Security Leftovers
-
Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene | ZDNet
A new botnet is targeting routers, Internet of Things (IoT) devices, and an array of server architectures.
-
SPRING4SHELL: THE NEW ADDITION TO THE TRENDING ZERO-DAY EXPLOITS - Kratikal Blogs
-
Spring4Shell under active exploit by Mirai botnet herders • The Register
There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to run the Mirai botnet.
Mirai is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things (IoT) devices, such as IP cameras and routers, into a botnet that can then be used in such campaigns as distributed denial-of-service (DDoS) and phishing attacks.
The Trend Micro researchers wrote in a post that they observed the bad actors weaponizing and run Mirai malware on vulnerable servers in the Singapore region via the Spring4Shell vulnerability, tracked as CVE-2022-22965.
-
Best Ethical Hacking Tools & Software 2022 | IT Business Edge
Hacking is the use of any tools or technology to obtain unauthorized access to or circumvent security measures of a computer system or network.
An ethical hacker is an independent security tester who checks computer systems, networks, and programs, looking for potential vulnerabilities that an attacker could exploit. Ethical hackers use the same tools and techniques as malicious hackers; however, they do it to improve system security and uphold privacy policies and standards instead of causing damage or stealing information. Examples include penetration testing and vulnerability scanning.
-
Career progression often lies ‘beyond your comfort zone’
Throughout this week, we’ve heard from a variety of infosec professionals about what first drew them to security, from PwC’s Katherine Cancelado starting to learn RedHat and Debian Linux at age 12 to Nitro’s David Lenoe getting to grips with new tech during a third-party security review.
Elly Stritch studied business information systems at University College Cork and it was here that her interest in cybersecurity began.
-
‘Not everything in cybersecurity is hacking’
Katherine Cancelado’s interest in cybersecurity was sparked when she was about 12 years old and she started learning RedHat and Debian Linux. This led her to a variety of tech communities where she learned more and shared her knowledge, and started engaging with cybersecurity without even realising it.
“I learned so much about how to create secure and optimal configurations for different systems and applications, and this was what caused me to move towards cybersecurity as a way to make things better and not to simply make things work,” she told SiliconRepublic.com.
-
Ukraine Thwarts Cyberattack on Electric Grid, Officials Say
Customized malware targeted not only Microsoft Corp. Windows-based systems, but also those running on common Unix platforms Linux or Solaris, Mr. Boutin said.
-
PS5 Firmware 5.02 & PS4 Firmware 9.51 released, in context of FreeBSD heap buffer overflow vulnerability. Do not update - Wololo.net
PlayStation pushed PS5 Firmware 22.01-05.02.00 (PS5 5.02) and PS4 Firmware 9.51 yesterday. Those are your typical “improves system performance” updates, but as always, we (and several prominent members of the hacking scene) recommend you do not update your console, if you can, and if you’re expecting to Jailbreak it eventually.
-
Experts warn of concerns around Microsoft RPC bug
Cybersecurity experts and researchers have raised alarms around a vulnerability disclosed by Microsoft Tuesday concerning Windows hosts running the Remote Procedure Call Runtime (RPC).
-
Critical Infrastructure, ICS/SCADA Systems Under Attack by Advanced Threat Groups
Such lateral movements are often used to escalate privileges, for example, in Active Directory.
-
Is API Security on Your Radar?
Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to API security to combat this new aggression.
-
6 Browser Extensions to Protect You From Cyberattacks - CNET
The first three browser extensions in this list -- HTTPS Everywhere, Privacy Badger and uBlock Origin -- have enjoyed some long-standing recommendations from CNET reviewers.
The HTTPS Everywhere extension is available through a partnership between the Electronic Frontier Foundation and the TOR Project. Many websites use secure connections already, but some don't, leaving their visitors vulnerable to threats, like having malware delivered to their device. If you're visiting an unprotected website, HTTPS Everywhere checks to see if it offers a secure connection. If one is available, the add-on forces the site to use that connection.
-
Backup frustration brought this CTO to forefront of ransomware protection [Ed: Ransomware is primarily a Microsoft Windows problem]
INTERVIEW As CTO of The New York Times two decades ago, Andres Rodriguez became frustrated with the time-consuming and unreliable process of backing up massive amounts of data that was only tested when it failed.
-
Arcserve enhances key ransomware defence solution
-
Pentera Labs finds new vulnerability in vCenter VMWare impacting over 500K appliances [Ed: While VMWare run viciously anti-Linux PR campaigns its own proprietary software was being breached without patches available]
New patch issued by VMware for Information Disclosure vulnerability CVE-2022-22948 discovered by Pentera Labs’ Yuval Lazar, Senior Security Researcher.
-
Microsoft's huge Patch Tuesday includes fix for bug under attack [Ed: Not just by NSA anymore?]
Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed.
In total, the Redmond giant patched over 100 bugs today, including 10 critical remote code execution (RCE) vulnerabilities.
-
- Login or register to post comments
- Printer-friendly version
- 488 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Kernel: HarmonyOS 3.0, OnePlus, and Brendan Gregg Quits Netflix
Games: Steam and More Proprietary Stuff
Openwashing and Free Software
Security Leftovers
Recent comments
2 hours 28 min ago
3 hours 16 min ago
5 hours 27 min ago
6 hours 3 min ago
6 hours 7 min ago
13 hours 32 min ago
14 hours 7 min ago
22 hours 52 min ago
22 hours 55 min ago
1 day 1 hour ago