Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Indian Aerospace Tar ...

 Dark Web News

In a recent turn of events, the dark web has once again become a hub of speculation, with alleged unauthorized access to an undisclosed Indian aerospace organization purportedly up for sale. The self-proclaimed threat actor, known as RobinHood, has made bold claims regarding their possession of unauthorized access to   show more ...

Indian aerospace organization within the defense and aerospace sector in India. As of the reported threat activity date on December 6, 2023, RobinHood hacker group took to the RAMP Forum to announce the availability of unauthorized access to the Indian aerospace organization. However, these claims are yet to be verified because the threat actor didn’t name any particular organization or any sample data for verification.  Unauthorized Access to Indian Aerospace Organization Source: Twitter The threat actor asserted having Remote Desktop Protocol (RDP) access with local administrative privileges, along with a collection of 30 plain-text credentials belonging to users associated with the mysterious organization. Furthermore, RobinHood hacker group disclosed that the compromised network’s file systems harbor a database of substantial size, approximately 30 terabytes. Interestingly, the threat actor refrained from providing specific details about this unauthorized access to Indian aerospace organization and whether the targeted firm is state-owned or privately operated. However, RobinHood hacker group did insinuate that the organization holds a crucial role as a key partner in the Chandrayaan-3 mission led by the renowned Indian Space Research Organization (ISRO).  At this juncture, the identity of the impacted entity remains undisclosed, as The Cyber Express is keeping tabs to ascertain the facts surrounding this potential breach. It is crucial to note that, as of now, there is no information available regarding the organizations directly affected by this unverified cyber threat. The incident’s scope is currently under investigation, with the focus primarily on entities operating within India. Unconfirmed Cyberattack on Indian Aerospace  The unconfirmed nature of these claims was posted on a hacker forum where multiple threat actors, users, and wanna-be hackers post their breaches.  The alleged cyberattack on the ‘undisclosed ’Indian Aerospace Organization raises questions about the authenticity of the threat actors as we’ve previously seen hackers mistaking victims and claiming false data breaches and cyberattacks.  While the authenticity of RobinHood hacker group’s assertions remains in question, the incident serves as a questionnaire tale about hackers and their game of tricking organizations. The Cyber Express is monitoring the situation, and we’ll update this post once we have more information on this undisclosed cyberattack on the Indian Aerospace Organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information

image for Uncovering AutoSpill ...

 Firewall Daily

The culmination of Black Hat Europe 2023 gathered leading industry professionals and researchers, offering forefront cybersecurity insights. A standout briefing featured the unveiling of “AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers” by Ankit Gangwal, Shubham Singh, and Abhijeet   show more ...

Srivastava. Here is a simplified version of the AutoSpill mobile password manager vulnerability, focusing on the potential exploit, detection techniques, and solutions for Android users. What is AutoSpill Vulnerability and How Does it Work? Source: Black Hat Europe 2023 The researchers shed light on a prevalent scenario where a web page is loaded into a mobile app using WebView controls. WebView, the preinstalled engine from Google, allows developers to display web content in-app without launching a web browser. In their study, the researchers identified a vulnerability in Android password managers during autofill operations on login pages loaded inside an app. The AutoSpill vulnerability arises when Android apps load a login page in WebView, causing password managers to become “disoriented” about where to target user login information. This results in the exposure of credentials to the underlying app’s native fields.  The researchers discovered that the majority of top Android password managers were vulnerable to AutoSpill, even without JavaScript injections. Enabling JavaScript injections exacerbated the issue, making all tested password managers susceptible to the vulnerability. Implications and Ramifications for AutoSpill Vulnerability Ankit Gangwal emphasized the ramifications of this vulnerability, particularly in scenarios involving malicious base apps. He pointed out that even without phishing, a malicious app requesting login via third-party sites like Google or Facebook could automatically access sensitive information. The researchers tested popular password managers, including 1Password, LastPass, Keeper, and Enpass, on up-to-date Android devices. Their findings revealed that most apps were vulnerable to credential leakage, even with JavaScript injection disabled. Enabling JavaScript injections exacerbated the vulnerability across all tested password managers. Upon discovering the AutoSpill vulnerability, Gangwal responsibly disclosed their findings to both the affected password managers and the Android security team. The affected parties acknowledged the validity of the issue, and measures were taken to address the vulnerability. The AutoSpill vulnerability highlights the potential risks associated with Android password managers during autofill operations. The responsible disclosure of vulnerabilities ensures a proactive approach to safeguarding user data and maintaining the integrity of password management systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Gernesia Team Claims ...

 Firewall Daily

A nefarious threat actor named Gernesia Team has claimed to have carried out a DDoS attack against the Nuclear Power Corporation of India Limited. The Indonesia-based cybercriminal group has posted a screenshot on the dark web that shows that the website was inaccessible after the NPCIL cyberattack. The Cyber Express   show more ...

has reached out to the NPCIL to verify the DDoS attack claims made by the Garnesia Team, but an official response is currently unavailable. NPCIL Cyberattack Garnesia Team has claimed that the website of NPCIL has been “HACKED” by an individual named “Mr.x0x0” who is a member of “C.O.A GARNESIA TEAM”. The screenshot posted by the threat actor claims that the NPCIL cyberattack was caused by RaaS Malware targeting the “Indian Nuclear Office”. Not many details are available about the damage caused by the cyberattack claimed by the Garnesia Team. The Cyber Express team attempted to access the NPCIL website on our systems to verify reports of inaccessibility but found the website to be fully functional. About Garnesia Team Garnesia Team is a hacker collective that has targeted Indian Government websites on multiple occasions including the latest claims of NPCIL cyberattack. MasRizkul founded the group on June 26, 2023, which has its headquarters in Indonesia. On October 14, 2023, the group declared that it would launch a campaign known as “OpIndia” and target Indian infrastructure, reported India Today. Garnesia Team has attacked Indian government websites using denial-of-service attacks. Additionally, Garnesia Team is responsible for the cyberattack that targeted the French Ministry of Justice. About NPCIL Nuclear Power Corporation of India Limited or NPCIL is a Public Sector Unit controlled by the Department of Atomic Energy of the Indian Government. In September 1987, NPCIL was incorporated as a Public Limited Company under the Companies Act, 1956, with the aim of running atomic power plants and executing atomic power projects to generate electricity in compliance with the Government of India’s schemes and programs under the Atomic Energy Act, 1962. Currently, 23 commercial nuclear power reactors with a 7480 MW installed capacity are run by NPCIL. The reactor fleet consists of two Boiling Water Reactors (BWRs), nineteen Pressurized Heavy Water Reactors (PHWRs)—of which two VVER reactors with a capacity of 1000 MW each are owned by the Government of India’s DAE—and one 100 MW PHWR located in Rajasthan. On June 30, 2023, Kakrapar Atomic Power Project (KAPP) Unit 3 went into commercial operation. Nine more reactors with a combined capacity of 7,500 MW are being built by NPCIL. Impact of the Alleged NPCIL DDoS Attack A Distributed Denial of Service (DDoS) attack can have several impacts like: degraded network connectivity, increased website loading time, crashed servers, degraded critical services and reduced productivity, reputational damage, financial losses, and more. A DDoS attack’s primary objective is to stop the target from using their resources. Employees might not be able to access network resources during an assault. Customers may not be able to make purchases from eCommerce sites or receive support. Depending on the attack’s magnitude, a DDoS attack may have different effects. In the worst situation, businesses might lose upto $20,000 per hour. Incidents like the NPCIL cyberattack claimed by the Garnesia Team are a stark reminder of the vulnerable state of cybersecurity in both government and non-government organizations. To bolster defenses against DDoS attacks, organizations need to implement a comprehensive strategy comprising of network security measures like firewalls, and intrusion prevention mechanisms. Organizations also need to consider leveraging cloud-based DDoS protection services to protect against large-scale attacks and establish collaborative relationships with Internet Service Providers. While no solution is absolute, this multifaceted approach enhances resilience against evolving DDoS attack threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for World CyberCon India ...

 Firewall Daily

The city of Mumbai played host to the second edition of World CyberCon India 2023 on December 1, 2023, at the prestigious Hotel Sahara Star. Organized by The Cyber Express by Cyble, this event convened top minds in cybersecurity to explore the theme “Securing India’s Digital Future: Challenges and   show more ...

Solutions.” “We are here to celebrate the leaders and pioneers of cybersecurity, who tirelessly work to safeguard our digital landscapes. We are here to nurture and applaud an incredible community – a community united by a common goal to make the world a safer place,” expressed Augustin Kurian, Editor-in-Chief, of The Cyber Express. The event’s pinnacle was marked by the distinguished presence of Brijesh Singh, Principal Secretary to the Honorable CM at the Chief Minister Secretariat, Mantralaya, Mumbai, who honored the occasion as the Chief Guest. Known for his pivotal role in shaping cybersecurity policies, Brijesh Singh shared valuable insights into the evolution of cybersecurity in India. During his speech, Singh stressed the necessity of a comprehensive national strategy, emphasizing the importance of strong procurement frameworks. He encouraged participants to explore adopting virtual Aadhaar, emphasizing its potential to elevate security measures. Additionally, Singh placed a strong emphasis on the necessity of government cybersecurity, stressing the importance of safeguarding digital infrastructure in the face of evolving threats. Brijesh Singh, Principal Secretary to the Honorable CM at the Chief Minister Secretariat, Mantralaya, Mumbai Singh’s address echoed the transformative power of technology, emphasizing the crucial role of a comprehensive National Cyber Security Policy and Framework in fostering digital resilience. “Government digital infrastructure is distinct from corporate profit centers because trust is of paramount importance. Therefore, cybersecurity in government systems is critical, as a breach in security would constitute a breach of trust. Consequently, it is imperative to establish standards, policies, frameworks, and adherence to the latest cybersecurity guidelines across the entire government. This includes a comprehensive understanding of threat intelligence to secure the system in a manner that is globally recognized as the best,” opined Singh. World CyberCon India 2023: Gaining Insights from Panel Discussions Gaining valuable insights was at the forefront of the World CyberCon India event, where engaging panel discussions delved into critical cybersecurity topics. Source: The Cyber Express In the panel titled “Beyond the Surface: Navigating the Deep and Dark Web for Threat Intelligence,” industry experts, including Balaji Kapsikar, Beenu Arora, Col Kapil Jaiswal, Dr. Mahesh Juttiyavar, and Ankit Sharma (Moderator), provided profound perspectives. “Reflecting on the profound discussions at World CyberCon in Mumbai, where innovation and collaboration converged, I am inspired by the strides we’ve made to fortify our digital future. At Cyble, we remain committed to pioneering solutions that empower a resilient cyber landscape, safeguarding businesses and individuals alike. Together, let us navigate the ever-evolving cyber realm with vigilance and innovation,” said Beenu Arora, CEO and Co-Founder, Cyble Inc. Beenu Arora, CEO and Co-Founder, Cyble Inc. The discussion on “Ransomware Rundown: Strategies for Prevention, Mitigation, and Recovery” featured Dr. Yusuf Hashmi, Ramesh Gurram, Nirav Hiradhar, Hitesh Mulani, and Sabarinathan Sampath (Moderator), offering strategic insights. Source: The Cyber Express The panel on “Empowering Cyber Sentinels: The Crucial Role of AI and ML in Defending Cyberspace” brought together Kiran Belsekar, Vijay Kumar Verma, Amitabh Bhardwaj, Pooja Shimpi, and Venkata Satish Guttula (Moderator), shedding light on the pivotal role of AI and ML in cybersecurity defense. In the discussion on “Securing the Future: IoT Security Challenges and Solutions in India,” industry experts including Ambarish Kumar Singh, Harshad Mengle, Vijay Devnath, Abhishek Bakshi, and Akshay Garkel (Moderator) deliberated on IoT security challenges and solutions. N S Nappinai, Advocate, Supreme Court and Founder – Cyber Saath Complementing these discussions were industry sessions, including “Navigating the Digital Frontier: Insights into the Proposed Digital India Act & Cybercrime Laws” with N S Nappinai, Advocate, Supreme Court and Founder – Cyber Saath. Apart from these sessions on topics such as social engineering and phishing, supply chain security best practices, and more, featuring industry leaders like Dipesh Kaura, Country Head- India and SAARC, Cyble Inc, Abhishek Mathur, Sr. Group Manager – (I&E), Wartsila Indi, and Hilal Ahmad Lone, CISO, Razorpay. These sessions collectively contributed to a comprehensive exploration of cybersecurity challenges and solutions. The Cyber Express Awards: A Salute to Cyber Excellence In a spectacular celebration of cybersecurity excellence, The Cyber Express Awards recognized outstanding individuals who have demonstrated exceptional commitment and expertise in safeguarding digital landscapes. The awardees, spanning diverse industries, showcased their dedication to cybersecurity, pushing the boundaries of innovation and resilience. Source: The Cyber Express Notable winners include Milin Nitin Shah, Asst Vice President at SitusAMC, Advocate Puneet Bhasin, Founder of Cyberjure Legal Consulting, and Pooja Shimpi, Founder & CEO of Sybernow, all acclaimed as The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2023. Further, luminaries like Prasad Badiwale, Group CISO at Aditya Birla Management Corporation, and Kavitha Kadambi, CISO at Infosys, were crowned The Cyber Express Cybersecurity Persons of 2023 (India) in the categories of Man and Woman, respectively. The coveted title of The Cyber Express Top CISOs of 2023 in the BFSI sector was bestowed upon visionaries such as Jayashree Naik, Head of Cyber Security at Silicon Valley Bank, and Bhagwatiprasad Dubey, AVP – CISO at Axis Mutual Fund. In the IT Services and IT Consulting domain, leaders like Vikram Dhanda, CISO at Virtusa, and Atul Shukla, CISO at NSEIT, earned their place in The Cyber Express Top CISOs of 2023. Source: The Cyber Express Recognizing influencers shaping the cybersecurity landscape, The Cyber Express Top Cybersecurity Influencers of 2023 title was awarded to prominent figures like Venkata Satish Guttula, Co-Founder & CISO at CyberXGen, and Santosh Kumar Tripathi, Director, Information Security and Compliance at Virsec Systems, Inc. These awards stand as a testament to the exemplary dedication and groundbreaking contributions of these cybersecurity luminaries, reflecting their pivotal roles in fortifying digital landscapes and paving the way for a secure digital future. Leaders’ Perspectives on World CyberCon India 2023: A Reflection World CyberCon India, the premier cybersecurity conference in India, concluded with resounding success, bringing together industry leaders, policymakers, and cybersecurity experts to discuss the most critical issues facing the cyber landscape today. The event was lauded by participants for its insightful discussions, thought-provoking presentations, and excellent networking opportunities. Industry leaders were particularly impressed by the high caliber of speakers and the depth of their expertise. “The speakers were truly world-class,” remarked one attendee. “They provided valuable insights into the latest cybersecurity trends and threats.” Another attendee commented on the diversity of topics covered, saying, “The conference covered a wide range of topics, from emerging threats to best practices for defending against cyberattacks.” In addition to the content, participants also praised the organization of the event. “The event was well-organized and ran smoothly,” said one attendee. “The staff was friendly and helpful.” Another attendee commented on the venue, saying, “The venue was spacious and comfortable.” The Cyber Express Team Overall, World CyberCon India was a resounding success, providing a valuable platform for discussion and collaboration on the most critical cybersecurity issues facing India today. The event was a testament to the hard work and dedication of the organizing team, and it is sure to be remembered as one of the premier cybersecurity events in India. As the curtains draw on this successful edition, World CyberCon India extends its gratitude to all participants, sponsors, and partners for contributing to the event’s success. The knowledge shared and connections forged during the event are integral to advancing India’s cybersecurity resilience.

image for Google Launches All ...

 Features

Google revealed the Gemini AI on Wednesday, December 6. The Gemini AI models have been trained to think like humans. These models are available in three dimensions: Gemini Ultra for difficult jobs, Gemini Pro to scale over an extensive array of tasks, Gemini Nano for jobs that need on-device use, such as   show more ...

Google’s Pixel 8 Pro smartphone. Gemini is the biggest and most powerful AI model that Google has created to date. It has been trained to think and act more like people and process information just like a human would do. But is it cyber-safe? Let’s discover from the insights provided by experts at Google. Features of Gemini AI Gemini AI possesses the following capabilities: Multimodal proficiency: Gemini is no longer limited to text. Its smooth integration with audio, video, and other data formats enables engaging and organic interactions that are closer to speaking with a real person. Imagine living in a world where you could talk about a painting and learn the artist’s backstory, or where you could describe a scenario and watch it come to life. Mind-blowing speed: Gemini has the intelligence to match its aspirations. Thanks to Google’s potent TPUv5 CPUs, it is five times more powerful than GPT-4 and can manage numerous requests at once. It can also easily handle difficult jobs. Unmatched precision: Gemini has access to the most recent data and is able to respond to your inquiries with accuracy and dependability because it has been trained on a massive dataset of text and code. In certain tasks, it even performs better than humans at the “expert level,” making it a useful tool for research, teaching, and other purposes. Real-time learning: Gemini is continuously learning and developing, in contrast to GPT-4. Its ability to instantly assimilate fresh data guarantees that its expertise is constantly up to date and relevant to requirements. Democratization of AI: Google is enabling universal access to AI. Gemini comes in a variety of models, ranging in power from the ultra-powerful Ultra to the lightweight Nano, so you can chose the one that best suits your needs. Is Gemini AI Chatbot Cyber-Safe? Through internal and external testing as well as red-teaming, Google claims to have worked hard to assure Gemini’s safety and responsibility. James Manyika, Senior Vice President of Research, Technology and Society at Google said, “At Google, there’s this healthy disregard for the impossible and that has oriented us to be both bold and responsible together.” James believes that as these AI-powered systems become more capable, all of those capabilities also raise new questions regarding community standards and cybersecurity, which Google is taking care of. Tulsee Doshi, the Director for Responsible AI at Google said, “We have to think about what it means to have an image, be a part of, for example, the input. Because an image might be innocuous on its own, or text might be innocuous on its own, but the combination could be offensive or hurtful.” She stated that the three models of Gemini AI have been through multiple thorough phases of testing to identify the vulnerable spots and remove them to make them more safe for the world. “We develop proactive policies and adapt those to the unique considerations of multimodal capabilities; we then do rigorous testing against those policies to prevent the harms that we’ve identified with approaches like classifiers and filters.” She discussed the importance of testing to ensure that Gemini AI is safe for its users. Lila Ibrahim, the COO at Google DeepMind said, “Safety and responsibility has to be built-in from the beginning. And at Google DeepMind, that’s what we’ve done with Gemini,” though, she did not talk exactly about how Google is ensuring cybersecurity measures in Gemini AI. Sundar Pichai, CEO of Google Pichai noted that the majority of generative AI revenue comes from enterprise-first products, for which guaranteeing data security and dependability is very crucial. He said, “If I were to look at the foundational breakthroughs in AI over the past decade, Google has been at the forefront of many of those breakthroughs, and I think Gemini continues that rich tradition. Gemini AI chatbot is for sure a benchmark in the world of generative AI, but the world has its own set of cybersecurity worries with this new tool. How cyber-safe it is, is still a matter of concern. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ratan Tata’s Ident ...

 Firewall Daily

Deepfake videos are persistently emerging, targeting notable personalities globally. Now, the esteemed industrialist and former Tata Group Chairman Ratan Tata has fallen victim to the misuse of his identity in fraudulent investment schemes circulating on online platforms. The industrialist has stepped forward to alert   show more ...

the public about a Ratan Tata deepfake video where his identity is being misused for online investment scams. In an Instagram post, Tata dismissed the video as “Fake,” pointing out that user Sona Agrawal shared a fabricated interview featuring him. The video deceptively promoted investment opportunities, falsely claiming Tata’s participation in the project. Ratan Tata Deepfake Video Sparks Concern  Source: Twitter In the deceptive Ratan Tata deepfake footage, Sona Agrawal was presented as Tata’s manager, accompanied by a caption that bolstered the false narrative, asserting, “A recommendation from Ratan Tata for everyone in India. This is your chance to exaggerate your investment right today risk-free with a 100 percent guarantee. Go to the channel right now.” Furthermore, the deepfake video featured alleged testimonials from individuals who claimed to have received substantial sums of money through this purported investment avenue. Expressing his disapproval and intent to alert the public, Tata unequivocally labeled the video as “FAKE,” emphasizing his stance on a screenshot of the misleading caption. The prevalence of the Ratan Tata deepfake video highlights the growing threat of online scams, reminiscent of similar investment scams targeting influential figures such as Tesla’s CEO, Elon Musk. This issue extends beyond the realm of Bollywood celebrities and politicians, as business tycoons like Ratan Tata find themselves facing the same issues. Ratan Tata Deepfake Video Leading to Investment Scams Ratan Tata, an Indian industrialist, philanthropist, and former chairman of Tata Sons, used his social media platform to voice his stance on the alleged deepfake video. In his post on Instagram, Tata called out the user responsible for using a fake interview to recommend investments. He emphatically issued a fake alert, denouncing the misuse of his name on social media to lure individuals into what he deemed a risk-free and 100% guaranteed investment. This incident highlights the pervasive nature of deepfake technologies, sparing no one from actors to politicians and now, even prominent entrepreneurs like Ratan Tata. The urgency of addressing this issue is evident, with Tata’s public denouncement serving as a clear indication that stringent guidelines and punishments need to be established for individuals engaging in such deceptive practices. As the threat of deepfake videos continues to evolve, it becomes crucial for authorities to implement measures that safeguard the public from falling prey to these sophisticated deepfake scams. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Trends, Reports, Analysis

Scammers are exploiting the need for loans for Christmas spending, leading to a surge in loan fee fraud – a type of scam where victims are promised loans they never receive, whilst being tricked into paying an upfront charge as a ‘deposit’ or ‘fee.’

 Trends, Reports, Analysis

The ENISA Threat Landscape for DoS Attacks report provides insights into the motivations, goals, and impacts of DoS attacks, highlighting the need for organizations to enhance their defenses and prepare prevention and remediation strategies.

 Malware and Vulnerabilities

The bugs, discovered by external security researchers and labeled as CVE-2023-48424, CVE-2023-48425, and CVE-2023-6181, pose a risk of supply chain interception, where hackers replace legitimate software updates with malicious versions.

 Govt., Critical Infrastructure

Since the release of the CPG program, organizations enrolled in CISA's vulnerability scanning service have reduced their average number of known exploited vulnerabilities by about 20%.

 Laws, Policy, Regulations

The ruling establishes that a lack of knowledge by management is not a defense, and organizations can be fined based on their own turnover and the turnover of their parent company.

 Trends, Reports, Analysis

Researchers at ZeroFox found that LockBit was leveraged in more than a quarter of global ransomware and digital extortion (R&DE) attacks in the seven quarters analyzed from January 2022 to September 2023.

 Security Products & Services

Microsoft will offer Extended Security Updates (ESU) for Windows 10 users after the end of support, but they will have to pay for them. ESUs will provide critical security updates but not new features or design changes.

 Feed

Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.

 Feed

Ubuntu Security Notice 6539-1 - It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was   show more ...

discovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

 Feed

Ubuntu Security Notice 6538-1 - Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array   show more ...

values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.

 Feed

Ubuntu Security Notice 6537-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not   show more ...

properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6536-1 - Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Kyle Zeng discovered that the IPv4   show more ...

implementation in the Linux kernel did not properly handle socket buffers when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.

 Feed

Ubuntu Security Notice 6535-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Maksymilian Arciemowicz discovered that curl incorrectly handled long file names   show more ...

when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.

 Feed

This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's   show more ...

cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

 Feed

Red Hat Security Advisory 2023-7695-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7694-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7678-03 - Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Issues addressed include XML injection, bypass, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7676-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a man-in-the-middle vulnerability.

 Feed

Red Hat Security Advisory 2023-7672-03 - Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-7667-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7666-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7665-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.

 Feed

Red Hat Security Advisory 2023-7610-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Data Breach News

The Australian and New Zealand arm of Nissan Corporation and Financial Services (“Nissan”) has reported a cyber incident, prompting an immediate response to assess the situation. Nissan is actively collaborating with its global incident response team and relevant stakeholders to determine the extent of the   show more ...

Nissan data breach and whether any personal information has been compromised. Nissan Data Breach: Government Agencies Notified The company has taken a proactive approach by notifying both the Australian Cybersecurity Centre and the New Zealand National Cybersecurity Centre about the Nissan data breach, demonstrating a commitment to transparency and cooperation in addressing potential cybersecurity threats. While the investigation is ongoing, Nissan is urging its customers to remain vigilant regarding their accounts. Customers are advised to be on the lookout for any unusual or scam activities and to report any concerns promptly. The company is dedicated to keeping its customers informed and is actively working to restore its systems to normalcy. Official Updates After Nissan Data Breach Updates on the Nissan data breach and recovery efforts can be accessed through the official Nissan websites – nissan.com.au and nissan.co.nz. Further, the company emphasizes that it is working diligently to address the issue and requests cooperation while they navigate through the aftermath of the cyber incident. Despite the cyber incident, Nissan emphasizes that local dealerships are operational and available to assist customers. While some dealer systems may be impacted, the company assures customers that their local Nissan Dealership remains fully operational and committed to providing the best service. In a preceding incident, Toyota Motor disclosed in May 2023 that the personal details of its customers in specific countries across Oceania and Asia (excluding Japan) may have been inadvertently exposed to the public from October 2016 to May 2023. The revelation of the Toyota Motor customer data leak occurred on May 12. Following the discovery, the automotive giant initiated a thorough investigation into the data leak, uncovering the potential external accessibility of additional customer information managed by Toyota Connected Corporation (TC). Meanwhile, Nissan remains committed to transparency and will continue to provide updates to keep its customers informed. The automotive industry’s proactive response to data security incidents highlights the ongoing efforts by major players to address and mitigate cybersecurity challenges. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB said in a report

 Feed

Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of

 Feed

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass

 Feed

Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of

 Feed

Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem

 Feed

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of

 Feed

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53),

 Data loss

Hacking fears are raised at Western Europe's most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.

 Data loss

A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia. And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Learn more about the BlackSuit ransomware in my article on the Tripwire State of Security blog.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient   show more ...

execution attack that takes advantage of a memory feature that allows […] La entrada New SLAM attack steals sensitive data from AMD, future Intel CPUs – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. These revelations come after U.S. Senator Ron Wyden, who serves on the Senate Intelligence   show more ...

Committee, sent a letter to the Department of Justice warning that […] La entrada US senator: Govts spy on Apple, Google users via mobile notifications – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. The company is   show more ...

based in Australia and specializes in high-performance aluminum vessels. […] La entrada Navy contractor Austal USA confirms cyberattack after data leak – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity   show more ...

score of at least 9.0 out of 10, based on Atlassian’s internal assessment. However, the company advises […] La entrada Atlassian patches critical RCE flaws across multiple products – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sponsored by Varonis Athena AI, the new generative AI layer that spans across the entire Varonis Data Security Platform, redefines how security teams protect data — from visibility to action. Using natural language, customers can conduct in-depth investigations and   show more ...

analysis more efficiently, transforming users of all skill levels into formidable defenders. […] La entrada Varonis Introduces Athena AI to Transform Data Security and Incident Response – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Catalin Cimpanu

Source: krebsonsecurity.com – Author: BrianKrebs More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for   show more ...

researchers, law enforcement and others to request the information directly from registrars. In […] La entrada ICANN Launches Service to Help With WHOIS Lookups – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Daryna Olyniychuk Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for   show more ...

initial access to compromised systems.  Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking […] La entrada Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

Source: www.techrepublic.com – Author: Mary Branscombe Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that’s out of support. Windows 10 will stop getting free updates, including security fixes,   show more ...

after October 14, 2025; which is the official end of […] La entrada Windows 10 Extended Security Updates Promised for Small Businesses and Home Users – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: TechRepublic Premium TechRepublic Premium Generative AI Policy Generative AI represents a significant development in the field of artificial intelligence, offering a wide range of capabilities and potential benefits. Generative AI is reshaping businesses across industries   show more ...

by offering automation, personalization and efficiency. It enables companies to optimize operations by generating content, designing […] La entrada Splunk Predictions 2024: Leadership Trends and Emerging Technologies – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: The AI promises of today may become the cybersecurity perils of tomorrow. Discover the emerging opportunities and obstacles Splunk security leaders foresee in 2024: Talent: AI will alleviate skills gaps while creating new functions, such as prompt engineering. Data privacy:   show more ...

With AI and the use of large language models introducing new […] La entrada Splunk Data Security Predictions 2024 – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Thursday, December 07
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary