Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to Protect Your ...

 Cybersecurity Awareness Month

These days, many people don’t think twice about sharing their personal information online. Some even go as far as mentioning their address, phone number, or even Social Security number, something that should be sealed with seven seals. But sharing isn’t the only problem. Poor cybersecurity practices like weak   show more ...

passwords and malicious links are also some of the ways through which scammers gain access to individuals’ personal details. According to Gallup News, less-educated people and those with lower incomes become victims of scams more frequently than others. However, no one is exempt from losing their money or personal information to online scammers. From dating apps to forums, online fraudsters use different platforms to prey on innocent people. That’s why it’s necessary to know how to protect yourself. 6 Effective Ways to Safeguard Your Personal Information Online 1. Don’t Overshare It’s easy to get excited about something and then share it with others on social media. Whether it’s a job promotion or a trip announcement, some people tend to share the details that scammers can find very useful. It includes personally identifiable information (PII), such as your address, phone number, Social Security number, credit card information, and other details. It’s also dangerous to publish the dates of when you're leaving and returning home, your current location, or any other sensitive information that can get into the hands of malicious individuals. 2. Protect Your Online Accounts With Strong Passwords This advice is as old as time. Some people, however, neglect it and use easy-to-guess passwords, such as their birthdays, wedding dates, or something guessable, for their online accounts. This mistake may cost you your social media page and even more—you can lose both your money and personal information. To create strong passwords, use a mix of uppercase and lowercase letters, symbols, and numbers. The longer the password, the harder it is to crack. Aim for at least 12 characters or more for better security. A strong password should be random and shouldn’t include any common phrases like “12345” or “qwerty”. 3. Use Two-Factor Authentication Two-factor authentication or 2FA is an extra layer of protection that helps safeguard users’ online accounts. It works by requiring something that only the user has access to. After entering the password, the system prompts the user to verify their identity with a second factor. This factor can be a one-time passcode sent via SMS or email. Once this factor is successfully verified, access to the account is granted. Two-factor authentication makes it much harder for hackers to gain access to an account. So, if you’re storing sensitive information on your computer or phone, turning on 2FA is an effective solution to protect it from others. 4. Think Before Clicking on a Link Links aren’t as harmless as some people think. Through links, scammers can trick users into downloading malicious, virus-infected content and redirect them to suspicious websites. This practice is known as phishing. The latest statistics state that around 3.4 billion phishing emails are sent daily, and every minute someone loses $17,700 because of phishing attacks. So, before you click on that link, carefully observe it. First, who sent you the link? Was it someone you know or was it a stranger? If it’s someone you know, reach out to them first and ask what this link contains. If it’s a stranger, hover over the link to see its actual URL and look for generic greetings and poor grammar. Simply clicking on a malicious link can deprive you of your savings and your personal information can be sold on the dark web. 5. Don’t Use Public Networks Public Wi-Fi is a convenient option for those who work remotely or just need to go online for any reason, but for those who store sensitive details on their device, it can be dangerous. But why is it so? The thing is that most public networks don’t use encryption, which makes it easier for those who use the same network to capture the information on your device. In some cases, hackers even create fake Wi-Fi hotspots that mimic legitimate ones. When a user connects to such a network, all their activities can be monitored and their device can easily be injected with malware. 6. Update Your Software If you go months or even years without updating your antivirus, internet browsers, apps, and operating system, then you’re exposing your personal information to danger. Updating software is a must, and the reason for this is that not everything is perfect, even software created by reliable tech giants. Hackers look for security flaws in systems and gain access to them, which is a great danger for those who don’t want their sensitive details to end up in the wrong hands. Updates also include bug fixes that address issues that might cause your software to run slowly. Let’s Sum Up There’s a reason why scammers hunt for people’s personal information. To be fair, there are many reasons. Greed for profit, blackmail, and extortion are just some of the most common motives. Knowing how to protect your PII is important. Oversharing on social media, using weak passwords, not implementing two-factor authentication, clicking on suspicious links, connecting to public Wi-Fi, and not updating your software make it super easy for scammers to gain access to your sensitive information.

image for Operation Toy Soldie ...

 Firewall Daily

The U.S. Department of Justice announced the indictment of several members of Russia’s GRU Unit 29155 for their alleged role in a series of cyberattacks on Ukrainian government. This initiative, known as Operation Toy Soldier, highlights the ongoing threat posed by state-sponsored cyber activity, particularly   show more ...

Russia’s invasion of Ukraine.  The indictment, unsealed recently by a grand jury in Maryland, charges six individuals, five of whom are military officers from the Russian Main Intelligence Directorate (GRU), with conspiring to hack into Ukrainian computer systems. The sixth individual, a civilian, is already facing charges related to conspiracy to commit computer intrusion and has now been added to the wire fraud conspiracy charges.  Operation Toy Soldier: The Cyberattacks, Tactics and Targets The indictment alleges that these hackers conspired to infiltrate, extract data from, and damage computer systems connected to the Ukrainian government. Their actions aimed to instill fear among Ukrainian citizens regarding the security of their government systems and personal data. Notably, the targeted systems were not military-related but rather included various government agencies vital to public welfare and infrastructure.  “Operation Toy Soldier underscores the GRU’s malicious intent, exemplified by their WhisperGate campaign,” stated Assistant Attorney General Matthew G. Olsen of the National Security Division. This campaign not only affected Ukraine but also extended its reach to 26 North Atlantic Treaty Organization (NATO) countries that provided support to Ukraine. The hackers' broader strategy was to destabilize any support mechanisms that the West offered to Ukraine amidst escalating conflict.  On January 13, 2022, the defendants allegedly utilized services from a U.S.-based company to deploy malware disguised as ransomware, known as “WhisperGate.” Contrary to typical ransomware, WhisperGate was designed to obliterate entire systems rather than merely hold them hostage for financial gain. Various key Ukrainian ministries, including the Ministry of Internal Affairs and the Ministry of Energy, fell victim to these attacks, leading to extensive data breaches.  The Aftermath: Data Breaches and Public Messaging The indictment further reveals that the defendants not only exfiltrated sensitive data, including personal health records, but also defaced numerous websites. They sent alarming messages to the Ukrainian public, stating, “Ukrainians! All information about you has become public; be afraid and expect the worst. This is for your past, present, and future.” Such tactics were designed to spread panic and erode trust in the Ukrainian government.  The U.S. government, in solidarity with its allies, condemned these cyber activities soon after they were attributed to the Russian military. The attacks marked a new phase of aggressive cyber warfare, which is becoming increasingly prevalent in global conflicts. By targeting critical infrastructure and government systems, the attackers aimed to undermine the operational effectiveness of Ukraine during a time of crisis.  International Response and Law Enforcement Action In response to these developments, the U.S. Department of State's Rewards for Justice program is now offering a reward of up to $10 million for information leading to the identification or location of the defendants or their associates involved in these malicious activities. This initiative aims to gather crucial intelligence that could aid in countering such cyber threats.  FBI Deputy Director Paul Abbate emphasized the agency's commitment to thwarting GRU attacks globally, stating, “Our work protecting against cyber threats in a rapidly evolving landscape continues, including the deployment of all tools in our arsenal.” This sentiment echoes a broader commitment within U.S. law enforcement to adapt and respond to the changing nature of cyber threats.  Additionally, the case is being prosecuted by Assistant U.S. Attorneys from the District of Maryland with assistance from the National Security Division’s Cyber Section. The cooperative effort also involves the FBI's Baltimore Field Office, alongside support from other field offices, demonstrating the multi-faceted approach necessary to tackle complex international cybercrimes.  Conclusion The actions of the Russian hackers have raised questions cybersecurity community, not just for their immediate impact on Ukraine but for their potential ramifications on global security. The attacks highlight vulnerabilities not only in Ukrainian infrastructure but also in systems across NATO countries.  Operation Toy Soldier represents a crucial step in addressing the pervasive threat of state-sponsored cyberattacks. With the indictment of Russian GRU members, the U.S. demonstrates its resolve to combat cyber intrusions that threaten not only national security but also the integrity of democratic institutions worldwide. 

image for Iran Targets Critica ...

 Cyber News

U.S. security agencies joined with international counterparts today to warn about a year-old Iranian campaign that uses brute-force attacks and other techniques to compromise critical infrastructure, access that the threat actors then sell to cybercriminals. The Iran brute-force attacks campaign targets the healthcare   show more ...

and public health (HPH), government, IT, engineering, and energy sectors, according to an advisory from the FBI, CISA, NSA and Canadian and Australian cybersecurity agencies. The agencies said their findings drive home the point that organizations “should ensure all accounts use strong passwords and register a second form of authentication.” The advisory comes just a week after CISA and the FBI warned that Iranian threat actors were targeting political organizations in an effort to undermine confidence in U.S. democratic institutions. Reports also emerged in August that Iran-linked threat actors were selling critical infrastructure access to ransomware groups. Iranian Threat Actor Attack Techniques Since October 2023, Iranian threat actors have been using brute-force attacks, such as password spraying and multifactor authentication (MFA) ‘push bombing’ to compromise user accounts and obtain access to organizations, the security agencies said. The actors often modify MFA registrations to enable persistent access, then probe compromised networks for additional credentials, elevated privileges and information that could lead to further access. “The actors likely aim to obtain credentials and information describing the victim’s network that can then be sold to enable access to cybercriminals,” the agencies wrote, noting that their information was “derived from FBI engagements with entities impacted by this malicious activity.” The threat actors likely conduct reconnaissance operations to target victims, then gain persistent access to networks via brute force. Microsoft 365, Azure, Citrix Targeted The hackers use valid user and group email accounts, often obtained via password spraying, “although other times via unknown methods,” to obtain initial access to Microsoft 365, Azure, and Citrix systems, the agencies said. If push notification-based MFA is enabled, the actors send MFA requests to legitimate users hoping they’ll accept the request in “MFA fatigue” and “push bombing” attacks. Once the threat actors gain access to an account, they often register their devices with MFA to protect their access via the valid account. In two confirmed compromises, the actors leveraged a compromised user’s open registration for MFA to register the threat actor’s own device to access the environment. In another case, the actors used a self-service password reset (SSPR) tool connected to a public-facing Active Directory Federation Service (ADFS) to reset the accounts with expired passwords and then registered MFA through Okta for compromised accounts that didn’t already have MFA enabled. The actors often use a VPN service; several of the IP addresses linked to malicious activity originated from exit nodes tied to the Private Internet Access VPN service. The threat actors use Remote Desktop Protocol (RDP) for lateral movement. In one case they used Microsoft Word to open PowerShell to launch the RDP binary mstsc.exe. To obtain credentials, the threat actors performed Kerberos Service Principal Name (SPN) enumeration of several service accounts and received Kerberos tickets. In another case, they used the Active Directory (AD) Microsoft Graph Application Program Interface (API) PowerShell application, likely to perform a directory dump of all AD accounts. Also, the actors imported the tool DomainPasswordSpray.ps1, which is openly available on GitHub, likely to conduct password spraying. The TAs also used the command Cmdkey /list to display usernames and credentials. The actors used living off the land (LOTL) techniques such as Windows command-line tools to gather information about domain controllers, trusted domains, domain administrators, and enterprise administrators. They also used a Lightweight Directory Access Protocol (LDAP) query in PowerShell to search Active Directory for computer display names, operating systems, descriptions, and distinguished names. Indicators of Compromise in Iran Brute-Force Attacks To detect brute force activity, the agencies recommend reviewing authentication logs and virtual infrastructure for indicators of account compromise and brute-force attacks: system and application login failures of valid accounts multiple failed authentication attempts across all accounts suspicious logins with changing usernames IP address combinations or logins where IP addresses do not align with a user’s geographic location a single IP used for multiple accounts signs of “impossible travel” (provided legitimate users aren’t using VPNs) MFA registrations with MFA in unexpected locations or from unfamiliar devices suspicious privileged account use after resetting passwords or applying user account mitigations unusual activity in typically dormant accounts unusual user agent strings that may indicate bot activity Security teams should monitor for processes and program execution command-line arguments that may indicate credential dumping, such as accessing or copying the ntds.dit file from a domain controller. The advisory contains a number of Indicators of Compromise (IoCs) specific to the campaign, such as file hashes, IP addresses and device information. Malicious File Hash Undetected by Security Tools The advisory identified two SHA1 file hashes in the IoCs: 1F96D15B26416B2C7043EE7172357AF3AFBB002A 3D3CDF7CFC881678FEBCAFB26AE423FE5AA4EFEC Interestingly, the first hash is more than five years old, according to Cyble threat intelligence data, and yet only one of 73 security tools identified it as malicious before today’s advisory (images below from Cyble’s Hawk and Vision threat intelligence tools). [caption id="attachment_91446" align="aligncenter" width="500"] One of two file hashes in the CISA-FBI IoCs (Cyble)[/caption] [caption id="attachment_91447" align="aligncenter" width="500"] The file hash has gone undetected by 72 security tools (Cyble)[/caption]

image for Security and privacy ...

 Privacy

Weve talked before about why its crucial to configure your privacy settings in fitness apps before you even start using them, and shared a detailed guide on general smartphone settings to minimize data risks. The fact is, fitness tracking apps share your sensitive information — including your precise location.   show more ...

Strava in particular stands out, since it shares almost all your training data by default. Weve already covered how to set privacy in Strava in detail. Other running apps have fewer privacy settings than Strava — and they are stricter by default (at least for new users signing up now). Nevertheless, its worth reviewing these settings as well, as there are a few things you might want to turn off. The app of the worlds largest sportswear manufacturer — Nike Run Club (available for both Android and iOS) — tucks its privacy settings away in a not-so-obvious place. Heres how to find them: in the top left corner, tap the gray round icon with your initials. Then, tap Settings. In the window that opens, you wont find some Privacy section; instead, the relevant settings are scattered throughout. Where to find privacy settings in the Nike Run Club app Firstly, make sure your profile isnt public: to do this, tap Profile Visibility, and check where the tick mark is. The best choice from a privacy perspective would be Friends (social), or even better, Only Me (private). Secondly, prevent Nike from selling your data for personalized advertising. To do this, go to Your Privacy Choices and turn on the Do Not Share My Information toggle switch. Thirdly, prevent Nike itself from using your data for internal purposes. To do this, go to the innocuously named Workout Info section and turn off the Use My Workout Info toggle switch. Dont overlook these key Nike Run Club settings You may also want to look at Notifications Preference, Friend Tagging, and Friend Leaderboard. And if at some point you decide to quit Nike Run Club altogether, dont forget to delete your profile by tapping Delete Account at the bottom of the settings list. Using other running apps to track your workouts? Weve got you covered with privacy guides for: Strava MapMyRun adidas Running (formerly Runtastic) ASICS Runkeeper You can also find guides on setting up privacy in other apps — from social networks to browsers — on our website Privacy Checker. And Kaspersky Premium will maximize your privacy and safeguard you from digital identity theft on all your devices. Dont forget to subscribe to our blog for more how-to guides and useful articles to always stay one step ahead of scammers.

 Feed

This Metasploit module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation page. These vulnerabilities remain unpatched.

 Feed

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages.   show more ...

GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

 Feed

Ubuntu Security Notice 7048-2 - USN-7048-1 fixed a vulnerability in Vim. This update provides the corresponding update for Ubuntu 14.04 LTS. Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-8173-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

 Feed

Ubuntu Security Notice 7038-2 - USN-7038-1 fixed a vulnerability in Apache Portable Runtime library. This update provides the corresponding update for Ubuntu 14.04 LTS. Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data.

 Feed

Red Hat Security Advisory 2024-8172-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-8171-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-8170-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

 Feed

Ubuntu Security Notice 7070-1 - It was discovered that libarchive mishandled certain memory checks, which could result in a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04   show more ...

LTS and Ubuntu 22.04 LTS. It was discovered that libarchive mishandled certain memory operations, which could result in an out-of-bounds memory access. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.

 Feed

Red Hat Security Advisory 2024-8169-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8167-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

 Feed

Ubuntu Security Notice 7064-1 - It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.

 Feed

Red Hat Security Advisory 2024-8166-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8161-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-8158-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include information leakage and null pointer vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8157-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include information leakage and null pointer vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8132-03 - An update for libuv is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.

 Feed

Red Hat Security Advisory 2024-8120-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.

 Feed

Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection." EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is

 Feed

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,

 Feed

AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don't know how to use AI,” says Etay Maor, Chief Security

 Feed

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

 Feed

To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on С2 IP addresses to pinpoint malware

 Feed

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. "

 Feed

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain

2024-10
Aggregator history
Wednesday, October 16
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember