Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Anonymous Sudan Clai ...

 Firewall Daily

Hacker group Anonymous Sudan, known for promoting its DDoS-as-a-Service platform Skynet, has asserted responsibility for a cyberattack on Blizzard Entertainment. This comes as part of a series of attacks targeting prominent entities, including Google News, Radware, and Binance. Blizzard Entertainment boasts a stellar   show more ...

reputation for creating critically acclaimed games such as World of Warcraft, Overwatch, Hearthstone, StarCraft, and Diablo. Despite Anonymous Sudan’s claims, the Blizzard Entertainment e-store appears to be currently operational with no apparent signs of a cyberattack. Blizzard Entertainment Cyberattack Claims Source: Twitter Blizzard Entertainment, a renowned developer and publisher of entertainment software, operates the widely popular online gaming platform, Blizzard Battle.net. The Cyber Express has reached out to the organization to learn more about this Blizzard Entertainment data breach. However, at the time of writing this, no official statement or response has been received, leaving the claims for Blizzard Entertainment unverified. Previously, Blizzard Entertainment experienced a distributed denial-of-service (DDoS) attack on June 25, disrupting games such as World of Warcraft and Diablo 4. The Blizzard Entertainment cyberattack, affecting Blizzard’s network, led to players being unable to log in. Blizzard’s customer support team actively monitored the situation, addressing latency and connection issues.  Anonymous Sudan, a hacker group engaged in distributed denial-of-service (DDoS) attacks, has been active since early 2023, targeting entities in various countries, including Sweden, Denmark, America, and Australia. While the group purports to be based in Sudan and focuses on combating “anti-Muslim activity,” its actual origins remain unclear, with potential ties to Russia, both logistically and ideologically. The Ideology Behind Anonymous Sudan Attacks The group utilizes public warnings and propaganda to garner attention, positioning itself as Sudanese grassroots hacktivists. Anonymous Sudan’s targets often include countries and organizations involved in perceived “anti-Muslim activity.”  Notable instances of their attacks include a response to a far-right activist burning a Quran in Sweden and Denmark in February 2023, targeting Israeli websites in April 2023 due to the Israeli military’s actions in Palestine, and an attack on the fan-fiction website AO3 in July 2023 citing religious objections. It’s worth noting that Anonymous Sudan has also collaborated with pro-Russian attack groups like Killnet for attacks unrelated to their purported mission. Organizations facing DDoS threats can enhance their security by adopting standard DDoS mitigation best practices, considering the dynamic shift in hacker tactics.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyber Toufan Team La ...

 Firewall Daily

The infamous Cyber Toufan operations boldly declared their successful breach of Bermad, a prominent water system provider in Israel. The purported cyberattack on Bermad coincides with heightened tensions in the region, where there are allegations of restricted access to vital resources such as food, medicine, and   show more ...

water for Palestinians. Bermad Water Control Solutions, a key player in the global water systems industry (www.bermad.com), found itself at the center of Cyber Toufan’s assault. The group, expressing their dissatisfaction with the situation in the region, specifically targeted the largest water systems company in Israel.  The Intentional Cyber Toufan Cyberattack Spree The Cyber Express reached out to Bermad for official comments regarding the Cyber Toufan cyberattack. However, as of the time of writing, no official statement or response has been received from Bermad, leaving the claims unverified. Source: Twitter Interestingly, Bermad’s website remains operational, showing no apparent signs of the reported attack. Furthermore, Cyber Toufan operations expanded their cyber offensive by claiming breaches on several other Israeli organizations, including the renowned food company OSEM, the fashion brand H&O, and the e-commerce brand Hagarin. The motives behind these Cyber Toufan cyberattacks are rooted in allegations of support for Zionist causes and claims of harmful substances in products destined for Palestinians. The first leak revealed the complete database of Osem, a prominent Zionist food company currently owned by Nestle. Cyber Toufan accused the company of supporting the Israeli army and admitted to placing harmful substances causing cancer in the food destined for Palestinians. More Targeted Cyberattacks on Israel Organizations The second leak exposed sensitive information from the e-commerce website of H&O Fashion, a major player in Israel’s fashion-retail industry. The database included names, phone numbers, home addresses, emails, passwords (hashes), and more. H&O Fashion boasts an annual revenue exceeding US$100 million. Another breach targeted Hagarin, an Israeli agricultural supplies company with 37 branches across the occupied territories. Cyber Toufan justified the attack, citing Hagarin’s founding in 1896 by European refugees seeking asylum in Palestinian Muslim lands. Previously, Cyber Toufan Team’s hacking exploits targeted entities such as Soda Stream, the Back2School Project, and Israel’s Ministry of Health. The group, in a dark web post, claimed to have breached Soda Stream’s customer database, exposing the personal details of over 100,000 Israeli customers. A similar breach occurred with the Back2School Project, revealing sensitive information about registered individuals, including names, numbers, home addresses, emails, and hashed passwords.  The cumulative impact of these Cyber Toufan cyberattacks raises concerns about the growing sophistication and reach of cyber threat actors in the region. Israeli organizations are now confronted with the imperative to fight against hundreds of hacker groups supporting Palestine in this ongoing conflict.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for How to hack Android, ...

 Threats

A severe vulnerability has been found in the implementations of the Bluetooth protocol across several popular operating systems: Android, macOS, iOS, iPadOS, and Linux. This bug potentially allows remote hacking of vulnerable devices without any particular actions required on the part the user. Lets dive into the   show more ...

details. The Bluetooth vulnerability allows you to connect a fake keyboard The essence of the problem is that a vulnerable device can be forced to connect to a fake Bluetooth keyboard without requiring user confirmation — bypassing the operating systems checks responsible for the Bluetooth protocol. The unauthenticated connection feature is specified in the Bluetooth protocol, and issues with certain implementations of the Bluetooth stack in popular operating systems provide attackers with the opportunity to exploit this mechanism. The attackers can then use this connection to input commands, allowing them to execute any action as if they were the user — without requiring additional authentication such as a password or biometrics (like a fingerprint or face scan). According to the security researcher Marc Newlin who discovered this vulnerability, no special equipment is needed for a successful attack — just a Linux laptop and a standard Bluetooth adapter. As you might guess, the attack is inherently limited by the Bluetooth interface: an attacker needs to be in close proximity to the victim. This naturally rules out mass exploitation of the vulnerability in question. However, malicious actors exploiting this vulnerability could still be a worry for specific individuals of special interest to those actors. Which devices and operating systems are vulnerable? This vulnerability affects a range of operating systems and several classes of devices based on them — albeit with some variations. Depending on the OS used, devices may be more or less vulnerable. Android Android devices were the most thoroughly examined for the presence of the aforementioned vulnerability. Marc Newlin tested seven smartphones with different OS versions — Android 4.2.2, Android 6.0.1, Android 10, Android 11, Android 13, and Android 14 — and found that all of them were vulnerable to the Bluetooth hack. Furthermore, concerning Android, all thats required for this hack is for Bluetooth to be enabled on the device. The researcher informed Google of the discovered vulnerability in early August. The company has already released patches for Android versions 11 through 14, and sent them to manufacturers of smartphones and tablets based on this OS. These manufacturers now have the task of creating and distributing the necessary security updates to their customers devices. Of course, these patches must be installed as soon as they become available for devices running on Android 11/12/13/14. Until then, to protect against hacking, its advisable to keep Bluetooth turned off. For devices running older Android versions, therell be no updates — theyll remain vulnerable to this attack indefinitely. Thus, the advice to turn Bluetooth off will remain relevant for them until the end of their service life. MacOS, iPadOS, and iOS As for Apples operating systems, the researcher didnt have such a wide range of test devices. Nonetheless, he was able to confirm that the vulnerability is present in iOS 16.6, as well as in two versions of macOS — Monterey 12.6.7 (x86) and Ventura 13.3.3 (ARM). Its safe to assume that in fact a wider range of macOS and iOS versions — as well as related systems like iPadOS, tvOS, and watchOS — are vulnerable to the Bluetooth attack. Another piece of bad news is that the enhanced security mode introduced by Apple this year — the so-called Lockdown Mode — doesnt protect against attacks exploiting this Bluetooth vulnerability. This applies to both iOS and macOS. Just in case, we remind you how to properly turn off Bluetooth in iOS and iPadOS: this should be done not through the Control Center but through the Settings Fortunately, a successful attack on Apples operating systems requires an additional condition besides having Bluetooth enabled: the device must be paired with an Apple Magic Keyboard. This means that Bluetooth attacks primarily pose a threat to Macs and iPads used with a wireless keyboard. The likelihood of an iPhone being hacked through this vulnerability appears to be negligible. The researcher reported the discovered bug to Apple around the same time as Google, but so far theres been no information from the company regarding security updates, or a detailed list of vulnerable OS versions. Linux This attack also works for BlueZ — the Bluetooth stack included in the official Linux kernel. Mark Newlin confirmed the presence of the Bluetooth vulnerability in Ubuntu Linux versions 18.04, 20.04, 22.04, and 23.10. The bug that made the attack possible was discovered and fixed back in 2020 (CVE-2020-0556). However, this fix was, by default, disabled in most popular Linux distributions, and is only enabled in ChromeOS (according to Google). The Linux vulnerability discovered by the researcher was assigned the number CVE-2023-45866, and a CVSS v3 score of 7.1 out of 10, according to Red Hat. For successful exploitation of this vulnerability, only one condition needs to be met: the Linux device must be discoverable and connectable through Bluetooth. The good news is that a patch for this vulnerability in Linux is already available, and we recommend installing it as soon as possible.

image for Master the Defenses: ...

 Features

The ever-accelerating pace of technological advancement shapes our world, forging a double-edged digital landscape. On one hand, it fuels innovation and fosters connection while simultaneously becoming a dynamic battleground where security threats constantly evolve. Phishing scams lurk like cunning predators;   show more ...

ransomware attacks loom like digital storms, and the turbulent cyber threat landscape of 2023 demands immediate attention. As we step into 2024, the need for robust cybersecurity strategies rises to the forefront. To address this critical need, The Cyber Express Team has crafted a guide that transcends mere theoretical discussions. This roadmap provides practical guidance through eight essential cybersecurity best practices, venturing beyond the ordinary. This is not your run-of-the-mill guide. It eschews clichés and delves into uncharted territories of defense, empowering you with the knowledge and strategies needed to navigate the digital frontier with confidence. Cybersecurity Best Practices in 2024 1. Implement Strong Authentication Measures: Implementing strong authentication measures stands as a cornerstone in the arsenal of cybersecurity best practices for 2024. Gone are the days when a mere password was sufficient to safeguard digital fortresses. In this era, multifactor authentication (MFA) emerges as a stalwart defender, requiring users to go beyond traditional password inputs. Consider a scenario where, in addition to entering a password, users receive a one-time verification code on their smartphones. This dual-layered approach ensures that even if a password is compromised, unauthorized access remains thwarted. Biometric authentication, such as fingerprint or facial recognition, further elevates the security game. For instance, in March 2022, the cybersecurity world saw a major incident when the infamous Lapsus$ hacking group infiltrated Okta, a popular IAM provider. This breach exposed sensitive data from many organizations, including major companies such as Autodesk, Cloudflare, and GitLab. Okta later admitted that the breach occurred due to a lack of multi-factor authentication (MFA) for its SuperAdmins. Similarly, Cisco exposes data of millions of customers due to weak authentication: Cisco was forced to notify millions of customers that their data had been exposed due to a weak authentication vulnerability in its Webex cloud collaboration platform. The vulnerability allowed attackers to steal authentication tokens and gain unauthorized access to customer accounts. By requiring multiple forms of verification, strong authentication significantly reduces the vulnerability of accounts and systems to cyber threats, providing an extra layer of defense against unauthorized access and potential breaches. “Remember, the only thing ‘password123’ is protecting is your reputation as a hacker’s best friend. It’s like using a cardboard shield in a digital swordfight – you might as well be handing them the victory on a silver platter! So, get your creative juices flowing, mix up uppercase and lowercase letters, throw in some numbers and special characters, and create a password that’s so complex that even Sherlock Holmes would struggle to decipher it,” said Dr. Devam R Shah, CISO and Head of IT at Teachmint. 2. Regularly Update Software and Systems Maintaining up-to-date software and systems is a cornerstone of effective cybersecurity practices in 2024, comparable to securing physical doors and windows to deter break-ins. Similar to advancements in lock technology to outsmart burglars, software updates often include critical security patches to thwart cyber threats. Whether it involves operating systems, antivirus programs, or applications, staying vigilant about updates is paramount. For example, in February 2023, T-Mobile experienced its second data breach of the year, exposing PINs, full names, and phone numbers of over 800 customers. This breach resulted from a vulnerability in T-Mobile’s systems identified months earlier but left unpatched. Likewise, in October 2023, a data breach compromised the information of 23andMe customers due to a vulnerability in the company’s systems identified in 2021 but left unaddressed. Major platforms such as Microsoft Windows and macOS consistently release security updates to address vulnerabilities. Overlooking these updates is akin to leaving a back door open for cybercriminals to exploit known weaknesses. 3. Educate and Train Employees Educating and training employees goes beyond relying solely on a tech-savvy IT team; every individual within an organization is a linchpin in maintaining a secure digital environment. As Santosh Kamane, Co-Founder & CEO of CyberFIT Solutions Pvt Ltd, aptly puts it, “People are informational assets for every organization and when educated, they can be strongest link in the security chain.” Illustrating the significance of employee awareness, the data breach at Tesla, compromising the information of over 75,000 people, was attributed to “insider wrongdoing.” Two former employees violated Tesla’s data protection policies by sharing sensitive information with a German media outlet, leading to a lawsuit filed by the Musk-owned company. The breach exposed 100 gigabytes of personal employee data, including Elon Musk’s social security number. Conducting regular workshops and simulations to raise awareness about phishing threats. These sessions not only shed light on the various phishing tactics but also empower employees to identify and thwart potential attacks. An interactive training module that simulates a ransomware scenario, allowing staff to practice their response in a controlled environment. By instilling a culture of cybersecurity awareness through hands-on education, organizations can transform their workforce into a formidable line of defense against the ever-evolving landscape of cyber threats in the year ahead. This proactive approach, as endorsed by Kamane, emphasizes the pivotal role each individual plays in fortifying the overall security posture. 4. Employ Advanced Endpoint Protection Serving as a comprehensive digital shield, this approach extends beyond traditional antivirus measures, utilizing cutting-edge technologies such as machine learning and behavioral analysis. It acts as a vigilant digital guardian, capable of detecting and neutralizing potential threats in real-time, fortifying defenses against evolving risks. Examples like CrowdStrike and SentinelOne showcase the power of artificial intelligence to proactively respond to cyber threats, ensuring a resilient defense posture. 5. Encrypt Sensitive Data Just like sealing a letter in an envelope before sending it, encryption involves scrambling information into an unreadable format that can only be deciphered with the correct key. Picture this as your digital lock and key, ensuring that even if unauthorized eyes catch a glimpse, the content remains incomprehensible. For instance, when you send login details over the internet, encryption shields them from prying eyes. A classic example is the HTTPS protocol, where websites use encryption to secure the data exchanged between users and the site, guaranteeing a safer online experience. In an era where data is the new gold, encrypting sensitive information acts as an imperative shield, safeguarding against potential breaches and unauthorized access. 6. Embracing Threat Intelligence Platforms As we navigate through 2024, the cybersecurity landscape presents increasingly complex challenges. In response, the integration of advanced threat intelligence platforms has become more than a luxury—it’s a necessity. These platforms serve a vital role in safeguarding digital infrastructures, acting as vigilant sentinels in an ever-evolving digital environment. The core function of these platforms lies in their ability to aggregate and analyze data from a multitude of sources. This process equips organizations with real-time insights, enabling them to stay one step ahead of potential cyber threats. By leveraging these platforms, businesses can proactively identify vulnerabilities, anticipate cyber-attacks, and implement effective defenses on time. In this arena of digital defense, Cyble stands out as a prime example of excellence. It exemplifies the ideal blend of comprehensive features like Dark Web Monitoring, ASM, Vulnerability Management, Incident Response, and more. Choosing a threat intelligence platform like Cyble is not just adopting a tool; it’s embracing a strategic imperative. For organizations dedicated to maintaining a resilient and proactive cybersecurity posture, platforms like Cyble offer an indispensable shield in the battle against digital threats. 7. Conduct Regular Security Audits and Assessments Think of it as giving your digital defenses a health check-up – it’s not about waiting for symptoms; it’s about proactive prevention. By routinely examining your systems, networks, and applications, you can identify vulnerabilities before they become gateways for cyber intruders. For instance, consider simulating a phishing attack on your organization’s email system during these assessments. This hands-on approach allows you to gauge the effectiveness of your current security measures and implement necessary improvements. Additionally, by leveraging automated tools that scan for vulnerabilities or conducting penetration testing, you can mimic real-world cyber threats and fortify your defenses accordingly. 8. Establish an Incident Response Plan In 2024, adherence to cybersecurity best practices mandates that organizations establish a robust Incident Response Plan (IRP) as a foundational element of their security posture. The significance of this is highlighted by reports revealing that 36% of organizations in the Asia Pacific lack an incident response playbook, and 38% do not have a designated data protection officer or access to cybersecurity specialists. A pertinent example illustrating the repercussions of inadequate data security practices is the recent case of Morgan Stanley, facing a US$6.5 million fine for compromising customer data. This breach occurred during device decommissioning, resulting in unauthorized sales and missing servers. The distributed financial penalty across multiple states emphasizes the gravity of lax data security, with mandated improvements including encryption measures and comprehensive data management policies. A well-structured IRP is a systematic approach that outlines step-by-step procedures to be followed in the event of a cybersecurity incident. For instance, if a company detects a sophisticated malware attack attempting to compromise sensitive data, an effective IRP would involve predefined roles and responsibilities for the incident response team, a clear communication protocol for stakeholders and the public, and a detailed recovery plan to minimize downtime and data loss. To further fortify your organization’s cybersecurity stance, regularly check if your email ID has been compromised or leaked using tools like AmIBreached. This additional layer of vigilance complements the Incident Response Plan, enhancing your organization’s overall cybersecurity preparedness in the ever-evolving landscape of 2024. Additionally, proactive measures like regular simulations and training exercises can be integrated into the IRP to ensure the team is well-prepared to handle evolving cyber threats. Establishing an IRP not only enhances an organization’s ability to detect, respond, and recover promptly from cyber incidents but also contributes to the overall resilience and cybersecurity maturity of the enterprise in the dynamic landscape of 2024. To Warp Up As we traverse the digital frontier, embracing these strategies isn’t just a recommendation—it’s a commitment to building a resilient cybersecurity posture that safeguards organizations from the intricate challenges of the dynamic cyber landscape in the years to come. “By instilling a culture of vigilance and best practices, it empowers individuals to protect sensitive information, preserve privacy, and fortify the foundations of a secure digital society both in personal and professional life. Moreover, its impact reverberates through the realms of business and national security, solidifying its status as an indispensable component of contemporary digital existence,” said Santosh Tripathi, Director – Information Security & Compliance, Virsec. The Cyber Express Team stands ready to guide and empower, ensuring that your journey through the digital realm remains secure and fortified.

image for Peru Police Force Da ...

 Firewall Daily

The notorious hacking group LockBit has claimed responsibility for breaching the National Police Force of Peru, La Policia Nacional de Peru, throwing the country into a state of cyber vulnerability. The hackers’ January 30, 2025 deadline is peculiar, sparking suspicions in the Peru National Police Force data   show more ...

breach. The extended timeframe prompts questions about the attack’s motives or a potential typographical error. The Cyber Express Team, committed to verifying the National Police Force of Peru data breach, has reached out to official channels for confirmation. National Police Force of Peru Data Breach Uncertain As of now, an official response is pending, leaving the extent of the National Police Force of Peru data breach, the compromised data, and the hackers’ true motives shrouded in uncertainty. Source: Twitter What further deepens the concern is the accessibility of the official website. At the time of reporting, attempts to access the website were met with failure, intensifying the credibility of LockBit’s claim on the National Police Force of Peru data breach. This cyber intrusion follows LockBit’s recent attack on The Citizens Bank of West Virginia in the first week of December. The ransomware group accused the bank of prioritizing financial interests over client privacy and set a deadline for compliance – December 9, 2023. The situation is a reminder of the increasing audacity of cybercriminals targeting critical institutions. LockBit had previously boasted about successfully adding two more victims to its dark web portal in November – Planet Home Lending, LLC, and Community Dental, both based in the United States. However, authorities are yet to officially confirm these cyberattacks, emphasizing the need for vigilance and swift response measures to protect organizations from falling victim to such malicious activities. As the global cybersecurity landscape faces mounting challenges, stakeholders await the official statements from affected organizations, hoping to gain clarity on the scale of these breaches and the necessary steps to mitigate further damage. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit Ransomware G ...

 Firewall Daily

LivaNova PLC, a prominent US-based healthcare device manufacturer specializing in neuromodulation devices and cardiopulmonary products, has allegedly fallen victim to a malicious cyberattack orchestrated by the notorious LockBit ransomware group. The LivaNova data breach attack was detected on December 9, 2023, and   show more ...

the information was made public on the same day. LockBit ransomware group, a well-known threat actor in the dark web forums, claims a successful infiltration of LivaNova’s systems and takes responsibility for compromising a staggering 2.2 terabytes of sensitive data. This trove of information in this LivaNova data breach includes critical details such as product and software specifications, employee information from global offices, financial documents, client data, emails, patent details, and other confidential business information. LivaNova Data Breach and LockBit Ransomware Attack Source: Twitter The gravity of the situation escalated when LockBit, true to their modus operandi, uploaded the pilfered data onto a leak site, making it accessible to the public. LivaNova PLC, a major player in the healthcare equipment manufacturing sector, now faces severe implications from this LockBit ransomware attack. The impacted organizations, in this case, are solely LivaNova PLC and the fallout from this cyberattack is not confined to a specific region but spans across the United States, affecting North America as a whole. The threat actor set a deadline of December 9, 2023, for the potential publication of the compromised data. The post on the threat actor’s platform highlighted the vast array of information exfiltrated, ranging from detailed product information to confidential employee data, financial records, and more. The extent of the LivaNova data breach is comprehensive, impacting multiple facets of LivaNova’s operations. What’s Next for the LivaNova Data Breach Incident? Cybersecurity experts and industry observers are closely monitoring the situation, given the potential ramifications of such a data breach in the healthcare sector. LivaNova, however, has yet to release an official statement or response to address the alleged breach, leaving the claims unverified at this point. The Cyber Express has reached out to LivaNova for clarification and additional information regarding the alleged data breach. At the time of writing this, no official statement or response has been received from the company. This is an ongoing story and The Cyber Express will update this post once we have an official statement or confirmation by the organization over the alleged LivaNova data breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Darwinbox Allegedly ...

 Firewall Daily

An entity identified as ‘dawnofdevil’ has reportedly publicized the illicit offering of unauthorized VPN access to Darwinbox Digital Solutions Pvt Ltd, an India-based cloud human capital management (HCM) software firm, on the nuovo BreachForums. The threat actor asserts that a cyberattack on Darwinbox   show more ...

compromised VPN credentials that hold the capability to infiltrate crucial systems, including Gitlab, Jira, Jenkins, and Confluence. The disclosure of this potential cyberattack on Darwinbox unfolded as ‘dawnofdevil’ detailed the unauthorized access on the notorious BreachForums, a platform known for facilitating such clandestine transactions. It is noteworthy that the forum post lacks concrete evidence to validate the claims made by ‘dawnofdevil.’ Despite the absence of substantiating proof, the threat actor has affixed a price tag of US$2,000 to the compromised access. The Cyber Express Team has initiated contact with official representatives to verify the alleged cyberattack on Darwinbox. As of now, a response from the officials is pending. A curious point of observation is that, at the time of reporting, the official Darwinbox website remains fully accessible, casting doubt on the legitimacy of the cyberattack claims. Whether this is a strategic move for attention or conceals a different motive will only be clarified once an official response is issued by the concerned team on the Darwinbox cyberattack. Cyberattack on Darwinbox: Impact and Wider Ramifications The potential cyberattack poses a substantial risk to Darwinbox, a company specializing in cloud-based human capital management solutions. If the compromised VPN access is valid, it could potentially grant unauthorized entry to pivotal systems crucial for the company’s day-to-day operations. Gitlab, Jira, Jenkins, and Confluence serve as indispensable tools for software development, project management, and internal collaboration within the organization. Unauthorized access could lead to data theft, manipulation, or even disruption of essential services. Furthermore, the repercussions of this security threat extend beyond Darwinbox Digital Solutions Pvt Ltd, impacting the broader cybersecurity landscape in India. As a company operating within the Asia & Pacific (APAC) region, the compromise raises concerns about the overall security posture of organizations in this geographical area. ‘dawnofdevil’ Prior Claims Before this incident, during the first week of December, ‘dawnofdevil’ claimed to have breached the security of the Income Tax Department of India, alleging access to an email account hosted on the incometax.gov.in domain. The actor asserted that the compromised email could be exploited for registrations on various Indian government-affiliated websites using the ‘gov.in’ top-level domain, attaching a price tag of US$500 to the unauthorized access. However, this claim is yet to be verified. Cybersecurity Imperative This series of cyber threats highlights the critical need for organizations to adopt proactive cybersecurity measures. Continuous assessment and reinforcement of security protocols are imperative for safeguarding against evolving threats. Organizations are urged to stay vigilant, update their security measures regularly, and collaborate with industry experts to mitigate risks and protect sensitive information. The aftermath of these incidents is likely to stimulate a broader discourse on cybersecurity in the APAC region and emphasize the global necessity for robust measures against such evolving threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for McDonald’s Cyberat ...

 Firewall Daily

McDonald’s Hacked or so have three hacker groups—Lulzsec, ByteVigilante, and Moroccan Black Cyber Army — claimed. However, scepticism looms within the hacker community, with several hacker collectives demanding concrete evidence to substantiate the alleged McDonald’s data breach. The groups claimed   show more ...

to have admin panel access but failed to present additional evidence, casting doubt on their assertion of hacking McDonald’s website. The Cyber Express team attempted to access the McDonald’s website using their systems to authenticate the purported claims and discovered the website was operating without any apparent issues. We have also reached out to McDonald’s for an official statement regarding the McDonald’s cyberattack claims. However, no quote was obtainable from them at the time of compiling this report. McDonald’s Hacked: What We Know So Far McDonald’s has been hacked by Lulzsec, ByteVigilante, and Moroccan Black Cyber Army,” read the message on the Telegram post by the hacker collective while posting the claim. Lulzsec, ByteVigilante, and Moroccan Black Cyber Army asserted their infiltration into McDonald’s systems without providing any evidence to substantiate their claims, which was soon questioned by other hackers. In addition to the McDonald’s cyberattack claim, the hacker groups also directed insults towards Israel, India, and America and advocated for the liberation of Palestine. Below are the screenshots of the post by the group and the response they received.   Credit: @Cyberknow20 on “X” The group claims that they have the admin panel access, but can currently provide no further evidence. Analysts like CyberKnow are assuming that this “might be a case of going too early on the telegram post.” However, there is also a suggestion circulating among some hackers: “Let’s wait, maybe a defacement will emerge soon.” Impact of McDonald’s Cyberattack Claims If proven true, the claims of McDonald’s being hacked can have serious and wide reached impacts across the globe. McDonalds is a global brand serving in almost all the countries of the world. And the hacker collective gaining access to its admin panel can breach the personal details of the customers and employees of McDonald’s. A data breach at McDonald’s could have a widespread impact across the entire chain, affecting shippers, warehouses, retailers, and consumers. Such an incident could haunt the company for years, leading to system outages, ransomware threats, compromised records, and an elevated risk of fake identity impersonation, as well as other severe frauds and financial crimes. According to a recent study, 64% of consumers are unlikely give business to a company that has suffered from a data breach. A data breach can also make consumers more cautious of joining McDonald’s loyalty programs. Cybersecurity in Food Supply Chain Implement strong risk management practices, involving risk assessment, disruption likelihood estimation, and resource allocation aimed at mitigating potential risks. Employee participation in cybersecurity awareness training, staff education, and incident response plan assessment are all recommended. By putting security measures in place, including frequent software updates and security patches, strong password policies, cybersecurity awareness training for staff, network security with firewalls, intrusion detection and prevention systems, and encryption technologies, organizations like McDonald’s can avoid data breaches. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Threat Intel & Info Sharing

Both bugs were found this summer in Qlik Sense — a data analytics tool used widely among government organizations and large businesses. The vulnerabilities provide hackers with an entry point into systems and allow them to elevate their privileges.

 Expert Blogs and Opinion

Organizations must shift their data security approach to safeguard sensitive workloads from the moment they enter the data pipeline, rather than relying on securing data only in the cloud data warehouse.

 Trends, Reports, Analysis

As per a recent study by Bitwarden, approximately one-third of Americans use sports-related terms in their passwords, with professional sports teams being twice as likely to inspire these passwords compared to college sports teams.

 Trends, Reports, Analysis

According to a report from Veracode, two years after the disclosure of a critical vulnerability in Apache Log4j, nearly 2 in 5 applications are still using vulnerable versions, highlighting the persistence of security risks in software development.

 Malware and Vulnerabilities

Researchers have identified new techniques employed by the GuLoader malware to enhance its evasion capabilities and make analysis more challenging. The highly evasive shellcode downloader malware was found leveraging Vectored Exception Handler (VEH) capability. Organizations can leverage the latest YARA rules from Elastic Security to detect malware.

 Feed

Debian Linux Security Advisory 5573-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in   show more ...

several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

 Feed

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

 Feed

Ubuntu Security Notice 6543-1 - It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service.

 Feed

Red Hat Security Advisory 2023-7710-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2023-7709-03 - The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

 Feed

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals   show more ...

to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

 Firewall Daily

Residents of the United Arab Emirates had an unexpected interruption to their TV shows on Sunday night due to the UAE TV cyberattack that targeted set-top boxes directly and replaced regular content with information about Israeli atrocities in Palestine. According to Khaleej Times, the English newspaper of the United   show more ...

Arab Emirates, users of the impacted service noticed a dramatic change on European live channels along with a notice stating, “We have no choice but to hack to deliver this message to you.” UAE TV Cyberattack Decoded Following the initial interruption, screens transitioned to an AI news anchor displaying solemn images alongside a message regarding the plight of Palestinian women and children in Israeli jails. As of Monday, the hacking issue persisted without resolution. A Dubai resident described his disturbing experience related to the UAE TV cyberattack, “I was watching BBC News around 10:30 pm when the program was abruptly disrupted. Instead, harrowing visuals from Palestine appeared on my screen. I watched transfixed as my screen froze, and a message from the hacker popped up in all caps against a green background. This was immediately followed by a news bulletin presented by an AI anchor. It was surreal and scary,” reported Khaleej Times. The set-top box supplier admitted that their systems had been compromised and apologized in response to frantic communications from worried customers. They gave subscribers their word that they were looking into the issue seriously. It’s uncertain how common pirate satellite dishes and unlicensed decoders are in the United Arab Emirates. Nonetheless, the business faces severe financial consequences from broadcast piracy, which could cost hundreds of millions of dollars. Not The First Incident The UAE TV cyberattack is not the first incident of this kind. Several cyberattack events have been recorded since the commencement of the Israel-Palestine conflict. October of this year saw the announcement by Killnet, a group allegedly made up of volunteer patriotic Russian hackers, that they intended to assault all Israeli government systems using distributed denial-of-service (DDoS) attacks. By flooding websites with traffic, this cyber-attack technique takes them offline. The organization accused Israel of supporting NATO and Ukraine and placed the blame for the continued violence on the nation. Killnet then claimed credit for bringing down an Israeli government website and briefly causing disruptions to the Shin Bet security agency’s website. Similarly, a cybercriminal gang with ties to Iran was successful last month in breaking into a water facility northwest of Pittsburgh. The incident did not jeopardize water safety in the United States, but it is a clear example of the kind of damage that cyberattacks can do, bringing the effects of far-off conflicts dangerously close. Microsoft recently revealed an increase in activity from the Storm-1133 threat group, which is based in Gaza. Early in 2023, the gang allegedly focused its attention on Israeli companies involved in the energy, defense, and telecommunications industries. The recent UAE TV cyberattack replacing TV content with information about Israeli-Palestinian conflicts, highlights the growing global threat of cyber warfare. Global cyberattacks rose by 38% in the previous year. This was ascribed to: Increasingly nimble cybercriminals; a rise in ransomware groups; and taking advantage of remote workers’ usage of communication tools. To prevent cyber threats, users need to encrypt their network utilizing the control panel settings or a VPN to ensure that online transactions and data transfers are safe and secure. Other techniques to guarantee cybersecurity include creating a vulnerability management program, carrying out regular penetration tests, putting security information into practice, and managing events. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

The University of Wollongong has become the latest victim of a data breach, as confirmed by university officials. In a statement released over the weekend, the institution acknowledged the University of Wollongong data breach and assured the public that measures are being taken to contain the incident. Both staff and   show more ...

students are believed to be potentially affected. University of Wollongong Data Breach: More Details The university admitted to iTnews that it is “likely that data was accessed,” but emphasized that the breach has been “detected and contained” as of Sunday, December 10. The exact scope of the University of Wollongong data breach and the number of individuals affected remain undisclosed. The university is actively investigating the cause and extent of the University of Wollongong data breach while ensuring that normal operations continue uninterrupted. In a commitment to transparency, the university stated to the media house, “We are committed to keeping staff and students updated and informed as this situation develops.” Regulatory bodies and authorities have been notified about the University of Wollongong data breach, and the university has engaged external experts to support their efforts in addressing the breach. Cyberattacks on Educational Institutions This incident follows a series of cyberattacks on educational institutions globally. In November, Stanford University faced a cybersecurity incident, with the Akira ransomware group claiming responsibility. Fortunately, the investigation found no evidence of the attack affecting other parts of the university. In September, the Auckland University of Technology fell victim to a breach orchestrated by the Monti ransomware group. The group boldly claimed responsibility on their dark web channel, adding AUT to their “Wall of Shame.” The motive behind targeting the university remains unclear. Earlier in June, Manchester University grappled with threatening emails sent to staff and students, compelling the institution to consider paying a ransom. BBC reported that, following the Manchester University data breach, hackers are now employing a strategy known as “triple extortion,” involving unauthorized access to university systems. As educational institutions face an increasing threat from cyberattacks, authorities and cybersecurity experts are working diligently to enhance security measures and protect sensitive information. The University of Wollongong’s response to the data breach highlights the importance of swift action and transparency in such incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Cyber Essentials

Greece is establishing a national cybersecurity organization to combat hackers and ransomware gangs that target governments, state institutions, utilities, schools, hospitals, and companies. It is said that a proposal for establishing a National Cybersecurity Authority to safeguard public sector and private   show more ...

enterprises in industries like manufacturing, chemical distribution, and food items is being sent to Parliament by the New Democracy government. The proposal, which was put up by Digital Governance Minister Dimitris Papastergiou, proposes to create a National Cybersecurity Authority. Up until now, the Ministry of Digital Governance had a directorate dedicated to cybersecurity. National Cybersecurity Authority Of Greece The National Cybersecurity Authority will be established as a Legal Entity under Public Law, according to the Ministry of Digital Governance’s proposed draft law. The country’s integrated framework of policies, activities, and measures to attain a high degree of cyber security would be coordinated, implemented, and overseen by the new Authority. Under the direction of the Minister of Digital Governance, the National Cybersecurity Authority will serve as the exclusive and efficient organization tasked with creating and executing the National Cyber Security Strategy in conjunction with other capable authorities. The objective is to develop Greece’s cyber security ecosystem as well as the successful prevention and management of cyberattacks. Incidents Highlighting the Importance of National Cybersecurity Authority In late November, hackers stole hundreds of files from the University of the Aegean and posted them on the dark web. This was only the most recent in a series of cyberattacks against Greek government agencies. The Greek state’s real estate asset manager, Hellenic Public Properties Co. (HPPCC), was the most recent victim; other targets included the Ministry of Culture and Sports and the data bank that handled exam questions. That will only apply in 2023. Greek postal service, two hospitals, and state-run natural gas system operator DESFA were among the 2022 victims. Motive Behind Establishing National Cybersecurity Authority With the new arrangement, the nation will be able to fulfill certain national requirements and EU commitments, such as: Enhancing the National Cybersecurity Authority’s capacities and its operational and supervisory roles in relation to the execution of Directive 2022/2555 (NIS2 Directive). It is emphasized that there would be a significant increase in the number of supervised entities in both the public and commercial sectors following the adoption of the aforementioned regulation. About 70 entities are covered by the NIS 1 Directive; however, if NIS 2 is incorporated into Greek law, the number of entities will rise to over 2000. The Authority will serve as both a national coordination center and a national certification authority for cyber security at the same time. Maintaining public and corporate confidence in digital services. Institutional and technological defenses against online attacks and a general improvement in the nation’s cyber security. Encouraging cyber security investment and the improvement of the ability to obtain European funding. Bolstering the ecosystem for digital innovation. Advancing cybersecurity awareness and education and improving cybersecurity digital capabilities. In order for the National Cybersecurity Authority to upgrade the level of supervision, information, and support of the actors involved in the field of cybersecurity and create an environment with secure infrastructures in response to the pressing national needs as well as the imperative commitments made by the EU, the draft law is an essential first step. The guidelines state that medium-sized companies with over 50 employees and a balance sheet worth more than 10 million euros are qualified. Nonetheless, it is inevitable that the standards for a company to be covered by cybersecurity will only grow with time. This initiative for establishing a National Cybersecurity Authority underscores the growing global emphasis on cyber resilience and the critical role of national cybersecurity entities in safeguarding digital infrastructure. The establishment of the National Cybersecurity Authority is a pivotal and essential first step for Greece in upgrading the level of supervision, information, and support within the field of cybersecurity. This initiative not only addresses pressing national needs but also aligns with imperative commitments made to the European Union. It signifies Greece’s proactive stance in navigating the complex terrain of cybersecurity, emphasizing the importance of a coordinated and strategic approach in safeguarding digital infrastructure and fostering resilience against evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and

 Feed

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all processes without any limitations, making them more flexible than existing process

 Feed

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have been

 Feed

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based

 Feed

In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization's cybersecurity infrastructure, blending strategic guidance with actionable

 Feed

In the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker's mind and human psychology. Our upcoming webinar, "Think Like a Hacker, Defend Like a Pro," highlights this alarming trend. We delve deep into social engineering, exploring its

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being   show more ...

available for more than two years. Log4Shell is an unauthenticated remote code execution (RCE) flaw […] La entrada Over 30% of Log4J apps use a vulnerable version of the library – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman The ability to recover from failures, high loads and cyberattacks. Continue servicing workload requests during the recovery of failed components or services. Implementing security measures to protect cloud workloads from cybersecurity threats like DDoS.   show more ...

Maintaining uninterrupted service in the face of software, infrastructure and network failures or disruptions. Designing […] La entrada DEF CON 31 XR Village – Whitney Phillips’ ‘Augmented Reality And Implications On Mobile Security’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Daniella Balaban As we stand at the precipice of 2024, the intersection of artificial intelligence (AI) and cybersecurity looms large, with phishing attacks emerging as a focal point of concern. The integration of AI is poised to redefine the threat landscape, introducing   show more ...

unprecedented levels of complexity and stealth to these attacks. […] La entrada Navigating an AI-Enhanced Landscape of Cybersecurity in 2024: A Proactive Approach to Phishing Training in Enterprises – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Yehuda Raz SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its   show more ...

lifecycle, the SOC 2 certificate is equally challenging and worthwhile to […] La entrada The SOC 2 Compliance Checklist for 2023 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security. December 10, 2023 •  Dan Lohrmann Shutterstock When   show more ...

we look back at this past year’s cybersecurity stories a decade from now, […] La entrada 2023 Cyber Review: The Year GenAI Stole the Show – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 backup

Source: securityboulevard.com – Author: Michael Toback Importance of Server Backup: Understanding the Basics In today’s digital landscape, the importance of server backup cannot be overstated. Businesses are increasingly relying on technology to store and manage their critical data. As such, the need to   show more ...

protect this information from potential loss or corruption becomes paramount. A server […] La entrada Why Your Business Needs a Solid Server Backup Strategy: Expert Insights – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 articles

Source: securityboulevard.com – Author: Rom Carmel Managing access rights for users has persistently posed a challenge for organizations, regardless of their size or industry. Access governance aims to enhance productivity while minimizing security risks. Additionally, maintaining a transparent overview of   show more ...

individuals with access to particular digital assets and ensuring the legitimacy of that access within […] La entrada Top 5 Privileged Access Governance Capabilities for Compliance and Audit – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ChatGPT

Source: securelist.com – Author: Vladislav Tushkanov, Victor Sergeev, Andrey Ochepovsky, Yuliya Shlychkova In the whirlwind of technological advancements and societal transformations, the term “AI” has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this   show more ...

abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly securing a position […] La entrada Story of the year: the impact of AI on cybersecurity – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 11, 2023The Hacker News In the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker’s mind and human   show more ...

psychology. Our upcoming webinar, “Think Like a Hacker, Defend […] La entrada Webinar — Psychology of Social Engineering: Decoding the Mind of a Cyber Attacker – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 11, 2023NewsroomData Security / Mobile Security Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. “Despite their attractive appearance, these   show more ...

services are in fact designed to defraud users by offering them high-interest-rate loans endorsed […] La entrada SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 11, 2023NewsroomEndpoint Security / Malware A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.   show more ...

SafeBreach researcher Alon Leviev said the methods are “capable of working across all processes without […] La entrada New PoolParty Process Injection Techniques Outsmart Top EDR Solutions – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 The threat actor known as Lazarus Group has been observed targeting the Log4Shell vulnerability (CVE-2021-44228) in a new series of attacks dubbed “Operation Blacksmith.” According to a new advisory published by Cisco Talos security researchers earlier   show more ...

today, the attacks leveraged the Log4Shell flaw in publicly facing VMWare Horizon servers for […] La entrada Lazarus Group Targets Log4Shell Flaw Via Telegram Bots – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Europol has issued a new warning regarding an emerging trend in organized crime involving the use of Bluetooth trackers.  Originally designed to help individuals locate personal items and prevent vehicle theft, these small devices are being increasingly   show more ...

exploited by criminals for illicit activities. According to a new blog post published […] La entrada Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Agreement

Source: www.infosecurity-magazine.com – Author: 1 The EU reached a provisional deal on the AI Act on December 8, 2023, following record-breaking 36-hour-long ‘trilogue’ negotiations between the EU Council, the EU Commission and the European Parliament. The landmark bill will regulate the use of AI systems,   show more ...

including generative AI models like ChatGPT and AI systems used […] La entrada EU Reaches Agreement on AI Act Amid Three-Day Negotiations – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 alphv

Source: www.infosecurity-magazine.com – Author: 1 One of the most prolific ransomware-as-a-service (RaaS) groups operating today has suffered online disruption which intelligence experts have attributed to police action. Cyber-threat intelligence firm RedSense said in a post on X (formerly Twitter) on Friday   show more ...

that it could “confirm” the leak site belonging to ALPHV (aka BlackCat) had been […] La entrada ALPHV/BlackCat Site Downed After Suspected Police Action – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arrest

Source: www.infosecurity-magazine.com – Author: 1 Interpol has repeated warnings that human traffickers are fueling an online fraud epidemic in South East Asia and beyond, after revealing details of more arrests made during a recent operation. Operation Storm Makers II involved law enforcers from 27 countries   show more ...

in Asia, as well as Africa, the Middle East and […] La entrada Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor analyzed data from software scans over 90 days between August 15   show more ...

and November 15 2023. These covered 38,278 unique applications running Log4j […] La entrada Two-Fifths of Log4j Apps Use Vulnerable Versions – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ad blocker

Source: www.techrepublic.com – Author: TechRepublic Academy on December 11, 2023, 12:20 PM EST Get a VPN for Yourself and Your Employees This Holiday Season Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices. We   show more ...

may be compensated by […] La entrada Get a VPN for Yourself and Your Employees This Holiday Season – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Monday, December 11
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary