Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Hellenic Post Data B ...

 Firewall Daily

The Hellenic Post, Greece’s national postal company, has allegedly fallen victim to a cyber attack orchestrated by the notorious Anonymous Collection hacker group. The group made the announcement about the Hellenic Post data breach on their Telegram channel, revealing that both the Hellenic Post and the Greek   show more ...

railway company were rendered completely offline for over 14 hours. The threat issues a caution, indicating that individuals supporting Israel or Zionism might be considered potential targets. Hellenic Post S.A., widely recognized as Ελληνικά Ταχυδρομεία (ELTA), stands as the state-owned entity responsible for postal services in Greece. Founded back in 1828, ELTA remains steadfast in delivering comprehensive postal services nationwide and holds membership in the Universal Postal Union. Its array of services includes letter post, parcel service, deposit accounts, Swiftpost for nationwide next-day delivery, and the EMS international express mail service. The Hellenic Post Data Breach Incident decoded  Source: Twitter The Cyber Express has actively sought information from Greece’s Hellenic Post regarding the incident. Despite our efforts, no official statement or response has been received at the time of reporting, leaving the claims of the Hellenic Post Data Breach in limbo. Amidst discussions on platforms like Reddit, a post caught attention, offering an alternative to posting content anonymously on Archive of Our Own (AO3). The suggestion was to add works to the “Anonymous Collection” rather than orphaning them. This method allows authors to keep their works associated with their profile without revealing their username in the process. It is crucial to clarify that the “Anonymous Collection” mentioned here is unrelated to the well-known “Anonymous Hacktivist” group. This collection operates independently and serves a different purpose. While the hacker group Anonymous Collection is a malicious threat actor known for claiming cyberattacks on Pro-Israeli entities.  The Anonymity of Anonymous Collection  The Anonymous Collection is a rather mysterious entity on the internet. While some surface-level spaces named Anonymous Collection offers storyboard features, some Facebook groups have been seen promoting fashion-related products.  AO3, Archive of Our Own, is one of the first non-profit open-source repositories for fanfiction and also the first to host coin the term Anonymous Collection as part of a series. However, due to the evolving nature of cyber threats, especially the ones indirectly related to the hacktivist group, “Anonymous”, the names of these hacker groups blur the line between who is who. This alleged Hellenic Post data breach is one of the claims made by Anonymous Collection today. The group made their statement clear that they oppose Israel and everything related to Zionism. Zionism, originating in the 19th century, is a nationalist movement aimed at establishing a homeland for the Jewish people in Palestine—an area generally aligned with the Land of Israel as per Jewish tradition. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Akira Ransomware Str ...

 Firewall Daily

The notorious Akira ransomware group has claimed two more victims, adding them to its list of Akira ransomware attacks. The claims were posted on a dark web forum where the threat actor boldly claimed the attack. However, upon inspection of both victim websites, it was evident that the ransomware attack had not   show more ...

impacted the front end, as both sites remained accessible at the time of writing. Akira Ransomware Attack: Two More Victims Added Source: Twitter On December 6, 2023, Compass Group Italia, an Italian-based company offering a diverse range of services to various sectors, allegedly fell prey to the Akira ransomware attack. The hackers infiltrated the company’s digital fortress, obtaining a staggering 107GB of sensitive data. This trove includes financial records, HR files, legal documents, and personal information, putting the company’s integrity at stake. Simultaneously, Aqualectra Utility, the government-owned utility provider in Curacao, witnessed a breach of its digital infrastructure. With data soon to be available for download, the Akira ransomware attack on Aqualectra Utility compromised operational files, business documents, and a plethora of payment records. The breach threatens the security and privacy of over 80,000 households and companies relying on Aqualectra’s water and electricity services. The Cyber Express, in pursuit of the truth, reached out to both Compass Group Italia and Aqualectra Utility for insights into the Akira ransomware attack. However, as of now, no official statements or responses have been received from the affected companies, leaving the claims of the attack unverified. Akira Ransomware Tactics Akira ransomware is gaining notoriety as one of the fastest-growing threats in the online world. Employing double extortion tactics and utilizing a ransomware-as-a-service (RaaS) distribution model, Akira is swiftly becoming a formidable force in the realm of cyber threats. The group’s unique payment options contribute to its rapid rise in the world of cybercrime. A recent report analyzing blockchain and source code data indicates that the Akira ransomware group may be affiliated with the now-defunct Conti ransomware gang. Conti, known for its notorious exploits, is believed to be a descendant of the infamous Ryuk ransomware, emphasizing the evolving nature of ransomware tactics. Akira ransomware, emerging in March 2023, has primarily targeted companies based in the US and Canada. Its Tor leak site boasts a distinctive retro appearance reminiscent of “1980s green-screen consoles.” According to a report from Sophos, navigation of the site requires specific commands, adding a layer of uniqueness to Akira’s approach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Is macOS as secure a ...

 Threats

Many Apple users believe the macOS operating system is so secure that no cyberthreats can harm them, so they dont need to worry about protecting their devices. However, this is far from the case: while there is less malware for macOS, its still much more common than Apple device owners would like to think. In this   show more ...

post, we discuss current threats facing macOS users and how to effectively protect your Mac. To illustrate the fact that viruses for macOS do exist, well look at three recent studies on several malware families that have been published over the past few weeks. BlueNoroff attacks macOS users and steals cryptocurrency In late October 2023, our researchers discovered a new macOS Trojan thats believed to be associated with BlueNoroff, the commercial wing of the Lazarus APT group working for North Korea. This subgroup specializes in financial attacks and specifically focuses on two things: firstly, attacks on the SWIFT system — including the notorious heist of the Bangladesh Central Bank — and secondly, stealing cryptocurrencies from organizations and individuals. The discovered macOS Trojan downloader is distributed within malicious archives. Its disguised as a PDF document titled Crypto-assets and their risks for financial stability, with an icon that mimics a preview of this document. Cover page of the deceptive PDF that the Trojan downloads and shows to the user when launching the file from an infected archive. Source Once the user clicks on the Trojan (masquerading as a PDF), a script is executed that actually downloads the corresponding PDF document from the internet and opens it. But, of course, thats not all that happens. The Trojans main task is to download another virus, which gathers information about the infected system, sends it to the C2, and then waits for a command to perform one of two possible actions: self-deletion or saving to a file and executing malicious code sent in response from the server. Proxy Trojan in pirated software for macOS In late November 2023, our researchers discovered another malware instance that threatens Mac users — a proxy Trojan, distributed alongside pirated software for macOS. Specifically, this Trojan was added to the PKG files of cracked video editing programs, data recovery tools, network utilities, file converters, and various other software. The full list of infected installers discovered by our experts can be found at the end of the report published on Securelist. As mentioned earlier, this malware belongs to the category of proxy Trojans — malware that sets up a proxy server on the infected computer, essentially creating a host to redirect internet traffic. Subsequently, cybercriminals can use such infected devices to build a paid network of proxy servers, earning money from those seeking such services. Alternatively, the Trojans owners might directly use the infected computers to carry out criminal activities in the victims name — whether its attacking websites, companies or other users, or purchasing weapons, drugs or other illegal goods. Atomic stealer in fake Safari browser updates Also in November 2023, a new malicious campaign was discovered to spread another Trojan for macOS, known as Atomic and belonging to the category of stealers. This type of malware searches for, extracts, and sends to its creators all kinds of valuable information found on the victims computer, particularly data saved in browsers. Logins and passwords, bank card details, crypto wallet keys, and similar sensitive information are of particular value to stealers. The Atomic Trojan was first discovered and described back in March 2023. Whats new is that now the attackers have started using fake updates for the Safari and Chrome browsers to spread the Atomic Trojan. These updates are downloaded from malicious pages that very convincingly mimic the original Apple and Google websites. A site with fake Safari browser updates that actually contain the Atomic stealer. Source Once running on a system, the Atomic Trojan attempts to steal the following information from the victims computer: cookies logins, passwords, and bank card details stored in the browser passwords from the macOS password storage system (Keychain) files stored on the hard drive stored data from over 50 popular cryptocurrency extensions Zero-day vulnerabilities in macOS Unfortunately, even if you dont download any suspicious files, you avoid opening attachments from unknown sources, and generally refrain from clicking on anything suspicious, this doesnt guarantee your security. Its important to remember that any software always has vulnerabilities that attackers can exploit to infect a device, and which require little or no active user action. And the macOS operating system is no exception to this rule. Recently, two zero-day vulnerabilities were discovered in the Safari browser — and according to Apples announcement, cybercriminals were already exploiting them by the time they were discovered. By simply luring the victim to a malicious webpage, attackers can infect their device without any additional user action, thereby gaining control over the device and the ability to steal data from it. These vulnerabilities are relevant for all devices using the Safari browser, posing a threat to both iOS/iPadOS users and Mac owners. This is a common scenario: as Apples operating systems share many components, vulnerabilities often apply not just to one of the companys opertaing systems but to all of them. Thus, its a case of Macs being betrayed by the iPhones popularity: iOS users are the primary targets, but these vulnerabilities can just as easily be used to attack macOS. A total of 19 zero-day vulnerabilities were discovered in Apples operating systems in 2023 that are known to have been actively exploited by attackers. Of these, 17 affected macOS users — including over a dozen with high-risk status, and one classified as critical. Zero-day vulnerabilities in macOS, iOS, and iPadOS discovered in 2023, which were actively exploited by cybercriminals Other threats and how to protect your Mac Whats important to remember is that there are numerous cyberthreats that dont depend on the operating system but that can be no less dangerous than malware. In particular, pay attention to the following threats: Phishing and fake websites. Phishing emails and websites work the same way for both Windows users and Mac owners. Alas, not all fake emails and websites are easily recognizable, so even experienced users often face the risk of having their login credentials stolen. Web threats, including web skimmers. Malware can infect not only the users device but also the server it communicates with. For example, attackers often hack poorly protected websites, especially online stores, and install web skimmers on them. These small software modules are designed to intercept and steal bank card data entered by visitors. Malicious browser extensions. These small software modules are installed directly into the browser and operate within it, so they dont depend on the OS being used. Despite being seemingly harmless, extensions can do a lot: read the content of all visited pages, intercept information entered by the user (passwords, card numbers, keys to crypto wallets), and even replace displayed page content. Traffic interception and man-in-the-middle (MITM) attacks. Most modern websites use encrypted connections (HTTPS), but you can still sometimes come across HTTP sites where data exchange can be intercepted. Cybercriminals use such interception to launch MITM attacks, presenting users with fake or infected pages instead of legitimate ones. To protect your device, online service accounts and, most importantly, the valuable information they contain, its crucial to use comprehensive protection for both Mac computers and iPhones/iPads. Such protection must be able to counteract the entire range of threats — for example solutions like our Kaspersky Premium, whose effectiveness has been confirmed by numerous awards from independent testing laboratories.

image for Transatlantic Cable ...

 News

The latest episode of the Transatlantic Cable podcast kicks off with news that hackers are paying to gain access to hotel booking[.]com portals. The hack is apparently so lucrative, theyre now advertising for access on the dark web. Additionally, the team discuss new content restriction laws being discussed in the U.   show more ...

K, with news that photo I.D may be required to access certain sites. Additionally, this week the team sat down with Vidit Gujrathi, Chess grandmaster and Maher Yamout, Lead Security Researcher at Kaspersky to talk about Chess, cyber-security and how the two are more connected than you might think. If you liked what you heard, please consider subscribing. Booking[.]com hackers increase attacks on customers UK porn watchers could have faces scanned

image for The Best Cybersecuri ...

 Firewall Daily

As technology keeps leaping forward, cyber threats are getting sneakier. In the face of advancing cyber threats, staying ahead of the curve requires an army of highly skilled cybersecurity professionals. These digital warriors, equipped with the knowledge and expertise gained through rigorous training and   show more ...

certifications, stand as the guardians of our data and systems. Cybersecurity certifications are more than just credentials; they are the secret weapon, empowering professionals with the latest advancements and knowledge to avert even the most sophisticated attacks, Since hackers are leveraging new technologies like machine learning and AI, security professionals need to embrace the new tech, too! Acquiring the right cybersecurity certifications in 2024 is integral to establishing a successful career in the security domain.  In this article, The Cyber Express lists the best cybersecurity certifications in 2024, shedding light on both the foundational and advanced credentials that are gaining prominence. Foundational Certifications: Building Blocks for Aspiring Professionals Source: Pexels Foundational certifications serve as the essential building blocks for aspiring professionals, providing a solid framework upon which to construct a successful career. These certifications not only impart fundamental knowledge but also validate the expertise needed to excel in various industries. Whether in IT, finance, healthcare, or other sectors, foundational certifications lay the groundwork for more advanced skills and specialization, offering a credible starting point for individuals seeking to enter or progress within their chosen fields. Web Security Certifications OSWE (Offensive Security Web Expert): Focused on offensive web security, this certification is ideal for individuals entering the field or those with some experience. GWAPT (GIAC Web Application Penetration Tester): Emphasizing web application penetration testing skills, GWAPT is recognized for its practical approach. Network Security Certifications OSCP (Offensive Security Certified Professional): Renowned for its hands-on approach, OSCP is a must-have for those inclined towards offensive security. GPEN / GxPN (GIAC Penetration Tester / Exploit Researcher and Advanced Penetration Tester): Offering a deep dive into penetration testing, these certifications are well-regarded in the industry. Mobile Security Certifications eMAPT (eLearnSecurity Mobile Application Penetration Tester): Targeting mobile application security, eMAPT equips professionals with the skills needed in this specialized domain. CEH (Certified Ethical Hacker): A versatile certification covering basics in network, mobile, and web security, CEH remains a foundational choice. Industry-Recognized Certifications CISSP (Certified Information Systems Security Professional): While not purely offensive, CISSP is a gem encompassing various aspects of information security, demonstrating overall expertise. CISM (Certified Information Security Manager): Focused on managing and governing information security programs, CISM is highly valued in the industry. 7 Best Cybersecurity Certifications in 2024 Source: Pexels Looking for the best cybersecurity certifications in 2024? We’ve got you covered. The Cyber Express Market Trends Report sheds lights on the most favored cybersecurity certifications for a road to success in cybersecurity. Carefully curated by industry experts, these certifications decode the latest trends in cybersecurity education, offering a roadmap to professional advancement in the field. The Market Trends Report also revealed that 89.25% of respondents recognize the significance of formal cybersecurity education or training, indicating a strong inclination towards structured learning and certification for career progression and expertise development in the cybersecurity field. The diverse cohort includes 27.16% Cybersecurity Analysts, 41.62% Security Engineers, 23.90% Information Security Officers, 6.94% IT Managers, and 0.38% professionals from related fields. Drawing from insights in The Cyber Express Market Trends Report and extensive research, here’s a compilation of the top-performing cybersecurity certifications projected to deliver optimal results in 2024: 1. Certified Information Security Manager (CISM) Favorability Rating: 16.40% Key Strength: Combines technical expertise with managerial acumen Cost: Up to $760 (discounted rate of $575 for existing ISACA members). Targeting IT audit management and cybersecurity roles, CISM-certified professionals are in demand, earning competitive salaries. The Certified Information Security Manager (CISM) certification is a globally recognized credential designed for information security management professionals. Offered by ISACA, the CISM certification validates expertise in developing and managing an enterprise’s information security program. With a focus on governance, risk management, and compliance, CISM holders demonstrate a comprehensive understanding of security strategies aligned with organizational goals. The certification covers key domains, including information security governance, risk management, information security program development and management, and information security incident management. 2. Certified Information Systems Security Professional (CISSP) Favorability Rating: 16.11% Key Strength: Provides a comprehensive grasp of cybersecurity. Cost: USD 749. The Certified Information Systems Security Professional (CISSP) certification is a globally recognized standard for information security expertise. Developed by (ISC), it validates professionals in designing, implementing, and managing a robust cybersecurity program. CISSP certification signifies a deep understanding of security principles and a commitment to maintaining the highest standards in information security management. With its broad scope, CISSP is a cornerstone for professionals aspiring to lead in the dynamic and critical world of cybersecurity. 3. Certified Information Systems Auditor (CISA) Favorability Rating: 13.46% Key Strength: Excels in audit and assurance for cybersecurity organizations Cost: USD 575 for ISACA members, USD 760 for non-members. The Certified Information Systems Auditor (CISA) certification stands as one of the most sought after credential for information systems auditing. Administered by ISACA, CISA validates the skills and knowledge necessary for professionals engaged in auditing, controlling, and monitoring information systems. Focused on areas like information system audit processes, governance, and management, CISA ensures practitioners possess the expertise to assess vulnerabilities, comply with regulations, and enhance overall organizational security. As a globally recognized certification, CISA signifies a commitment to excellence in information systems auditing. 4. Offensive Security Certified Professional (OSCP) Favorability Rating: 10.57% Key Strength: Hands-on offensive security training for anticipating and countering threats. Cost: USD 850. The Offensive Security Certified Professional (OSCP) certification is a pinnacle achievement in the field of cybersecurity. Offered by Offensive Security, this hands-on and practical certification is renowned for its rigorous examination of penetration testing skills. OSCP candidates navigate a 24-hour real-world simulation, demonstrating their ability to exploit vulnerabilities and compromise systems ethically. Successful completion not only validates technical prowess but also signifies a deep understanding of network security. 5. Certified Ethical Hacker (CEH) Favorability Rating: 9.73% Key Strength: For complete ethical hacking training and vulnerability assessments. Cost: Between USD 950 and USD 1199. The Certified Ethical Hacker (CEH) certification is a distinguished credential in the world of cybersecurity, emphasizing ethical hacking skills. Offered by the EC-Council, CEH validates professionals capable of identifying and neutralizing potential security threats through ethical and legal means. CEH covers a comprehensive range of topics, including penetration testing, vulnerability assessment, and ethical hacking techniques. By obtaining this certification, individuals demonstrate mastery in understanding and thwarting malicious activities, contributing to the proactive defense of information systems. 6. CompTIA Security+ Key Strength: Covers the basics to advance in cybersecurity training Cost: USD 392 The CompTIA Security+ certification is a globally recognized accreditation that validates an individual’s expertise in IT security. Covering a broad spectrum of topics, including network security, cryptography, and risk management, this certification ensures professionals possess the essential skills to safeguard organizational assets. With an emphasis on practical knowledge and real-world scenarios, Security+ equips candidates to identify and mitigate security threats effectively. Widely respected in the industry, achieving this certification demonstrates a commitment to excellence in information security. Whether aspiring to enter the field or seeking career advancement, CompTIA Security+ is a pivotal credential, attesting to a practitioner’s ability to mitigate online threats and network security. 7. GIAC Security Expert (GSE) Key Strength: Covers diverse security domains Cost: USD 979 An advanced certification for experienced professionals, GSE signifies mastery in the GIAC certification track. Awarded by the Global Information Assurance Certification (GIAC), the GSE credential signifies proficiency across diverse security domains. GSE holders demonstrate advanced skills in incident response, penetration testing, and ethical hacking, showcasing a comprehensive understanding of complex security challenges. This elite certification demands a rigorous hands-on examination process, ensuring that recipients possess not only theoretical knowledge but also the practical acumen required to safeguard organizations against cybersecurity threats. Choosing the Right Certification Path: Professional vs. Academic Cybersecurity certification programs can be categorized into two main types: Professional and Academic. These certifications can help individualistic goals for budding cybersecurity professionals as well as seasoned veterans in the security domain.  Professional Cybersecurity Certifications: Designed for individuals already working in cybersecurity or related IT fields, these certifications focus on the latest tools and software, showcasing proficiency in specific technologies.  Academic Cybersecurity Certifications Tailored for students, these certifications provide in-depth knowledge of current cybersecurity issues. Examples include Harvard’s online cybersecurity certification and the University of Maryland’s online undergraduate certification in cybersecurity. Navigating Success with Cybersecurity Certifications in 2024 Embracing a continuous learning mindset and committing to skill development is essential to succeed in the security field. These cybersecurity certifications of 2024 not only act as gateways to lucrative career prospects but also empower professionals to effectively use their skills in the real world. Whether you’re at the outset of your cybersecurity journey or aiming for advanced expertise, the right certification can serve as a transformative catalyst for success in the cybersecurity domain. 

image for Citizens Bank of Wes ...

 Data Breach News

The Citizens Bank of West Virginia has reportedly fallen victim to a cyberattack orchestrated by the notorious LockBit ransomware group. The group has left its digital signature by posting a message on the breached platform, accusing the bank of prioritizing its financial interests over the privacy of its clients.   show more ...

“Just another greedy company that puts their own money above clients privacy,” reads the message posted by the hacker group. The hackers have boldly set a deadline for their demands, with December 9, 2023, looming as the day of reckoning. Source: Twitter No Details Regarding Citizens Bank of West Virginia Cyberattack However, no other details related to the Citizens Bank of West Virginia cyberattack regarding the extent of the cyberattack, the motive behind it, and the potential compromise of sensitive data have been disclosed. The Cyber Express Team has reached out to bank officials for verification of the claim of the Citizens Bank of West Virginia cyberattack. However, as of now, the response from the bank is still awaited, leaving the situation shrouded in uncertainty. Adding a layer of intrigue to the unfolding saga is the discovery that Citizens Bank’s official website remains fully accessible. This anomaly raises questions about the authenticity of LockBit’s claims and introduces an element of doubt into the narrative. Only when the bank issues an official statement on the Citizens Bank of West Virginia cyberattack can a conclusive assessment be made. Financial Sector, A Prime Target for Cybercriminals Before this in November 2023, the ransomware group set its sights on MicroTrain Technologies, exposing sensitive documents such as enrollment forms, business transactions, and comparison charts. The motive behind these attacks remains unclear, and the claims are yet to be verified. The financial sector, in particular, has become a prime target for cybercriminals, with a surge in reported data breaches. According to the statistics, financial institutions worldwide, including those in the U.S., Argentina, Brazil, and China, have experienced 566 breaches as of December 2022, resulting in over 254 million leaked records. The prevalence of ransomware attacks on financial services has escalated from 55% in 2022 to a staggering 64% in 2023, nearly doubling the figures reported in 2021. As the deadline set by LockBit approaches, the cybersecurity landscape for Citizens Bank remains uncertain. The incident serves as a reminder of the growing threat posed by cybercriminals, especially to institutions responsible for safeguarding sensitive financial information. The repercussions of such breaches extend beyond financial losses, impacting the trust and privacy of countless individuals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

Progress Software has disclosed two new high-severity vulnerabilities in its MOVEit file-transfer service, bringing the total number of vulnerabilities to eight since a zero-day exploit in May.

 Identity Theft, Fraud, Scams

Hackers are using the free website Genial.ly to send phishing links as part of a Business Compromise 3.0 attack. Users receive legitimate-looking emails inviting them to click on a link to view content created in Genial.ly.

 Malware and Vulnerabilities

This malware is a Python-based information stealer compressed with cx-Freeze to evade detection. MrAnon Stealer steals its victims' credentials, system information, browser sessions, and cryptocurrency extensions.

 Malware and Vulnerabilities

This vulnerability could allow attackers to run arbitrary PHP code on a target website. The vulnerability is a Property Oriented Programming (POP) chain that requires an attacker to control all the properties of a deserialized object.

 Companies to Watch

The round was led by Tikehau Capital, through its new vintage of Brienne, its flagship private equity cybersecurity strategy with the French Ministry of Defence’s Definvest fund, managed by Bpifrance.

 Companies to Watch

Microsoft is making changes to its cybersecurity leadership, with Bret Arsenault being moved from his role as CISO to a chief security adviser position. Igor Tsyganskiy will take over as the new CISO.

 Trends, Reports, Analysis

Data breaches in the U.S. have reached an all-time high, with 2.6 billion personal records compromised in the past two years, driven by aggressive ransomware attacks and breaches targeting third-party vendors.

 Feed

Ubuntu Security Notice 6542-1 - Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2023-7705-03 - Red Hat Build of Apache Camel for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-7704-03 - Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-7697-03 - An update is now available for Red Hat AMQ Clients. Issues addressed include code execution, denial of service, deserialization, and resource exhaustion vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7626-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2 is now available. Issues addressed include buffer overflow, denial of service, information leakage, and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7625-03 - An update is now available for Red Hat JBoss Core Services. Issues addressed include buffer overflow, denial of service, and information leakage vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7623-03 - Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include denial of service and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7622-03 - An update is now available for Red Hat JBoss Web Server 5.7.7 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include denial of service and open redirection vulnerabilities.

 Feed

Ubuntu Security Notice 6541-1 - It was discovered that the GNU C Library was not properly handling certain memory operations. An attacker could possibly use this issue to cause a denial of service. It was discovered that the GNU C library was not properly implementing a fix for CVE-2023-4806 in certain cases, which   show more ...

could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

 Feed

Ubuntu Security Notice 6522-2 - USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this   show more ...

issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Firewall Daily

Atlanta-based Cyble Inc., a trailblazing AI-powered threat intelligence platform, has reached a remarkable milestone by earning recognition among the distinguished Top Security Startups of 2023 as curated by Y Combinator. This achievement goes beyond being a mere accolade; it serves as a compelling validation of   show more ...

Cyble’s unwavering commitment and innovative prowess in an industry where staying ahead of the curve is not just crucial but imperative. Among esteemed industry peers such as Sift, Vanta, Salt Security, Quantstamp, Sqreen, and more, Cyble’s recognition highlights its exceptional role as a leading contributor within the cybersecurity sphere. Cyble Inc.: A Pacesetter in Cybersecurity Leveraging advanced artificial intelligence-driven threat detection, Cyble was established in 2019 by Manish Chachada and Beenu Arora. At the helm of Cyble, Inc., the duo leads a global team of experts and innovators, harnessing AI-powered actionable threat intelligence to drive the company’s initiatives. In their guidance, Cyble has emerged as a pacesetter in the dynamic realm of cybersecurity. Specializing in dark web monitoring, threat intelligence, and cyber risk assessment, Cyble stands at the forefront of defending businesses against the ever-evolving landscape of cyber threats. Guided by Beenu Arora, the CEO of Cyble Inc., the company has consistently demonstrated an unwavering commitment to securing organizations from digital risks. Beenu Arora, expressing his pride, stated, “Being acknowledged among Y Combinator’s Top Security Startups of 2023 is an absolute honor for Cyble! This recognition fuels our passion for safeguarding businesses against cyber threats. It’s a testament to our incredible team’s relentless dedication and innovative spirit.” “We extend our heartfelt appreciation to Y Combinator for this prestigious acknowledgment and to our Cyble family for their unwavering commitment,” he added. Accelerating Growth and Innovation In November 2023, Cyble secured a substantial US$30.2 million Series B funding round, indicating the company’s rapid growth trajectory and increasing impact in the cybersecurity field. This investment, bolstered by an additional US$6.2 million in the second tranche, is set to propel Cyble’s continued innovation and expansion, solidifying its position as one of the fastest-growing cybersecurity companies globally. Fueled by this recent infusion of capital, Cyble strategically positions itself for significant expansion, an augmented market presence, and continuous refinement of its technological offerings. This financial backing not only highlights the growing significance of cybersecurity in the digital age but also solidifies Cyble’s role as a pivotal force shaping the future landscape of cyber threat intelligence. A Promising Future for Cyble Looking ahead, Beenu Arora succinctly captures the essence of Cyble’s future trajectory, “This accolade propels us forward, inspiring us to continuously enhance our cutting-edge solutions and protect organizations from evolving digital risks.” In a landscape where cybersecurity challenges are becoming increasingly sophisticated, the need for advanced threat intelligence solutions has never been more critical. Cyble’s unwavering commitment to innovation and staying ahead of the curve positions the company as a key player in shaping the future of cybersecurity. The recognition by Y Combinator not only celebrates Cyble’s past achievements but also serves as a beacon of excellence and a harbinger of future success. Moreover, it stands as a testament to excellence and resilience in the world of cybersecurity. The future appears bright for Cyble, and the company is poised to play a pivotal role in securing the digital future for organizations worldwide.

 Firewall Daily

The United Kingdom and its allies have revealed that the Russian intelligence services had attempted to use cyberattacks to target prominent persons and organizations in the UK. According to the Government, Russia-backed UK election interference was done to use the material gathered to meddle in democratic and   show more ...

political processes in the UK. Many cyber espionage operations directed towards the United Kingdom have been traced back to Centre 18, a division of Russia’s Intelligence Services, the FSB. Although some attacks led to the leak of documents, attempts to meddle in UK politics and democracy weren’t successful. Russia Backed UK Election Interference The action was carried out by Star Blizzard, a company that GCHQ’s National Cyber Security Centre (UK) believes is virtually certainly under the authority of FSB Center 18. Star Blizzard, which is run by FSB officers, is also referred to as Callisto Group, SEABORGIUM, or COLDRIVER. Along with deliberately leaking and amplifying intelligence, the organization has also worked to further Russian conflict goals, such as undermining political confidence in the UK and other like-minded states. Specifically, the UK has determined that the FSB is involved in the following activities thanks to Russia-backed Star Blizzard‘s efforts: Targeting of lawmakers from various political parties, including spear-phishing, began at least in 2015 and continues this year. The 2019 General Election breach of UK-US trade information, which was previously linked to the Russian state through a Written Ministerial Statement in 2020. The 2018 hack of the Institute for Statecraft, a UK think tank whose projects included efforts to protect democracy from misinformation; in both cases, documents were later made public. The more recent hack of the think tank’s founder, Christopher Donnelly, involved his account being compromised starting in December 2021. Targeting of public sector, academic institutions, journalists, non-governmental organizations, and other civil society groups—many of whom are vital to UK democracy. The UK has sanctioned two Star Blizzard employees today for their involvement in spear-phishing campaign preparation and related activities that led to unauthorized access to sensitive data and UK election interference. The goal of these actions was to undermine UK organizations and, more broadly, the UK government. This comes after a National Crime Agency investigation. The latest in bilateral efforts to combat harmful Russian cyber activity that aims to threaten the integrity and economy of our country and those of our friends, these sanctions were implemented in concert with the US. Concurrently, the US Department of Justice has made indictments against the people named today public. In the US and the UK, the following people are being designated: Star Blizzard, also known as the Callisto Group, is led by Russian FSB intelligence officer Ruslan Aleksandrovich PETRYATKO. Andrey Stanislavovich KORINETS, also known as Alexey DOGUZHIEV, is a Callisto Group member of Star Blizzard. In an effort to convey to the Russian ambassador the UK’s grave concerns regarding Russia’s persistent efforts to subvert democratic and political processes in the UK and abroad, the Foreign, Commonwealth, and Development Office has also called on the ambassador of Russia. Leo Docherty, the Minister for Europe, emphasized in a statement to the House earlier today that attempts at UK election interference had failed. Nonetheless, Russia and other enemies will likely keep trying to meddle in UK politics through cyberspace. The NCSC, in collaboration with the US, Australia, New Zealand, and Canada, will release cyber security advice to educate network defenders on how to minimize this activity. Additionally, the NCSC will publish guidelines for persons who pose a high risk, along with additional details about available support. Home Secretary James Cleverly said, “An attack against our democratic institutions is an attack on our most fundamental British values and freedoms. The UK will not tolerate foreign interference and through the National Security Act, we are making the UK a harder operating environment for those seeking to interfere in our democratic institutions.” The actions are part of a larger pattern of malicious cyber activities carried out worldwide by the Russian Intelligence Services. Russian intelligence’s involvement in ViaSat, SolarWinds, and the UK election interference has been made public by the UK and its partners in recent years. A sophisticated cyber espionage tool created and utilized by Russia’s Federal Security Service (FSB) Center 16 for long-term intelligence gathering on sensitive targets was made public by the NCSC and its Five Eye partners in May. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Cybersecurity News

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has settled with Lafourche Medical Group, a prominent Louisiana-based medical group specializing in emergency medicine, occupational medicine, and laboratory testing. The resolution comes as a result of an extensive investigation   show more ...

initiated following a phishing attack that compromised the electronic protected health information of approximately 34,862 individuals. OCR Director Melanie Fontes Rainer emphasized the urgency for heightened vigilance within the industry, stating, “Phishing is the most common way that hackers gain access to health care systems to steal sensitive data and health information.” Lafourche Medical Group Exposes Cybersecurity Vulnerabilities This marks a historic moment, as it represents the first settlement OCR has concluded concerning a phishing attack under the Health Insurance Portability and Accountability Act (HIPAA) Rules—a federal law safeguarding the privacy and security of health information. Lafourche Medical Group reported the breach to HHS on May 28, 2021, disclosing that a successful phishing attack on March 30, 2021, had granted unauthorized access to an email account containing electronic protected health information. The compromised information included highly sensitive details such as medical diagnoses, therapy visit frequencies, and medical treatment locations. The fallout from phishing attacks extends beyond compromised data, potentially leading to identity theft, financial loss, discrimination, stigma, mental anguish, and reputational damage. Healthcare entities regulated by HIPAA are obligated to report breaches to HHS, and this year alone, large breaches have impacted over 89 million individuals. OCR’s investigation into Lafourche Medical Group revealed critical lapses in cybersecurity measures. Before the reported breach, the medical group failed to conduct a required risk analysis to identify potential threats or vulnerabilities to electronically protected health information. Additionally, there were no established policies or procedures for routinely reviewing information system activity to protect against cyberattacks. Lafourche Medical Group Commits to OCR-Monitored Corrective Action In response, Lafourche Medical Group has agreed to a settlement of US$480,000 with OCR and will implement a comprehensive corrective action plan under OCR’s monitoring for the next two years. The corrective measures include establishing and implementing enhanced security measures, developing and revising policies to align with HIPAA Rules, and providing training to staff members with access to protected health information. This settlement emphasizes the critical role of proactive cybersecurity measures in safeguarding the integrity and confidentiality of sensitive health information in an era where digital threats continue to evolve. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was arrested in Miami earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an unlicensed money-transmitting business that enabled other criminal actors to launder their

 Feed

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit

 Feed

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,

 Feed

The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. "The threat actor ultimately uses a backdoor to steal information and execute commands," the AhnLab Security Emergency Response Center (ASEC) said in an

 Feed

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.

 Feed

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of "5G" and "Ghoul") – 10 affect 5G modems from the two companies, out of which three

2023-12
Aggregator history
Friday, December 08
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary