logo
Dates

Sites

Sort by:  

Security, Cloud & the SBC

Dark Reading - 1

Categories:  security

2027-03-26  

tldr - powered by Generative AI

Cloud and security technologies are driving business growth opportunities for communications service providers (CSPs) and the session border controller (SBC) plays a key role in securing the cloud.
  • Cloud and security technologies are maturing and driving business growth opportunities for CSPs
  • The session border controller (SBC) is retaining and gaining relevancy in the cloud domain
  • SBCs are moving towards virtualization configurations and optimized performances to enable large-scale access and peering services rollout
  • SBCs are being asked to manage a greater number of more complex services in a distributed cloud edge model
  • The latest generation of virtual SBCs (vSBCs) are well positioned to play a stronger role in securing the cloud
  • vSBCs can support hosted security as a service (SECaaS) add-ons and mitigate the threat of DDoS attacks
  • vSBCs will further enhance their role in executing services and securing the cloud with the push to support 5G and artificial intelligence (AI)
Tags:  
Cloud
communications service providers
session border controller
virtualization
cloud-native services
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

The Hacker News - 1

Categories:  security

2023-11-29  

tldr - powered by Generative AI

DJVU ransomware variant 'Xaro' is disguised as cracked software and distributed through dubious sources, posing a significant threat to cybersecurity.
  • DJVU ransomware variant 'Xaro' is distributed as cracked software
  • Xaro is propagated as an archive file from a dubious source masquerading as a legitimate freeware site
  • Xaro deploys additional malware such as information stealers (RedLine Stealer and Vidar)
  • Xaro encrypts files and demands ransom for a decryptor
  • Downloading freeware from untrusted sources poses risks of malware infection
Tags:  
DJVU ransomware
Xaro variant
cracked software
malware
information stealers
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The Hacker News - 1

Categories:  security

2023-11-29  

tldr - powered by Generative AI

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts.
  • Threat actors are exploiting a critical security flaw in Apache ActiveMQ to distribute the GoTitan botnet and PrCtrl Rat malware.
  • The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604) that has been weaponized by various hacking groups.
  • GoTitan is a botnet designed for orchestrating DDoS attacks via protocols such as HTTP, UDP, TCP, and TLS.
  • PrCtrl Rat is a remote access trojan that establishes contact with a command-and-control server to receive additional commands for execution on the infected system.
  • The motive behind disseminating PrCtrl Rat remains unclear, but once it infiltrates a user's environment, the remote server gains control over the system.
Tags:  
Apache ActiveMQ
GoTitan
PrCtrl Rat
BotNet
DDOS attacks
Okta Discloses Broader Impact Linked to October 2023 Support System Breach

The Hacker News - 1

Categories:  security

2023-11-29  

tldr - powered by Generative AI

The main thesis/theme of the text is the recent breach of Okta's systems by a highly skilled threat actor or group.
  • Okta, an identity and authentication management provider, experienced a breach between September 28 to October 17, 2023.
  • The breach affected 1% of Okta's customers, totaling 134 out of 18,400.
  • The threat actors behind the attack are currently unknown, but a cybercrime group called Scattered Spider has targeted Okta in the past.
  • Scattered Spider infiltrated an unnamed company by gaining access to an IT administrator's account via Okta single sign-on.
  • The group has an intricate understanding of cloud and on-premises environments, allowing them to navigate with sophistication.
  • Okta has taken steps to notify customers of potential phishing and social engineering risks and has implemented new security features.
  • The breach highlights the ongoing threat of highly skilled threat actors and the importance of robust cybersecurity measures.
Tags:  
Okta
breach
threat actors
Scattered Spider
identity and authentication management
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

The Hacker News - 1

Categories:  security

2023-11-29  

tldr - powered by Generative AI

Google has released security updates for its Chrome browser to fix multiple vulnerabilities, including a zero-day exploit that is actively being used in attacks. The zero-day vulnerability, known as CVE-2023-6345, is an integer overflow bug in the Skia graphics library. This vulnerability was discovered and reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group. The exploit for CVE-2023-6345 is already being used in the wild, although specific details about the attacks and threat actors are not disclosed. It is worth noting that Google had previously patched a similar integer overflow flaw (CVE-2023-2136) in the same component in April 2023, which was also actively exploited as a zero-day. This raises the possibility that CVE-2023-6345 could be a patch bypass for CVE-2023-2136. With this latest update, Google has addressed a total of six zero-day vulnerabilities in Chrome this year.
  • Google has released security updates for Chrome to fix multiple vulnerabilities, including a zero-day exploit (CVE-2023-6345) in the Skia graphics library.
  • The zero-day exploit is actively being used in attacks.
  • The exploit for CVE-2023-6345 exists in the wild, but specific details about the attacks and threat actors are not disclosed.
  • Google had previously patched a similar vulnerability (CVE-2023-2136) in April 2023, which was also actively exploited as a zero-day.
  • The latest update addresses a total of six zero-day vulnerabilities in Chrome this year.
Tags:  
Google
Chrome
security updates
zero-day exploit
CVE-2023-6345
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks

Dark Reading - 1

Categories:  security

2023-11-28  

tldr - powered by Generative AI

North Korean APTs are using a mix-and-match approach to their malware campaigns, reusing shared infrastructure and deploying new variants of payloads to confuse their targets and researchers.
  • North Korean APTs have demonstrated an organization and alignment of resources and tactics to achieve common goals.
  • The details of their new activity involve a mix of stagers, loaders, and payloads, some of which are part of entirely new campaigns.
  • The ultimate payloads being used are ones recently uncovered, sometimes in new variant form.
  • The attack setups and related components vary, revealing the North Korean threat actors' aim to confuse both organizations under attack and those tracking the groups.
  • The reuse of shared infrastructure by North Korean threat actors allows researchers to widen their understanding of their activity and discover fresh indicators of compromise.
  • Recent campaigns by North Korean APTs have featured two new types of malware: KandyKorn RAT and RustBucket.
  • The latest campaigns show a mix-and-match approach to the previous attack flow, with attackers using different first-stage applets and application bundles to deploy the malware.
  • Various RustBucket variants and new variations of SwiftLoader have been observed, including a variant called SecurePDF Viewer.
  • The SwiftLoader SecurePDF Viewer.app may now be used as a later stage to deploy KandyKorn.
  • Other versions of SwiftLoader, distributed in a lure called 'Crypto-assets and their risks for financial stability[.]app[.]zip,' have overlaps with the KandyKorn operation.
Tags:  
North Korean APTs
malware campaigns
mix-and-match approach
shared infrastructure
new variants

tldr - powered by Generative AI

Amazon Web Services (AWS) announced Amazon One Enterprise, a new palm-based identity service that enables users to securely access both physical locations and digital assets.
  • Amazon One Enterprise is a palm-based identity service that allows secure access to physical locations and digital assets.
  • The service can be used for entry into various locations such as offices, data centers, airports, and for accessing digital resources like HR records and financial data.
  • The palm-recognition technology used by Amazon One Enterprise combines palm and vein imagery for biometric matching, delivering a high accuracy rate of 99.9999%.
  • The palm signature created from the user's palm image is a unique numerical vector that cannot be replicated or used for impersonation.
  • Amazon One Enterprise is currently available in preview in the United States and is already being used by major organizations.
Tags:  
AWS
Amazon One Enterprise
palm-based identity service
biometric matching
access control
The Hundred-Year Battle for India’s Radio Airwaves

Wired (Security) - 1

Categories:  security

2023-11-28  

tldr - powered by Generative AI

The main thesis of the text is the concern over government control of radio in India and its impact on free speech and democracy.
  • Government control over radio in India limits alternative perspectives and gives an advantage to the ruling party.
  • Private radio stations in India are restricted to limited content, such as music and entertainment.
  • The government's control over news and sports coverage on radio hampers competition and limits citizens' access to multiple perspectives.
  • The mainstream media in India is seen as favoring the ruling party, further exacerbating the lack of diverse voices.
  • Prime Minister Narendra Modi's radio show, 'Mann Ki Baat,' has been accused of pushing a political agenda and ignoring critical context.
Tags:  
government control
radio
free speech
democracy
India
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens

The Hacker News - 1

Categories:  security

2023-11-28  

tldr - powered by Generative AI

Forced authentication can be exploited to steal Windows NTLM tokens by tricking users into opening a specially crafted Microsoft Access file.
  • Forced authentication vulnerability discovered in Microsoft Access
  • Attackers can leak NTLM tokens by tricking victims into opening a malicious file
  • Exploits a legitimate feature in Access that allows linking to external data sources
  • Attack can be launched using various Office file types
  • NTLM authentication protocol has been found vulnerable to multiple attacks
Tags:  
forced authentication
Windows NTLM tokens
Microsoft Access
Vulnerability

tldr - powered by Generative AI

The main theme of the text is the increase in cybersecurity threats during the holiday shopping season.
  • Credit card skimming is expected to increase by 50% in 2023 during the holiday shopping season.
  • Scammers use fake promotions and fake gift card offers to entice victims.
  • E-commerce web apps have various security vulnerabilities, including missing web application firewalls and cryptographic vulnerabilities.
  • Holiday spending attracts threat actors who exploit consumer behaviors and engage in credential harvesting, phishing, and malware attacks.
  • Companies face risks from credential harvesting, phishing, bots, and malware during the holiday season.
Tags:  
holiday shopping
credit card skimming
scammers
fake promotions
fake gift card offers