Cisco and Fortinet Release Security Patches for Multiple Products

Cisco and Fortinet Release Security Patches for Multiple Products,

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.
The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and « could allow a remote attacker to overwrite

,

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.
The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and « could allow a remote attacker to overwrite

, ,
https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html

The Age of Collaborative Security: What Tens of Thousands of Machines Witness

The Age of Collaborative Security: What Tens of Thousands of Machines Witness,

Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec.
What can tens of thousands of machines tell us about illegal hacker activities?
Do you remember that scene in Batman – The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any

,

Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec.
What can tens of thousands of machines tell us about illegal hacker activities?
Do you remember that scene in Batman – The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any

, ,
https://thehackernews.com/2022/07/the-age-of-collaborative-security-what.html

Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow

Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow,

Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system.
The malware gets its name from one of the filenames that’s utilized to temporarily store the output of executed commands (« /tmp/.orbit »), according to cybersecurity firm Intezer.
« It can be installed

,

Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system.
The malware gets its name from one of the filenames that’s utilized to temporarily store the output of executed commands (« /tmp/.orbit »), according to cybersecurity firm Intezer.
« It can be installed

, ,
https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html

Apple’s New « Lockdown Mode » Protects iPhone, iPad, and Mac Against Spyware

Apple’s New « Lockdown Mode » Protects iPhone, iPad, and Mac Against Spyware

,

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against « highly targeted cyberattacks. »
The « extreme, optional protection » feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies

,

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against « highly targeted cyberattacks. »
The « extreme, optional protection » feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies

, ,
https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms,

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first set of quantum-resistant encryption algorithms that are designed to « withstand the assault of a future quantum computer. »
The post-quantum cryptography (PQC) technologies include the CRYSTALS-Kyber algorithm for general encryption, and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital

,

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first set of quantum-resistant encryption algorithms that are designed to « withstand the assault of a future quantum computer. »
The post-quantum cryptography (PQC) technologies include the CRYSTALS-Kyber algorithm for general encryption, and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital

, ,
https://thehackernews.com/2022/07/nist-announces-first-four-quantum.html

Apple annonce Isolement, le mode sécurisé qui blinde iPhone, iPad et Mac contre les plus dangereux des logiciels espions

Apple annonce Isolement, le mode sécurisé qui blinde iPhone, iPad et Mac contre les plus dangereux des logiciels espions,

,

Apple met beaucoup en avant la sécurité de ses OS.

Après l’annonce de son action en justice contre NSO Group, le géant de Cupertino porte le fer là où ça fait mal et entend renforcer les protections de ses appareils contre les attaques sophistiquées. Elles ne concernent pas tout le monde, mais mettent néanmoins en danger nos libertés essentielles.

L’article Apple annonce Isolement, le mode sécurisé qui blinde iPhone, iPad et Mac contre les plus dangereux des logiciels espions est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/apple-annonce-isolement-le-mode-securise-qui-blinde-iphone-ipad-et-mac-contre-les-plus-dangereux-des-logiciels-espions.html

OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks

OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks,

The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios.
The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on

,

The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios.
The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on

, ,
https://thehackernews.com/2022/07/openssl-releases-patch-for-high.html

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection,

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection.
Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit « designed to avoid detection by endpoint

,

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection.
Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit « designed to avoid detection by endpoint

, ,
https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html

The End of False Positives for Web and API Security Scanning?

The End of False Positives for Web and API Security Scanning?,

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. 
Today, ImmuniWeb

,

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. 
Today, ImmuniWeb

, ,
https://thehackernews.com/2022/07/the-end-of-false-positives-for-web-and.html

Bitter APT Hackers Continue to Target Bangladesh Military Entities

Bitter APT Hackers Continue to Target Bangladesh Military Entities,

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter.
« Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans, » cybersecurity firm SECUINFRA said in a new write-up published on July 5.
The findings from the

,

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter.
« Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans, » cybersecurity firm SECUINFRA said in a new write-up published on July 5.
The findings from the

, ,
https://thehackernews.com/2022/07/bitter-apt-hackers-continue-to-target.html