Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Nget Stealer Targets ...

 Dark Web News

Apart from the daily activity on the dark web, a new surface-level menace has emerged on the scene – the notorious “Nget Stealer.” This information stealer, operating under the radar with full undetectability (FUD), has set its sights on cryptocurrency wallets, posing a risk to online privacy and   show more ...

financial security. The Nget Stealer is currently being hosted at https://intrusion.lol/, marketing it as a “Discord C2 Stealer”. The website also links to a Discord server, which is currently down with a notification stating, “This invite may be expired or you might not have permission to join”. Breaking Down Nget Stealer, the New Information Stealer Source: Twitter Nget Stealer employs a stealthy approach, extracting sensitive data such as passwords and cookies from browser sessions, amplifying the potential for privacy breaches. What sets it apart is its reverse shell feature, providing attackers with versatile control. However, this control extends beyond data extraction, as Nget Stealer is capable of terminating critical processes, inducing a dreaded Blue Screen of Death (BSOD). Source: Twitter The malicious tool doesn’t stop there – it comes equipped with Auto Nitro Purchase (ANP) and Grab Gift Inventory Codes (GIG) features, heightening the potential for financial exploitation. The inclusion of advanced encryption methods such as Fernet, AES, and CBC for secure communication through webhooks adds another layer of sophistication to this cyber threat. The individual responsible for Nget Stealer proudly boasts about its features, including a clean cmd builder with obfuscation in 20 layers, Fernet Webhook Encryption in 15 layers, and a fast response time without crashes. The builder ensures that the aftermath generated by Nget is automatically cleaned up, demonstrating the tool’s efficiency and ability to cover its tracks seamlessly. A Threat for Organizations, a Comfort for Cybercriminals Nget Stealer’s compatibility is limited to Windows 10 and 11, with no version available for Mac users. The prerequisites for utilizing this stealthy tool include Python 3.9 or lower, and it can possibly be used on a virtual machine running Win10/11. The danger posed by Nget Stealer is further exacerbated by its presence on popular communication platforms like Discord and Telegram, where it operates as a command and control (C2) server. This signifies a growing trend among cybercriminals to exploit widely used platforms for their malicious activities. In light of this emerging threat, users are urged to exercise extreme caution and implement robust cybersecurity measures. Since these information stealers exist on surface-level internet, hackers or individuals with malicious intentions can leverage these tools for exploits and cyberattacks.  This is an ongoing story and The Cyber Express is keeping a close look at any developments in the Nget Stealer story. We’ll update this post once we have more information about this information stealer and how it operates.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyber Toufan Team St ...

 Firewall Daily

In a recent wave of cyberattacks on Israeli organizations, the notorious Cyber Toufan Team hacker group has once again made claims of launching a cyberattack on Israel. The targeted entities include Soda Stream, a well-known Israel-based consumer home carbonation product company, the Back2School Project, and   show more ...

Israel’s Ministry of Health. The Cyber Toufan Team, in a dark web post, declared their breach of Soda Stream’s customer database, exposing the personal details of over 100,000 Israeli customers. This includes names, email addresses, phone numbers, home addresses, and more.  A similar breach was claimed in connection with the Back2School Project, revealing sensitive information of registered individuals, such as names, numbers, home addresses, emails, and hashed passwords. Cyber Toufan Team Claims of Cyberattacks on Israeli Organizations The Ministry of Health was not spared either, as the hacker group threatened to release sensitive data from multiple releases, emphasizing the potential repercussions of targeting hospitals and health systems. Despite these cyberattack claims, responses from the affected entities are yet to be received at the time of writing, leaving the extent of the cyberattacks on Israeli organizations unverified. Source: Twitter What sets these attacks apart is their strategic nature. They are not isolated incidents but part of a deliberate plan orchestrated by the Cyber Toufan Team. The hacker group has been actively targeting Israel since the conflict between Israel and Hamas erupted on October 7. In the wake of the ongoing cyber skirmishes between the two sides, signs are emerging that the attacks may be intensifying. Since October, it has been seen that hackers are particularly interested in targeting Israeli government and media websites, coinciding with Israel’s military actions in the Gaza Strip. Cyber Toufan, in particular, claimed responsibility for hacking Israel’s defense ministry and releasing extensive data on its Telegram account, purportedly containing the names of Israeli army and reserve soldiers. The Cyber Toufan Team Hacker Group The group’s name, “Cyber Toufan,” appears to reference Hamas’s 7th October attacks in southern Israel, known as the Toufan Al-Aqsa, or Al-Aqsa Flood. Cyber Toufan asserted its destructive capabilities, claiming to have destroyed over 1,000 servers and breached 150 Israeli targets, including government agencies and companies. While hacktivist claims are often met with skepticism, recent reports from Israeli newspaper Haaretz have raised concerns over the security issues in Israel. The report detailed a breach into Israel’s State Archive, where hackers allegedly obtained personal details of users, including researchers, historians, and citizens. The targeted entities now face the dual challenge of securing their systems and addressing potential fallout from the exposure of sensitive information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ransom Paid, Yet Str ...

 Firewall Daily

The latest cyberattack on Henry Schein serves as a reminder that succumbing to the demands of cybercriminals is never the answer. This marks the third time the prominent healthcare solutions provider has been targeted by the BlackCat ransomware group, despite speculations of paying a ransom. The hacker collective   show more ...

posted new updates regarding the Henry Schein data breach on their dark web channel, signaling a third cyberattack on the company’s cybersecurity defenses. This occurred several months after the company’s initial breach in October, followed by a subsequent attack in November. Following the earlier attacks, Henry Schein’s website was briefly taken down, and the company had to process orders manually for several days. However, a few days later, BlackCat removed Henry Schein from its leak website, which could indicate that negotiations had resumed or that a ransom had been paid. It is possible that Henry Schein paid a ransom to BlackCat in order to regain access to its data and systems. While the company did not confirm paying a ransom, its removal from the hacker group’s victim list does indicate a ransom payment. The Chronology of Henry Schein Cyberattacks Source: Twitter Henry Schein initially fell victim to the BlackCat ransomware attack on October 14, resulting in a month-long operational hiatus. Despite the company’s efforts to recover, the cyber assailants struck again on November 14, causing over $500 million in losses, as per the threat actor. Notably, the ALPHV/BlackCat group claims to have re-encrypted Henry Schein twice, with a forewarning of a third attack looming on the horizon. Security researcher, Dominic Alvieri, reported that after the Henry Schein data breach incident, the company was removed from the leak site affiliated with the BlackCat ransomware group. Dominic tweeted, “Why you should never pay a ransom,” along with a screenshot allegedly showing leaked data from Henry Schein. This removal hints at a ransom deal between the organization and the threat actor. However, the insurance giant didn’t share any such updates for a ransom deal being made, further drifting the intention and motivation behind these waves of cyberattacks on Henry Schein.  Henry Schein data breach incidents rise again While security firms like Aon’s partner Stroz Friedberg and AVASEK teams were engaged to mitigate the threat, the situation worsened. Attempts at the collaborative resolution, including temporary public statements and refraining from data exposure, failed due to what BlackCat perceives as Henry and Coveware’s inadequate strategy and communication. With Henry Schein’s market value at a staggering $9 billion, questions arise regarding the management’s handling of the crisis. The cyber attackers criticize the company’s perceived lack of professionalism and express concern over potential management issues within Henry Schein. The aftermath of the Henry Schein cyberattacks raises concerns for investors. The need to scrutinize management performance and decision-making becomes paramount. The repeated breaches highlights the vulnerability of even multi-billion-dollar corporations, urging caution when dealing with entities like the BlackCat ransomware group. The Henry Schein data breach fallout  The BlackCat ransomware group claims to have exposed sensitive data, including DEA numbers, PII data, and supplier bank accounts. Partnerships with major entities like Walmart, BDO, Pfizer, and others may lead to legal battles and extensive repercussions for Henry Schein in addition to the ongoing data breaches. The Cyber Express reached out to Henry Schein for clarification on the alleged data breach. However, as of the time of writing, no official response or statement has been received, leaving the claims of this third Henry Schein data breach unverified. In October, Henry Schein acknowledged a cyber incident that compromised customer data. The company is still recovering from the cybersecurity incident that affected its dental and medical distribution operations in North America and Europe. Moreover, Henry Schein’s financial outlook for 2023 has been significantly affected, with a projected sales decrease of 1% to 3% attributed to the cyber incident. Analysts estimate a $500 million impact, emphasizing the severity of the situation. The company plans to file a claim with its cyber-insurance policy, which has a $60 million after-tax claim limit. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Letters with Remcos ...

 Business

Since the beginning of the summer, Kaspersky systems have been recording an increase in the detection of Remcos remote-access  trojan attacks. The probable reason for this is a wave of malicious emails in which attackers try to convince employees of various companies to click on a link for malware installation.   show more ...

Malicious letters The bait that the attackers are using in this mailout isnt something extraordinary. They pose as a new client who wants to purchase some products or services and tries to clarify some information: the availability or prices of some merchandise, their compliance with some criteria, or something similar. What matters is that, in order to clarify the information, the recipient must click the link and read the list of these criteria or requirements. To make their letters more persuasive, cybercriminals often ask how quickly it will be possible to deliver the goods or ask about terms for international delivery. Of course, you shouldnt follow the link — it doesnt lead to a list, but to a malicious script. The attackers store their malicious script in an interesting place. Links have the address that looks like https://cdn.discordapp.com/attachments/. Discord is a completely legitimate communication platform, which allows users to exchange instant messages, make audio and video calls, and, most importantly, send various files. A Discord user can click on any file sent through this application and get a link that will make it available to an external user (this is necessary, for example, to quickly share a file via another messenger). It is these links that look like https://cdn.discordapp.com/attachments/ with some set of numbers identifying a specific file. Discord is actively used by various gaming communities, but its sometimes also used by companies to communicate within different teams and departments or even with customers. Therefore, systems that filter malicious content in emails often dont consider links to files stored on Discord servers as suspicious. Accordingly, if a recipient of the letter decides to follow such a link, hell in fact download malicious JavaScript that imitates a text file. When the victim opens this file, malicious script will launch powershell which, in turn, will download the Remcos RAT to the users computer. What is Remcos RAT and how dangerous is it? Theoretically, Remcos RAT — or Remote Control and Surveillance — is a program for remote administration, which was released by the company Breaking Security. But it has long been used by cybercriminals for espionage and taking control of computers running Windows. For example, in 2020, we wrote about the use of Remcos RAT in malicious mailings that exploited the common delays in deliveries of goods during the coronavirus pandemic. Remcos RAT collects data about both the victim and their computer, and then serves as a backdoor through which attackers can take complete control of the system. They download additional malicious software and run it, collect account data, record logs of user activity, and so on. How to stay safe In order to ensure that the Remcos malware doesnt harm your company, we recommend using reliable security solutions both at the level of the mail gateway and on all work devices that have access to the internet. Thus, the malicious emails will be detected before they reach the mailboxes of employees, but even if attackers come up with a new delivery method, our endpoint protection solutions wont let to download it. Kaspersky Endpoint Security detects Remcos RAT as Backdoor.MSIL.Remcos or Backdoor.Win32.Remcos.

image for ICANN Launches Servi ...

 Security Tools

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the   show more ...

information directly from registrars. In May 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — instructed all registrars to redact the customer’s name, address, phone number and email from WHOIS, the system for querying databases that store the registered users of domain names and blocks of Internet address ranges. ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union. In the meantime, registrars were to continue collecting the data but not publish it, and ICANN promised it would develop a system that facilitates access to this information. At the end of November 2023, ICANN launched the Registration Data Request Service (RDRS), which is designed as a one-stop shop to submit registration data requests to participating registrars. This video from ICANN walks through how the system works. Accredited registrars don’t have to participate, but ICANN is asking all registrars to join and says participants can opt out or stop using it at any time. ICANN contends that the use of a standardized request form makes it easier for the correct information and supporting documents to be provided to evaluate a request. ICANN says the RDRS doesn’t guarantee access to requested registration data, and that all communication and data disclosure between the registrars and requestors takes place outside of the system. The service can’t be used to request WHOIS data tied to country-code top level domains (CCTLDs), such as those ending in .de (Germany) or .nz (New Zealand), for example. The RDRS portal. As Catalin Cimpanu writes for Risky Business News, currently investigators can file legal requests or abuse reports with each individual registrar, but the idea behind the RDRS is to create a place where requests from “verified” parties can be honored faster and with a higher degree of trust. The registrar community generally views public WHOIS data as a nuisance issue for their domain customers and an unwelcome cost-center. Privacy advocates maintain that cybercriminals don’t provide their real information in registration records anyway, and that requiring WHOIS data to be public simply causes domain registrants to be pestered by spammers, scammers and stalkers. Meanwhile, security experts argue that even in cases where online abusers provide intentionally misleading or false information in WHOIS records, that information is still extremely useful in mapping the extent of their malware, phishing and scamming operations. What’s more, the overwhelming majority of phishing is performed with the help of compromised domains, and the primary method for cleaning up those compromises is using WHOIS data to contact the victim and/or their hosting provider. Anyone looking for copious examples of both need only to search this Web site for the term “WHOIS,” which yields dozens of stories and investigations that simply would not have been possible without the data available in the global WHOIS records. KrebsOnSecurity remains doubtful that participating registrars will be any more likely to share WHOIS data with researchers just because the request comes through ICANN. But I look forward to being wrong on this one, and will certainly mention it in my reporting if the RDRS proves useful. Regardless of whether the RDRS succeeds or fails, there is another European law that takes effect in 2024 which is likely to place additional pressure on registrars to respond to legitimate WHOIS data requests. The new Network and Information Security Directive (NIS2), which EU member states have until October 2024 to implement, requires registrars to keep much more accurate WHOIS records, and to respond within as little as 24 hours to WHOIS data requests tied everything from phishing, malware and spam to copyright and brand enforcement.

image for ALPHV/BlackCat Claim ...

 Firewall Daily

The Traffic and Criminal Software (TraCS) of Florida has reportedly fallen victim to a cyberattack by the notorious ALPHV ransomware group, also known as the BlackCat hackers. The Cyber Express Team has initiated inquiries into the alleged TraCS Florida cyberattack, reaching out to official authorities for   show more ...

confirmation. However, as of now, there has been no response from the officials, leaving the situation shrouded in uncertainty. TraCS Florida Cyberattack Upon attempting to access the official website of TraCS Florida, it was discovered that the site is currently unavailable. The unavailability of the website has fueled speculation and raised questions about the legitimacy of ALPHV/BlackCat’s claim about the cyberattack on TraCS Florida. It remains to be seen whether the website’s downtime is a result of the alleged cyberattack or if it is unrelated to technical issues. The motive behind the TraCS Florida cyberattack remains unclear, and the extent of data compromise is yet to be determined. As the investigation unfolds, concerns are growing among Florida residents about the potential impact on sensitive information stored within the Traffic and Criminal Software. ALPHV BlackCat Echoes TraCS Florida Cyberattack Claim Renowned for their audacious cyber offensives, the infamous hacking group ALPHV BlackCat has recently claimed responsibility for infiltrating Currax Pharmaceuticals in November 2023. The alarming revelation came to light when the hacker collective issued a menacing message, setting a deadline for the pharmaceutical company to make contact by Monday. The message included vague threats of unspecified consequences should the ultimatum go unmet. Despite the gravity of the situation, Currax Pharmaceuticals has yet to release an official statement addressing the reported data breach. The lack of clarity surrounding the incident leaves stakeholders and the public in suspense, uncertain of whether the pharmaceutical giant has indeed fallen victim to the relentless hacking group. This incident follows ALPHV BlackCat’s October 2023 attack on Institut Technologique FCBA, where the cybercriminals further expanded their growing list of victims. The FCBA cyberattack became evident when the ALPHV ransomware group prominently listed the organization’s website as one of its conquests. In the same month, CBS Eastern Europe found itself added to the list of casualties in the relentless ALPHV campaign. The attack against CBS Eastern Europe was exposed when the hacking group’s representative posted a scathing message on a prominent hacking forum, criticizing the company’s response to the breach. September 2023 witnessed ALPHV BlackCat claiming Clarion, Phil-Data Business Systems Inc., and MNGI Digestive Health as its latest victims. Noteworthy is the selection of these companies, showcasing the hacking group’s unique perspective in their targeting strategy. Keeping a Close Watch on the TraCS Florida Cyberattack As the cyber onslaught continues, the Florida Department of Law Enforcement has yet to confirm the reported breach or offer comments on the ongoing investigation. The public is on edge, eagerly anticipating an official response from authorities to provide insight into the situation and disclose the potential compromise of sensitive data. ALPHV BlackCat’s brazen attacks on various organizations highlight the urgent need for enhanced cybersecurity measures and proactive efforts to safeguard critical systems and sensitive information in an increasingly vulnerable digital landscape. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit Claims Cyber ...

 Firewall Daily

The notorious LockBit ransomware gang has claimed responsibility for a cyberattack on the Metropolitan Area Planning Council (MAPC), which serves the 101 cities and towns constituting metropolitan Boston. The hacker group has set a deadline for their demands, expiring on December 8. The Cyber Express Team reached out   show more ...

to MAPC officials seeking verification of the claim regarding the MAPC cyberattack. Official Response on MAPC Cyberattack Awaits As of now, an official response is still pending. Interestingly, despite the alleged MAPC cyberattack, the official website of the Metropolitan Area Planning Council was found to be fully functional, raising questions about the legitimacy of LockBit’s claim. A conclusive assessment of the MAPC cyberattack awaits an official statement from MAPC authorities. Source: Twitter LockBit, a formidable criminal organization deeply entrenched in cybercrime, has become a global menace, employing sophisticated intrusion tactics. While the FBI has not directly attributed their origins to Russia, their international affiliations and communication patterns strongly suggest a connection to Russian cybercrime rings. LockBit’s Onslaught Pattern Continues with MAPC cyberattack This recent cyberattack on MAPC follows a pattern of cyber onslaughts orchestrated by LockBit. In November 2023, MicroTrain Technologies and Shimano, a Japanese bicycle parts manufacturing giant, were reportedly targeted. The MicroTrain cyberattack exposed sensitive documents, including enrollment forms and business transactions, while Shimano faced a massive data breach compromising 4.5 terabytes of employee details, contracts, financial records, and more. However, both claims remain unverified as no official responses have been received. The LockBit gang, emerging in the last quarter of 2019, gained notoriety in 2022 as the most prominent global ransomware gang and RaaS operator, boasting a high number of victims on its data leak website. Their audacious attacks have also targeted CDW Corporation in September 2023, intensifying concerns about the group’s growing influence. As the MAPC grapples with the aftermath of this cyber onslaught, the urgency for a comprehensive response and cybersecurity measures escalates. The looming December 8 deadline adds a layer of complexity to an already tense situation, emphasizing the critical need for collaborative efforts to mitigate the impact of LockBit’s cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Dragos Community Def ...

 APT

Dragos Security on Wednesday unveiled a "Community Defense Program" to provide free cybersecurity software for small utilities providing water, electric, and natural gas in the United States. The post Dragos Community Defense Program Helps Small Utilities Facing Cyber Attacks appeared first on The Security   show more ...

Ledger with Paul F. Roberts. Related StoriesFBI: Iranian APT Targets Israeli-Made PLCs Used In Critical IndustriesBitCoins To Bombs: North Korea Funds Military With Billions In Stolen CryptocurrencyCyberattacks on Industrial Control Systems Jumped in 2022

 Malware and Vulnerabilities

A vulnerability in an open-source library used in Web3 smart contracts has been discovered, affecting multiple NFT collections, including Coinbase. Thirdweb has provided mitigations for the impacted contracts and urged owners to take action.

 Identity Theft, Fraud, Scams

A new phishing campaign has been discovered that targets individuals with messages about failed deliveries or late payments from major shipping companies. It also involves the use of fake websites that mimic popular brands and postal services.

 Security Products & Services

Kali Linux 2023.4, the latest version of the Linux distribution for ethical hackers and cybersecurity professionals, has been released. It includes fifteen new tools and the GNOME 45 desktop environment.

 Malware and Vulnerabilities

Admins are advised to upgrade to the latest ALEOS version, change default SSL certificates, disable non-essential services, implement web application firewalls, and install an OT/IoT-aware IDS for enhanced protection against these vulnerabilities.

 Feed

Ubuntu Security Notice 6533-1 - Tom Dohrmann discovered that the Secure Encrypted Virtualization implementation for AMD processors in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV guest VM could possibly use this to cause a denial of service or possibly execute   show more ...

arbitrary code. It was discovered that the io_uring subsystem in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for   show more ...

MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6531-1 - Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted   show more ...

commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.

 Feed

Ubuntu Security Notice 6530-1 - It was discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

 Feed

Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2023-7656-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7653-03 - An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include bypass and denial of service vulnerabilities.

 Cybersecurity News

In response to the confirmed exploitation of Adobe ColdFusion CVE-2023-26360 by unidentified threat actors within a Federal Civilian Executive Branch (FCEB) agency, the Cybersecurity and Infrastructure Security Agency (CISA) has released a Cybersecurity Advisory (CSA). The vulnerability, presenting as an improper   show more ...

access control issue, impacts Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). CISA Exploitation and Consequences This critical vulnerability also extends its reach to ColdFusion 2016 and ColdFusion 11 installations, although they are no longer supported since reaching the end of life. The exploitation of CVE-2023-26360 can lead to arbitrary code execution. Following an investigation by the FCEB agency, analysis of network logs has confirmed the compromise of at least two public-facing servers within the environment between June and July 2023. The newly released CISA cybersecurity advisory aims to equip network defenders with essential information, including tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar exploitation. The advisory provides a comprehensive overview of the threat landscape, urging immediate action to mitigate malicious cyber activity. CISA Cybersecurity Advisory: Immediate Actions to Mitigate Threats The CISA Cybersecurity advisory emphasizes several crucial actions for organizations to undertake promptly: Remediate Known Exploited Vulnerabilities: Prioritize the identification and remediation of known vulnerabilities, with a specific focus on the identified Adobe ColdFusion CVE-2023-26360. Implement Proper Network Segmentation: Enhance network security by implementing proper segmentation, limiting lateral movement within the network, and containing potential threats. Enable Multifactor Authentication (MFA): Implement multifactor authentication for all services, particularly for webmail, VPN, and accounts that access critical systems. MFA adds a layer of security, mitigating the risk of unauthorized access. CISA’s Collaborative Approach to Cybersecurity CISA Cybersecurity Advisory serves as a crucial resource for network defenders and critical infrastructure organizations, offering insights to bolster their cybersecurity posture and protect against similar threats. Furthermore, CISA calls on software manufacturers to adopt secure-by-design and -default principles in their development practices to limit the impact of potential threat actor activities. This CISA cybersecurity advisory highlights the importance of a proactive and collaborative approach to cybersecurity, emphasizing the need for swift and comprehensive action to safeguard against evolving cyber threats. Organizations are urged to review the CISA’s CSA promptly and implement the recommended measures to strengthen their defenses in the face of potential cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 (CVSS score: 7.8) - Memory corruption in DSP Services during a remote call from HLOS to DSP. CVE-2023-33106 (CVSS score: 8.4) - Memory corruption in

 Feed

In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,"

 Feed

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score

 Feed

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is a web service that enables

 Feed

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like

 Feed

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according

 Guest blog

$10 million reward is focused on hackers working on behalf of the North Korean government, who are using cryptocurrency mixers to launder the funds they are stealing from financial institutions and businesses. Read more in my article on the Hot for Security blog.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE CHICAGO, Dec. 5, 2023 — Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, today released findings from its Keeper Security   show more ...

Insight Report: Cloud-Based Privileged Access Management. The report explores what IT and security leaders are seeking in a Privileged Access Management […] La entrada Keeper Security Survey Finds 82% of IT Leaders Want to Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE OVERLAND PARK, Kan., Dec. 5, 2023 /PRNewswire/ — Foresite, announces a new partnership with CrowdStrike, a global leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data protection. This collaboration will provide   show more ...

customers the opportunity to leverage the industry-leading, AI-Powered CrowdStrike Falcon® platform with Foresite’s proprietary ProVision Managed Services for Foresite’s Channel […] La entrada Foresite Cybersecurity Partners With Crowdstrike – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE BOSTON and TEL AVIV, Israel, Dec. 5, 2023 /PRNewswire/ — Mine, a pioneering company disrupting the data privacy market, announced today that it has raised $30 million in Series B funding, co-led by Battery Ventures and PayPal Ventures, with   show more ...

significant investments from Nationwide Ventures and with the participation of all existing investors including Saban Ventures, Gradient […] La entrada Mine Secures $30M in Series B Funding – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Closes

Source: www.darkreading.com – Author: PRESS RELEASE MIAMI, Dec. 5, 2023 /PRNewswire/ — Enveedo, a cybersecurity company with an innovative approach to integrated risk management, announced today the closing of its $3.15 million seed funding round, led by Silverton Partners, a prominent venture   show more ...

capital firm based in Austin, Texas.  The round was also joined by Runtime Ventures and Blu Ventures who are […] La entrada Enveedo Closes $3.15M Seed Round to Help Businesses Build and Maintain Cyber Resiliency – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE London, 5th December: Klarytee, a software platform that builds security into the data itself for large organisations to handle sensitive information, has closed a $900,000 pre-Seed funding round backed by early-stage VC fund Concept Ventures. High-profile   show more ...

angel investors in the deal include former Twitter CISO Micheal Coates, former Group CEO […] La entrada Klarytee Raises $900k Pre-Seed Round to Make Data Secure by Default – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Lockdown

Source: www.darkreading.com – Author: Source: Takatoshi Kurikawa via Alamy Stock Photo Researchers have discovered a way to subvert “Lockdown Mode,” Apple’s most stringent security protection for iOS. The company first introduced Lockdown Mode last year, after a marked increase in   show more ...

nation-state-developed, zero-click exploits for iPhones. The new feature was designed to protect particularly vulnerable users […] La entrada Apple ‘Lockdown Mode’ Bypass Subverts Key iPhone Security Feature – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Source: Jamie Jin via Shutterstock Attackers could soon begin using malicious instructions hidden in strategically placed images and audio clips online to manipulate responses to user prompts from large language models (LLMs) behind AI chatbots such as ChatGPT. Adversaries   show more ...

could use these so-called “indirect prompt injection” attacks to redirect users to […] La entrada LLMs Open to Manipulation Using Doctored Images, Audio – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: 1 Min Read Source: Luis Moreira via Alamy Stock Photo Contrary to reported claims from notorious ransomware group BlackCat/ALPH, financial technology vendor Tipalti said its investigation has turned up no evidence of a breach so far. Dark Web Informer shared a screenshot of   show more ...

a purported Dark Web post from BlackCat/ALPHV on […] La entrada Payments Giant Tipalti: No Ransomware Breach, No Threat to Roblox – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Source: Stephen Frost via Alamy Stock Photo A variety of malicious loan apps, under the name SpyLoan, have been downloaded more than 12 million times in 2023 from Google Play, the official app store for Android. That’s according to ESET researchers, who said that the   show more ...

apps’ overall download tally is likely […] La entrada SpyLoan Malicious App Downloaded 12M+ Times in Google Play – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Claim

Source: www.darkreading.com – Author: Source: Christophe Coat via Alamy Stock Photo A hacker group claims to have stolen a trove of 500GB of medical data from Ziv Medical Center in Safed, Israel — including 100,000 records related to the Israeli Defense Force (IDF). The center itself issued a statement on   show more ...

Nov. 27 confirming that it was […] La entrada Hackers Claim to Breach Israeli Defense Force Medical Data – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Wednesday, December 06
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary