Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Did Russian Efforts ...

 Cyber News

Russian efforts to influence the U.S. presidential election accelerated in the final days of the campaign, culminating in bomb threats in Democratic-leaning areas of key swing states that the FBI said “appear to originate from Russian email domains.” Given the unprecedented levels of disinformation in the 2024   show more ...

campaign – primarily from Russia, Iran and China – it's important to look at what effect, if any, those propaganda efforts had on the outcome. The answer is a complicated one. Unlike the 2016 campaign, where Russian hacking and disinformation dovetailed with an investigation into Democratic candidate Hillary Clinton’s use of a private email server while Secretary of State, disinformation in the 2024 race may have had a subtler effect, more likely to result in reduced enthusiasm for the candidacy of Vice President Kamala Harris. Other factors likely had a bigger influence on the outcome, including mainstream media coverage that downplayed President-elect Donald Trump’s significant issues, Harris’ own campaign focus, the peculiar tendency of Americans to blame their presidents for everything, and – given Trump’s significant gains among Latino and Black men – some have said that gender may have played a role in the outcome. Whatever the reasons, the most notable data point may be that overall U.S. election turnout will likely come in below 2020’s 66% turnout, which was the highest in 60 years. And the reason for that unexpected lack of enthusiasm may well be “all of the above.” We’ll look at the data to see if the bomb threats and disinformation campaigns had a noticeable effect, along with other issues that may have affected the outcome of election 2024. Election Bomb Threats: A Look at Two Georgia Counties Dekalb and Fulton counties in Georgia were two of the bigger targets of bomb hoaxes. Polls were closed for some time while the threats were investigated, but they also stayed open later to compensate. Did the threats have a noticeable effect? Perhaps, but likely not enough to give the state to Harris if events had been otherwise. Here’s a look at election results in the counties in 2020 and 2024. President Joe Biden beat Trump in Dekalb in 2020 by a margin of 308,227 to 58,373. In 2024, Harris won Dekalb by a margin of 299,039 to 62,482. In Fulton County in 2020, Biden won by 381,144 votes to 137,240. In 2024, Harris won Fulton 380,013 to 142,912. With Trump presently leading Georgia by 158,000 votes with 95% of the vote counted, it’s not likely that the bomb threats made a difference in that state. Perhaps of greater concern is the sharp decline in registered voters in the two counties. Population has been relatively stable between the two counties, adding a combined total of about 8,000 residents between 2020 and 2023, but between 2020 and 2024, voter rolls in the two counties have declined by a combined 96,000 registered voters. The decline in registered voters is likely due to aggressive Republican efforts to purge voter rolls and limit voting in the state. We asked election officials and voting advocates in the state for comment but haven’t heard back. Swing States, Falsehoods and Israel Biden’s economic record has been sound despite dealing with a divided Congress, yet election exit polls showed that nearly 75% of voters were angry or dissatisfied with the way things are going in the U.S. Biden himself is deeply unpopular, dissatisfaction that carried over to Harris. Inflation has been a persistent problem for the Biden Administration, even as much of that has been blamed on corporate greed. Biden managed to get his Inflation Reduction Act passed, which included green climate investments and lower prescription drug prices, but his efforts to curb gas price-gouging was blocked by Republicans. As we noted at the start of this article, presidents take the blame even for issues that are outside their control, and Trump and the GOP have been particularly good at painting the Administration into a corner with misinformation and falsehoods – including blaming Biden for immigration issues after Trump himself blocked a landmark compromise bill. Helping that spin effort has been Trump surrogate Elon Musk, whose lax moderation at X – formerly known as Twitter – has made it one of the leading vehicles for disinformation efforts. Russia has no doubt found success spreading disinformation on X and other platforms, as have other groups. And one place where anti-Harris actors leaned heavily was the ongoing Israel-Hamas war. Cyble researchers and others noted heavy efforts in recent days to paint Harris as a strong supporter of Israel who’s unlikely to support a ceasefire. That criticism may have caught on, even though Trump will likely be more pro-Israel – in addition to being less pro-Ukraine in its war with Russia. That disinformation campaign likely explains this bizarre data point from a Michigan exit poll: “Former President Donald Trump won nearly 4-in-10 Michigan voters who believe the U.S. support for Israel has been ‘too strong.’” Disinformation campaigns targeting those favoring an end to Israel’s war in Gaza likely gave Trump more votes in targeted swing states than he may have otherwise received. Was it enough to swing the election? The slice of the Michigan electorate delivered to Trump because of that issue would have amounted to about 10% of the overall vote, but some of those voters may have had other reasons to vote for him. But in a battleground state that Trump is currently leading by 1.4% with 97% of the vote counted, it’s a very interesting data point. We’d also note that third-party votes – which may have cost Clinton the 2016 election – weren’t much of a factor in the 2024 presidential vote, with candidates like Green Party nominee Jill Stein generally getting around 0.5%. Only in razor-thin Wisconsin, where the candidates are currently separated by about 30,000 votes with 99% of the vote counted (and where Harris may also have run into trouble over support for Israel), could third-party protest votes have swung the election. Margins are bigger than the third-party vote in other swing states. However, third-party votes likely affected some close down-ballot races, most notably Democratic Senator Bob Casey (image below). The Machinery of Disinformation and Russian Influence Disinformation, then, by itself may not have swung the election, but the issue of the effect of disinformation surrounding support for Israel deserves further study. As part of the larger machinery of disinformation – campaign distortions, social media, timid corporate media – disinformation campaigns from foreign actors like Russia may serve as a well-targeted amplifier. But according to Antibot4Navalny, an activist research group tracking Russian disinformation campaigns, a definitive study would be a difficult undertaking. "Impact from disinfo is extremely hard to measure, and it definitely takes time and a dedicated, talented team to come to a compelling conclusion," the group told The Cyber Express. On the scale of a U.S. national election, "there should be multiple such teams."

image for New EU Cyber Rules H ...

 Compliance

On October 17th, the EU’s Network and Information Security Directive 2, NIS2 for short, will be enforced across all member states to enhance cyber resilience. New rules place a high focus on proactively managing third-party risks. While having industry-standard security certifications, such as ISO 27001 or SOC2, are   show more ...

non-negotiables for remaining compliant, they may not reflect a company's cyber readiness. Experts say that the gap between compliance and security has always existed. However, new regulations have highlighted the issue by placing greater emphasis on having to prove security. This has led to increased scrutiny of organizations' security practices and, according to Aurimas Bakas, CEO at Cyber Upgrade, exposed many cases of paper-only compliance. This describes companies that have checked all the technical boxes but lack a working action plan to enforce cyber defense lines. Certification Limitations and the 'Paper-Only' Problem Bakas explained that while the certification process is not inherently faulty, it can often be misapplied. "Laser focus on documentation can create a false sense of security if organizations do not follow through with the actual implementation of processes and prioritize the effectiveness of security controls,” he said. „There’s a massive gap between documentation and actual compliance. I would go as far as to say that 90% of the clients we have worked with weren’t compliant, even though they had all the documentation.” Complex modern supply chains and rapidly evolving systems continue to create multiple weak points, allowing attackers to gain access to sensitive data. Many clients, especially teams that lack in-house cybersecurity experts, are unaware of possible blind spots where the risks, even for SMEs, are in the hundreds. "Lack of security incidents can be as much of a red flag as frequent breaches – it can mean a lack of detection capabilities to identify all the threats, as no environment is completely immune to attacks. A good way to test readiness is to hire a red team — a group of ethical hackers — to simulate real-world attacks and test the effectiveness of security defenses,” Bakas suggested. Paper-Only Compliance: A Widespread Issue Across Businesses The issue of paper-only compliance affects most businesses regardless of size. For instance, smaller entities often lack resources for robust security controls, leaving them heavily dependent on external help, which can be hit-or-miss. On the other hand, bigger businesses are usually too reliant on the progress they have already made, such as getting ISO 27001 certified, and end up neglecting continuous threat monitoring. "Compliance is only a baseline, while security is an ongoing process, requiring continuous effort. Getting certified is key, but going forward, it won’t be enough to convince the regulators, nor will it protect company assets. It’s best to get ahead, as ‘doomsday’ prepping is always better than damage control.”

image for New 2024 NIST requir ...

 Business

The requirements set by online services for user verification — whether its password length, a mandatory phone number, or biometric checks with blinking — are often governed by industry standards. One of the most important documents in this field are the NIST SP 800-63 Digital Identity Guidelines, developed by the   show more ...

US National Institute of Standards and Technology (NIST). This standard is mandatory for all US government agencies and their contractors; in practice, this means that all the worlds largest IT companies adhere to this standard, with consequences reaching far beyond the borders of the United States. Even organizations that arent strictly required to comply with NIST SP 800-63 would still benefit from familiarizing themselves with these updated guidelines, as they often serve as a blueprint for regulators in other countries and industries. The recent update, developed through four rounds of public revisions with industry experts, reflects the latest understanding of digital identification and authentication. It covers security and privacy requirements, and considers a possible distributed (federated) approach. The standard is practical, and factors in human considerations — how users respond to various authentication requirements. This new edition formalizes concepts, and outlines requirements for: passkeys (referred to in the standard as syncable authenticators); phishing-resistant authentication; user storage of passwords and accesses (attribute bundles); regular re-authentication; session tokens. So — how to authenticate users in 2024? Password authentication The standard defines three Authentication Assurance Levels (AALs). AAL1 allows the least restrictions and minimal confidence that the user is indeed who they claim to be, while AAL3 offers the strongest guarantees and requires more stringent authentication. Only AAL1 permits single-factor authentication — such as just a single password. The requirements for passwords are as follows: Only centrally verified secrets sent by the user to the server over a secure channel qualify as passwords. Passwords that are stored and verified locally are termed activation secrets and have different requirements. Passwords shorter than eight characters are prohibited, with a minimum of 15 characters recommended. Scheduled, mandatory password rotation is considered an outdated practice and therefore prohibited. Its also prohibited to impose requirements on password composition (such as your password must contain a letter, a number, and a symbol). Its recommended to allow using any visible ASCII characters, spaces, and most Unicode symbols (such as emojis). Maximum password length, if enforced, must be at least 64 characters. Truncating passwords during verification is prohibited, but trimming leading/trailing whitespace is allowed if it interferes with authentication. Using and storing password hints or security questions (such as your mothers maiden name) is prohibited. Commonly used passwords must be eliminated through the use of a stop-list of popular or leaked passwords. Compromised passwords (for example, appearing in data breaches) must be reset immediately. Login attempts must be limited in both rate and number of unsuccessful attempts. Activation secrets These are PINs and local passwords that restrict access to the on-device key storage. They can be numeric, with a recommended minimum length of six digits— though four digits are permissible. For AAL3, the primary cryptographic secret (for example, a passkey) must be stored in a tamper-resistant chip, and decrypted using the activation secret. For AAL1 and AAL2, its enough that the key restricts access from outsiders, with a limit on input attempts — no more than 10 tries. After exceeding the limit, the storage is locked, requiring an alternative authentication method. Multi-factor authentication (MFA) Its recommended to implement MFA at all AAL levels, but while this is only a suggestion for AAL1, its mandatory for AAL2, and only phishing-resistant MFA methods are acceptable for AAL3. Only cryptographic authentication methods are considered phishing-resistant: USB tokens, passkeys, and cryptographic keys stored in digital wallets conforming to SP 800-63C (distributed identification and authentication services). All cryptographic secrets must be stored in tamper-resistant systems (such as TPM or Secure Enclave). Synchronizing keys across devices and storing them in the cloud is permitted, provided each device meets the standards requirements. These provisions enable the use of passkeys across Android and iOS ecosystems. To ensure resistance to phishing, authentication must be tied to the communication channel (channel binding) or verifier service name (verifier name binding). Examples of these approaches include client-authenticated TLS connections and the WebAuthn protocol from the FIDO2 specification. In simple terms, the client uses cryptography to confirm theyre connecting with the legitimate server rather than a fake one set up for AitM attacks. Time-based one-time passwords (TOTP) from authenticator apps, SMS codes, and one-time codes from scratch cards or envelopes are not phishing-resistant but are permitted for AAL1 and AAL2 services. The standard specifies which methods for handling one-time codes dont qualify as MFA and must be avoided. One-time codes should not be sent through email or VoIP — they must be delivered over a communication channel thats separate from the primary authentication process. OTPs sent through SMS and traditional telephone lines are acceptable — even if both connections (for example, internet and SMS) are on the same device. Use of biometrics The standard restricts the use of biometrics — they may serve as an authentication factor, but are prohibited for identification. Biometric checks must be used only as a supplemental factor combined with proof of possession (for example, a smartphone or token — something you physically possess). Biometric equipment and algorithms must ensure a false match rate (FMR) no greater than 1 in 10,000, and a false non-match rate (FNMR) no greater than 5%. These accuracy rates must be consistent across all demographics. The verification algorithm must also be resistant to presentation attacks in which the sensor is shown a photo or video instead of a live person. After generating and verifying a cryptographic fingerprint from biometric data, the standard mandates immediate deletion (zeroing out) of collected biometric data. Like other authentication methods, biometric checks must include limits on input rate and the number of unsuccessful attempts.

image for Attackers Breach IT- ...

 Feed

SANS recently published its 2024 State of ICS.OT Cybersecurity report, highlighting the skills of cyber professionals working in critical infrastructure, budget estimates, and emerging technologies. The report also looked at the most common types of attack vectors used against ICT/OT networks.

 Feed

Gentoo Linux Security Advisory 202411-5 - Multiple vulnerabilities have been discovered in libgit2, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.2 are affected.

 Feed

Gentoo Linux Security Advisory 202411-4 - A vulnerability has been discovered in EditorConfig Core C library, which may lead to arbitrary code execution. Versions greater than or equal to 0.12.6 are affected.

 Feed

Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 7093-1 - It was discovered that Werkzeug incorrectly handled multiple form submission requests. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.

 Feed

Debian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

 Feed

Red Hat Security Advisory 2024-8929-03 - An update for mod_jk is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and information leakage vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8928-03 - An update for mod_jk is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include denial of service and information leakage vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8906-03 - A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Issues addressed include bypass, denial of service, memory leak, remote SQL injection, and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8686-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8683-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

 Feed

Ubuntu Security Notice 7092-1 - It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to

 Feed

Cybersecurity researchers are warning that a command-and-control (C&C) framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. "Winos 4.0 is an advanced malicious framework that offers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute

 Feed

Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that

 Feed

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59

 Feed

Meta has been fined 21.62 billion won ($15.67 million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The country's Personal Information Protection Commission (PIPC) said Meta gathered information such as

 Feed

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at

2024-11
Aggregator history
Wednesday, November 06
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary