Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Iranian Hackers Targ ...

 Cyber News

As the US presidential election approaches, an Iranian hacking group known as Cotton Sandstorm is actively targeting election-related websites and media outlets in the United States, according to a recent report by Microsoft. Linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), this group has been performing   show more ...

reconnaissance and probing key election systems in multiple states, raising concerns of potential foreign interference. The report, released on Wednesday, highlights Cotton Sandstorm’s activities in several battleground states, where the group has been assessing vulnerabilities in election infrastructure. Additionally, in May of this year, the group scanned an unidentified U.S. media outlet, possibly aiming to uncover weaknesses that could be exploited for more direct influence operations. History of US Presidential Election Interference This is not the first time Cotton Sandstorm has engaged in such activities. In the 2020 US presidential election, the group was involved in a cyber-influence operation designed to spread disinformation and create chaos. Disguised as members of the right-wing group “Proud Boys,” the hackers sent threatening emails to Florida voters, pressuring them to support former President Donald Trump. Although this campaign did not directly compromise voting systems, its aim was to sow doubt and confusion around the election process. In the aftermath of the 2020 election, Cotton Sandstorm launched another operation, this time encouraging violence against election officials who had dismissed claims of widespread voter fraud. Such actions further underscored the group's intent to destabilize the democratic process by undermining public confidence in election outcomes. Microsoft’s Findings on 2024 Election Threats In its latest report, Microsoft’s Threat Analysis Center (MTAC) warns that Cotton Sandstorm is ramping up its efforts in the lead-up to the 2024 election. "Cotton Sandstorm will increase its activity as the election nears, given the group's operational tempo and history of election interference," Microsoft researchers wrote. This activity is part of a broader campaign by foreign actors, including Russia and China, to influence U.S. politics by spreading divisive content. U.S. government agencies, including the Office of the Director of National Intelligence (ODNI), have confirmed the ongoing efforts of foreign adversaries to interfere in the US presidential election process. "Foreign actors — particularly Russia, Iran, and China — remain intent on fanning divisive narratives to divide Americans and undermine Americans’ confidence in the U.S. democratic system," ODNI stated in a previous report. Growing Use of Cyber-Influence Operations The tactics employed by Cotton Sandstorm appear to be part of a larger strategy by foreign nations to manipulate public perception through disinformation campaigns. According to Microsoft, Iran’s cyber operations have extended beyond just the US presidential election race. The group has launched cyber-attacks against a wide range of targets, including U.S. media outlets, using stolen, non-public information from the Trump campaign to fuel their efforts. At the same time, Russian cyber actors have shifted their focus towards Democratic candidate Kamala Harris, using AI-generated content to spread false information. In one instance, a video featuring a deepfake of Harris making derogatory comments about Trump circulated online. In another, Harris was falsely accused of illegal activities abroad. These videos, though often low in engagement, reflect Russia’s ongoing attempts to interfere in U.S. elections. Meanwhile, Chinese actors have focused their influence operations on down-ballot candidates and members of Congress, particularly those with anti-China policies. This includes attacks on several high-profile Republicans, such as Senator Marsha Blackburn and Representative Barry Moore, with attempts to smear their reputations and boost opposition candidates. Concerns Over Foreign Influence The increased frequency and sophistication of these foreign influence operations present a significant threat to the integrity of the upcoming US presidential election. Historically, foreign actors have demonstrated a remarkable ability to spread deceptive content rapidly, with the potential to shape public opinion and influence electoral outcomes. As the election draws nearer, voters and institutions must remain vigilant against online disinformation. Foreign adversaries, particularly those from Russia, Iran, and China, are expected to ramp up their efforts in the final days leading up to November 5, seeking to exploit divisions and create uncertainty around the election results. Response from Iran and Outlook A spokesperson for Iran’s mission to the United Nations dismissed Microsoft’s allegations, calling them “fundamentally unfounded and wholly inadmissible.” The spokesperson further asserted that Iran has no intent to interfere in U.S. elections, though U.S. officials remain wary given Cotton Sandstorm’s previous actions. Despite these denials, U.S. government agencies are taking the threat of foreign interference seriously. Efforts to safeguard election integrity are being coordinated across multiple levels of government, with increased focus on monitoring cyber-influence campaigns and ensuring transparency in the electoral process. Remaining Vigilant Microsoft's MTAC report stresses the importance of early detection and public awareness in countering these influence campaigns. With less than two weeks until Election Day, the group calls for heightened vigilance, particularly during the 48-hour window before and after Election Day when disinformation is likely to peak. By remaining alert and skeptical of suspicious online content, voters and government institutions can help minimize the impact of foreign interference. Fact-checking and rapid response measures are crucial to maintaining public trust in the democratic process. As the final stretch of the 2024 election approaches, the resilience of the U.S. electoral system will be tested once again by foreign adversaries intent on disrupting the outcome. Microsoft’s ongoing reports and warnings highlight the growing threat posed by foreign cyber actors, but they also serve as a reminder of the need for collective action to defend the integrity of democratic processes.

image for Don’t Ignore This ...

 Firewall Daily

The National Security Agency (NSA) has recently issued a public service announcement emphasizing a simple yet effective action: reboot your device regularly. This guidance aims to help users mitigate risks associated with potential vulnerabilities on both iPhone and Android platforms.  The NSA's advice, while   show more ...

seemingly straightforward—turning the device off and back on again—holds significant implications for mobile security. According to the agency, rebooting your smartphone can reduce exposure to various cyber threats, including "spear phishing" and "zero-click exploits."    Spear phishing involves deceptive emails that appear to come from trusted sources, aiming to trick users into revealing personal information or installing malware. Meanwhile, zero-click exploits compromise devices without any user interaction, making them particularly dangerous.   The National Security Agency (NSA) Urges Users to Reboot their Smartphones   The NSA’s recommendation isn't new; it first appeared in a mobile device best practices guide published in 2020. This guide was designed to help users cope with the complexities of modern smartphone security. As mobile devices become increasingly attractive targets for cybercriminals, the NSA warned that while many features enhance convenience, they often compromise security. The agency aimed to present clear, actionable steps that even non-technical users could follow to better protect their devices and sensitive data.   [caption id="attachment_91914" align="alignnone" width="1342"] Source: National Security Agency[/caption] Responses to the NSA's initial guidance have varied widely. Security experts and smartphone users alike have expressed gratitude for bringing these issues to light, while others have criticized the lack of detail regarding what rebooting does not protect against.    The NSA's guide employs an engaging, icon-based warning system, making it accessible to a broad audience. The "do" list encourages practices such as using strong PINs and passwords, enabling biometric locks, and keeping software updated. Conversely, the "do-not" section warns against risky behaviors like rooting or jailbreaking devices, clicking on suspicious links, or opening unknown attachments.   Key Takeaways from the Report  What particularly stands out is the guidance on disabling power through regular reboots. The NSA emphasizes that this practice can sometimes prevent certain types of attacks, such as spear phishing and zero-click exploits. However, it is crucial to note that rebooting is not a comprehensive solution to all security threats. It serves as one tool in a broader security toolkit.   The second page of the NSA's infographic goes deeper into the preventive measures users should adopt. It categorizes recommendations into actions that "sometimes prevent" and those that "almost always prevent" security risks. Regularly rebooting smartphones fall into the "sometimes prevent" category, highlighting that while it is beneficial, it should not be seen as a silver bullet for all cybersecurity challenges.   By following the NSA's advice and incorporating regular reboots into their routine, iPhone and Android users can reduce their vulnerability to potential threats. The agency’s emphasis on simple yet effective security practices help in defending against any potential cyberattacks. 

image for Irish DPC Slaps Link ...

 Compliance

When it comes to privacy and data processing, trust is paramount. And LinkedIn's €310 million fine by the Irish Data Protection Commission (DPC) raises serious concerns about how companies handle their users' data. The Irish Data Protection Commission (DPC) concluded its inquiry into LinkedIn's   show more ...

processing of personal data for behavioral analysis and targeted advertising, and on Thursday revealed the findings that found the professional networking platform in violation of several GDPR principles. This has prompted the DPC to impose both financial sanctions and operational changes. LinkedIn's Core GDPR Violations LinkedIn has faced allegations concerning the unlawful processing of user data. These allegations stemmed from a complaint initially filed with the French Data Protection Authority by La Quadrature Du Net, a privacy-focused nonprofit. The French authority passed the case to the Irish DPC, given LinkedIn's primary establishment in Ireland. The investigation revealed that LinkedIn's reliance on specific legal bases for data processing failed to meet GDPR requirements. Key infractions included non-compliance with Articles 6 and 5(1)(a), both fundamental elements of GDPR. Article 6 outlines the lawful grounds for processing personal data, including consent, legitimate interests, and contractual necessity. However, LinkedIn's processing methods were deemed neither lawful nor fair, particularly in the context of behavioral analysis and targeted advertising. Issues with Consent and Legitimate Interests Central to the case was LinkedIn's failure to secure valid consent for processing third-party data. Under GDPR, consent must be freely given, informed, and specific. The DPC ruled that LinkedIn's consent mechanisms fell short of these standards, rendering its data collection practices unlawful. Additionally, LinkedIn attempted to justify its actions under the "legitimate interests" clause of Article 6(1)(f). This clause allows companies to process personal data without consent if the processing serves legitimate business purposes. However, the DPC determined that LinkedIn's interests did not outweigh the fundamental rights and freedoms of its users, particularly regarding privacy and data protection. Fines and Corrective Measures for LinkedIn The DPC's final decision resulted in several significant penalties. In addition to the €310 million fine, LinkedIn received a formal reprimand and was ordered to bring its data processing activities in line with GDPR requirements. The DPC's decision also included transparency violations under Articles 13 and 14, which relate to the information companies must provide to data subjects about data processing. [caption id="attachment_91932" align="aligncenter" width="800"] Source; Irish Data Protection Commission[/caption] Understanding Behavioral Analysis and Targeted Advertising Behavioral analysis involves analyzing data provided by or inferred from a user’s activity to personalize their online experience, often for advertising. LinkedIn used this technique to deliver ads tailored to user behavior. While it may seem harmless, this practice involves significant privacy concerns, as users may not be fully aware of how much data is collected or how it’s being used. Targeted advertising, on the other hand, refers to ads shown to individuals based on their behaviors or personal information. Companies like LinkedIn use algorithms to decide which ads best suit each user. However, when users are not properly informed about how their data is used for these purposes, they lose the ability to consent or opt-out. What Comes Next for LinkedIn? LinkedIn now faces the challenge of bringing its data processing practices in line with GDPR. The DPC's decision requires the company to review its consent mechanisms, transparency policies, and reliance on legitimate interests. Failure to comply with these requirements could result in further penalties. The Irish DPC's ruling against LinkedIn demonstrates the increasing accountability tech companies face when it comes to data privacy and protection. The fine against LinkedIn is part of a broader trend of regulators clamping down on companies that fail to respect users' privacy rights. In recent years, several major tech firms, including Meta, X (formerly known as Twitter) Google, and Amazon, have faced similar fines for GDPR breaches. This tightening of rules is a clear message from regulators: user data is not a commodity to be exploited but a personal right to be protected. Also read: LinkedIn Halts AI Model Training in the UK Amid Privacy Concerns

image for Hackers Can Be Heroe ...

 Cyber News

Cybersecurity professionals, often working independently, search for weaknesses in software, networks, and hardware to fix issues before cybercriminals can exploit them. Despite the importance of their work, many organizations respond with hesitation, misunderstanding, or even hostility when approached by these   show more ...

researchers. This reaction can harm not only the researchers but also the overall security of digital systems that we all rely on. The Department of Homeland Security (DHS) runs a well-known campaign called “See Something, Say Something” to encourage people to report suspicious activities. In cybersecurity, the same concept applies. The Cybersecurity and Infrastructure Security Agency (CISA) encourages security researchers to report potential flaws in systems, similar to how an alert citizen might report something unusual in their neighborhood. These researchers help protect critical systems from being attacked by criminals or foreign hackers by uncovering vulnerabilities early. Usually, when a researcher finds a vulnerability, they reach out to the responsible organization to fix it. The ideal outcome is that the company or government agency welcomes the report and fixes the issue. For this process to work smoothly, researchers need to feel safe when they come forward, without worrying about being punished for their good-faith efforts. CISA’s Support for Vulnerability Reporting CISA actively promotes the responsible disclosure of vulnerabilities in federal agencies through policies like the Binding Operational Directive 20-01. This policy requires federal agencies to have a Vulnerability Disclosure Policy (VDP) and publish a contact person for security issues on every .gov website. These agencies are also expected to make clear that they won’t take legal action against researchers who are acting in good faith to report vulnerabilities. The purpose of such policies is to encourage transparency and trust between organizations and researchers. It sets a clear path for researchers to report problems and ensures that their contributions to improving security are acknowledged. How Vulnerability Disclosure Works When a vulnerability is reported, the process typically follows several steps: Identification and Reporting: A researcher discovers a vulnerability and contacts the affected organization through its listed security channels. However, reaching the right people can often be a significant challenge for researchers. Acknowledgment: The organization acknowledges the report and provides a timeline for further communication. They may ask for more information to better understand the problem. Assessment and Validation: The organization then investigates the vulnerability to see how serious it is. This may involve conversations with the researcher to clarify how the vulnerability can be exploited. Systems like the Common Vulnerability Scoring System (CVSS) help determine the severity. Remediation: Once the vulnerability is verified, the organization works to fix it. They may also test the fix to ensure no new problems arise. Researchers often help validate these fixes. Public Disclosure: Finally, both the organization and the researcher agree on when and how to make the vulnerability public. The goal is to inform users and other stakeholders while balancing the need for security. Effective Crisis Communication When a vulnerability or security breach is discovered, how an organization communicates about it can have a lasting impact. Seeking legal counsel is common to manage potential liabilities, but organizations should focus on clear and responsible communication to maintain public trust. Here are some key points for handling a security issue: Acknowledge the Problem: Even if all the details are not available, it’s important to let the public know that you are aware of the issue and working on a solution. Work with Researchers: Security researchers are allies, not adversaries. Their discovery helps protect your systems and your users. Stay Transparent: Regular updates about the issue build trust. Even sharing bad news can be reassuring if the organization shows it’s actively addressing the problem. Avoid Blaming the Researcher: Threatening legal action against researchers is counterproductive. It discourages others from reporting future vulnerabilities and can damage the organization’s reputation. By following these practices, organizations can handle security incidents more effectively while strengthening their relationships with the cybersecurity community. Encouraging Bug Bounties and Disclosure Programs Forward-thinking organizations are already adopting bug bounty programs, which offer rewards to researchers for discovering and reporting vulnerabilities. Companies like Google, Microsoft, and Amazon have benefited greatly from these programs. They not only enhance security but also build goodwill with the research community. Government agencies can also benefit from engaging with security researchers. With so much critical infrastructure at risk, public entities must encourage vulnerability reporting by establishing clear processes. A well-defined Vulnerability Disclosure Program (VDP) helps researchers feel confident that their findings will be treated fairly. Fostering Collaboration in Cybersecurity To truly protect our digital infrastructure, organizations must adopt a “See Something, Say Something” approach. Security researchers should be viewed as partners, not threats. While legal input is often necessary, the overall response should focus on fixing the issue and maintaining public trust. Collaboration between researchers and organizations is essential for strengthening cybersecurity. CISA encourages this by promoting coordinated vulnerability disclosure (CVD) and welcomes public reports of security issues. For those interested in playing an even more active role, CISA offers the opportunity to join its CVE Numbering Authority program, which helps coordinate the disclosure of vulnerabilities worldwide. By fostering a culture of collaboration, organizations, government agencies, and researchers can work together to create a safer digital environment for everyone. As cybersecurity threats evolve, so too must our efforts to build trust and improve defenses across the board.

image for Security and privacy ...

 Privacy

As weve discussed before, one does not simply install a fitness tracking app and start using it straight away without first configuring the privacy settings both on the phone and in the app itself. With default settings, these apps often share full details of your workouts with the entire internet, including your   show more ...

precise location. And criminals and fraudsters can use this data for their nefarious purposes. If you care even in the slightest about your privacy, check out our previously published guides for general smartphone settings and other popular fitness apps: Strava, Nike Run Club, and MapMyRun. Todays post is for all fans of the famous three stripes: well be setting up privacy in the adidas Running app (available for Android and iOS). Formerly known as Runtastic, this fitness app now belongs to Europes largest sportswear manufacturer and is simply called adidas Running. While adidas Running doesnt offer as granular privacy controls as, say, Strava, its still crucial to make sure everything is configured correctly. To access the privacy settings in adidas Running, tap Profile in the bottom right corner, then the cog icon in the top right, then select Privacy. Where to find the privacy settings in adidas Running (Runtastic): Profile -> Settings -> Privacy The first thing youll want to check is the Maps section (who can see your maps) — make sure its set to either Followers or, even better, Only me. Next, do the same for Activity (who can see your activity) — again, select either Followers or Only me. The remaining settings are slightly less critical, but its still a good idea to ensure theyre also set to at least Followers or, ideally, Only me. Recommended privacy settings in adidas Running (Runtastic) I also recommend toggling off the switches at the bottom of the page next to Follower suggestions and Join running leaderboard. The app wont be bothering you as much. Finally, consider disabling excessive notifications from adidas Running. Go back to Settings, select Notifications, and go through the (rather extensive) list of options. If you decide to stop using adidas Running altogether, remember to delete your profile data. To do this, go to Settings -> Account, tap the big red Delete account button, and follow the prompts. If you use other fitness apps to track your workouts, you can set their privacy settings using our guides: Strava Nike Run Club MapMyRun (ASICS Runkeeper – still to come) You can also learn how to configure privacy in other apps — from social networks to browsers — on our website Privacy Checker. And Kaspersky Premium will maximize your privacy protection and shield you from digital identity theft on all your devices. Dont forget to subscribe to our blog to stay ahead of scammers with more guides and helpful articles.

 Feed

ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

 Feed

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as   show more ...

configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing /../.

 Feed

This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.

 Feed

A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.

 Feed

Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.

 Feed

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may

 Feed

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua said in a report shared

 Feed

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource

 Feed

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the

 Feed

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the

 Feed

Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support

 Data loss

The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

 Guest blog

Historically, Mac users haven't had to worry about malware as much as their Windows-using cousins. But that doesn't mean that Mac users should be complacent. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real. Read more in my article on the Tripwire State of Security blog.

2024-10
Aggregator history
Thursday, October 24
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember