Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cybersecurity Concer ...

 Firewall Daily

The security organizations have been marked by heightened tensions again, with speculation surrounding a potential Twitter cyberattack following the Tipalti data breach. Apparently, security researchers believe that X (previously Twitter) might be the next target in the digital onslaught because the threat actors have   show more ...

claimed to compromise Roblox and Twitch, the direct clientele of Tipalti. Since X also uses Tipalti for its automated payment processing services, there is a high probability that the ALPHV/BlackCat ransomware will target the social media platform in the upcoming days. The threat actor has claimed to blackmail Roblox and Twitch separately, and it is likely that X would be the next target in this hacking spree. Connecting the Dots: Tipalti Data Breach and Twitter’s Vulnerability While the Twitter data breach remains speculative, cybersecurity researchers are diligently exploring connections to a recent security incident. Tipalti, a payables automation solution company, found itself in the crosshairs of the ALPHV/BlackCat ransomware group, with implications that extend beyond its systems. The ripple effect led to subsequent data breaches at prominent platforms like Roblox and Twitch, both direct clients of Tipalti. Tipalti, a FinTech company specializing in accounting software, services 910 companies primarily in the United States. Widely adopted by businesses with 50-200 employees and revenue ranging from $10 million to $50 million, Tipalti has been a staple for six years. Notable clients include Blackfriars Insurance Brokers, SuperAwesome, TEKsystems, and Roblox Corporation, underscoring the gravity of the situation. ALPHV/BlackCat’s Dark Web Revelations: Tipalti Data Breach, Roblox Data Breach, Potential Twitch Data Breach, and more Source: Twitter In recent dark web posts, the ALPHV/BlackCat ransomware group asserted its presence within Tipalti systems since September 8th, 2023. The threat actors claimed to have exfiltrated over 265GB of confidential business data, targeting not only Tipalti but also its clients, including Roblox and Twitch. The group hinted at plans to extort these companies individually, with a planned market impact on the $RBLX stock price. The ALPHV/BlackCat group, adopting a controversial strategy, outed its victims before they could respond, labeling it a bad business practice. Citing Tipalti’s lack of cyber extortion coverage in its insurance policy and the perceived inadequacies of its executive team, the group justified its actions. The dark web post also alluded to a past extortion attempt involving Roblox, where the company engaged in prolonged stalling without making payments. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BlackCat Ransomware ...

 Firewall Daily

The BlackCat ransomware group has reportedly targeted Ho Chi Minh City Energy Company, a subsidiary of Vietnam Electricity. The alleged EVNHCMC data breach has raised concerns, prompting the hacker group ALPHV to threaten to report the incident to the Vietnam Department of Energy. The situation is unfolding, with 84   show more ...

samples from the Vietnam Electricity data breach posted on the dark web. Vietnam Electricity, also known as EVN, holds a significant position as the largest power company in Vietnam. Established in 1994 as a government-owned entity, EVN has operated as a one-member limited liability company since 2010.  With its extensive infrastructure, EVN manages large-scale hydropower and coal-fired power plants, contributing 58% to the national power generation system. Additionally, EVN oversees power generation and transmission corporations, as well as regional power distribution corporations. The Vietnam Electricity data breach explained Source: Twitter The Cyber Express has reached out to Ho Chi Minh City Energy Company for further insights into the cyberattack on Vietnam Electricity, however, an official response is awaited. The severity of the situation is underscored by the threat actor’s intention to report the incident to the Vietnam Department of Energy. Despite the gravity of the claims, Vietnam Electricity’s website remains operational, showing no immediate signs of the alleged cyber attack. This isn’t the first time the BlackCat ransomware group has made headlines. Previously, The Cyber Express reported on their involvement in the QSI Banking Cyberattack, where 5TB of SQL data was allegedly stolen. Although the QSI Banking incident was not officially confirmed by the firm, cybersecurity researchers noted it based on dark web announcements. The attack spree by ALPHV/BlackCat ransomware group Adding to the complexity of the situation, the ALPHV/BlackCat ransomware group has announced plans to target social media platforms, specifically mentioning potential blackmail attempts on Roblox and Twitch. The ominous forecast suggests that another platform, X (previously Twitter), could be the next victim in this hacking spree. The recent series of attacks, including the Tipalti data breach, has been linked to the BlackCat ransomware group. Returning to the ongoing story of the Vietnam Electricity data breach, The Cyber Express is closely monitoring the situation. Updates will be provided as more information becomes available or an official confirmation is released by the organization regarding the alleged EVNHCMC data breach.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Unmasking Spyroid Ra ...

 Dark Web News

The dark web never fails to amaze users but surface-level internet is not far behind. Recently, a user has been promoting a new Android RAT, Spyroid Rat, on GitHub. This advanced Android Remote Access Tool (RAT) stands out with its comprehensive control features, offering a one-for-all tool for hackers and online   show more ...

criminals.  The Spyroid Rat offers a wide array of functionalities to manage and monitor Android devices discreetly. From file and call management to live location and screen tracking, SMS and application management, keylogging, social media account hacking, and more, Spyroid Rat is designed for stealthy control, presenting a significant threat to Android device security and privacy. What is a Spyroid Rat and Why It is Being Promoted? GitHub The creators of Spyroid Rat emphasize its prowess on GitHub, declaring it as the best Android Rat available in the market. Originating as a private project, they promise exclusive functions and dedicated efforts to provide the best service for their customers AKA hackers.  For the uninitiated, an Android RAT/AndroRat, embedded within a ‘carrier’ app through trojanizing, acts as a remote access tool (RAT) that grants control to a remote attacker upon installation on the targeted device. Based on the same concept, the Spyroid Rat boasts threatening features, including a file manager with download/upload capabilities, secure delete options, thumbnail/gallery views, advanced search, and more. Its live location and screen control functionalities enable the monitoring of a device in real time. The call manager displays lists of incoming and outgoing calls, while the SMS manager facilitates the viewing and deletion of messages. All the Features and Capabilities of Spyroid Rat  The Spyroid Rat was recently added to the repository, making it a new player in dark web commerce. This Android RAT offers an array of tools such as application management, a keylogger for both online and offline recording, a range of social media account stealers, permissions manager, account manager, auto-clicker, web browser monitoring, and injection into real apps for silent control.  It even includes features like admin rights requests, camera manipulation for taking screenshots and photos, keyboard replacement with a custom Spyroid Rat keyboard, self-destruction for automatic removal, microphone capture for listening, speaking, and recording, notification and call listeners, and a screen reader with various bypass capabilities. The Spyroid Rat developers have gone to great lengths to ensure its functionality mimics that of a real app, incorporating anti-kill and anti-uninstall measures, support for screen wakeup, screenshot capture, lock screen capabilities, and re-encryption of the APK. In summary, Spyroid Rat for Android devices is a powerful and menacing tool with an extensive range of features, making it a potential threat to device security and user privacy.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Colonial Pipeline Hi ...

 Firewall Daily

The Colonial Pipeline has allegedly fallen victim to a major cybersecurity breach, orchestrated by the notorious CyberNiggers hacker group. The threat actor responsible for this Colonial Pipeline data breach has offered access to sensitive data for sale on the dark web. The user who posted this breach joined the   show more ...

platform on August 8, 2023.  The dark web user behind this Colonial Pipeline data breach goes by the handle “comradbinski,” who has gained notoriety for his involvement in various cyber intrusions. The premium access to Colonial Pipeline, touted on the dark web, includes a plethora of critical information, such as billing details, private and public keys, passwords, emails, source code, PDFs, and database files.  The compromised access encompasses Blobs, SMTP, Bitbucket, MSSQL, and AWS S3 Buckets. CyberNiggers hacker group behind Colonial Pipeline Data Breach Source: Twitter Disturbingly, apart from this Colonial Pipeline data breach, the CyberNiggers hacker group claims to have breached several other pipeline companies, including BoardWalk Pipeline, Dominion Energy, Enbridge, Energy Transfer, and more. The hacker group asserts that they have stolen a staggering 200GB of data and files, offering both access and pilfered data to potential buyers. Efforts to verify these claims have been hampered by a lack of communication from Colonial Pipeline. The Cyber Express reached out to the organization, but the website appears to be non-operational at present.  The Cyber Express, however, reached out to Colonial Pipeline’s communication team for an official statement or response about this Colonial Pipeline data breach. The Colonial Pipeline data breach is unverified at the moment. CyberNiggers and Other Attacks In a similar vein, IntelBroker, a member of the CyberNiggers hacker group, has declared responsibility for breaching multinational tech giant General Electric. Samples from the alleged General Electric data breach, including SQL database files, military documents, technical descriptions, aviation system guidelines, and maintenance reports, have been shared on the dark web. This unsettling turn of events extends beyond corporate breaches, as sensitive data related to the US government’s defense research and development agency DARPA has surfaced on the dark web. RestorePrivacy reported the leak, underlining the growing threat posed by cybercriminals to critical national security infrastructure. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for MIRLE Group Targeted ...

 Firewall Daily

The renowned Taiwan-based MIRLE Group, specializing in intelligent automation solutions, has allegedly fallen prey to the infamous LockBit ransomware group.  The cybercriminals have posted about this MIRLE Group cyberattack on their dark web forum with an ultimatum, threatening to expose the organization’s   show more ...

sensitive data on December 8, 2023.  As the clock ticks, MIRLE Group finds itself entangled in the web of a potential data breach orchestrated by the threat actor.  Decoding MIRLE Group Data Breach Source: Twitter Founded in 1989, MIRLE Group has emerged as a global leader in intelligent automation, with a workforce exceeding 1,500 dedicated professionals. The company’s commitment to cutting-edge factory automation services, driven by three decades of expertise in AI, cloud computing, and digital twin technology, has solidified its position in the industry. The Cyber Express sought to unravel the details surrounding the MIRLE Group cyberattack, reaching out for an official statement. Regrettably, at the time of this report, no response or confirmation has been received from MIRLE Group, leaving the claims of the cyberattack unverified. While the MIRLE Group website appears to be operational with no apparent signs of a cyberattack, there is speculation that the attack may have targeted the company’s database, thus remaining undetected on the surface. Who is the LockBit Ransomware Group? LockBit ransomware group, a cybercriminal gang operating under the ransomware-as-a-service (RaaS) model, has gained notoriety for its double extortion tactics. This involves encrypting victim data and threatening to leak it unless their monetary demands are met.  According to a joint statement by various government agencies, LockBit ransomware group ranked as the world’s most prolific ransomware in 2022, responsible for 44% of global ransomware incidents. In the United States alone, between January 2020 and May 2023, LockBit ransomware group was implicated in approximately 1,700 ransomware attacks, amassing a staggering $91 million in ransom payments. Notably, the group remains financially motivated, with no formal attribution to any specific nation-state. The LockBit ransomware group has drawn attention for its creation of “StealBit,” a malware tool automating the extraction of data. Released alongside LockBit 2.0, this tool exhibits fast and efficient encryption capabilities. Additionally, LockBit expanded its reach with the introduction of Linux-ESXI Locker version 1.0, targeting Linux hosts, particularly ESXi servers. LockBit’s extensive reach extends across various industries globally, with healthcare and education sectors emerging as primary targets. The United States, India, and Brazil top the list of countries most frequently subjected to LockBit’s malicious activities, according to Trend Micro. This is an ongoing story and TCE is closely monitoring the situation. We’ll update this post once we have more information on the MIRLE Group cyberattack or the official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anonymous Arabia Tar ...

 Data Breach News

The notorious hacking group Anonymous Arabia has claimed responsibility for launching a cyberattack on First Abu Dhabi Bank (FAB), the largest bank in the United Arab Emirates (UAE). The hacktivist collective posted a message asserting that the bank had been taken offline as a protest against the UAE’s   show more ...

normalization of relations with Israel and its alleged abandonment of the Palestinian cause for financial gain. The message from Anonymous Arabia on the First Abu Dhabi Bank cyberattack criticized the UAE for prioritizing trade agreements and diplomatic ties with Israel over supporting their “brothers and sisters” who are facing hardship and conflict in Palestine. The hackers emphasized their refusal to tolerate what they perceive as a betrayal of moral principles for economic interests. Cyberattack on First Abu Dhabi Bank is Not the Only Incident This incident follows a similar cyberattack claimed by Anonymous Arabia on Saudi Arabia’s Al Rajhi Bank. In their message, the hackers accused Saudi Arabia of prioritizing financial gains over morality and human lives, asserting that the nation, with its significant oil production, could potentially influence the ongoing situation in Gaza by cutting off its oil supply to Israel, the USA, and their allies. The hacking group claimed to have executed the cyberattacks with a formidable force of 2 terabytes per second, marking it as one of the most potent cyber assaults they have carried out. The Cyber Express Team has initiated contact with both First Abu Dhabi Bank and Al Rajhi Bank to verify the authenticity of the claims made by Anonymous Arabia. As of now, an official response from the banks is still pending. The cyberattacks by Anonymous Arabia shed light on the increasing intersection of geopolitics, cyber warfare, and hacktivism. As tensions rise in the Middle East, these cyberattacks serve as a reminder of the vulnerabilities in the digital infrastructure of financial institutions and the potential consequences of political decisions on the virtual battlefield. The implications of such cyberattacks extend beyond the digital realm, raising questions about the evolving nature of conflict and the ethical considerations of nation-states in the face of growing global connectivity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anonymous Collective ...

 Firewall Daily

The infamous hacktivist group, Anonymous Collective, has claimed responsibility for a cyberattack that allegedly brought down Cosmote, Greece’s largest mobile network operator. As of now, details regarding the extent of the Cosmote cyberattack, any stolen data, or the motives behind the assault remain   show more ...

undisclosed. The Cyber Express Team (TCE) has attempted to verify the claim by reaching out to official sources, but an official response is still pending. One striking aspect that has heightened concerns is the inaccessibility of Cosmote’s official website. Attempts to access the site have proven futile, prompting questions about the veracity of the Anonymous Collective’s claim. Confirmation or denial of the Cosmote cyberattack can only be ascertained once an official response is received from Cosmote. Cosmote Cyberattack Recalling Past Breaches This recent cyber incident revives memories of a significant data breach in 2020, where Cosmote faced severe consequences for failing to protect a file containing the call histories of thousands of customers. The company was slapped with a hefty fine of €6 million (US$6.9 million) in 2022, for this security lapse. Additionally, OTE, a parent company of Cosmote, received a penalty of €3.25 million (U.S. $3.7 million) for not having the necessary security infrastructure to prevent the breach. The 2020 breach, which occurred in September, resulted in the compromise of sensitive customer information, including phone numbers, call records, customer age and gender details, and subscriber mobile tariff plans. Fortunately, the breached file did not contain contents of calls or messages, customer names or addresses, passwords, or any information related to credit cards and bank accounts. Given the previous security lapses and the sensitivity of the data involved, the recent cyberattack raises serious concerns about the overall cybersecurity posture of Cosmote. Users are anxiously awaiting an official response from the company to understand the nature and scope of the current breach. As the story unfolds, the tech community and the public will be closely monitoring the developments surrounding this major cybersecurity incident. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for FBI: Iranian APT Tar ...

 APT

The hack of a Pennsylvania water treatment facility in November is part of a larger campaign by an Iranian APT group against users of Israel-made operational technology. The post FBI: Iranian APT Targets Israeli-Made PLCs Used In Critical Industries first appeared on The Security Ledger with Paul F. Roberts. Related   show more ...

StoriesCyberattacks on Industrial Control Systems Jumped in 2022BitCoins To Bombs: North Korea Funds Military With Billions In Stolen CryptocurrencyForget the IoT. Meet the IoZ: our Internet of Zombie things

 Malware and Vulnerabilities

A variant of the DJvu ransomware, named Xaro, has been identified in a campaign that leverages cracked software for distribution. Xaro is spread through an archive file masquerading as legitimate freeware. Organizations are advised to whitelist apps or sites to stay safe.

 Malware and Vulnerabilities

The Linux encryptor includes extensive command-line options for customization, allowing threat actors to specify exclusion and encryption criteria, as well as configure virtual machines that should not be encrypted.

 Trends, Reports, Analysis

The Open Radio Access Network (ORAN) architecture, while providing standardized interfaces and protocols, is vulnerable to attacks through malicious xApps that can compromise the entire RAN Intelligent Controller (RIC) subsystem.

 Incident Response, Learnings

A Russian national, Vladimir Dunaev, has pleaded guilty for his involvement in developing TrickBot malware, which targeted hospitals and healthcare centers with ransomware attacks during the COVID-19 pandemic.

 Expert Blogs and Opinion

It is crucial to maintain unified visibility, control, and management across both cloud-based and on-premise security measures to bridge the gap and create a comprehensive and future-proof security stack.

 Geopolitical, Terrorism

The International Committee of the Red Cross (ICRC) has released a set of rules for civilian hackers involved in cyber conflicts. The rules aim to clarify the line between civilians and combatants in cyberspace during times of war.

 Feed

Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.

 Feed

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

 Feed

Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these   show more ...

to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

 Feed

Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.

 Firewall Daily

In a comprehensive exploration of the dynamic cybersecurity terrain, Abul Kalam Azad, Head of Information Security at Eastern Bank, shares invaluable insights in an interview with Augustin Kurian, Editor-in-Chief of The Cyber Express. With over two decades of expertise in IT audit, risk management, and cybersecurity,   show more ...

Azad illuminates the challenges, trends, and transformative potential in today’s cybersecurity sphere, particularly within the financial sector. From the escalating threats of ransomware attacks to the pivotal role of Artificial Intelligence (AI) and the imperative of compliance and risk management, Azad’s discourse uncovers the complex array of challenges and strategies molding the cybersecurity landscape. Azad began by highlighting the vulnerability of the financial sector to cyberattacks, noting that attackers often target these institutions for financial gain. He pointed out that in recent years, there has been a significant increase in attempts to hack customer accounts and manipulate financial transactions. He discussed a troubling trend: the surge in ransomware attacks. These attacks not only aim to extort money but also disrupt services by rendering systems inoperable.. Another critical issue Azad touched upon was the breach of customer data. He noted that several large organizations had faced severe consequences, including bankruptcy, due to the loss of customer data. The conversation then shifted to the role of artificial intelligence (AI) in cybersecurity. Azad expressed optimism about the integration of AI in cybersecurity tools, noting that AI-enhanced systems offer more accurate and timely detection of threats. He emphasized that traditional security tools are often inadequate in detecting sophisticated cyber-attacks, making AI an essential component in modern cybersecurity strategies. However, Azad also acknowledged the double-edged sword that AI represents in cybersecurity. He pointed out that the effectiveness of AI depends on how it is used – whether by cybersecurity professionals for defense or by attackers for more sophisticated breaches. This raises important questions about the balance of power in cybersecurity and the ongoing arms race between cyber attackers and defenders. In discussing the broader implications of AI in cybersecurity, Azad highlighted the significant investments being made by companies in AI-driven security solutions. He cited the example of Cyble Vision, leveraging AI to detect and index banking cyber threats. Azad’s insights reveal a complex and rapidly evolving cybersecurity landscape. The financial sector’s vulnerability to cyber-attacks, the rise of ransomware, the critical importance of protecting customer data, and the potential of AI in cybersecurity are all key themes that define the current challenges in the field. The Role of AI in Cybersecurity and the Importance of Compliance in the Financial Sector The discussion delved into the critical role of Artificial Intelligence (AI) in cybersecurity and the significance of compliance and auditing in the financial sector. Azad emphasized the transformative impact of AI on cybersecurity. He pointed out that AI is not just beneficial but essential for detecting and responding to cyber threats more accurately and promptly. This technology has become a cornerstone in the cybersecurity strategies of many organizations, particularly in the financial sector, where the stakes are exceptionally high. The integration of AI into traditional cybersecurity tools like firewalls, Intrusion Detection Systems (IDS), and Security Information and Event Management (SIEM) systems has markedly improved their efficiency and detection rates. Azad predicted a continued rise in the adoption of AI technologies by cybersecurity companies, suggesting a future where AI plays a dominant role in cyber defense mechanisms. Moving on to threat intelligence, Azad highlighted its critical importance for financial institutions. He stressed that these organizations must be proactive in understanding potential cyber threats, including identifying indicators of compromise (IOCs) and staying informed about emerging attack vectors. Additionally, monitoring the dark web is crucial for financial institutions to gather intelligence and prevent data breaches and other cyber incidents. Azad then addressed the importance of compliance and auditing in the financial industry. He outlined the various standards and regulations that financial institutions must adhere to, such as PCI DSS, ISO 27001, GDPR, HIPAA, and SOC, depending on their geographic location and business nature. To maintain compliance, organizations need to identify relevant regulations and establish checklists for regular monitoring and assessment. He also mentioned the utility of Governance, Risk Management, and Compliance (GRC) tools in aiding organizations to stay compliant. These tools can automate certain aspects of compliance, making it easier for companies to meet regulatory requirements and generate reports. Azad’s insights underscore cybersecurity’s evolving nature, highlighting AI’s growing importance in enhancing cyber defense capabilities. Furthermore, his emphasis on the necessity of threat intelligence and the critical role of compliance and auditing in the financial sector provides a comprehensive overview of the current cybersecurity landscape. As cyber threats become more sophisticated, the integration of advanced technologies like AI and a strong focus on compliance will be key to safeguarding digital assets and maintaining customer trust. Navigating the Future of Cybersecurity: Perspectives from a Seasoned Expert Azad acknowledged the dynamic nature of cyber threats, emphasizing that strategies effective today might not suffice tomorrow. This constant evolution requires organizations to be adaptive and agile. He observed that while companies are becoming more aware of cybersecurity risks and are proactive in their approach, challenges such as budget constraints and technological limitations can impede their efforts. However, he remained positive about the industry’s commitment to mitigating cyber threats and keeping up with the latest trends. Looking ahead to 2024, Azad speculated on the potential changes in cyber threats. He noted the recent increase in ransomware attacks and data breaches, particularly involving sensitive customer data. He predicted that attacks on data would become more frequent, driven by the high value of customer information. Azad also cautioned that entirely new forms of attacks, currently unimaginable, might emerge, highlighting the need for continuous vigilance and preparedness in cybersecurity. Azad then touched upon the importance of basic cyber hygiene and employee awareness, especially in financial institutions. He stressed that simple measures, like complex passwords and two-factor authentication, can prevent many attacks. Employee training and awareness are crucial in bolstering cybersecurity defenses without significant technological investment. This approach not only enhances security but also builds resilience against a wide range of cyber threats. He emphasized the need for organizations to identify potential risks and act swiftly to mitigate them. He pointed out that understanding and responding to risks promptly is key to creating a safe cyber environment. He also highlighted the interconnected nature of cybersecurity, where a single breach or loophole can have devastating effects on the entire ecosystem. Azad provided valuable insights into the current state and future of cybersecurity, particularly in the financial sector. His emphasis on adaptability, proactive risk management, employee awareness, and the potential impact of AI in cybersecurity paints a picture of a field that is constantly evolving and requires continuous attention and innovation. To conclude, Azad underscored the transformative role of AI in enhancing cybersecurity measures, predicting its growing dominance in future cyber defense strategies. The importance of threat intelligence and compliance was also stressed, pointing to the need for financial institutions to stay vigilant and proactive in monitoring potential cyber threats and adhering to various regulatory standards. Azad’s discussion revealed the dynamic nature of cyber threats, where strategies effective today might be obsolete tomorrow, necessitating adaptive and agile approaches from organizations. He speculated on the future of cyber threats, foreseeing an increase in sophisticated attacks, particularly targeting customer data. The importance of basic cyber hygiene and employee awareness was also highlighted as key in preventing many attacks, with simple measures like complex passwords and two-factor authentication playing a crucial role. Concluding the interview, Azad emphasized proactive risk management as essential for creating a safe cyber environment. The interconnected nature of cybersecurity means that a single breach can have far-reaching effects, making it imperative for organizations to identify and mitigate risks swiftly.

 Cybersecurity News

The Board of Directors of Koh Brothers Eco Engineering Limited (KBEE) disclosed that several of the company’s subsidiaries fell victim to a cyberattack, resulting in unauthorized access and encryption of certain servers. The KBEE cyberattack has triggered swift investigations, prompting the company to take quick   show more ...

and decisive measures to contain and address the breach. Swift Response to Contain KBEE Cyberattack Upon discovering the KBEE cyberattack, the company disconnected the affected servers from the network to prevent further unauthorized access. The company has also engaged incident response experts and external legal counsel to assess, respond to, and manage the incident. Presently, ongoing investigations suggest that the cyberattack on Koh Brothers Eco Engineering has been contained, but the full extent of its impact on the group and its operations remains uncertain. “At this point, the ongoing investigations indicate that the Incident has been contained. At this juncture, the Company is not able to assess the extent of the impact of the Incident on the Group and its operations. The Group’s business continues to be operational notwithstanding the Incident,” reads the official statement. However, the company is unable to assess the complete impact at this time, and investigations are ongoing to determine the scope of the Koh Brothers Eco Engineering cyberattack. The Board assures shareholders that it will provide timely updates as the situation develops. Future Preparedness: Enhancing IT Security Framework KBEE is deploying advanced tools to remediate the intrusion and restore affected systems. As part of its commitment to data security, KBEE will evaluate and, if necessary, enhance its IT security framework to counter the evolving sophistication of threat actors. Shareholders are advised not to take any action regarding their shares or securities that may be detrimental to their interests. Caution is urged when dealing with KBEE shares or securities. Should shareholders wish to transact with KBEE shares, seeking professional advice and consulting with their stockbrokers is strongly recommended. “In the event that shareholders of the Company wish to deal in the shares or securities of the Company, they should seek their own professional advice and consult with their own stockbrokers,” states the official release. The company’s proactive measures and commitment to transparency are aimed at reassuring shareholders and stakeholders. KBEE acknowledges the importance of maintaining trust in the wake of cybersecurity incidents and pledges to keep shareholders informed of any material developments as investigations progress. This cyberattack on KBEE highlights the necessity for companies to prioritize cybersecurity measures, emphasizing the critical importance of having robust protocols in place to safeguard sensitive data and ensure business continuity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Press Release

Atlanta, Georgia – InsureMO has partnered with the Cyble Partner Network’s Technology Alliance Partnership (TAP), heralding a new era in insurance technology and cyber risk management.   The announcement came during the GrowCon summit hosted by Cyble Partner Network, where InsureMO and representatives from   show more ...

over 50 firms across 22 countries convened to discuss the future of TAP and its collective empowerment.   This partnership leverages Cyble’s patented AI systems and automation to advance dark web monitoring and risk management for InsureMO and other BFSI entities. It facilitates a comprehensive risk scoring system, enabling precise categorization and response to varying risk severities. InsureMO, with Cyble’s real-time threat intelligence, can now respond more effectively to cyber challenges, enhancing processes for underwriters and assessors, and deepening the insurance industry’s understanding of risks.   The collaboration is particularly crucial for underwriters and assessors, addressing the legal implications and impacts on insurers. Cyble’s advanced threat intelligence provides InsureMO with vital insights for accurately pricing their offerings, thereby granting insurers and MGAs enhanced visibility into cybersecurity changes and risk scores, aiding in policy binding, premium calculation, and policy renewal. Dipesh Ranjan, Chief Partner Officer, and SVP Global Growth at Cyble, mentioned, “I am thrilled to announce our transformative partnership with InsureMO, a pivotal step forward in reshaping the landscape of cyber insurance through real-time threat intelligence. This strategic alliance, established under the Cyble Partner Network’s Technology Alliance Partnership (TAP), signifies a groundbreaking chapter in insurance technology and cyber risk management. As an integral part of our dynamic collaboration with InsureMO, we are excited to seamlessly integrate Cyble’s advanced threat intelligence into the InsureMO platform, heralding a revolution in cyber insurance.” Anubhav Sharma, Global Head of Partnerships, InsureMO, also chimed in on this partnership and its implications, “We’re excited to announce our cyber Insurance solutions are now powered by Cyble. Cyble adds advanced capabilities of a comprehensive threat analysis as well as preventative cyber care to the cyber insurance products on the InsureMO platform. The joint offering allows insurers to better manage and price risk as well as confidently expand their cyber insurance book of business.”  This partnership introduces a robust risk scoring system to InsureMO, ensuring precise categorization and swift responses to varying threat levels. Cyble’s AI-powered solutions provide a comprehensive view of an organization’s cyber risk posture, reshaping the way underwriters assess risks.  Beyond mere risk assessment, this collaboration delivers substantial benefits to InsureMO’s clients and insurers, providing a deeper understanding of cyber risk management for more informed decision-making. We are genuinely enthusiastic about the transformative opportunities that this partnership presents in fortifying businesses against the ever-evolving landscape of cyber threats.”   Cyble’s AI-powered solutions offer immense value to the insurance sector, traditionally burdened with extensive documentation and audits for risk assessment. By rapidly detecting data leaks, exposures, and breaches across different web layers, Cyble equips underwriters with a holistic view of an organization’s cyber risk posture directly within the InsureMO platform.   The benefits of this partnership extend beyond underwriters, as clients and insurers will also gain a better grasp of cyber risk management and informed decision-making.  About Cyble:  Cyble is a rapidly growing global leader in cybersecurity, offering extensive coverage across adversaries, infrastructure, exposure, weaknesses, and targets. Utilizing AI and ML, Cyble empowers governments and enterprises to protect their citizens and infrastructure with timely critical intelligence. Headquartered in Atlanta, Georgia, with a worldwide presence in Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is a global cybersecurity authority.  For more information about the Cyble Partner Network, visit http://partnernetwork.cyble.com  Media Contact: Cyble Inc enquiries@cyble.com Ph: +1 678 379 3241

 Feed

The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel

 Feed

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware," the Microsoft Threat Intelligence team said in a series of posts on X (

 Feed

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8)

 Feed

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how

 Feed

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach. "It's highly likely that by targeting MIPS, the P2PInfect developers

2023-12
Aggregator history
Monday, December 04
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary