Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for UnitingCare Queensla ...

 Security

Australian healthcare provider UnitingCare Queensland (UCQ) has restored systems and applications following a cyberattack in April 2021, according to Computer Weekly.  UCQ said it will continue to work with external incident response and threat remediation specialists to ensure the integrity of its digital   show more ...

environment. Moreover, they took stringent measures to identify, mitigate and eliminate the threats in question.  The company added, “We have also introduced improved security controls across our digital environment, including increased process controls, and have implemented a market-leading endpoint detect-and-response solution to provide ongoing protection”.  UCQ currently has yet to resolve privacy issues that arose from the cyberattack  In the meantime, UCQ has retained outside counsel to resolve the mat... (read more)

image for UMass Lowell Closed ...

 Security

Despite the university's announcement that business operations will resume on Thursday, June 17, all face-to-face and online classes are canceled this week. All classes were postponed Tuesday, Wednesday, and Friday as officials look over a probable cybersecurity incident involving technology services, classified   show more ...

as an IT outage. University Massachusetts Lowell has developed a temporary website to keep students and staff informed while the institution remains closed this week due to a cybersecurity investigation.  The school announced Wednesday afternoon that it was resuming services and gradually restoring its technology infrastructure. Blackboard and Zoom are being prioritized as core instructional services. UMass Lowell is also finalizing its summer course schedule to allow for make-up dates and extended deadlines for classes that were canceled due to the outage.  The university wrote on its temporary web... (read more)

image for Cybercriminals Partn ...

 Security

As ransomware attacks on critical infrastructure become more common, new research shows that cybercriminals' methods are constantly adapting.  The Hacker News highlights that cybercriminals may give up the traditional phishing emails as a means of gaining access to corporate infrastructures. In fact, as   show more ...

Proofpoint points out in a write-up "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains”.  "Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network”. The cybersecurity firm claims to track at least 10 different threat actors wh... (read more)

image for Over a Billion CVS H ...

 Security

On Thursday, WebsitePlanet and researcher Jeremiah Fowler announced the discovery of an online CVS Health database. The database was not password protected and nothing was set in place to prevent illegal access, says ZDNet.  The researchers discovered nearly a billion documents linked to the US healthcare and   show more ...

pharmaceutical conglomerates, which includes brands such as CVS Pharmacy and Aetna.  The 204GB database contained event and configuration data such as production records of visitor IDs, session IDs, device access information (e.g., whether visitors to the company's domains were using an iPhone or a handheld Android device), and what the team calls a "blueprint" for how the logging system worked from the back end.  Information regarding COVID -19 vaccinations and... (read more)

image for HMM Email Systems In ...

 Security

South Korea's HMM has been hit by a cyberattack. This is another shipping company that has been the victim of a cyberattack in recent years, according to The Load Star. A security incident damaged the Hyundai Merchant Marine (HMM)'s email system. HMM stated, “An unidentified security breach was detected,   show more ...

which led to limited access to Outlook in certain areas". According to the company, most of the proven damage caused by the incident has been repaired and no data breach has been detected. The only regions that have not been affected are the Americas and Europe. The carrier advised shippers in the zones still affected to call their local HMM agency offices for bookings and other inquiries. HMM confirmed that with the exception of emails, all systems are fully operational thanks to the independent cloud-based infrastructure.   Shippers i... (read more)

image for First American Finan ...

 A Little Sunshine

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.   show more ...

Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. First American Financial Corp. If you bought or sold a property in the last two decades or so, chances are decent that you also gave loads of personal and financial documents to First American. According to data from the American Land Title Association, First American is the second largest mortgage title and settlement company in the United States, handling nearly a quarter of all closings each year. The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 billion last year. Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. According to SimpleShowing.com, there are actually two title insurance policies in each transaction — one for the buyer and one for the lender (the latter also needs protection as they’re providing the mortgage to purchase the home). Title insurance is not mandated by law, but most lenders require it as part of any mortgage transaction. In other words, if you wish to take out a mortgage on a home you will not be able to do so without giving companies like First American gobs of documents about your income, assets and liabilities — including quite a bit of sensitive financial data. Aside from its core business competency — checking to make sure the property at issue in any real estate transaction is unencumbered by any liens or other legal claims against it — First American basically has one job: Protect the privacy and security of all these documents. A redacted screenshot of one of many millions of sensitive records exposed by First American’s Web site. It’s easy to see why companies like First American might not view protecting this data as sacrosanct, as the entire industry’s incentive for safeguarding all those sensitive documents is somewhat misaligned. That is to say, in the title insurance industry the parties to a real estate transaction aren’t customers, but rather they are are the product. The actual customers of the title insurance companies are principally the banks which back these mortgage transactions. We see a similar dynamic with social media platforms, where the “user” is not the customer at all but the product whose data is being bought and sold by these platforms. Roughly five months before KrebsOnSecurity notified First American that anyone with a web browser could view sensitive document in its “Eagle Pro” database online just by changing some characters at the end of a link, an internal security audit at First American flagged the exact same vulnerability. But the company never acted to fix it until the news media came calling. The SEC’s administrative proceeding (PDF) explains how things slipped through the cracks. Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. But rather than recording the vulnerability as a level 3 severity, due to a clerical error the vulnerability was erroneously entered as a level 2 or “low risk” severity in First American’s automated tracking system. Level 2 issues required remediation within 90 days. Even so, First American missed that mark. The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate. “If it is not technically possible to remediate the vulnerability, or if remediation is cost prohibitive, the [employee] and their management must contact Information Security to obtain a waiver or risk acceptance approval from the CISO,” the SEC explained. “The [employee] did not request a waiver or risk acceptance from the CISO.” So, someone within First American accepted the risk, but that person neglected to ensure the higher-ups within the company also were comfortable with that risk. It’s difficult not to hum a tune whenever the phrase “accepted the risk” comes up if you’ve ever seen this excellent infosec industry parody. The SEC took aim at First American because a few days after our May 24, 2019 story ran, the company issued an 8-K filing with the agency stating First American had no prior indication of any vulnerability. “That statement demonstrated that First American’s senior management was not properly informed of the prior report of a vulnerability and a failure to remediate the problem,” wrote Michael Volkov, a 30-year federal prosecutor who now runs The Volkov Law Group in Washington, D.C. Reporting for Reuters Regulatory Intelligence, Richard Satran says the SEC charged First American with violating Rule 13a-15(a) of the Exchange Act. “The rule broadly requires firms involved in securities issuance to have a compliance process in place to assure material information follows securities laws,” Satran wrote. “The SEC avoided getting into the specific details of the breach and instead focused on the way its disclosure was handled.” Mark Rasch, also former federal prosecutor in Washington, said the SEC is signaling with this action that it intends to take on more cases in which companies flub security governance in some big way. “It’s a win for the SEC, and for First America, but it’s hardly justice,” Rasch said. “It’s a paltry fine, and it involves no admission of guilt by First American.” Rasch said First American’s first problem was labeling the weakness as a medium risk. “This is lots of sensitive data you’re exposing to anyone with a web browser,” Rasch said. “That’s a high-risk vulnerability. It also means you probably don’t know whether or not anyone has accessed that data. There’s no way to tell unless you can go back through all your logs all those years.” The SEC said the 800 million+ records had been publicly available on First American’s website since 2013. In August 2019, the company said a third-party investigation into the exposure identified just 32 consumers whose non-public personal information likely was accessed without authorization. When KrebsOnSecurity asked how long it maintained access logs or how far back in time that review went, First American declined to be more specific, saying only that its logs covered a period that was typical for a company of its size and nature. However, documents from New York financial regulators show First American was unable to determine whether records were accessed prior to Jun 2018 (one year prior to fixing the weakness). The records exposed by First American would have been a virtual gold mine for phishers and scammers involved in Business Email Compromise (BEC) scams, which often impersonate real estate agents, closing agencies, title and escrow firms in a bid to trick property buyers into wiring funds to fraudsters. According to the FBI, BEC scams are the most costly form of cybercrime today. First American is not out of the regulatory woods yet from this enormous data leak. In July 2020, the New York State Department of Financial Services announced the company was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. That inquiry is ongoing. The DFS considers each instance of exposed personal information a separate violation, and the company faces penalties of up to $1,000 per violation. According to the SEC, First American’s EaglePro database contained tens of millions of document images that included non-public personal information.

 Malware and Vulnerabilities

Researchers detected WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites.

 Malware and Vulnerabilities

The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key.

 Identity Theft, Fraud, Scams

The Cofense Phishing Defense Center (PDC) detected a recent phishing campaign that imitates legitimate WeTransfer applications by setting up fake websites that appear genuine.

 Companies to Watch

The Switzerland-based Threatray raised $2.7 million in funding led by Verve Ventures, with participation from existing investors Hammer Team, SICTIC, BackBone Ventures, and the Innofund by SZKB.

 Threat Actors

An APT group based out of Iran is actively targeting Iranian users to deliver MarkiRAT that records keystrokes and clipboard content. Two suspicious documents related to it were uploaded to VirusTotal. It appears attackers are trying to enhance their arsenal with new tools to make their attacks more successful.

 Identity Theft, Fraud, Scams

Users and security experts have uncovered a scam involving the delivery of fake replacement Ledger devices to customers to steal cryptocurrency. Customers using Ledger devices are recommended to beware of any unwanted email, package, or text.

 Feed

It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations

 Feed

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser.

 Feed

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.  Called "Supply chain Levels for Software Artifacts" (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and

 Feed

Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and

2021-06
Aggregator history
Friday, June 18
TUE
WED
THU
FRI
SAT
SUN
MON
JuneJulyAugust