Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for CISA’s New TIC 3.0 ...

 Firewall Daily

The Cybersecurity and Infrastructure Security Agency (CISA) has released version 3.2 of the Trusted Internet Connections (TIC) 3.0 Security Capabilities Catalog (SCC), a key resource designed to help federal agencies strengthen their cybersecurity defenses.  This updated version aligns with the latest guidance from   show more ...

the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) Version 2.0, ensuring that TIC continues to the modern standards.  The new release enhances agencies' ability to secure their IT environments, particularly as agencies increasingly adopt cloud-based services and decentralized infrastructures.  The Role of the Security Capabilities Catalog  The TIC 3.0 SCC is an essential resource for federal agencies, offering a comprehensive set of security controls, capabilities, and best practices. The catalog’s goal is to guide agencies in implementing secure network environments and ensuring compliance with cybersecurity standards.   With the rapid shift to more complex computing environments, the SCC ensures that agencies can adapt to new risks while maintaining security measures across a variety of computing environments, including cloud, mobile, and on-premises infrastructures.  Version 3.2 of the TIC 3.0 SCC builds on previous releases by integrating the latest updates from the NIST Cybersecurity Framework (CSF). The CSF, which provides a structured approach to managing cybersecurity risks, is based around the core functions of Govern, Identify, Protect, Detect, Respond, and Recover. These functions are vital to organizations’ risk management strategies and are now reflected in the updated catalog’s security capabilities, ensuring that TIC aligns with best practices in managing cybersecurity risks, detecting incidents, and responding to threats.  Key Security Objectives of TIC 3.0  The TIC 3.0 program outlines specific security objectives aimed at mitigating risks as federal data moves through various trust zones, especially with the increasing use of cloud and mobile services. These objectives are designed to provide scalable and consistent protections, regardless of the data's location or transmission method.   The updated Security Capabilities Catalog helps agencies implement these objectives, ensuring secure management of federal data. One key objective is Manage Traffic, which focuses on filtering data connections to ensure they align with authorized activities, enforcing least privilege and default-deny policies to restrict access to sensitive data.   Another important goal is to Protect Traffic Confidentiality, ensuring that sensitive data remains confidential during transit by securing communication channels to prevent unauthorized access. Protect Traffic Integrity aims to ensure that data in transit remains unaltered, protecting it from tampering by cybercriminals.   Finally, the objective to Ensure Effective Response stresses the need for timely action to mitigate damage during cybersecurity incidents and adapt security policies to address online threats.  Universal and PEP Security Capabilities  The updated SCC divides security capabilities into two primary categories: Universal Security Capabilities and PEP (Policy Enforcement Point) Security Capabilities. Both categories are essential for helping federal agencies secure their networks and implement effective risk management measures.  Universal Security Capabilities  Universal security capabilities are high-level principles that apply to all federal agencies, regardless of their specific use cases, helping them implement broad cybersecurity measures to address enterprise-level risks. Key universal capabilities in the catalog include Backup and Recovery, which ensures that data and configurations are backed up and can be restored in the event of an incident, failure, or corruption.   Central Log Management with Analysis is another critical capability, collecting, storing, and analyzing security logs to support threat detection and forensic analysis. Incident Response Planning and Handling helps agencies prepare for and respond to cybersecurity incidents, ensuring quick recovery and detection measures are in place. The principle of Least Privilege limits access to the minimum necessary resources, reducing exposure to potential threats, while Patch Management ensures systems are regularly updated with patches to mitigate vulnerabilities from known exploits.  PEP Security Capabilities  PEP security capabilities focus on technical implementations that are more granular and can be tailored to an agency's specific needs. These capabilities directly support the TIC 3.0 security objectives and align with emerging cybersecurity architectures, such as Zero Trust.   Key examples include Anti-malware, which detects and quarantines malicious code that could compromise the integrity of the network, and Network Segmentation, which divides networks into smaller, isolated segments to limit the spread of cyber threats. Multi-factor Authentication (MFA) adds an extra layer of authentication, ensuring that only authorized users can access sensitive information.   These capabilities are essential for helping agencies implement targeted security measures across diverse environments, including cloud, email, and network security solutions. 

image for CERT-In Alerts Multi ...

 Firewall Daily

The Indian Computer Emergency Response Team (CERT-In) issued a Vulnerability Note CIVN-2024-0353 highlighting several critical vulnerabilities within the widely used content management system (CMS), Drupal. The Drupal vulnerabilities, spanning versions from 7 to 11, have been deemed to present a high security risk due   show more ...

to their potential for unauthorized access, arbitrary code execution, and exposure to data theft.  The flaws, which have been traced to improper handling of user inputs, inadequate sanitization in certain modules, and potential vulnerabilities linked to PHP Object Injection, could allow attackers to compromise a site’s integrity, gain access to sensitive data, or execute malicious scripts.   Drupal Vulnerabilities Affected Versions and Risk Overview  Drupal, an open-source CMS, powers a number of websites, ranging from personal blogs to large organizational platforms. According to the vulnerability notes, multiple vulnerabilities exist in Drupal core due to flaws such as improper sanitization of status messages, failure to check certain user fields, and vulnerabilities that could allow PHP Object Injection. These flaws are particularly concerning for administrators running versions prior to:  Drupal 7 (before version 7.102) Drupal 10.2 (before version 10.2.11) Drupal 10.3 (before version 10.3.9) Drupal 11.0 (before version 11.0.8) The primary concern is that these vulnerabilities could be exploited by remote attackers to perform cross-site scripting (XSS) attacks, execute arbitrary code, or even steal sensitive user data. For Drupal-based sites with outdated versions, these vulnerabilities can be exploited without requiring sophisticated technical knowledge from the attackers.  Key Drupal Vulnerabilities and Exploits  One of the most critical Drupal vulnerabilities outlined in the report is a Cross-Site Scripting (XSS) issue, identified in SA-CORE-2024-003. This vulnerability affects versions from Drupal 8.8 to Drupal 10.2.11, Drupal 10.3.0 to Drupal 10.3.9, and Drupal 11.0.0 to Drupal 11.0.8. Drupal uses JavaScript to render status messages in some configurations, and in certain cases, these messages are not properly sanitized. This lack of sanitization opens the door for attackers to inject malicious scripts that could execute on the client side, compromising users’ sessions or performing unauthorized actions on their behalf.  Another major vulnerability identified is an Access Bypass issue, found in SA-CORE-2024-004. This vulnerability, affecting versions 8.0.0 to 10.2.11, 10.3.0 to 10.3.9, and 11.0.0 to 11.0.8, arises due to inconsistent uniqueness checking for certain user fields. Depending on the database engine and collation settings, attackers could exploit this flaw to allow multiple users to register with the same email address, leading to potential data integrity problems.  More concerning vulnerabilities include PHP Object Injection issues described in SA-CORE-2024-006 and SA-CORE-2024-007. These vulnerabilities are considered less critical because they are not directly exploitable. However, if combined with another vulnerability, they could lead to remote code execution or arbitrary file deletion. The issue arises due to the improper handling of object deserialization. Although no direct exploits have been identified, administrators should still be vigilant, especially if their sites are using third-party database drivers.  Impact Assessment and Solution Recommendations  The exploitation of these vulnerabilities in Drupal could lead to serious consequences, ranging from data theft to malware propagation. The potential for attackers to perform arbitrary code execution or manipulate user data is a significant concern, especially for organizations that rely on Drupal to store sensitive or mission-critical information. Sites running outdated versions are at the greatest risk, and administrators are urged to act promptly.  To mitigate these risks, Drupal administrators are strongly advised to update their systems to the latest versions. The security updates are as follows:  Update Drupal 7 to 7.102  Update Drupal 10.2 to 10.2.11  Update Drupal 10.3 to 10.3.9  Update Drupal 11.0 to 11.0.8  In addition to updating, Drupal administrators are encouraged to review their current configurations, especially when using custom modules or third-party applications that might interact with the Drupal core. This will help ensure that no existing vulnerabilities are overlooked, particularly those related to user input sanitization or unsafe object handling.  Vendor Response and Ongoing Monitoring  The Drupal Security Team has been actively working on addressing these vulnerabilities. The initial reports and fixes were coordinated by team members such as Lee Rowlands, Greg Knaddison, and Drew Webber, with support from the broader Drupal security community. The latest security updates and patches are available from the official Drupal security advisories at:  Drupal SA-CORE-2024-003  Drupal SA-CORE-2024-004  Drupal SA-CORE-2024-005  Drupal SA-CORE-2024-006  Additionally, the Drupal community has provided instructions for administrators to help them patch and secure their installations. The emphasis is on keeping up with CIVN-2024-0353 and other related advisories to reduce the risk of exploitation. 

image for Apple Faces Privacy ...

 Firewall Daily

A current Apple employee has filed a lawsuit against the tech giant, accusing the company of using invasive surveillance tactics on its workers’ personal devices. The Apple lawsuit, filed on Sunday evening in California state court, puts allegations that Apple monitors employees’ private iCloud accounts and   show more ...

non-work-related devices without their consent.  The plaintiff, Amar Bhakta, has been employed by Apple in the advertising technology sector since 2020. Bhakta claims that Apple’s policies force employees to surrender their privacy rights, enabling the company to conduct “physical, video, and electronic surveillance” of workers not just during their working hours, but also when they are off-duty and even after they leave the company. The suit alleges that these practices violate California's strict privacy laws.  Bhakta's legal action points to a broader issue regarding Apple’s employment practices, accusing the company of creating policies that infringe on the personal privacy of its employees. The suit outlines a range of policies that allegedly place Apple employees under constant scrutiny, both on and off the job.  The Apple Lawsuit: Invasive Surveillance Tactics  According to the Apple lawsuit, the tech giant has established policies that force employees to integrate their work and personal lives digitally in ways that allow the company to monitor their actions beyond the workplace. One of the central issues raised in the lawsuit is Apple’s requirement that employees use Apple-made devices for work purposes. This stipulation, the suit argues, often results in workers using their personal Apple devices, which are connected to their personal iCloud accounts.  According to Semafor, the lawsuit further claims that by using their own devices for work, employees unknowingly grant Apple the ability to access virtually any data on those devices. This includes emails, photos, videos, and other personal information. Apple’s internal privacy policy allegedly states that if an employee uses their personal iCloud account on an Apple-managed device, the company can search and access any data stored on that device, including real-time location data.  This level of access has raised concerns among former Apple employees, who have previously complained about the company’s ability to monitor personal information.   Apple’s Response and Legal Representation  In response to the Apple lawsuit, the firm has strongly denied the allegations, insisting that the company upholds its employees' rights to privacy. Every employee has the right to discuss their wages, hours, and working conditions, and this is part of our business conduct policy, which all employees are trained on annually," the company said in a statement.  Bhakta is represented by Chris Baker of Baker Dolinko & Schwartz, alongside Jahan Sagafi from Outten & Golden. Both attorneys have experience in handling high-profile cases against large technology companies. Baker, in particular, has filed several lawsuits against tech giants concerning allegedly unlawful employment practices.  Impact on Employee Freedom and Privacy  The lawsuit against Apple also highlights the restrictive nature of the company's policies regarding digital privacy. The suit claims that Apple actively discourages employees from maintaining separate work and personal iCloud accounts. Instead, employees are encouraged to use a single iCloud account that merges their work and personal lives, thereby granting Apple more access to their private information.  This digital integration, according to the lawsuit, creates an environment in which Apple can monitor employees’ personal activities even when they are off the clock. Employees are said to have limited options to avoid this surveillance, with the only alternative being to use a work-owned device and a separate iCloud account exclusively for work purposes. However, the suit asserts that Apple discourages this practice.  Legal Action Under California’s Labor Laws  Bhakta’s lawsuit was filed under the California Private Attorneys General Act (PAGA), which permits employees to sue on behalf of the state for labor violations. If the court finds Apple guilty of violating state labor laws, the company could be subjected to penalties, which would be multiplied by the number of employees affected by the alleged surveillance.  This lawsuit against Apple highlights ongoing concerns over digital privacy in the workplace. As more employees find themselves bound by the company's restrictive policies, the case has the potential to set a precedent for how tech companies handle employee surveillance and personal privacy. With the backing of California state law, Bhakta’s legal team aims to hold Apple accountable for any violations, especially if the company's actions have impacted a large number of its employees. 

image for Undeclared functiona ...

 Business

Over the coming decades, security risks associated with AI systems will be a major focus of researchers efforts. One of the least explored risks today is the possibility of trojanizing an AI model. This involves embedding hidden functionality or intentional errors into a machine learning system that appears to be   show more ...

working correctly at first glance. There are various methods to create such a Trojan horse, differing in complexity and scope — and they must all be protected against. Malicious code in the model Certain ML model storage formats can contain executable code. For example, arbitrary code can be executed while loading a file in a pickle format, the standard Python format used for data serialization (converting data into a form that is convenient for storing and transferring). Particularly, this format is used in a deep learning library PyTorch. In another popular machine learning library, TensorFlow, models in the .keras and HDF5 formats support a lambda layer, which also executes arbitrary Python commands. This code can easily conceal malicious functionality. TensorFlows documentation includes a warning that a TensorFlow model can read and write files, send and receive network data, and even launch child processes. In other words, its essentially a full-fledged program. Malicious code can activate as soon as an ML model is loaded. In February 2024, approximately 100 models with malicious functionality were discovered in the popular repository of public models, Hugging Face. Of these, 20% created a reverse shell on the infected device, and 10% launched additional software. Training dataset poisoning Models can be trojanized at the training stage by manipulating the initial datasets. This process, called data poisoning, can be either targeted or untargeted. Targeted poisoning trains a model to work incorrectly in specific cases (for example, always claiming that Yuri Gagarin was the first person on the Moon). Untargeted poisoning aims to degrade the models overall quality. Targeted attacks are difficult to detect in a trained model because they require very specific input data. But poisoning the input data for a large model is costly, as it requires altering a significant volume of data without being detected. In practice, there are known cases of manipulating models that continue to learn while in operation. The most striking example is the poisoning of Microsofts Tay chatbot, which was trained to express racist and extremist views in less than a day. A more practical example is the attempts to poison Gmails spam classifier. Here, attackers mark tens of thousands of spam emails as legitimate to allow more spam through to user inboxes. The same goal can be achieved by altering training labels in annotated datasets or by injecting poisoned data into the fine-tuning process of a pre-trained model. Shadow logic A new method of maliciously modifying AI systems is to introduce additional branches into the models computational graph. This attack does not involve executable code or tampering with the training process, yet the modified model can exhibit a desired behavior in response to specific pre-determined input data. The attack leverages the fact that machine learning models use a computational graph to structure the computations required for their training and execution. The graph describes the sequence in which neural network blocks are connected and defines their operational parameters. Computational graphs are designed for each model individually, although in some ML model architectures they are dynamic. Researchers have demonstrated that the computational graph of an already trained model can be modified by adding a branch at the initial stages of its operation that detects a special signal in the input data; upon detection, the model is directed to operate under a separately programmed logic. In an example from the study, the popular video object detection model YOLO was modified to ignore people in a frame if a cup was also present. The danger of this method lies in its applicability to any models, regardless of storage format, modality, or scope of application. A backdoor can be implemented for natural language processing, object detection, classification tasks, and multimodal language models. Moreover, such a modification can be preserved even if the model undergoes further training and fine-tuning. How to protect AI models from backdoors A key security measure is the thorough control of the supply chain. This means ensuring that the origin of every component in the AI system is known and free of malicious modifications, including: The code running the AI model The computing environment in which the model operates (usually cloud hosting) The files of the model The data used for training The data used for fine-tuning Major ML repositories are gradually implementing digital signatures to verify models origins and code. In cases where strict control over the origins of data and code is not feasible, models from questionable sources should be avoided in favor of reputable providers offerings. Its also crucial to use secure formats for storing ML models. In the Hugging Face repository, warnings are displayed when loading models capable of executing code; also, the primary model storage format is Safetensor, which blocks code execution.

image for Why Phishers Love Ne ...

 A Little Sunshine

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research   show more ...

finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs. Image: Shutterstock. A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). The study finds that while .com and .net domains made up approximately half of all domains registered in the past year (more than all of the other TLDs combined) they accounted for just over 40 percent of all cybercrime domains. Interisle says an almost equal share — 37 percent — of cybercrime domains were registered through new gTLDs. Spammers and scammers gravitate toward domains in the new gTLDs because these registrars tend to offer cheap or free registration with little to no account or identity verification requirements. For example, among the gTLDs with the highest cybercrime domain scores in this year’s study, nine offered registration fees for less than $1, and nearly two dozen offered fees of less than $2.00. By comparison, the cheapest price identified for a .com domain was $5.91. Currently, there are around 2,500 registrars authorized to sell domains by the Internet Corporation for Assigned Names and Numbers (ICANN), the California nonprofit that oversees the domain industry. The top 5 new gTLDs, ranked by cybercrime domains reported. Image: Interisle Cybercrime Supply Chain 2014. Incredibly, despite years of these reports showing phishers heavily abusing new gTLDs, ICANN is shuffling forward on a plan to introduce even more of them. ICANN’s proposed next round envisions accepting applications for new gTLDs in 2026. John Levine is author of the book “The Internet for Dummies” and president of CAUCE. Levine said adding more TLDs without a much stricter registration policy will likely further expand an already plentiful greenfield for cybercriminals. “The problem is that ICANN can’t make up their mind whether they are the neutral nonprofit regulator or just the domain speculator trade association,” Levine told KrebsOnSecurity. “But they act a lot more like the latter.” Levine said the vast majority of new gTLDs have a few thousand domains — a far cry from the number of registrations they would need just to cover the up-front costs of operating a new gTLD (~$180,000-$300,000). New gTLD registrars can quickly attract customers by selling domains cheaply to customers who buy domains in bulk, but that tends to be a losing strategy. “Selling to criminals and spammers turns out to be lousy business,” Levine said. “You can charge whatever you want on the first year, but you have to charge list price on domain renewals. And criminals and spammers never renew. So if it sounds like the economics makes no sense it’s because the economics makes no sense.” In virtually all previous spam reports, Interisle found the top brands referenced in phishing attacks were the largest technology companies, including Apple, Facebook, Google and PayPal. But this past year, Interisle found the U.S. Postal Service was by far the most-phished entity, with more than four times the number of phishing domains as the second most-frequent target (Apple). At least some of that increase is likely from a prolific cybercriminal using the nickname Chenlun, who has been selling phishing kits targeting domestic postal services in the United States and at least a dozen other countries. Interisle says an increasing number of phishers are eschewing domain registrations altogether, and instead taking advantage of subdomain providers like blogspot.com, pages.dev, and weebly.com. The report notes that cyberattacks hosted at subdomain provider services can be tough to mitigate, because only the subdomain provider can disable malicious accounts or take down malicious web pages. “Any action upstream, such as blocking the second-level domain, would have an impact across the provider’s whole customer base,” the report observes. Interisle tracked more than 1.18 million instances of subdomains used for phishing in the past year (a 114 percent increase), and found more than half of those were subdomains at blogspot.com and other services operated by Google. “Many of these services allow the creation of large numbers of accounts at one time, which is highly exploited by criminals,” the report concludes. “Subdomain providers should limit the number of subdomains (user accounts) a customer can create at one time and suspend automated, high-volume automated account sign-ups – especially using free services.”

image for Ransomware

 Feed

Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.

 Privacy

The Consumer Financial Protection Bureau wants to limit the sale of consumers’ Social Security and phone numbers, while ensuring that financial data, including income, is only shared for essential reasons.

 Cybercrime

In a call with reporters, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said the agencies have been investigating the incident since late spring, and have uncovered an expansive campaign that some lawmakers are calling the worst telecom hack in the nation’s history.

 Feed

The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running on the same port as the   show more ...

API for the agents, this bearer token is also valid for any actions on the web console. This allows an attacker with network access to the appliance to start the registration of a new agent, retrieve a bearer token that provides admin access to the available functions in the web console. The web console contains multiple possibilities to execute arbitrary commands on both the agents (e.g., via PreCommands for a backup) and also the appliance (e.g., via a Validation job on the agent of the appliance). These options can easily be set with the provided bearer token, which leads to a complete compromise of all agents and the appliance itself.

 Feed

This Metasploit module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.   show more ...

0 through 6.2.12. The vulnerable FortiManager Cloud versions are 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, 7.0.1 through 7.0.12, and 6.4 (all versions).

 Feed

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to achieve RCE as the   show more ...

asterisk service user (typically asterisk). Default parking lot in FreePBX is called "Default lot" on the website interface, however its actually parkedcalls. Tested against Asterisk 19.8.0 and 18.16.0 on Freepbx SNG7-PBX16-64bit-2302-1.

 Feed

Debian Linux Security Advisory 5823-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively   show more ...

exploited on Intel-based Mac systems. Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

 Feed

Debian Linux Security Advisory 5815-2 - The update for needrestart announced as DSA 5815-1 introduced a regression reporting false positives for processes running in chroot or mountns. Updated packages are now available to correct this issue.

 Feed

This paper provides an in-depth technical explanation, illustration, and verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64 that pertain to Warbird deficiencies, content key sniffer operation, magic XOR keys discovery, white-box crypto attack, and complete client identity compromise attacks.

 Feed

Ubuntu Security Notice 7135-1 - Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions.

 Feed

Ubuntu Security Notice 7134-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

 Feed

Ubuntu Security Notice 7133-1 - Yuki Mogi discovered that HAProxy incorrectly handled the interpretation of certain HTTP requests. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information.

 Feed

Red Hat Security Advisory 2024-10750-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-10748-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10745-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10743-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10742-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10739-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-10736-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-10734-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10733-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10710-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10705-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-10703-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2024-10700-03 - Red Hat build of Apache Camel 4.8 for Spring Boot release and security update is now available. Issues addressed include privilege escalation and traversal vulnerabilities.

 Feed

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer

 Feed

Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access

 Feed

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,

 Feed

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack

 AI

In episode 27 of The AI Fix, robots catch a ball, lead a revolt, and enjoy a juicy steak. Or do they? Graham struggles with a Micro USB cable, a student struggles with a school’s anti-AI rules, and OpenAI’s Sora video generation AI is leaked by hacktivists. Graham circles back into an outside-the-box deep-dive   show more ...

where he synergises the low-hanging paradigm shift on a Zoom call with himself, and Mark wonders why we’re suddenly awash with real-life Bond villains. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. It’s been a big year for big data breaches. Billions of records on millions of people have been exposed at an estimated cost of nearly $10 trillion dollars to people and businesses alike worldwide.[i] While we still have a few weeks in the year left to go,   show more ...

here’s a […] La entrada 2024 Data Breaches Wrapped – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability Medium CVE-2014-2120 CWE-79 Download CSAF Email Summary A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated,   show more ...

remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on […] La entrada Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. All day long, it’s almost always within arm’s reach. Your smartphone. And we rely on it plenty. That makes securing your phone so important. Good thing that some of the best tips for making your phone safer are also some of the easiest. Here’s a quick   show more ...

rundown: Ten quick […] La entrada 10 Quick Tips for Mobile Security – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. With less than 60 days left until Election Day, the digital landscape has become a battleground not just for votes but for your personal security. With political ads, fake voter registration sites, and disinformation campaigns cropping up everywhere, it’s   show more ...

essential to stay vigilant against common election scams and election […] La entrada How to Avoid Common Election Scams – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. You didn’t get the job. Worse yet, you got scammed. Because the opening was never real in the first place. It was a job scam, through and through. We’ve covered job scams for some time here in our blogs. And as it is with many other sorts of scams, […]   show more ...

La entrada Protected: AI Enters the Mix as Online Job Scams Continue to Rise – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Alex Merton-McCann. There used to be a saying that ‘nothing is certain except death and taxes’. Well, I now think it needs to be amended – and ‘data breaches’ needs to be added on the end! Regardless of where you live, not a month goes by without details of yet another   show more ...

[…] La entrada How To Minimise the Fallout From a Data Breach – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities Medium CVE-2024-20471 CVE-2024-20472 CVE-2024-20473 CWE-89 Download CSAF Email Summary Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management   show more ...

Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to conduct SQL injection attacks on […] La entrada Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. As technology rapidly advances, the boundaries of what’s possible in personal computing are continuously expanding. One of the most exciting innovations on the horizon is the concept of the AI PC, which stands for Artificial Intelligence Personal Computer. AI   show more ...

PCs accounted for 14% of all personal computers shipped in […] La entrada What is an AI PC? – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. Tom Hanks, one of the most recognizable faces in the world, warns that scammers have swiped his likeness in malicious AI deepfakes. As reported by NBC News, Actor Tom Hanks issued an announcement to his followers saying his name, likeness, and voice have shown   show more ...

up in deepfaked ads that […] La entrada Tom Hanks Warns Fans: The Dark Side of AI Scams  – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.mcafee.com – Author: Alex Merton-McCann. Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their   show more ...

personal information to […] La entrada How to Talk To Your Kids About Identity Theft – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 bitwarden password manager

Source: www.techrepublic.com – Author: Luis Millares Bitwarden fast facts Our rating: 4.6 stars out of 5 Pricing: Starts at $0.83 per month Key features Free version with unlimited password storage. Affordable subscription plans. Encrypted file-sharing system. Bitwarden is an open source password manager that   show more ...

offers a generous free version, an impressive privacy and security architecture, […] La entrada Bitwarden Review (2024): Is It a Secure Password Manager? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.techrepublic.com – Author: Fiona Jackson The cyber landscape is more turbulent than ever. Microsoft recently reported a 2.75-fold increase in ransomware attempts this year, while research predicts that global cyber attacks in 2024 will surge 105% compared to 2020. There is a dire need for more   show more ...

qualified cyber professionals as generative AI is lowering […] La entrada Top 5 Cyber Security Trends for 2025 – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year’s attacks on file transfer tool MOVEit. On   show more ...

Monday morning, an entity that uses the handle […] La entrada Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Re:Invent Amazon Web Services has a new incident response service that combines automation and people to protect customers’ AWS accounts – at a hefty price. The minimum monthly cost starts at $7,000 and the pricing tiers increase from there, based   show more ...

on customers’ AWS spending across all enrolled accounts.  Here’s […] La entrada AWS unveils cloud security IR service for a mere $7K a month – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Annaliese Ingrams Webinar Linux security is a component that sits at the heart of today’s IT landscape. On December 10th at 10am PT/1pm ET, Red Hat invites IT professionals to State of Linux Security Symposium 2024 – an event that offers practical strategies for   show more ...

securing Linux environments. The symposium covers: – […] La entrada Discover the future of Linux security – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones An alleged former affiliate of the LockBit and Babuk ransomware operations, who also just happens to be one of the most wanted cybercriminals in the US, is now reportedly in handcuffs. The US indicted Mikhail Pavlovich Matveev back in 2023, offering a $10   show more ...

million reward for information that could […] La entrada Russia arrests one of its own – a cybercrime suspect on FBI’s most wanted list – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Rupert Goodwins Opinion Here’s a front-page headline you won’t see these days: CHINA’S SPIES ARE TAPPING OUR PHONES. Not that they’re not – they are – but, like the environment, there’s so much cybersecurity horror in the media that, yes, of   show more ...

course they are. And? The story deserves screaming headlines everywhere, […] La entrada Telco security is a dumpster fire and everyone’s getting burned – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 aws

Source: www.securityweek.com – Author: Ionut Arghire AWS on Sunday announced a new service that provides organizations with quick and effective security incident management capabilities. The new Security Incident Response, AWS says, relies on automation to triage and analyze security signals from Amazon   show more ...

GuardDuty and integrated third-party detection solutions through the AWS Security Hub cloud security […] La entrada AWS Launches Incident Response Service – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Binarly

Source: www.securityweek.com – Author: Ryan Naraine The discovery of a prototype UEFI bootkit targeting specific Ubuntu Linux setups has deepened with revelations linking its creation to a South Korean university project and the integration of a LogoFAIL exploit to bypass Secure Boot verifications. According to   show more ...

SecurityWeek sources, Bootkitty is a research project from South Korea’s […] La entrada Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 acquisitions

Source: www.securityweek.com – Author: Eduard Kovacs Forty-nine cybersecurity-related merger and acquisition (M&A) deals were announced in November 2024. This was a record month for 2024 in terms of M&A deals.  An analysis conducted by SecurityWeek shows that 178 cybersecurity M&A deals were   show more ...

announced in the first half of 2024, representing the least busy half year […] La entrada Cybersecurity M&A Roundup: 49 Deals Announced in November 2024 – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. Every activity you perform online, whether it is commenting on a news article, sharing something on social media or your shopping preferences leaves a digital footprint. This digital trail helps organizations find more about you. And while it does offer a   show more ...

certain degree of convenience, it can be a real […] La entrada Best Ways to Reduce Your Digital Footprint Now – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. In today’s interconnected digital world, businesses are constantly under threat from cybercriminals seeking to exploit vulnerabilities in systems, networks, and devices. One of the most persistent and silent threats that organizations face is computer   show more ...

worms. These malicious programs can spread across networks, infecting systems autonomously and wreaking havoc before a […] La entrada What Are Computer Worms? – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Michiel Prins. Generative Artificial Intelligence (GAI) is popping up in all manner of software every day. It’s a trend we’re seeing unfold right now, characterized by a firehose of daily announcements of new AI-powered products and capabilities. Many businesses,   show more ...

including HackerOne customers like Snapchat, Instacart, CrowdStrike, Salesforce, and many others, have […] La entrada Generative AI and Security: HackerOne’s Predictions – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: ktansley@hackerone.com. In recent years, HackerOne has brought hackers and customers together more frequently. Bug bounty and pentests are where these two parts of the HackerOne community have historically met, but fostering open conversations outside of paid engagements has   show more ...

further reinforced the sense of community and collaboration that HackerOne embodies. In our […] La entrada Takeaways from a Conversation Between Hackers and Program Managers – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: ktansley@hackerone.com. Suha Can, the CISO of Grammarly, recently joined HackerOne’s CTO & Co-founder, Alex Rice, for a discussion on user trust, the benefits of Grammarly’s bug bounty program, and the advantages of preemptive security measures. You can view the full   show more ...

webinar here, or read the highlights from their conversation here: The […] La entrada Grammarly CISO Suha Can Discusses the Impact of Preemptive Security with HackerOne – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Naz Bozdemir. The critical first step for any organization striving to implement preemptive risk management involves identifying all brand-related and third-party assets within their digital environment. The real challenge lies in incorporating these uncovered elements of   show more ...

your attack surface into offensive testing programs since they often exist in isolation and are […] La entrada Seven Essential Components Of A Top-Tier Attack Surface Management Program – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Sean Ryan. DevOps teams may care about security, but it is not their area of expertise and it is not a priority for their pipeline goals. Adding security into the DevOps process adds friction and is difficult to get right, often taking years of trial and error for the early   show more ...

movers. […] La entrada Audit the Security Posture of DevOps with HackerOne Code Security Audit – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Rafael de Carvalho. By Rafael de Carvalho, Ben Willis, and Martzen Haagsma At HackerOne, we practice what we preach, running our own bug bounty program and publicly disclosing the vulnerabilities surfaced by hackers. And hackers really love to poke holes in the bug bounty   show more ...

experts! We use our own program to […] La entrada A Year In HackerOne’s Bug Bounty Program – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: Cybercrime , Fraud Management & Cybercrime Firm Allegedly Embedded DDoS at the Request of a Foreign Client Anviksha More (AnvikshaMore) • December 3, 2024     Image: Shutterstock A South Korean company exported 240,000 satellite receivers with distributed   show more ...

denial-of-service attack capabilities, leading to the arrest of its CEO by the Korean […] La entrada Korean Firm Sold Satellite Receivers With DDoS Feature – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development CEO Matt Garman Envisions New Era of Compute, Storage and Generative AI innovation Rahul Neel Mani (@rneelmani) • December 3, 2024     AWS CEO Matt Garman during   show more ...

his keynote speech at reInvent (Image: AWS) Amazon Web Services hopes to […] La entrada AWS Unveils Future of Enterprise AI and Cloud at re:Invent – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: Cloud Security , Governance & Risk Management , Security Operations Unleash the power of AI. Not the risks. December 3, 2024     Your users want to use AI. You need to protect your sensitive data. Netskope has you covered. Watch “The Duality of AI: Enhancing   show more ...

and Securing Gen AI Models” […] La entrada The Duality of AI: Enhancing and Securing Gen AI Models – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: Critical Infrastructure Security , Network Firewalls, Network Access Control , Security Operations Beijing Threat Actor Shifts Tactics in Response to Public Disclosure David Perera (@daveperera) • December 3, 2024     Image: Shutterstock Chinese cyberespionage   show more ...

hackers who penetrated U.S. telecoms likely haven’t been fully evicted partially due to shifting tactics made […] La entrada No Timeline for Evicting Chinese Hackers from US Networks – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-12
Aggregator history
Tuesday, December 03
SUN
MON
TUE
WED
THU
FRI
SAT
DecemberJanuaryFebruary