a previous vulnerability, CVE-2024-30103, patched in July 2024.

 Malware and Vulnerabilities

SolarWinds is advising customers to upgrade their Web Help Desk platform due to a critical vulnerability, CVE-2024-28986, discovered by Inmarsat Government researchers. The bug allows for remote code execution through Java deserialization.

 Malware and Vulnerabilities

The attacks, detected on June 20, 2024, show threat actors using various tools like AnyDesk and AntiSpam.exe to harvest credentials. They also deploy payloads like Golang HTTP beacons and Socks proxy beacons.

 Feed

Debian Linux Security Advisory 5749-1 - Chris Williams discovered a flaw in the handling of mounts for persistent directories in Flatpak, an application deployment framework for desktop apps. A malicious or compromised Flatpak app using persistent directories could take advantage of this flaw to access files outside of the sandbox.

 Feed

LG Simple Editor versions 3.21.0 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITYSYSTEM.

 Feed

This Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server.

 Feed

Ubuntu Security Notice 6961-1 - It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause a denial of service, or execute   show more ...

arbitrary code. It was discovered that BusyBox incorrectly managed memory when evaluating certain awk expressions. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS.

 Feed

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared   show more ...

library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

 Feed

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

 Feed

Red Hat Security Advisory 2024-5418-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-5411-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Red Hat Security Advisory 2024-5410-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Ubuntu Security Notice 6960-1 - Nick Browning discovered that RMagick incorrectly handled memory under certain operations. An attacker could possibly use this issue to cause a denial of service through memory exhaustion.

 Feed

Red Hat Security Advisory 2024-5406-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Red Hat Security Advisory 2024-5405-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Red Hat Security Advisory 2024-5396-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include out of bounds read and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5395-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include out of bounds read and use-after-free vulnerabilities.

 Feed

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.

 Feed

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,

 Feed

A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524. "Actor240524 possesses the ability to steal secrets

 Feed

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an

 Feed

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help

 Feed

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in

 Feed

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability

2024-08
Aggregator history
Thursday, August 15
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober