Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Alphv/BlackCat SEC C ...

 Cybersecurity News

Filing a complaint with The U.S. Securities and Exchange Commission (SEC) in the event of a company’s non-disclosure of a cyberattack is primarily rooted in the principles of transparency, investor protection, and maintaining the integrity of the financial markets. However, what could it mean when a hacker group   show more ...

decides to meticulously fill out the SEC complaint form and post it on their leak site? In a strikingly unconventional tactic, the infamous Alphv/BlackCat ransomware group filed a complaint with the U.S. Securities and Exchange Commission (SEC), accusing one of their claimed victims, MeridianLink, a California-based provider of digital lending and data verification solutions, of not adhering to a four-day rule for disclosing a cyberattack—a rule not yet in effect. This move, a far cry from their usual modus operandi of covert operations and ransom demands, begs the question: What drives a hacker group to engage with a regulatory body traditionally allied with investors and market integrity? At first glance, it may appear as an ironic twist – cybercriminals assuming the role of regulatory watchdogs. But a deeper analysis suggests a possible strategic ploy, a sign of desperation or an innovative tactic to amplify pressure for ransom. This act, which witnessed a new form of exerting pressure and extortion by manipulating regulations designed for protection, compels us to examine the motivations and evolving strategies of cybercriminal groups in their relentless pursuit of illicit gains. On November 7, 2023, BlackCat/APLHV claimed to breach the network of MeridianLink and extracted sensitive data. Following the MeridianLink data breach, the hacker collective demanded a ransom, setting a 24-hour deadline for payment to prevent the release of the stolen information. The message posted by BlackCat ransomware group after claiming a cyberattack on MeridianLink. (Source: FalconFeeds/Twitter) Although initial communications were established, BlackCat/APLHV claims that MeridianLink has since failed to engage in further dialogue to negotiate the terms for the data’s security. The company’s apparent silence on negotiation may have driven the hacker group to file a complaint with the SEC. In the form they submitted, the hacker group highlighted, “We want to bring to your attention a concerning issue regarding MeridianLink’s compliance with the recently adopted cybersecurity incident disclosure rules.” “It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules,” they wrote further. The statement “failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules” refers to an accusation that a company, in this case, MeridianLink, did not comply with a specific reporting requirement set forth by the U.S. Securities and Exchange Commission (SEC). The SEC complaint filed by BlackCat against MeridianLink. (Source: @vxunderground/Twitter) Soon after, MeridianLink confirmed the cyberattack. A spokesperson from MeridianLink shared with The Cyber Express details about the cybersecurity incident, stating, “MeridianLink recently identified a cybersecurity incident.” They continued, stating, “Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption. If we determine that any consumer personal information was involved in this incident, we will provide notifications, as required by law.” Form 8-K serves as a formal notification mechanism for informing shareholders of U.S. publicly traded companies and the Securities and Exchange Commission about certain events that could be significant to stakeholders or may require regulatory attention. The SEC approved the final rules on cybersecurity, risk management, strategy, governance, and incident disclosure on July 26, 2023. These enhanced cybersecurity disclosure regulations officially came into effect on September 5, 2023, referred to as the “Final Rules.”   “With respect to compliance with the incident disclosure requirements in Item 1.05 of Form 8-K and in Form 6-K, all registrants other than smaller reporting companies must begin complying on December 18, 2023. As discussed above, smaller reporting companies are being given an additional 180 days from the non-smaller reporting company compliance date before they must begin complying with Item 1.05 of Form 8-K, on June 15, 2024,” stated the official report. According to the report, starting December 18, 2023, all registrants—excluding smaller reporting companies—are obliged to follow the incident disclosure regulations. This indicates that impacted companies have until December to comply with the newly established rules for reporting cybersecurity incidents. Several cybersecurity experts, who took to social media following the abrupt reaction by Alphv/BlackCat ransomware group, pointed this out. “ALPHV claims the breach was November 7 MeridianLink says November 10. The amended SEC requirement says *material* incidents must be reported four business days after determining the incident is material. Compliance isn’t required until December 18th anyway,” tweeted Steve Werby, an information security strategist with 20 years of experience. In conversation with The Cyber Express, Steve Werby shared his interpretation of the BlackCat hacker group’s stunt. He believes that the group’s decision to file a complaint with the SEC may not have been expected to change MeridianLink’s stance on the ransom but rather serves as a stark warning to future targets of the group, indicating that paying the ransom might be their sole escape from being publicly named and facing regulatory consequences. Werby stated, “Since BlackCat’s threat of leaking the exfiltrated data didn’t result in a willingness to pay the requested ransom, it’s unlikely that they thought the SEC complaint would alter MeridianLink’s decision. It’s likely that the action was intended to signal to future BlackCat victims that ransom payment is the right choice. Perhaps with a dash of vengeance.” Interestingly, the move to report “non-compliance” could backfire significantly. A Cyber Threat Researcher from the cybersecurity and threat intelligence firm Cyble shared a perspective on the BlackCat ransomware group’s recent SEC filing. The researcher emphasized that this act is actually a display of boldness and a form of blackmail. The researcher elaborated, “It’s not desperation, but rather flaunting and blackmail. The gangs see themselves as somebody who calls all the shots, and the victims have to submit to their demands.” Further, they highlighted a potential unintended consequence of this tactic. “By reporting to the SEC, they might inadvertently prompt the government to implement stricter regulations. This could make it harder to pay ransoms, essentially undermining the primary motivation of ransomware gangs – getting paid.” “This move is likely to backfire on them. It’s a positive development for the victims, as increased regulation will make the operations of ransomware groups more challenging,” they concluded. Another viewpoint suggests that the hackers‘ actions represent an attempt to manipulate the SEC’s cybersecurity regulations to their advantage. Jamil Farshchi, EVP and Chief Information Security Officer (CISO) at Equifax, interprets this move as an aggressive tactic following unsuccessful ransom negotiations. By leveraging the SEC’s rules, which require companies to disclose significant cyber incidents, the hackers aim to exert additional pressure on their targets. Farshchi explained, “It’s almost certainly a retaliatory response after not receiving a ransom.” This statement indicates that the filing with the SEC could be a direct consequence of the ransomware group’s frustration over unmet demands. He further added, “They are trying to weaponize the SEC cyber rules to incentivize future victims to pay the ransom.” This tactic involves exploiting the regulatory requirements as a tool of coercion, pushing companies to pay ransoms to avoid the ramifications of public disclosure and potential regulatory scrutiny. Such a strategy could significantly impact companies, forcing them to weigh the risks of non-compliance with SEC rules against the consequences of yielding to the hackers’ demands. BlackCat’s decision to file a complaint and publicly put it out also seems like a calculated strategy to instil fear among senior executives of companies, as pointed out by Greg Linares, a cybersecurity expert and white hat hacker. “I definitely see it as a leverage tactic to induce fear among C-levels,” Linares told The Cyber Express. He suggests that this tactic might have been chosen based on a vulnerability identified during the negotiation process with the victim company. Expanding on the impact of this move, he added, “We don’t know why they potentially did this tactic, maybe it was based on a weakness discovered during negotiations, however I do know CISOs definitely took notice.” Linares noted the significant attention the incident garnered on social media, predicting its potential influence on similar groups. “And with as much attention it received on social media, it likely will be replicated by other ransomware groups elsewhere in the near future.” Discussing the implications for corporate cybersecurity strategies, Linares advised, “I think everyone should review their material reporting process, ransomware response, and tabletop exercises involving this plus other additional avenues of extortion.” A dark web researcher at Cyble offered further insights into BlackCat’s strategy, describing it as a high-pressure tactic. According to the researcher, this move isn’t just about coercion; it’s also a calculated play for legitimacy. “This seems to be a desperate attempt to pressure the victim into compliance,” they said. Further, the researcher speculated on the group’s expectations: “It appears they hoped that the mere mention of an SEC notification would cause panic and prompt a swift response and possibly a quick settlement from the victim.” Deciphering BlackCat’s Motives The BlackCat ransomware group’s decision to file a complaint with the SEC represents a significant departure from traditional ransomware tactics, as conventional methods may meet increasing resistance. One possible interpretation of BlackCat’s actions is that companies are becoming more resilient and less willing to agree to ransom demands. This shift could be a result of enhanced cybersecurity measures, better awareness, or the realization that paying the ransom offers no guarantee against data exposure. Companies are increasingly aware of the unreliability of hackers. The realization that paying the ransom doesn’t necessarily safeguard against data exposure or future attacks, has left many companies in a dilemma. Faced with this new resilience, ransomware groups like BlackCat might be exploring more desperate and innovative tactics to exert pressure and secure payment. The move also reflects the complications introduced by tighter regulations in cybersecurity. The requirement for companies to disclose cyberattacks to regulatory bodies like the SEC adds a new layer to the ransomware game. BlackCat’s decision to exploit these regulations indicates their awareness of the legal and reputational pressures that can be used as leverage against their targets. Despite the uncertainty of securing a ransom, BlackCat’s approach has undoubtedly achieved the desired attention. This publicity, while not directly lucrative, enhances their notoriety and may serve as a warning to future targets. In conclusion, BlackCat’s unusual tactic of engaging with the SEC is a move that speaks volumes about the current state of cybercrime. It suggests possible desperation on the part of hackers facing stiffer corporate resistance and complex regulatory landscapes. It also reflects an understanding that the promise of ransom payment is becoming increasingly unreliable.

 Breaches and Incidents

Cybercriminals targeted a private group water scheme in the Erris area, causing disruption to 180 homeowners and highlighting the vulnerability of critical infrastructure to politically motivated cyber-attacks.

 Breaches and Incidents

The Android app Barcode to Sheet, with over 100k downloads, has left sensitive user data exposed due to an open instance, including plaintext enterprise data and weakly hashed passwords.

 Breaches and Incidents

The Greater Richmond Transit Company (GRTC) experienced a cyberattack over the Thanksgiving holiday, resulting in a temporary disruption to their computer network. The Play ransomware gang has claimed responsibility for the attack.

 Feed

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically   show more ...

scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. This particular archive holds three proof of concept exploits.

 Firewall Daily

Cybercriminals, in a strange twist of fate, have developed a worrying fixation on the very core of our society—the healthcare sector. This peculiar ‘romance’ between the inherent vulnerabilities of healthcare infrastructure and the unyielding attention of cyber attackers is concerning. In the first three   show more ...

months of 2023 alone, the U.S. government’s Office for Civil Rights (OCR) was within the healthcare industry. This statistic not only raises eyebrows but also highlights a pressing concern: the healthcare sector remains a prime target for cybercriminals, and the intensity of their pursuits shows no signs of abating. As we delve into the intricate web of this unforeseen love story, it’s clear that the healthcare sector is fighting a dual battle: combating diseases and simultaneously facing a hidden adversary in the shape of relentless cyber threats. In this article, we unravel the nuances of “Hackers‘ Love for Healthcare,” exploring the reasons behind the surge, the vulnerabilities exposed, and the looming challenges that cast a shadow over the realm of patient data and digital health security. The Rising Trend The Ponemon Institute’s study exposes a disconcerting reality: a staggering 88% of healthcare organizations experienced an average of 40 cyberattacks in the past 12 months alone. This uptick in incidents not only amplifies the risks to patient data but also sends shockwaves through the very core of care delivery. The financial toll is equally distressing, with the average cost of disruption to normal healthcare operations reaching US$1.3 million—a significant 30% spike from the preceding year. What’s more, the single most expensive cyberattack incurred an average total cost of US$4.9 million over the past 12 months, underlining the magnitude of the financial havoc wreaked by these digital assaults. The shift in focus is glaringly evident in the statistics: 64% of healthcare organizations faced supply chain attacks in the past two years, with a staggering 77% acknowledging the resultant impact on patient care. As if that weren’t enough, cloud compromises have become a recurrent nightmare, with 63% of organizations grappling with an average of 21 compromises over the same period. These numbers paint a vivid picture of a sector besieged by cyber adversaries, forcing us to confront the unsettling reality of the hackers’ newfound love affair with healthcare in 2023. Why Hackers are Zeroing in on Healthcare Sector The primary magnet for cybercriminals is the treasure trove of private patient information stored within hospital databases. This confidential data has evolved into a lucrative commodity, fetching substantial amounts in the digital underworld. The implementation of GDPR this year has added urgency to the need for hospitals to fortify their cybersecurity defenses, given the staggering financial penalties for non-compliance and the potential costs associated with retrieving data from ransomware attacks. For example, one of the major distributors of dental supplies, Henry Schein Inc., has fallen victim to a significant data breach affecting its core systems, including distribution and ecommerce. The company, with sales reaching US$12.6 billion in 2022, recently regained online functionality after the cyberattack on October 14. The incident led to a delay in filing the third-quarter earnings report, and Henry Schein anticipates filing an insurance claim in 2024 with a $60 million after-tax claim limit. Despite challenges, the company expressed gratitude for customer support and acknowledged the prevalence of cyber issues in the healthcare sector. Moreover, the proliferation of medical devices, such as x-rays, insulin pumps, and defibrillators, introduces a new frontier for attackers. While these devices serve critical functions in modern healthcare, security often takes a back seat in their design. Hackers recognize them as vulnerable entry points, exploiting them to compromise servers holding valuable patient information. The consequences can be dire, ranging from unauthorized access to other network devices to the installation of costly ransomware, hindering healthcare organizations’ ability to deliver essential, life-saving treatments. The healthcare industry’s reliance on remote access further amplifies its susceptibility to cyber threats. Collaborative working, a cornerstone of effective patient care, necessitates accessing information from diverse locations and devices. Unfortunately, this flexibility opens up opportunities for attacks, especially when staff members, under the pressures of their demanding schedules, may not adhere to cybersecurity best practices. This lack of awareness and the absence of comprehensive cybersecurity education for healthcare professionals create an environment where even basic security measures are overlooked. Compounding the issue is the resistance to adopting new technologies among healthcare staff, who are already burdened with tight deadlines and long working hours. This reluctance to disrupt familiar workflows leaves vulnerabilities unaddressed, making it easier for hackers to exploit the system. Furthermore, the sheer number and diversity of devices used in hospitals make it challenging for IT specialists to stay ahead of evolving security threats. The complexity of healthcare information systems, coupled with staff constraints, leaves the industry grappling with the monumental task of safeguarding vast amounts of sensitive data. Interestingly, the vulnerability of healthcare organizations extends across the spectrum, impacting both large enterprises and smaller entities. While larger organizations present an attractive target due to the vast amounts of data they hold, smaller enterprises with limited security budgets are perceived as easier prey, offering a potential backdoor-access opportunity for hackers seeking to target larger entities. The situation is exacerbated by outdated technology within the healthcare industry, where legacy systems and budget constraints hinder the adoption of advanced cybersecurity solutions. Even with the backdrop of technological advances, the reluctance to embrace new cybersecurity measures echoes through the healthcare corridors. The resistance to change, fueled by the demanding schedules of overworked staff, leaves the door wide open for hackers to waltz in and exploit the status quo. So, What Are the Unconventional Methods Employed by Hackers Beyond the typical strategies, cybercriminals exploit the critical nature of medical devices, using them as unsuspecting conduits for infiltration. These hackers recognize the interconnected nature of healthcare systems and exploit the complexity, maneuvering through the vast network of devices to access sensitive patient data. Additionally, social engineering tactics become a weapon of choice, preying on the human element within healthcare organizations. Manipulating staff through phishing schemes and exploiting their limited cybersecurity knowledge, hackers navigate their way into the heart of healthcare networks. This tactic challenges traditional security measures, urging the healthcare industry to adopt innovative defenses that can anticipate and thwart these elusive cyber threats. Securing Healthcare Sector: A Collaborative Approach to Cyber Defense Now the question is how to protect this sector. To fortify the healthcare sector against escalating cyber threats, implementing robust measures and strategies is imperative. First and foremost, comprehensive cybersecurity training programs must be instated for healthcare staff, ensuring they are well-versed in the latest cybersecurity best practices. This includes educating them on the risks associated with remote access and fostering a culture of heightened awareness. Additionally, healthcare organizations should prioritize the adoption of advanced cybersecurity solutions specifically tailored to the intricacies of the medical field. A crucial aspect of enhancing cybersecurity in healthcare is fostering collaboration between the industry and cybersecurity experts. This partnership can yield invaluable insights into emerging threats and the development of tailored defense mechanisms. Cybersecurity experts can conduct regular assessments of healthcare systems, identifying vulnerabilities and implementing proactive measures to thwart potential attacks. Moreover, joint efforts can lead to the creation of industry-wide standards and protocols that ensure a unified and fortified defense against cyber threats. In an era where cyberattacks are ever-evolving, the synergy between the healthcare sector and cybersecurity experts becomes a formidable shield, safeguarding not only patient data but the very foundation of efficient and secure healthcare delivery. Through ongoing collaboration and a commitment to staying one step ahead of cyber adversaries, the healthcare industry can create a resilient cybersecurity framework that stands as a bulwark against the unconventional tactics employed by hackers. FDA’s New Rules: Securing Medical Devices Against Cyber Threats In response to long-standing concerns about the vulnerability of internet-connected medical devices to cyberattacks, the Food and Drug Administration (FDA) is now mandating specific cybersecurity measures. According to recent FDA guidance, applicants for new medical devices must submit a comprehensive plan addressing the monitoring, identification, and resolution of cybersecurity issues. The plan must offer “reasonable assurance” of the device’s protection. Additionally, applicants must commit to providing regular security updates, especially in critical situations, and furnish the FDA with a “software bill of materials,” detailing all software, including open-source components, used in their devices. These security requirements, effective due to the federal omnibus spending bill signed by President Joe Biden in December, mark a significant step in fortifying the cybersecurity of medical devices, with the FDA obligated to update its guidance every two years under the new law. Forecasting the Next Wave As we peer into the future of cybersecurity, anticipating the next wave of threats in healthcare, the terrain unfolds as both daunting and promising. Forecasts point to an intensification of sophisticated cyber threats targeting the healthcare sector’s vulnerable underbelly. As technology advances, so too do the strategies of attackers, highlighting the imperative of perpetual vigilance. The emergence of technologies like artificial intelligence and blockchain offers opportunities to strengthen defenses, yet they also introduce new battlegrounds. The pivotal question arises: Can the healthcare industry swiftly adopt these innovations and outpace cyber adversaries? Only time will reveal the answer. In response to these projections, the healthcare sector must evolve and adopt state-of-the-art solutions to outmaneuver cyber threats. Robust cybersecurity frameworks, leveraging advancements in machine learning and behavioral analytics, become indispensable. Simultaneously, cultivating a culture of cybersecurity awareness and education among healthcare professionals stands as a crucial defense. Striking a delicate balance between harnessing cutting-edge technologies and mitigating associated risks is paramount for the industry’s forward trajectory. Amidst uncertainties, it is our collective responsibility to maintain vigilance, propel innovation, and fortify defenses against the ever-evolving landscape of cybersecurity challenges in the healthcare domain.

 Firewall Daily

Industrial control systems (ICS) that function well can help companies grow, meet emerging needs and maintain reliability. However, many people overseeing ICS security don’t always establish appropriate firewall rules in their organizations. Here are five actionable ICS firewall best practices for people to consider   show more ...

and follow to avoid cybersecurity incidents. Review Existing ICS Firewall Policies A company’s policies related to its ICS firewall will affect how incoming traffic is handled and how effective its overall cybersecurity efforts are in stopping current and future threats. However, as an industrial network grows and changes, more opportunities arise for misconfigurations that can erode overall effectiveness and provide a false sense of security. A 2022 study found that network misconfigurations cost the equivalent of 9% of annual revenue for the average organization. However, the actual costs could be significantly higher. One positive finding from the study was that 96% of those polled prioritize configuration audits for firewalls. However, only 4% of respondents evaluate switches and routers along with their firewalls. These conclusions emphasize that regular audits are critical for ICS security. When firewall misconfigurations go undetected for too long, it becomes more likely that hackers will find them before an organization’s security professionals do. One option is to use specialized products that let people see all firewall configurations on centralized dashboards. That makes it easier to spot and rectify abnormalities or make necessary changes. Apply Segmentation for Better ICS Security Many ICS networks are segmented to limit potential hackers’ ability to do damage across the whole organization. Cybersecurity professionals may segment systems based on their functions or importance to an organization’s operations. They should use firewalls between each network so only authorized parties can access them. Network professionals can also create and apply granular rules to control traffic between the firewalls. Notifications of unusual activity or access attempts could warn an organization’s cybersecurity team to investigate further. Segmentation can also stop malware from spreading across the network, confining it to a specific area and limiting its damage. Another benefit is that firewalls and network segmentation can protect sensitive data and make identifying people trying to gain unauthorized access easier. John Adams, the co-founder & CEO of Mission Secure, said appropriate network segmentation is a definite factor in how likely hackers are to orchestrate successful attacks. He also noted that most of today’s networks are not segmented enough to stop or reduce the damage cybercriminals cause. If a cybersecurity team leader wants to deploy more network segmentation and firewalls, consulting an external network security expert could help them assess how well the segmentation currently functions and where weak spots exist. Take a Layered Approach to Firewall Deployment Some business leaders treat cybersecurity as an afterthought or assume hackers won’t target them. However, that could prove a costly and incorrect assumption. Just one data breach costs small- and medium-sized businesses an average of $149,000, and that figure is likely to rise. Cybercriminals constantly plan new attack methods with more widespread and damaging results. Cybersecurity experts suggest using numerous firewalls to make it harder for intruders to breach ICS security. A good starting point is to install physical, hardware-based firewalls as the first lines of defense since they won’t consume system resources. From there, software and cloud-type firewalls can further strengthen a company’s protection against unauthorized access. Firewalls that work in the cloud are virtual options that don’t require installing anything on individual machines. They help rapidly growing companies or organizations that will likely scale up soon. Alternatively, software-based firewalls are installed on each device and control traffic within and outside it. There’s no universally accepted ideal for an organization’s ICS firewall type or number. Therefore, people responsible for securing a company’s infrastructure must take a personalized approach. That requires understanding particulars, including which assets are most at risk, whether an organization operates across one site or several, and if employees work remotely. Maintain Easily Accessible Logs Network activity logs are critical but often overlooked parts of ICS security. After all, cybersecurity practitioners can’t know something’s amiss if they don’t have data showing them. Firewall logs are some of the many useful pieces of information cybersecurity teams can study to find unusual patterns or other aspects worth investigating. However, some cybersecurity experts say insufficient logging is one of the biggest issues preventing prompt resolution. Plus, having the logs available is only part of maintaining ICS security. Companies must also have enough resources to allow people to sift through the data and look for anything unusual. Fortunately, people can use partially automated tools that examine firewall logs and flag anything strange.  Users can also set parameters in many products to immediately detect unusual events. Those are beneficial when a company has had recent ICS firewall issues and cybersecurity professionals must prevent similar events from occurring. Prioritize Employee Education and Risk Awareness Coverage of ICS firewall best practices doesn’t always explore employees’ roles in protecting a company’s network. However, it’s time for that to change. Some cybersecurity professionals even point out that people act as human firewalls, serving as the final defensive layer. Correctly configured firewalls block intruders. However, they can’t necessarily compensate for employees who fall for social engineering attacks and provide sensitive access information to seemingly legitimate scammers. Many employees might try to circumvent company firewalls blocking their access to specific sites. Alternatively, workers who can remotely access a corporate network from home may turn off their computers’ firewalls while accessing sensitive company resources. One ICS security best practice is to remember that safeguards must encompass on- and off-site locations. Supervisors who get permission to remotely monitor what’s happening within an ICS must understand the importance of configuring home firewalls. Companies that use role-based access control must remind employees of the importance of not sharing their passwords. People who understand how an ICS firewall works and know their responsibilities in keeping it functioning correctly will likely embrace following best practices and encourage colleagues to do the same. Utilize ICS Firewalls Well These five best practices ensure organizations can secure their industrial control systems with appropriate, effective firewall deployment. They’ll be able to better protect assets and reduce the chances of successful intrusions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs

 Feed

Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as its analogous

 alphv

Source: www.darkreading.com – Author: 1 Min Read Source: Rawf8 via Alamy Stock Photo A Dark Web leak site known to be operated by the notorious ransomware group APLHV/BlackCat was taken offline on Dec. 7 and now threat intelligence experts have confirmed the outage is part of law enforcement action against the   show more ...

group. RedSense Intelligence posted […] La entrada ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.darkreading.com – Author: Source: YuRi Photolife via Shutterstock An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse. The report is based on an independent study of   show more ...

publicly reported breach data that a professor at the Massachusetts […] La entrada Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.darkreading.com – Author: Source: Rawpixel Ltd via Alamy Stock Photo The soaring costs of recovering from a security incident or data breach is driving interest in cyber insurance. While cyber insurance is typically viewed as a product mainly for large organizations seeking coverage and protection   show more ...

against state-sponsored attackers, criminals, and politically motivated hackers, it […] La entrada Making Cyber Insurance Available for Small Biz, Contractors – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.darkreading.com – Author: 2 Min Read Jeff Moss on stage at Black Hat Europe 2023.Source: Dan Raywood at Black Hat Europe BLACK HAT EUROPE 2023 — London — Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches   show more ...

from happening. That’s a prediction from Black Hat […] La entrada Increased Cyber Regulation in the Offing as Attacks Mount – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Source: Klaus Ohlenschlaeger via Alamy Stock Photo An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as   show more ...

well as the United Arab Emirates (UAE) and Jordan in the Middle […] La entrada Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Constant

Source: www.darkreading.com – Author: Source: Jne Valokuvaus via Shutterstock Municipalities in the United States, and globally, are experiencing a fresh wave of ransomware attacks, with even big cities like Dallas falling to the gangs’ activities. As this string of cyberattacks continues, it highlights   show more ...

how a historically unprepared sector remains in desperate need of implementing viable […] La entrada Municipalities Face a Constant Battle as Ransomware Snowballs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Source: Mykhailo Polenok via Alamy Stock Photo Due to the lack of any data-protection impact assessments done on it, Kenya will not be launching a digital identification system this year after all. Kenya’s High Court paused the rollout of the “Maisha   show more ...

Namba” system, which was due to encompass digital ID cards, […] La entrada Kenyan Digital Identity System Shelved Over Data Protection Concerns – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Source: Primakov via Shutterstock Attackers are targeting WordPress users with a fake security alert that warns of a fabricated remote code execution (RCE) flaw; it offers a “patch” that in actuality spreads malicious code that can hijack the site. The email   show more ...

campaign, identified by researchers at both Wordfence and Patchstack, impersonates […] La entrada WordPress Bug ‘Patch’ Installs Backdoor for Full Site Takeover – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 About

Source: www.darkreading.com – Author: Source: Thomas Baker via Alamy Stock Photo In the United States, the Food and Drug Administration (FDA) is responsible for ensuring that healthcare products are safe and effective. Similarly, the Office of the National Coordinator for Health Information Technology (ONC)   show more ...

leads the government’s health IT efforts and promotes standards-based information exchange […] La entrada What the FDA and ONC Have Said About AI in Healthcare – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a   show more ...

photo of the spread on the Chinese […] La entrada Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International Institute of   show more ...

Information Technology (IIIT) at Hyderabad said that their tests showed that most password managers […] La entrada AutoSpill attack steals credentials from Android password managers – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development , Standards, Regulations & Compliance European Union Will Enact Comprehensive Regulations on AI David Perera (@daveperera) • December 8, 2023     The   show more ...

European Parliament in session in Brussels in 2020 (Image: Shutterstock) European lawmakers and officials announced a […] La entrada Europe Reaches Deal on AI Act, Marking a Regulatory First – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Company

Source: www.govinfosecurity.com – Author: 1 Yossi Appleboum is running security firm Sepio Systems in Israel while the Israel-Hamas war is going on. “It’s a challenging time,” he said, “but failure does not exist” – in business or in war. In this episode of CyberEd.io‘s   show more ...

podcast series “Cybersecurity Insights,” Appleboum discussed: The international support for Israel […] La entrada How a CEO Runs a Company in Wartime – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Saturday, December 09
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary