Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for CERT-In Flags Critic ...

 Firewall Daily

The Indian Computer Emergency Response Team (CERT-In) has issued a detailed security advisory about multiple vulnerabilities found in the popular video conferencing application, Zoom.   These Zoom vulnerabilities identified across various versions of Zoom’s software, targets users by potentially allowing attackers   show more ...

to gain unauthorized access to sensitive information, escalate privileges, or disrupt service.  The vulnerabilities are present in several Zoom products, including the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK, across multiple operating systems such as macOS, iOS, Windows, Linux, and Android.   Zoom Vulnerabilities Targeting Unsuspecting Users  The vulnerabilities impact a wide range of Zoom applications, primarily those before version 6.2.0. Affected products include:  Zoom Workplace App for macOS, iOS, Windows, Linux, and Android before version 6.2.0.  Zoom Rooms Client for Windows, iPad, and macOS before version 6.2.0.  Zoom Rooms Controller for multiple platforms (Windows, macOS, Linux, Android) before version 6.2.0.  Zoom Video SDK and Zoom Meeting SDK for macOS, iOS, Windows, Linux, and Android before version 6.2.0.  Zoom Workplace VDI Client for Windows before version 6.1.12 (except version 6.0.14).  The vulnerabilities found in these products stem from various issues such as improper input validation, buffer overflows, symlink following, and uncontrolled resource consumption. These weaknesses could lead to malicious consequences, ranging from unauthorized access to a system, privilege escalation, and even denial of service (DoS) conditions.  Details of the Vulnerabilities in Zoom  1. Improper Input Validation (CVE-2024-45422) One of the most critical vulnerabilities, reported under CVE-2024-45422, involves improper input validation in Zoom Apps. Before version 6.2.0, this flaw could allow an unauthenticated user to launch a denial of service (DoS) attack via network access. The issue affects the Zoom Workplace App on multiple platforms, including macOS, iOS, Windows, Linux, and Android.  The CVSS severity of this vulnerability is classified as medium, with a CVSS score of 6.5. Users are strongly encouraged to apply updates promptly in order to prevent potential disruptions that could arise from this issue.  2. Buffer Overflow Vulnerability (CVE-2024-45421) Another critical vulnerability, identified as CVE-2024-45421, relates to a buffer overflow in some Zoom Apps. This flaw can be exploited by an authenticated user to escalate privileges via network access. It affects versions of the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK across multiple platforms.  The CVSS severity of this vulnerability is classified as high, with a CVSS score of 8.5. Given its high-risk nature, this vulnerability could enable attackers to gain elevated privileges, potentially granting them full control over the affected system.   3. Uncontrolled Resource Consumption (CVE-2024-45420) CVE-2024-45420 describes a vulnerability in Zoom Apps that leads to uncontrolled resource consumption. This flaw allows an authenticated user to execute a denial of service (DoS) attack via network access, which could result in system slowdown or complete disruption of the service.  The CVSS severity of this vulnerability is classified as medium, with a CVSS score of 4.3. Affected versions include the Zoom Workplace App and Zoom Rooms Client, among others. This vulnerability impacts systems across multiple platforms, including Windows, macOS, and iOS. 4. Symlink Following (CVE-2024-45418) A lesser-severity vulnerability, CVE-2024-45418, exists due to symlink following in the installer of some Zoom apps for macOS. This flaw could enable an authenticated user to escalate privileges, potentially leading to unauthorized access or modification of system files.  The CVSS severity of this flaw is classified as medium, with a CVSS score of 5.4. It affects the Zoom Workplace App for macOS, as well as other Zoom products on macOS, versions prior to 6.1.5.  5. Improper Input Validation and Information Disclosure (CVE-2024-45419) This vulnerability, identified as CVE-2024-45419, allows for improper input validation, which may result in the disclosure of sensitive information. An unauthenticated user could exploit this flaw to access sensitive data via network access, posing a significant security threat.  This vulnerability is classified as high, with a CVSS score of 8.1. It is present in several Zoom apps and impacts multiple operating systems, including Windows, macOS, iOS, Android, and Linux.  6. Uncontrolled Resource Consumption in macOS Installers (CVE-2024-45417) The final vulnerability in the list, CVE-2024-45417, pertains to uncontrolled resource consumption in the installer for some Zoom apps for macOS. This flaw can lead to information disclosure through local access, especially in cases where a privileged user executes malicious code.  This vulnerability, with a CVSS severity of medium and a score of 6.0, affects several Zoom products for macOS, including the Zoom Workplace App, Zoom Meeting SDK, and Zoom Video SDK.  Conclusion   Timely updates are important due to the high severity of vulnerabilities in Zoom products. CERT-In has urged all users to apply the latest patches to protect against potential threats. These vulnerabilities pose substantial risks, including unauthorized access to sensitive data and service disruptions that can impact both individuals and organizations.   Zoom has acknowledged the issues and released updates to address them, available on their website. This highlights the importance of regular software updates in maintaining cybersecurity. CERT-In’s efforts to identify these vulnerabilities demonstrate its commitment to securing digital infrastructures, and by following best practices, users can reduce the risk of exploitation and protect their information. 

image for DOJ Takes Down Globa ...

 Firewall Daily

The U.S. Department of Justice has announced the seizure of the PopeyeTools website, a notorious cybercrime website that facilitated the trafficking of stolen financial information and tools for committing fraud. Along with this major takedown, criminal charges have been filed against three administrators of the site:   show more ...

Abdul Ghaffar, 25, of Pakistan; Abdul Sami, 35, of Pakistan; and Javed Mirza, 37, of Afghanistan.   The trio is accused of running a multi-million-dollar cybercrime operation that sold stolen credit card details, bank account information, and other illicit goods to criminals around the world. The Justice Department's action marks the latest in a series of efforts to disrupt illegal online marketplaces that contribute to cybercrime, including the recent seizure of the PopeyeTools website, which had been operating since 2016.   The Seizure of the PopeyeTools Website  The website, which has been described as a major hub for cybercriminals, sold access devices such as stolen credit card and bank account numbers, and personally identifiable information (PII) for at least 227,000 individuals. PopeyeTools also allegedly generated over $1.7 million in revenue from its illicit activities.  The cybercrime website PopeyeTools was known for offering a wide array of stolen data, including “live” credit card information, bank logs, and email spam lists, all marketed to criminals seeking to exploit these items for fraudulent activity. One of the site's most notable sections, "Live Fullz," offered working credit card data for around $30 per card, with guarantees that the data would be valid for fraudulent transactions. Another section, “Fresh Bank Logs,” offered stolen banking information, while other parts of the site provided scam guides, tutorials, and spam email lists to help criminals in their endeavors.  In addition to providing stolen financial data, the PopeyeTools website provided tools that allowed customers to verify the validity of stolen data and offered to refund or replace invalid data, further enhancing its reputation as a reliable source for cybercriminals.  The Justice Department’s Role in Disrupting Cybercrime  Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, emphasized the department's commitment to using every tool available to combat cybercrime. As alleged, Ghaffar, Sami, and Mirza founded and ran a longstanding online marketplace that sold illicit goods and services for use in committing cybercrimes, including ransomware attacks and financial frauds," she said. Today’s announcement of the takedown of the PopeyeTools domains, the criminal charges against its operators, and the seizure of cryptocurrency is yet another example of our ‘all-tools’ approach to combatting cybercrime."  The Justice Department's efforts to shut down the PopeyeTools website are part of a broader strategy to dismantle online platforms that facilitate cybercrime and fraud. The U.S. government worked closely with international law enforcement agencies, including those from the United Kingdom and Malaysia, to bring the perpetrators to justice.  PopeyeTools Website Shutdown and Cryptocurrency Seizure  The U.S. government took decisive action by obtaining judicial authorization to seize the domains associated with the PopeyeTools website: www.PopeyeTools.com, www.PopeyeTools.co.uk, and www.PopeyeTools.to. The website had been a major platform for the sale of stolen financial data and cybercrime tools. Additionally, the government seized approximately $283,000 worth of cryptocurrency from an account controlled by one of the administrators, Abdul Sami.  The FBI, which played a key role in investigating the PopeyeTools cybercrime website, emphasized that dismantling the infrastructure of cybercriminals is crucial to reducing the threat posed by online fraud. FBI Assistant Director Bryan Vorndran of the Cyber Division stated, "In addition to unsealing charges against the administrators of PopeyeTools, we’ve also seized domains and cryptocurrency associated with the cybercriminal marketplace. The FBI will continue to relentlessly pursue the facilitators of cybercrime along with their tools and resources."  Legal Consequences for the Administrators  The charges against Abdul Ghaffar, Abdul Sami, and Javed Mirza are serious, with each facing a maximum sentence of 10 years in prison for each of the three access device offenses they are accused of committing. If convicted, the three men will face severe penalties, though a federal judge will determine the final sentence based on the U.S. Sentencing Guidelines and other statutory factors.  U.S. Attorney Trini E. Ross for the Western District of New York stressed the importance of the operation in protecting the public, noting, “I continue to commend the work of our federal law enforcement partners, who joined forces with law enforcement across the globe, to disrupt this illicit marketplace. The perpetrators of this illegal marketplace allegedly sold the credit card information and personally identifiable information of hundreds of thousands of victims, some who live in western New York.” 

image for Major Cyberattack Ta ...

 Cyber News

International Game Technology (IGT), one of the largest gambling companies in the United States, has confirmed a significant cybersecurity incident that caused disruptions across its operations. The cyberattack on IGT, which occurred on November 17, 2024, affected portions of IGT's internal information technology   show more ...

systems and applications, forcing the company to take some systems offline as part of its response. IGT, a global leader in providing systems and technology for lotteries, gambling machines, and sports betting, disclosed the incident in a filing with the U.S. Securities and Exchange Commission (SEC). The company noted that the breach was detected when it "experienced disruptions in portions of its internal information technology systems and applications." Details of IGT Cyberattack  In a filing with the U.S. Securities and Exchange Commission (SEC) on Tuesday, International Game Technology disclosed that it detected unauthorized access to certain systems, resulting in operational disruptions. The company swiftly activated its cybersecurity incident response plan and enlisted external advisors to investigate and mitigate the IGT data breach. On November 17, 2024, International Game Technology PLC (the "Company") became aware that an unauthorized third party gained access to certain of its systems, and the Company has experienced disruptions in portions of its internal information technology systems and applications resulting from this cybersecurity incident," reads the SEC filling. The cyberattack on IGT impacted various applications and internal IT systems critical to the company’s operations, which include providing systems and technology for lotteries, gambling machines, and sports betting. While the investigation is ongoing, IGT has not yet determined whether the incident will have a material financial impact. To contain the threat and safeguard its systems, IGT proactively took some IT infrastructure offline. Despite these challenges, the company has implemented business continuity measures to minimize disruptions and maintain customer services wherever possible. A Company of Global Reach and Significance IGT, headquartered in London, employs over 11,000 people worldwide. For the first nine months of 2024, the company reported revenues of $1.9 billion, reflecting its significant role in the global gambling technology market. While no hacking group has claimed responsibility for the attack as of November 21, the incident follows a troubling pattern of ransomware attacks targeting casinos and lottery systems over the past year. A Broader Trend of Cyberattacks on the Gambling Industry Cyberattacks on gambling and lottery organizations have become increasingly frequent and damaging. Earlier this year, the Ohio Lottery fell victim to a ransomware attack that exposed customer and retailer data. The breach, which occurred on December 24, 2023, disrupted critical systems and resulted in the temporary suspension of certain services. While ticket sales were unaffected, information about winning numbers and jackpots became temporarily unavailable on the lottery's website and app. High-value prize claims were particularly impacted, as online processing for prizes exceeding $599 was suspended. These claims required submission by mail to the Ohio Lottery Central Office, causing significant inconvenience for affected players. Ransomware has become a preferred tool for cybercriminals targeting the gambling and lottery sectors. These industries manage vast amounts of financial transactions, sensitive customer data, and operational systems, making them lucrative targets. In its SEC filing, International Game Technology emphasized its commitment to mitigating the impact of the attack. The company has been actively communicating with customers and stakeholders, ensuring transparency while working to restore affected systems. To limit operational disruption, IGT has implemented alternative solutions in line with its business continuity plans. These measures aim to ensure that services remain available to customers while the investigation and recovery efforts continue. For International Game Technology, restoring its systems and regaining customer confidence will be paramount in the weeks ahead. By adhering to its cybersecurity incident response plan and keeping stakeholders informed, the company is taking critical steps toward recovery.

image for DOJ Orders Google to ...

 Firewall Daily

The U.S. Department of Justice (DOJ) has proposed a series of remedies to curb Google’s dominance in the online search market. This proposal includes a demand of selling Google Chrome, one of the most popular internet browser on the market.  The move is part of a broader legal effort to dismantle what the DOJ   show more ...

describes as Google’s “search monopoly,” which has long been a point of contention among competitors and regulators alike. This proposal, filed in late November 2024, comes after a landmark ruling in August, where District Judge Amit Mehta found that Google had illegally maintained its monopoly in the search market, stifling competition through exclusionary practices.  The DOJ’s Remedy: Sell Google Chrome And More The DOJ’s filing includes several key proposals aimed at breaking Google’s stranglehold on both search services and the advertising space that surrounds them. One of the most interesting points in the proposal is the forced divestiture of Google Chrome, which has been a critical part of Google’s ability to funnel users to its search engine. The DOJ argues that Google’s control over Chrome and its integration with Android has allowed the company to funnel user data to itself, preventing rivals from gaining a foothold in the search market.  The proposed divestiture of Chrome is a direct response to Google’s "Chrome monopoly," which, according to government attorneys, has played a pivotal role in blocking competition. “Restoring competition in the markets for general search and search text advertising requires reactivating the competitive process that Google has long stifled,” the DOJ’s filing states. By removing Google’s control over Chrome, the DOJ believes it will open up the search market and give competitors a fairer chance.  In addition to selling Chrome, the DOJ has proposed several other measures to ensure that Google does not circumvent the proposed remedies. These include restrictions on Google’s contracts with companies like Apple and Samsung, which currently make Google Search the default on many mobile devices and browsers.   The DOJ seeks to prevent Google from entering into such exclusive agreements, which have been deemed anticompetitive, and to prohibit any future payments or incentives that could keep its search engine as the default option on devices.  Google’s Response Google, unsurprisingly, has pushed back against the DOJ’s proposals. Kent Walker, Google’s President of Global Affairs, criticized the DOJ’s intervention, calling it a "radical interventionist agenda" that could harm both consumers and America’s technology leadership.   “The DOJ’s wildly overbroad proposal goes miles beyond the Court’s decision,” Walker stated, adding that it would have negative consequences for users who rely on Google’s products. Google has until December 20, 2024, to file its own proposed remedies, and Judge Mehta is expected to issue a final decision by the summer of 2025.  Despite Google’s opposition, the DOJ’s case against the company is gaining traction, with a coalition of states backing the federal government’s effort to break up Google’s monopoly. These states argue that the proposed remedies will help open up the search market, fostering innovation and providing consumers with better choices.  The Impact of Google’s Dominance  Google’s control of the search market is staggering. According to data from Statcounter, Google’s search engine accounts for around 90% of all online searches globally. This dominance has been further entrenched by its control over key distribution channels, including Chrome and Android. The DOJ argues that Google’s vast data advantage, accumulated through its monopolistic control, has allowed the company to refine its search algorithms and advertising systems, giving it an unfair edge in the marketplace.  Professor Laura Phillips-Sawyer from the University of Georgia School of Law explains that Google’s control of user data has created an environment where competitors struggle to innovate. “Without the ability to reach consumers, no one will invest in search innovation,” Phillips-Sawyer noted. By requiring Google to divest Chrome and open up access to its search index, the DOJ’s remedies aim to level the playing field and provide space for new entrants to compete.  A Long Road Ahead While the DOJ’s proposals are seen as a major step toward restoring competition in the search market, the road to implementation will be long and complicated. With the new administration under President-elect Donald Trump set to take office in January 2025, questions have arisen about whether his government will continue to support the case. Legal experts, however, suggest that the federal government is likely to stay committed to the case, as the DOJ originally filed it during Trump’s first term.  Even if there is a shift in political leadership, the states involved in the case could continue to push for the proposed remedies on their own. “It would be odd for the second Trump administration to back off a lawsuit they filed themselves,” said Rebecca Allensworth, an antitrust expert at Vanderbilt Law School. “The federal government will stay on it, but the intensity of their push may change.”  Conclusion The DOJ’s proposal is seen by many experts as a necessary intervention to counterbalance Google’s power in the online search and advertising markets. The goal is to dismantle the exclusionary practices that have kept rivals from competing effectively, including Google’s use of exclusive contracts and its manipulation of user data. If successful, the remedy could lead to a more competitive ecosystem, where consumers have more choices and advertisers have greater control over their campaigns.  The remedy includes several provisions aimed at increasing transparency and reducing switching costs for advertisers. Google’s monopoly has allowed the company to charge inflated prices for search ads while providing advertisers with less information. Under the proposed changes, Google would be required to provide more real-time data on ad performance and allow advertisers greater control over keyword matching. 

image for AI and Open Source S ...

 Vulnerability News

Artificial Intelligence (AI) is the hottest online commodity right now, and its integration into AI in fuzzing and automated vulnerability discovery is proving to be a game changer. Recently, OSS-Fuzz, a Google initiative aimed at enhancing open-source security, reported 26 new vulnerabilities discovered using AI,   show more ...

including a critical flaw in the OpenSSL library (CVE-2024-9143). This vulnerability, which had likely been present for nearly two decades, was identified through AI-powered fuzzing. Traditionally, fuzzing has been a manual process involving the generation of fuzz targets—small, automated programs designed to stress-test software for vulnerabilities. However, AI has transformed this process, enabling more efficient, expansive, and precise testing. By using AI models, particularly large language models (LLMs), OSS-Fuzz has improved its fuzzing capabilities. These AI-powered systems can generate fuzz targets that cover more code paths and introduce new variations, uncovering vulnerabilities that would otherwise remain hidden.  The Integration of AI in Fuzzing Vulnerabilities  The integration of AI in fuzzing was first announced by the OSS-Fuzz team in August 2023. The team introduced AI-powered fuzzing to automatically generate fuzz targets for testing critical open-source software, aiming to discover vulnerabilities early and reduce the window of opportunity for attackers.   The key innovation here is the use of LLMs to generate fuzz targets—essentially unit tests that focus on specific functionality within software, looking for potential bugs or security flaws. The AI’s ability to create fuzz targets based on coding patterns and historical data from existing tests allowed OSS-Fuzz to automate the previously manual process of developing and refining these targets.  The results of this approach were evident as the AI-generated fuzz targets increased code coverage across a wide range of C/C++ projects. OSS-Fuzz, which had been testing 160 projects before AI integration, expanded this number to 272 projects, covering an additional 370,000 lines of code.   The most interesting improvement was observed in a single project where coverage increased by 7,000%—from 77 lines to 5,434 lines. This surge in code coverage directly contributed to the discovery of 26 new vulnerabilities, with CVE-2024-9143 in OpenSSL being the most notable. This vulnerability had likely existed for two decades and could not have been discovered using traditional human-written fuzz targets.  How AI-powered Fuzzing Helps in Mitigating Vulnerabilities  AI’s ability to uncover these hidden vulnerabilities is due, in part, to its capacity to explore previously untested code paths. While traditional fuzzing measures code coverage, which helps to indicate which portions of code have been tested, it doesn’t necessarily guarantee the detection of all vulnerabilities.   The AI-powered fuzzing system generates new and varied fuzz targets that account for different behaviors, configurations, and edge cases, thereby ensuring a more thorough search for bugs. Even when code coverage metrics appear sufficient, the AI’s enhanced fuzzing can still uncover previously overlooked issues. This is exemplified by the discovery of a bug in the cJSON project, where AI-generated fuzz targets found a vulnerability in a function already covered by human-written tests.  In addition to improving fuzz coverage, the AI system has evolved to simulate a developer's workflow, incorporating steps such as fixing compilation errors, running fuzz targets, and triaging crashes. The goal is to create a fully automated fuzzing process that reduces manual intervention while increasing the accuracy and speed of vulnerability detection. In January 2024, OSS-Fuzz open-sourced its framework, enabling other researchers to experiment with AI-powered fuzzing in their own environments. At that point, the AI models had already demonstrated the ability to generate functional fuzz targets across 160 projects, further validating the efficacy of this approach. 

image for How to protect yours ...

 Tips

These days, its not just government agencies or private detectives who can spy on you. Tracking has become so easy and cheap that jealous spouses, car thieves, and even overly suspicious employers are doing it. They dont have to peek around corners, hide in stores, or even get close to their target at all. A   show more ...

smartphone and a Bluetooth tracking beacon — like an Apple AirTag, Samsung Smart Tag or Chipolo — will do the job perfectly. According to one of the lawsuits filed against Apple, this method of spying is used in a variety of crimes —  from stalking ex-partners to planning murders. Luckily for all of us, theres protection! As part of Kasperskys anti-stalking campaign, well explain how you could be tracked and what you can do about it. Online and offline tracking Surveillance of a victim is typically carried out in one of two ways. Method one: purely software-based. A commercial tracking app is installed on the victims smartphone — we call this category of apps stalkerware or spouseware. Such apps are often marketed as parental control apps, but they differ from legitimate parental controls because the apps activity is kept hidden after installation. Most often, the app is entirely invisible on the device, though sometimes it disguises itself as something innocuous, like a messenger, game or photo-gallery app. Stalker apps can repeatedly transmit the victims geolocation to a server, send messages and other confidential data from the device to an attacker, and even activate the microphone to record audio. The main drawback of stalkerware for the attacker is the difficulty of installation — it requires gaining access to the victims unlocked smartphone for some time. Thats why, in many cases, especially when its an ex-partner or car thief doing the stalking, they use the other method. Method two: a wireless beacon. A tracking device is planted on the victim. In a car, it might be hidden in an inconspicuous spot, such as behind the license plate; for a person, the tracker could be slipped into a bag or among other personal items. Originally, Bluetooth trackers — small devices about the size of a coin — were invented to help locate lost belongings such as keys, wallets or luggage. However, if planted on a target, their movements can be tracked in near real-time using a special app. Incidentally, many of todays Bluetooth headphones also have built-in tracking functionality to make them easier to find — and these too can be used for stalking. So, if you happen to find a pair of fancy headphones lying around, dont start thinking its your lucky day — they may have been deliberately planted in order to track your movements, even after you pair them with your own smartphone. Tracking technology works even if the beacon is well beyond the Bluetooth range of the stalkers smartphone: other smartphones help locate the lost item. Many of the latest Android and iOS devices report the location of nearby visible beacons to the central servers of Google or Apple. As a result, these tech giants are able to locate any beacon if theres any modern Bluetooth-enabled smartphone with internet access nearby. The most popular beacon is still the Apple AirTag, and Apple has gone to a lot of trouble since the first product launch to protect users from malicious use of the tracker. The latest AirTags start beeping to attract attention if they remain away from their owners smartphone for too long. However, attackers can easily bypass this protection by damaging the speaker on the tracker. Such hacked tags with disabled speakers can even by bought — easily. How to protect yourself from surveillance To safeguard yourself from both online and offline tracking, we recommend using Kaspersky for Android. This tool now includes the Whos spying on me feature, which allows you to quickly detect surveillance. Protection against tracking beacons. Fortunately, by their very nature, trackers can never be completely invisible, as theyre constantly signaling their presence via Bluetooth. A smartphone equipped with reliable protection can alert the user if an unregistered Bluetooth device is frequently detected nearby or in various different locations. If such a device moves around with you or stays close for too long, Kaspersky for Android will notify you. Upon discovering a tracker, its essential to examine it closely. Sometimes, the situation may be innocent, such as if a family member you spend a lot of time with has a tracker attached to their keys. Occasionally, there may be trackers on rental vehicles or laptops (although rental companies are required to notify users and include this in the contract). Protection against stalkerware. Kaspersky Premium detects known stalkerware apps. Oh, and by the way — did you know that Kaspersky products won a stalkerware detection test? If such apps — or even their installation files, whether downloaded by you or someone else — are found on your device, Kaspersky for Android will alert you immediately. Kaspersky for Android detects both installed stalkerware apps (on the right) and their installation files (on the left) Even users of the free version of Kaspersky for Android can scan for stalkerware. The only difference in this case between Kaspersky Premium and the free version is that in Kaspersky Premium, scanning is done automatically and continuously. In the free version of Kaspersky for Android, users need to manually initiate each scan. Suspicious beacons that appear frequently in your vicinity will be listed and labeled in the Device Scanner section. Kaspersky for Android warns you about spy trackers and provides guidance on what to do Meanwhile, the permission-control feature regularly checks the access of apps to your camera, microphone, location and Bluetooth, so you can quickly identify suspicious new apps. Additional precautions Several general security and cyber-hygiene measures can make it harder for anyone to track you, and are recommended for all users: Never leave personal items unattended. This applies especially to digital devices that are powered on. Set up biometric authentication on your smartphone. Set the auto-lock screen time to 30 seconds or less. Set up biometrics or a strong password for logging into your laptop, and always lock the screen if you leave your desk. Make a password necessary to install apps from the app store (you can do this on both iOS and Android). Disable the installation of apps from unknown sources on Android. Update all your apps at least once a month and delete any that you no longer use. Never share your passwords with anyone. If youve ever shared them with anyone, or you suspect they may have been intercepted, seen or guessed — change them immediately. Avoid logging into personal accounts on shared devices at home or at work, and certainly dont do this in libraries, hotels or cafes. If you absolutely have to log in, make sure to log out afterwards. Use a password manager, create a unique password for each account, and enable two-factor authentication. Be careful with what you share on social media and in messengers — avoid disclosing details that reveal your location, daily routine, or social circle. For individuals at higher risk of stalking (say, from an unwanted admirer, disaffected spouse or business partner), here is a more comprehensive list of precautions, including physical safety and legal protection measures. What to do if you detect surveillance If youve discovered a beacon or tracking app and ruled out any innocent explanations, consider the possible reasons for why you might be under surveillance. For those involved in domestic violence or serious conflicts, physical safety is the priority. Therefore, in such cases, its important not to reveal that youve detected the surveillance, but instead contact the police or dedicated support organizations. Likewise, its essential that the smartphone or beacon doesnt end up in a location that would indicate the discovery (for example, a police station). You can either leave the smartphone at home while you go to the police, or arrange to meet a support group in a safe place. For more detailed advice on such tricky cases, consult our anti-stalking awareness guide. If the risk of violence is low, you should still contact the police. Hand over the spy tracker, and let law enforcement create a digital copy of your smartphone to gather evidence of infection (if present). After that, you can remove the stalkerware from your smartphone.

image for Faux ChatGPT, Claude ...

 Feed

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

image for Going Beyond Secure ...

 Feed

Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.

 Feed

This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful   show more ...

exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.

 Feed

This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.

 Feed

A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple   show more ...

processes can probably lead to unintended page table sharing, which probably can lead to stale TLB entries pointing to freed pages.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this   show more ...

issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

 Feed

Debian Linux Security Advisory 5812-2 - The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt.

 Feed

Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari   show more ...

without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.

 Feed

Red Hat Security Advisory 2024-9729-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-9690-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

 Feed

Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

 Feed

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting

 Feed

Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who

 Feed

Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The

 Feed

Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that’s both scalable and adaptable. As companies shift from traditional,

 Feed

The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as

 Feed

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a

 0CISO2CISO

Source: krebsonsecurity.com – Author: BrianKrebs Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp,   show more ...

Okta, T-Mobile and Twilio. A visual depiction of the attacks by […] La entrada Feds Charge Five Men in ‘Scattered Spider’ Roundup – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 British

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada British Lawmakers Leery of Losing EU Adequacy Status – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Wiz Fortifies Application Security With $450M Dazz Purchase – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada GAO: HHS Needs to Be a Better Leader in Health Sector Cyber – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada CISA Red Team Finds Alarming Critical Infrastructure Risks – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arrests

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Will Arrests Squash Scattered Spider’s Cybercrime Assault?   show more ...

– Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Let’s Give Thanks for How Far We’ve Come – and   show more ...

Forge Ahead! – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Apple Patches Two Zero-Day Attack Vectors – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Proton VPN Review: Is It Still Reliable in 2024? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Modern Phishing Challenges and the Browser Security Strategies   show more ...

to Combat Them – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Helpline for Yakuza victims fears it leaked their personal info – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada DSPM vs CSPM: Key Differences and Their Roles in Data Protection – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cross-Site

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Cross-Site Scripting Is 2024’s Most Dangerous Software   show more ...

Weakness – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Study Finds 76% of Cybersecurity Professionals Believe AI Should   show more ...

Be Heavily Regulated – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Endace Establishes Middle East Regional Headquarters in Saudi   show more ...

Arabia – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Norton Introduces Small Business Premium for Business-Grade   show more ...

Security – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Microsoft Takes Action Against Phishing-as-a-Service Platform – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apono

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Apono Enhances Platform Enabling Permission Revocation and   show more ...

Automated Access – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Conference

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada RSA Conference 2025 Innovation Sandbox Contest Celebrates 20th   show more ...

Anniversary – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada VISO TRUST Secures $24M to Accelerate Innovation in AI-Powered   show more ...

Third-Party Risk Management – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Cloud Security Startup Wiz to Acquire Dazz in Risk Management   show more ...

Play – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada CISA and EPA Reports Find Concerning Critical Infrastructure   show more ...

Vulnerabilities – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Friday Squid Blogging: Transcriptome Analysis of the Indian Squid – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada The Scale of Geoblocking by Nation – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AA23-136A

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada BianLian Ransomware Detection: AA23-136A Joint Cybersecurity   show more ...

Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Microsoft Seizes 240 Websites to Disrupt Global Distribution of   show more ...

Phish Kits – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Russian Cyber Spies Target Organizations with HatVibe and   show more ...

CherrySpy Malware – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Three-Quarters of Black Friday Spam Emails Identified as Scams   show more ...

– Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Friday, November 22
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary