🛡 Cybersecurity & Privacy 🛡 - News

APT41 Spies Broke Into 6 US State Networks via a Livestock App

The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.

312 views22:22

🕴 FBI Alert: Ransomware Attacks Hit Critical Infrastructure Organizations 🕴

Bureau releases indicators of compromise for the RagnarLocker ransomware that has hit 10 different critical infrastructure sectors.

📖 Read

via "Dark Reading".

Cyberattacks & Data Breaches recent news | Dark Reading

Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading

344 views22:22

‼ CVE-2022-24741 ‼

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.

📖 Read

via "National Vulnerability Database".

367 views23:12

‼ CVE-2022-24734 ‼

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.

📖 Read

via "National Vulnerability Database".

512 views23:12

‼ CVE-2022-0890 ‼

NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.

📖 Read

via "National Vulnerability Database".

490 views06:12

‼ CVE-2021-38296 ‼

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later

📖 Read

via "National Vulnerability Database".

473 views11:12

The Daily Swig | Cybersecurity news and views

🗓️ Middleboxes now being used for DDoS attacks in the wild, Akamai finds 🗓️

Malicious actors are starting to add TCP middlebox reflection to their arsenal

📖 Read

via "The Daily Swig".

Middleboxes now being used for DDoS attacks in the wild, Akamai finds

Malicious actors are starting to add TCP middlebox reflection to their arsenal

396 views12:37

❌ Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads ❌

The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.

📖 Read

via "Threat Post".

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.

337 views13:09

‼ CVE-2022-0895 ‼

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

📖 Read

via "National Vulnerability Database".

312 views13:12

🕴 What Security Controls Do I Need for My Kubernetes Cluster? 🕴

This Tech Tip offers some security controls to embed in your organization's CI/CD pipeline to protect Kubernetes clusters and corporate networks.

📖 Read

via "Dark Reading".

DR Technology

335 views13:23

❌ Multi-Ransomwared Victims Have It Coming–Podcast ❌

Let's blame the victim. IT decision makers' confidence about security doesn't jibe with their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.

📖 Read

via "Threat Post".

338 views14:08

RagnarLocker Ransomware Connected to Hacks at 52 Organizations

🔏 RagnarLocker Ransomware Connected to Hacks at 52 Organizations 🔏

New guidance from the FBI contains IOCs and technical details on how the ransomware spreads.

📖 Read

via "".

Digital Guardian

New guidance from the FBI contains IOCs and technical details on how the ransomware spreads.

312 views14:27

❌ Russia May Use Ransomware Payouts to Avoid Sanctions ❌

FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine.

📖 Read

via "Threat Post".

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be ware of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

316 views14:38

🕴 Log4j and Livestock Apps: APT41 Wages Persistent Cyberattack Campaign on US Government 🕴

The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.

📖 Read

via "Dark Reading".

Log4j and Livestock Apps: APT41 Wages Persistent Cyberattack Campaign on US Government

The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.

318 views14:53

The Daily Swig | Cybersecurity news and views

🗓️ 1Password increases bug bounty reward to $1 million 🗓️

Researchers offered record incentive for vulnerabilities found on Bugcrowd programs

📖 Read

via "The Daily Swig".

1Password increases bug bounty reward to $1 million

Researchers offered record incentive for vulnerabilities found on Bugcrowd programs

316 views15:07

🕴 Why You Should Be Using CISA's Catalog of Exploited Vulns 🕴

It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.

📖 Read

via "Dark Reading".

Why You Should Be Using CISA's Catalog of Exploited Vulns

It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.

313 views15:23

❌ Most Orgs Would Take Security Bugs Over Ethical Hacking Help ❌

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old "security by obscurity" ways.

📖 Read

via "Threat Post".

Most Orgs Would Take Security Bugs Over Ethical Hacking Help

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old "security by obscurity" ways.

324 views15:38

The Daily Swig | Cybersecurity news and views

🗓️ RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI 🗓️

Agency issues mitigation advice to help organizations tighten network defenses

📖 Read

via "The Daily Swig".

RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI

Agency issues mitigation advice to help organizations tighten network defenses

👍1

313 views16:07

S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]

⚠ S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast] ⚠

Latest episode - listen now!

📖 Read

via "Naked Security".

Naked Security

Latest episode – listen now!

293 views16:55

‼ CVE-2022-0905 ‼

Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

📖 Read

via "National Vulnerability Database".

275 views17:13