Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Announcing new EDR c ...

 Threat Lab

Introducing key EDR functionality In today’s rapidly evolving cyber landscape, staying ahead of threats requires not just robust defenses, but also smart, efficient tools that empower defenders without overburdening them. Webroot by OpenText recognizes the vital role that endpoint detection and response (EDR)   show more ...

capabilities play in a comprehensive cybersecurity strategy. As we continue our EDR journey, we’re excited to announce critical capabilities tailored to the understaffed, overworked, and overstressed human SMB defender. And guess what? These capabilities are included at no extra cost to all Webroot Endpoint Protection customers! Empowering human defenders Webroot is committed to providing the essential tools that significantly bolster your cybersecurity posture. These tools are designed to protect and empower defenders with actionable insights and flexible response options. By continuously innovating and refining our offerings, we ensure that you are equipped with the essential capabilities to protect your environment. Our new features include: Device Isolation: In the event of a threat, it’s crucial to prevent its spread across the network. Our Device Isolation feature allows you to swiftly isolate affected devices, halting the advance of malware while preserving essential communications. This capability is key to rapid threat containment and investigation, safeguarding your network’s integrity. Process Tree Visualization: Understanding the ‘how’ and ‘where’ of a threat is pivotal for effective cybersecurity. With Process Tree Visualization, defenders gain insights into device-level processes, enabling you to trace the origins and pathways of processes, providing a clear view of potential threats. Why these features matter These lightweight, yet powerful enhancements to your security toolkit are essential components that have the potential to aid in fulfilling cyber-insurance requirements. These new capabilities represent Webroot’s commitment to delivering solutions that protect without imposing unnecessary complexity or slowing down your operations. Focusing on Device Isolation and Process Tree Visualization as our initial EDR features was a deliberate choice. These capabilities are: Impactful: They provide meaningful security enhancements that directly contribute to defending against and mitigating cyber threats. Accessible: Designed with SMB network defenders in mind, they ensure that adopting and leveraging advanced security features doesn’t require extensive training or resources. Relevant: These features can help support core requirements of cyber-insurance applications, making them not just valuable for security but also for compliance and financial protection. A commitment to continuous improvement We are committed to enhancing our offerings and moving towards comprehensive EDR functionality. As we continue to build out our security solutions, these features mark important milestones in our journey to empower SMBs with the tools they need to defend against the ever-changing cyber threat landscape.Stay tuned for these updates and join us in strengthening your cybersecurity defenses with Webroot’s innovative solutions. Together, we can ensure that your organization remains resilient in the face of cyberthreats, today and into the future. The post Announcing new EDR capabilities for Webroot Endpoint Protection appeared first on Webroot Blog.

image for Privacy-Preserving A ...

 Privacy

In July 2024, with the latest version of its Firefox browser, Mozilla introduced a technology called Privacy-Preserving Attribution (PPA) — designed to track how effective online advertising is. The feature is enabled by default in Firefox 128. This has already caught the eye of online privacy advocates, and led to   show more ...

headlines like Now Mozilla too is selling user data. The clamor got so loud that Firefox CTO, Bobby Holley, had to take to Reddit to explain to users what Mozilla actually did and why. Nows the time to take a closer look at what PPA is, why its needed in the first place, and why its appeared now. Google Ad Topics and Facebook Link History First, a bit of backstory. As you may recall, way back in 2019 the developers of the worlds most popular browser — Google Chrome — began hatching plans to completely disable support for third-party cookies. These tiny files have been tracking user actions online for 30 years now. The technology is both the backbone of the online advertising industry, and the chief means of violating users privacy. Some time ago, as a replacement, Google unveiled an in-house development called Ad Topics. With this technology, tracking is based on users Chrome browser history, and interaction history with Android apps. The rollout of Ad Topics was expected to be followed by the phasing out of support for third-party cookies in Chrome in H2 2024. Another major digital advertising player to develop its own user-tracking technology is Meta, which likewise relies on third-party cookies. Called Link History, it makes sure that all external links in the Facebook mobile apps now get opened in its built-in browser — where the company can still snoop on your actions. The bottom line is that ending support for third-party cookies hands even more control over to Google and Meta — owner of the worlds most popular browser and mobile OS, and of the worlds most popular social network, respectively — while smaller players will become even more dependent on them. At the same time, user data continues to be collected on an industrial scale, and primarily by the usual suspects when it comes to claims of privacy violation: yes, Google and Facebook. The question arises: is it not possible to develop some mechanism to allow advertisers to track the effectiveness of advertising without mass collection of user data? The answer comes in the shape of Privacy-Preserving Attribution. Meet Prio, a privacy-preserving aggregation system To better understand the history of this technology, we have to go back a bit in time — to 2017, when cryptographers Henry Corrigan-Gibbs and Dan Boneh of Stanford University presented a research paper. In it, they described a privacy-oriented system for collecting aggregated statistics, which they called Prio. To greatly simplify matters, Prio is based on the following mechanism. Lets say youre interested in the average age of a certain number of users, but you want to preserve their privacy. You set up two (or more) piggy banks and ask each user to count out the number of coins corresponding to their age and, without showing them to anyone, randomly drop the coins into different money boxes. Then you tip the coins out of the piggy banks into a pile, count them and divide by the number of users. The result is what you wanted: the average age of the users. And if at least one of the piggy banks keeps its secret (i.e., doesnt tell anyone what went into it), then its impossible to determine how many coins any one user put into the boxes. Prios main stages of information processing. Source Prio overlays this basic mechanism with a lot of cryptography to protect information from interception and ensure the validity of data received. Theres no way for users to slip answers into the system, for whatever reason, that could distort the results. The main concept lies in the use of two or more aggregators that collect random shares of the sought information. Prios algorithms have another key feature: they greatly improve system performance compared to previous methods of reliable anonymized data collection — by 50–100 times, say the researchers. Distributed Aggregation Protocol Mozilla got interested in Prio back in 2018. The first fruit of this interest was its development of the experimental system Firefox Origin Telemetry — based on Prio. Notably, this system was designed to privately gather telemetry on the browsers ability to combat ad trackers. Then, in February 2022, Mozilla unveiled Interoperable Private Attribution (IPA) technology, developed jointly with Meta, which, it seems, served as the prototype to PPA. May 2022 saw the publication of a zero draft of the Prio-based Distributed Aggregation Protocol (DAP). The draft was authored by representatives of Mozilla and the Internet Security Research Group (ISRG) — a non-profit known for the Lets Encrypt project to democratize the use of HTTPS — as well as two Cloudflare employees. While working on the protocol, ISRG was also building a DAP-based system for collecting anonymized statistics, known as Divvi Up. This system is primarily intended to collect various technical telemetry to improve website performance, such as page load-time. Schematic of the basic operating principle of the DAP protocol. Source Finally, in October 2023, Divvi Up and Mozilla announced a collaboration to implement DAP in the Firefox browser. As part of this joint effort, a system of two aggregators was created — one of which operates on the Mozilla side, the other on the Divvi Up side. How PPA works Its this Divvi Up/Mozilla system thats currently being deployed with PPA technology. So far, its just an experiment involving a limited number of sites. In general outline, it works as follows: The website asks the browser to remember instances of successful ad views. If the user performs some action that the site considers useful (for example, buys a product), the site queries the browser to find out if the user saw the ad. The browser doesnt tell the site anything, but sends information through the DAP protocol to the aggregation servers. All such reports are accumulated in aggregators, and the site periodically receives a summary. As a result, the site learns that out of X number of users who saw a certain ad, Y number of users performed actions deemed useful for the site. But neither the site nor the aggregation system knows anything about who these users were, what else they did online, etc. Why we need PPA In the above-mentioned statement on Reddit, Firefoxs CTO explained what Mozilla was aiming for by introducing PPA along with the new version of its browser. The companys reasoning is roughly the following. Online advertising, at least at this stage of the internets development, is a necessary evil. And its understandable that advertisers want to be able to measure its effectiveness. But the tools currently used for this disregard user privacy. Meanwhile, any talk about how to somehow restrict advertisers tracking of users actions is met with protests from the former. No data collection, they argue, means theyre deprived of a tool for assessing online advertising. Basically, PPA is an experimental tool that allows advertisers to get the feedback they need without collecting and storing data on what users did. If the experiment shows the technology can satisfy advertisers needs, it will give privacy advocates a weighty argument in future dealings with regulators and lawmakers. Broadly speaking, it will prove that total online surveillance is unnecessary, and should be limited by law. Block third-party cookies now As it happens, almost immediately after the uproar surrounding Mozillas new rollout, Google announced a complete reversal of its plans to disable third-party cookies. Getting rid of stale technology can be harder than it might seem — as Microsoft found out when trying to bury Internet Explorer. The good news is that, unlike Internet Explorer, which is indeed hard to weed out of Windows, third-party cookies are something that users can handle on their own. All modern browsers make it easy to block them — see our guide for full details. Bear in mind that Googles refusal to get rid of cookies doesnt spell the end of Ad Topics — the company intends to continue the experiment. So we recommend disabling this feature too, and heres how to do it in Chrome and Android. And if you use the Facebook mobile app, its worth turning off Link History. Again, our guide explains how. Also, you can and should make use of the Private Browsing feature in our Kaspersky Standard, Kaspersky Plus and Kaspersky Premium subscription plans to block ad trackers (by no means all of which use cookies). Lastly, we recommend using our free Privacy Checker service, where you can find instructions on setting up privacy for the most common applications, services and social networks for different operating systems. As for PPA, the technology looks pretty useful. If you think otherwise, here are simple instructions to disable it in Firefox. As for me, I prefer to support the development of this technology, so will continue to use it in my browser.

image for National Public Data ...

 A Little Sunshine

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer   show more ...

records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023. Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini. Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company’s website, and that the site is slated to cease operations “in the next week or so.” “Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini told KrebsOnSecurity. “Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative.” The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini. A testimonial from Sal Verini on the homepage of CreationNext, the Lahore, Pakistan-based web development firm that apparently designed NPD and RecordsCheck. There are now several websites that have been stood up to help people learn if their SSN and other data was exposed in this breach. One is npdbreach.com, a lookup page erected by Atlas Data Privacy Corp. Another lookup service is available at npd.pentester.com. Both sites show NPD had old and largely inaccurate data on Yours Truly. The best advice for those concerned about this breach is to freeze one’s credit file at each of the major consumer reporting bureaus. Having a freeze on your files makes it much harder for identity thieves to create new accounts in your name, and it limits who can view your credit information. A freeze is a good idea because all of the information that ID thieves need to assume your identity is now broadly available from multiple sources, thanks to the multiplicity of data breaches we’ve seen involving SSN data and other key static data points about people. Screenshots of a Telegram-based ID theft service that was selling background reports using hacked law enforcement accounts at USInfoSearch. There are numerous cybercriminal services that offer detailed background checks on consumers, including full SSNs. These services are powered by compromised accounts at data brokers that cater to private investigators and law enforcement officials, and some are now fully automated via Telegram instant message bots. In November 2023, KrebsOnSecurity wrote about one such service, which was being powered by hacked accounts at the U.S. consumer data broker USInfoSearch.com. This is notable because the leaked source code indicates Records Check pulled background reports on people by querying NPD’s database and records at USInfoSearch. KrebsOnSecurity sought comment from USInfoSearch and will update this story if they respond. The point is, if you’re an American who hasn’t frozen their credit files and you haven’t yet experienced some form of new account fraud, the ID thieves probably just haven’t gotten around to you yet. All Americans are also entitled to obtain a free copy of their credit report weekly from each of the three major credit bureaus. It used to be that consumers were allowed one free report from each of the bureaus annually, but in October 2023 the Federal Trade Commission announced the bureaus had permanently extended a program that lets you check your credit report once a week for free. If you haven’t done this in a while, now would be an excellent time to order your files. To place a freeze, you’ll need to create an account at each of the three major reporting bureaus, Equifax, Experian and TransUnion. Once you’ve established an account, you should be able to then view and freeze your credit file. If you spot errors, such as random addresses and phone numbers you don’t recognize, do not ignore them. Dispute any inaccuracies you may find.

 Feed

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The credentials used for the basic authentication against the web interface of Cosy+ are stored in the cookie "credentials" after a successful login. An attacker with access to a victim's browser is able to retrieve the administrative password of Cosy+.

 Feed

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. If login against the FTP service of the Cosy+ fails, the submitted username is saved in a log. This log is included in the Cosy+ web interface without neutralizing the content. As a result, an unauthenticated attacker is able to inject HTML/JavaScript code via the username of an FTP login attempt.

 Feed

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

 Feed

Ubuntu Security Notice 6966-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that   show more ...

Firefox did not properly manage certain memory operations when processing graphics shared memory. An attacker could potentially exploit this issue to escape the sandbox.

 Feed

Ubuntu Security Notice 6837-2 - It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Rack incorrectly   show more ...

handled certain Range headers. A remote attacker could possibly use this issue to cause Rack to create large responses, leading to a denial of service.

 Feed

Debian Linux Security Advisory 5750-1 - Support for the "strict kex" SSH extension has been backported to AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening against the Terrapin attack.

 Feed

Red Hat Security Advisory 2024-5547-03 - Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-5528-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include out of bounds read and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5527-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include out of bounds read and use-after-free vulnerabilities.

 Feed

During account assignment in the Talk2M platform, a Cosy+ device generates and sends a certificate signing request (CSR) to the back end. This CSR is then signed by the manufacturer and used for OpenVPN authentication by the device afterward. Since the common name (CN) of the certificate is specified by the device and   show more ...

used in order to assign the OpenVPN session to the corresponding Talk2M account, an attacker with root access to a Cosy+ device is able to manipulate the CSR and get correctly signed certificates for foreign devices.

 Feed

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The Ewon Cosy+ executes all tasks and services in the context of the user "root" and therefore with the highest system privileges. By compromising a single service, attackers automatically gain full system access.

 Feed

Dovecot IMAP server versions 2.2 and 2.3 have an issue where a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue.

 Feed

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. Due to the use of a hardcoded cryptographic key, an attacker is able to decrypt encrypted data and retrieve sensitive information.

 Feed

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. Due to improper neutralization of parameters read from a user-controlled configuration file, an authenticated attacker is able to inject and execute OS commands on the device.

 Feed

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively," Team Cymru said in a report published this week as part of a joint investigation with

 Feed

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this

 Feed

A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz. The Cyberint Research Team, which discovered the malware, said it's distributed in the form of malicious installers for legitimate applications targeting Korean and Chinese speakers. There is evidence pointing to UULoader being the work of a Chinese speaker due to the

 Feed

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical report. "The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to

 Feed

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

2024-08
Aggregator history
Monday, August 19
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober