New Flaws Discovered in Cisco’s Network Operating System for Switches

New Flaws Discovered in Cisco’s Network Operating System for Switches

,

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems.
The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of

,

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems.
The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of

, ,
https://thehackernews.com/2022/02/new-flaws-discovered-in-ciscos-network.html

TrickBot Gang Likely Shifting Operations to Switch to New Malware

TrickBot Gang Likely Shifting Operations to Switch to New Malware,

TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that’s used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year.
The lull in the malware campaigns is « partially due to a big shift from Trickbot’s operators, including working with the operators

,

TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that’s used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year.
The lull in the malware campaigns is « partially due to a big shift from Trickbot’s operators, including working with the operators

, ,
https://thehackernews.com/2022/02/trickbot-gang-likely-shifting.html

From Pet Systems to Cattle Farm — What Happened to the Data Center?

From Pet Systems to Cattle Farm — What Happened to the Data Center?,

There’s something about craftsmanship. It’s personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings.
The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass

,

There’s something about craftsmanship. It’s personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings.
The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass

, ,
https://thehackernews.com/2022/02/from-pet-systems-to-cattle-farm-what.html

Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices

Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices,

ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances.
<!–adsense–>
In response to the infections, the company has released firmware updates (ADM 4.0.4.RQO2) to « fix related security issues. » The company is also urging users to take the following actions to keep data secure –

,

ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances.
<!–adsense–>
In response to the infections, the company has released firmware updates (ADM 4.0.4.RQO2) to « fix related security issues. » The company is also urging users to take the following actions to keep data secure –

, ,
https://thehackernews.com/2022/02/warning-deadbolt-ransomware-targeting.html

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog.
On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8,

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog.
On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8,

, ,
https://thehackernews.com/2022/02/cisa-alerts-on-actively-exploited-flaws.html

US, UK Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices

US, UK Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices,

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that’s been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019.
« Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO)

,

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that’s been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019.
« Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO)

, ,
https://thehackernews.com/2022/02/us-uk-agencies-warn-of-new-russian.html

Guerre en Ukraine : des malwares, probablement d’origine russe, sabotent des ordinateurs

Guerre en Ukraine : des malwares, probablement d’origine russe, sabotent des ordinateurs,

Des logiciels malveillants de type « wiper » ont infecté des centaines d’ordinateurs dans le pays. La Lettonie et la Lituanie seraient également visées.

,

Des logiciels malveillants de type « wiper » ont infecté des centaines d’ordinateurs dans le pays. La Lettonie et la Lituanie seraient également visées.

, ,
https://www.01net.com/actualites/guerre-en-ukraine-des-malwares-probablement-d-origine-russe-sabotent-des-ordinateurs-2055016.html

On peut espionner des conversations en observant… des objets réfléchissants

On peut espionner des conversations en observant… des objets réfléchissants,

Nos paroles font légèrement vibrer les objets autour de nous. Et s’ils sont réfléchissants, des espions peuvent capter d’infimes variations de luminosité et en déduire le son d’origine.

,

Nos paroles font légèrement vibrer les objets autour de nous. Et s’ils sont réfléchissants, des espions peuvent capter d’infimes variations de luminosité et en déduire le son d’origine.

, ,
https://www.01net.com/actualites/on-peut-espionner-des-conversations-en-observant-des-objets-reflechissants-2054991.html

New Wiper Malware Targeting Ukraine Amid Russia’s Military Operation

New Wiper Malware Targeting Ukraine Amid Russia’s Military Operation

,

Cybersecurity firms ESET and Broadcom’s Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country.
The Slovak company dubbed the wiper « HermeticWiper » (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that

,

Cybersecurity firms ESET and Broadcom’s Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country.
The Slovak company dubbed the wiper « HermeticWiper » (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that

, ,
https://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html

Samsung : des failles cryptographiques découvertes dans plus de 100 millions de smartphones

Samsung : des failles cryptographiques découvertes dans plus de 100 millions de smartphones,

Une mauvaise implémentation de l’espace sécurisé TrustZone permettait à un pirate de mettre la main sur toutes les clés privées générées sur l’appareil. Ce qui représente donc un risque majeur.

,

Une mauvaise implémentation de l’espace sécurisé TrustZone permettait à un pirate de mettre la main sur toutes les clés privées générées sur l’appareil. Ce qui représente donc un risque majeur.

, ,
https://www.01net.com/actualites/samsung-des-failles-cryptographiques-decouvertes-dans-plus-de-100millions-de-smartphones-2054968.html