Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Kelvin Security Hack ...

 Firewall Daily

The Spain National Police have successfully arrested a key figure believed to be the leader of the notorious Kelvin Security hacker group. This cybercrime syndicate, known for its profit-driven activities, has been responsible for over 300 cyber attacks against strategic sectors across more than 90 countries in the   show more ...

past three years. The Kelvin Security arrest, which took place on Sunday, targeted an individual suspected of being a crucial player in the money laundering operations associated with the Kelvin Security hacker group. Remarkably, the apprehended person reportedly entered Spain under the guise of a tourist, highlighting the group’s sophisticated methods of operation. The Kelvin Security Arrest: Leader in Legal Clutches  The investigation into Kelvin’s Security arrest plan gained momentum three years ago when the group infiltrated systems belonging to prominent cities such as Madrid, Sevilla, and Badajoz, along with the regional government of Castilla-La Mancha. The Ministry of the Interior disclosed that security experts linked these Kelvin Security cyberattacks, at least in part, to the group after discovering posts on hacker forums advertising the sale of stolen data. Source: Telegram Kelvin Security hacker group, rumored to be a part of the GreyHat category, operates with intentions neither strictly malicious nor legal. The hacker group recently compromised a Chilean bank, exposing 17,736 records. The group has been active since 2013 and has claimed multiple data breaches from prominent organizations globally. The detained individual, whose identity is being withheld by the authorities, is identified as the head of Kelvin Security’s money laundering operations, predominantly dealing in cryptocurrency.  The Kelvin Security Arrest Plan: How Authorities Nabbed Kelvin Security Members The police reports indicate that the arrested Kelvin Security member, along with his wife and sister, entered Spain on November 18, destined for the Mediterranean coastal city of Alicante. Notably, they failed to board their return flight to Venezuela scheduled for November 29. Online reports suggest that the suspect is on a Caracas blacklist, hinting at his desire to leave the South American country. Kelvin Security’s cyber attacks have reached global proportions, with the group claiming responsibility for high-profile breaches. The group’s modus operandi involves targeting critical infrastructure and government agencies worldwide, with a focus on exfiltrating login credentials and sensitive internal information — something we’ve seen with modern-day ransomware operations.  This is an ongoing story and The Cyber Express is keeping a close look at any further developments in the Kelvin Security arrest story. We’ll update this post once we have more information from the Spain National Police about the Kelvin Security member arrest. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for How criminals disgui ...

 Business

Corporate information security specialists usually know quite a few confident employees who say that they dont click on dangerous links and are therefore not susceptible to cyberthreats. Sometimes those employees use this argument when asking to have corporate security measures turned off, which somehow interfere with   show more ...

work. But attackers often disguise malicious and phishing links, trying to confuse both mail filters and human observers. What they want is to make victims (even if they are examining URLs as we repeatedly advise) click on an address that actually takes them to a different one. Here are the most common methods used by cybercriminals to hide malicious or phishing URLs. An @ symbol in the address The simplest way to hide the real domain in the address is to use the @ symbol in the URL. This is a completely legitimate symbol that can be used to integrate a login and a password into the website address — HTTP allows to pass credentials to the web server via the URL simply by using login:password@domain.com format. If the data before the @ symbol is incorrect and not suitable for authentication, the browser simply discards it, redirecting the user to the address located after the @ symbol. So cybercriminals use this: they come up with a convincing page name, use the name of a legitimate site in it, and place the real address after the @ symbol. For example, look at our blogs address disguised in this way: http://convincing-business-related-page-name-pretending-to-be-on-google.com@kaspersky.com/blog/ It looks like a page with many words in the name hosted somewhere on the Google domain, but the browser will take you to http://kaspersky.com/blog/. Numbers instead of the IP address In the previous method, attackers often try to confuse the user with a long page name in order to distract them from the real address — because it still remains in the URL. But theres a way to hide it completely — by converting the IP-address of a site into an integer. As you may know, IP addresses are not very conveniently stored in databases. Therefore, at some point, a mechanism was invented to convert IP addresses into integers (which are much more convenient to store) and vice versa. And these days, when modern browsers see a number in an URL they automatically convert it into an IP address. In combination with the same @ symbol, it effectively hides the real domain. This is how a link to our corporate website can look like: http://google.com%@3109359386/ In using this trick, cybercriminals try to focus attention on the domain before the @ symbol, and make everything else look like some kind of parameter — various marketing tools often insert all sorts of alphanumeric tags into web links. URL shortener services Another fairly simple way to hide the real URL is to use one of the legitimate link shortening services. You can include absolutely anything inside a short link — and its impossible to check what hides there without clicking. http://tinyurl.com/ypzuvcht Google Accelerated Mobile Pages Several years ago, Google and some partners created the Google AMP framework — a service that was intended to help webpages load faster on mobile devices. In 2017, Google claimed that AMPed pages load in less than a second and use 10 times less data than the same pages without AMP. Now attackers have learned how to use this mechanism for phishing. An email contains a link starting with google.com/amp/s/, but if the user clicks it, theyll be redirected to a site that doesnt belong to Google. Even some anti-phishing filters often fall for this trick: due to Googles reputation, they consider such a link to be sufficiently reliable. Email service providers Another way to hide your page behind someone elses URL is to use an               ESP; that is, a service for creating legitimate newsletters and other mailouts. Weve already written in detail about this method in one of our previous posts. In short, criminals employ one of these services, create a mailing campaign, input a phishing URL, and as a result get a ready-made clean address, which has the reputation of an ESP company. ESP companies of course try to fight such misuse of their service, but it doesnt always work out. Redirect via Baidu The Chinese search engine Baidu has quite an interesting approach to showing search results. Unlike Google, it doesnt give you links to the sites, but instead makes links to itself with a redirect to the site searched for. That is, in order to disguise a malicious URL as Baidu, all cybercriminals need do is search for the page (and that is quite simple if you enter the exact address), copy the link and paste it in the phishing email. https://www.baidu.com/link?url=vukOBuG2XyoQemvCQbKuBASjyO_Bbnajh-Y2tfpVUdS&wd=&eqid=d89f5f0b0008c16800000006650d73cf And by and large, we dont know just how many other services there are that can redirect URLs or even cache pages on their side (be it for their own needs or in the name of convenience of content delivery). Practical takeaways No matter how confident your employees are, we doubt that they really can understand whether a link is dangerous or not. We therefore recommend backing them up with protective solutions. Moreover, we recommend to use such solutions both at the corporate mail server level, and at the level of internet-enabled working devices.

image for Microsoft Patch Tues ...

 Latest Warnings

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch   show more ...

batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users. Among the critical bugs quashed this month is CVE-2023-35628, a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. Kevin Breen, senior director of threat research at Immersive Labs, said the flaw affects MSHTML, a core component of Windows that is used to render browser-based content. Breen notes that MSHTML also can be found in a number of Microsoft applications, including Office, Outlook, Skype and Teams. “In the worst-case scenario, Microsoft suggests that simply receiving an email would be enough to trigger the vulnerability and give an attacker code execution on the target machine without any user interaction like opening or interacting with the contents,” Breen said. Another critical flaw that probably deserves priority patching is CVE-2023-35641, a remote code execution weakness in a built-in Windows feature called the Internet Connection Sharing (ICS) service that lets multiple devices share an Internet connection. While CVE-2023-35641 earned a high vulnerability severity score (a CVSS rating of 8.8), the threat from this flaw may be limited somewhat because an attacker would need to be on the same network as the target. Also, while ICS is present in all versions of Windows since Windows 7, it is not on by default (although some applications may turn it on). Satnam Narang, senior staff research engineer at Tenable, notes that a number of the non-critical patches released today were identified by Microsoft as “more likely to be exploited.” For example, CVE-2023-35636, which Microsoft says is an information disclosure vulnerability in Outlook. An attacker could exploit this flaw by convincing a potential victim to open a specially crafted file delivered via email or hosted on a malicious website. Narang said what makes this one stand out is that exploitation of this flaw would lead to the disclosure of NTLM hashes, which could be leveraged as part of an NTLM relay or “pass the hash” attack, which lets an attacker masquerade as a legitimate user without ever having to log in. ”It is reminiscent of CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook that was exploited in the wild as a zero day and patched in the March 2023 Patch Tuesday release,” Narang said. “However, unlike CVE-2023-23397, CVE-2023-35636 is not exploitable via Microsoft’s Preview Pane, which lowers the severity of this flaw.” As usual, the SANS Internet Storm Center has a good roundup on all of the patches released today and indexed by severity. Windows users, please consider backing up your data and/or imaging your system before applying any updates. And feel free to sound off in the comments if you experience any difficulties as a result of these patches.

image for Insomniac Games Cybe ...

 Firewall Daily

Insomniac Games, the prominent American video game developer, has become a target of an alleged cyberattack. Rhysida ransomware has claimed the Insomniac Games data breach, stating they have access to extensive information from the renowned developer of Spider-Man games. The Insomniac Games cybersecurity incident   show more ...

unfolded with the Rhysida ransomware making a bold statement on the dark web. The threat actor claimed to have gained access to a substantial amount of data, causing a stir in the cybersecurity space. This update regarding the purported Insomniac Games data breach surfaced on Twitter, shedding light on the potential magnitude of the security breach within Insomniac Games. Nonetheless, it’s essential to note that this cyberattack remains unverified despite assertions made by Rhysida ransomware regarding the Insomniac Games data breach Insomniac Games data breach: What we know so far Insomniac Games, Inc., founded in 1994 and part of PlayStation Studios, holds an important position in the gaming industry. Notably, the studio is the creative force behind the acclaimed Marvel’s Spider-Man game for the PlayStation console. While the hacker did not explicitly mention a “Spiderman PS4 cyberattack” or “Spiderman PS5 cyberattack,” the focus on Insomniac Games and its association with the popular Marvel Spider-Man game raises concerns about the potential compromise of sensitive information. The dark web post by the threat actor stated, “INSOMNIAC, 6 days 23:30:01… With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner! Price: 50 BTC.” Source: Twitter Insomniac Games Data Breach and Cyberattacks on Gaming Industry The Cyber Express reached out to the organization for an official statement regarding the alleged Insomniac Games data breach. However, as of the time of writing, no response has been received, leaving the claims of the Insomniac Games security breach unverified. Rhysida ransomware asserts that it has successfully infiltrated Insomniac Games and is actively offering “exclusive data” for sale. This incident is not an isolated event in the gaming industry, as The Cyber Express recently reported on another cyberattack targeting Blizzard Entertainment by the notorious Anonymous Sudan hacker group. Anonymous Sudan, known for its DDoS-as-a-Service platform Skynet, claimed responsibility for the cyberattack on Blizzard Entertainment, adding to a series of attacks on high-profile entities, including Google News, Radware, and Binance. Despite these claims, the Blizzard Entertainment e-store appeared operational, showing no apparent signs of a cyberattack. The situation remains fluid as the gaming industry faces an increasing wave of cyber threats, with the Insomniac Games data breach becoming the latest incident in a threat against gamers and video-related organizations.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Apple Rolls Out Cruc ...

 Firewall Daily

In a proactive move towards ensuring user safety, Apple released comprehensive security patches on Monday for a range of its products, including iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser. These Apple security updates aim to address a multitude of security vulnerabilities, reinforcing the tech   show more ...

giant’s commitment to user privacy and protection. The updates encompass fixes for a total of 12 security vulnerabilities in iOS and iPadOS, covering various components such as AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. Simultaneously, macOS Sonoma 14.2 resolves 39 shortcomings, which include six bugs affecting the ncurses library. Apple Security Vulnerabilities and Updates Source: Apple One noteworthy vulnerability, identified as CVE-2023-45866, was deemed critical due to its potential to enable an attacker in a privileged network position to inject keystrokes by mimicking a keyboard. This security vulnerability was brought to light by SkySafe security researcher Marc Newlin last week. Apple promptly addressed the issue in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, implementing enhanced checks to mitigate the risk. Apple users must stay informed about the latest security updates and patches. The company emphasizes the significance of keeping software up to date as a fundamental step in maintaining the security of Apple products. Users can easily update their devices to the latest versions, including iOS 17.2, macOS 14.2, tvOS 17.2, and watchOS 10.2, to ensure optimal security. The release includes a breakdown of the latest software versions and instructions on how to update each product, with specific attention to iOS, iPadOS, macOS, tvOS, and watchOS. It’s crucial to note that after updating software for iOS, iPadOS, tvOS, and watchOS, downgrading to the previous version is not possible. Apple Security Update to Fix Apple OS and Devices To streamline the update process, Apple has provided a comprehensive list of the latest security updates and Rapid Security Responses. These updates cover various Apple products, including Safari, macOS Monterey, macOS Ventura, iOS, iPadOS, tvOS, and watchOS, with each release tailored to specific devices and models. By prioritizing security, Apple aims to create a safer digital environment for its users, continually addressing emerging threats and vulnerabilities. Users are encouraged to leverage the provided information to stay vigilant and take proactive measures in safeguarding their Apple devices. As technology advances, staying ahead of potential security risks remains a collective responsibility, with Apple consistently playing its part through timely and comprehensive security updates. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Rumble Cyberattack C ...

 Firewall Daily

The widely-used video hosting platform Rumble confirmed a significant cyberattack that disrupted its services. The CEO took to social media to address the situation, revealing the extent of the Rumble cyberattack and hinting at potential political motives behind the incident. During the weekend, David Freiheit, also   show more ...

known as Viva Frei, alerted followers. on an alternative platform, ‘X’ (previously recognized as Twitter), about the disruption, indicating a significant and unparalleled attack. He stated, “I was planning to go live, but Rumble and Locals are down. Apparently, it is a massive, unprecedented attack. One that is likely politically motivated.” Rumble Cyberattack Confirmed In response to Freiheit’s post, Rumble CEO Chris Pavlovski confirmed the cyberattack via a tweet, affirming, “I can confirm that this attack has been unprecedented and has been happening since this weekend. I also suspect it is political, coming from activists and/or organizations who want to censor our creators, and related to J6 videos being posted on Rumble.” In response to the situation, the company proactively implemented measures to combat the Rumble cyberattack. Expressing gratitude, they thanked their cyber security partners and the entire team, viewing the incident as a learning experience that will make them stronger. Acknowledging the patience of their users and creators, Rumble’s statement read, “A big thank you to all users and creators who have been incredibly patient with us during this time.” Road to Recovery: Services Gradually Restored In a follow-up tweet, the Rumble team informed users that services were gradually returning to normal but added, “still more work to do.” Later in the day, they updated the community, confirming that “the majority of services have been restored” and mentioning ongoing efforts to resolve any remaining issues globally. Users, appreciative of the company’s proactive response, flooded the platform with messages of support. One user tweeted, “Thank you to all of the Rumble staff that worked so hard on getting services back online. I’m sure it wasn’t a fun day, and we appreciate you.” Another user expressed a sentiment shared by many, stating, “Their attacks show that Rumble is worth fighting for because free speech is worth fighting for.” As Rumble continues to recover from the cyberattack, the incident has highlighted the importance of cybersecurity in safeguarding platforms that champion free speech. As Rumble continues to recover from the cyberattack, the incident has underscored the importance of cybersecurity in safeguarding platforms that champion free speech. Rumble’s proactive response and the outpouring of support from users highlight the significance of standing up for free expression in the face of cyber threats. The Rumble cyberattack prompts a broader conversation on the role of technology and its vulnerability to external pressures in preserving open dialogue on online platforms. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Italian Health Servi ...

 Dark Web News

The L’Azienda USL di Modena Regional Health Service in Italy has reportedly fallen victim to a cyber breach allegedly orchestrated by the notorious hacking group Hunters International. The extent of the L’Azienda USL di Modena data breach, the motives behind the attack, and any potential compromise of sensitive   show more ...

data remain undisclosed, leaving the affected organization and the public in a state of uncertainty. L’Azienda USL di Modena Data Breach: More Details  The Cyber Express Team promptly reached out to officials for verification of the L’Azienda USL di Modena data breach claim. However, as of the time of writing, no official response has been received. Source: Twitter Adding to the mystery, the official website of the health service remains fully accessible, casting doubt on the authenticity of the hacking claim. Questions arise about whether this could be a tactic by the hackers to gain attention, or if their motives involve a different, yet undisclosed, target. A conclusive understanding of the situation awaits an official statement from the organization on the L’Azienda USL di Modena data breach. Hunters International: A Repetitive Attack Pattern This data breach on L’Azienda USL di Modena follows a similar pattern seen in November when Hunters International targeted InstantWhip with ransomware, adding the company to their growing list of cyberattack victims. InstantWhip, a significant player with a revenue of US$300 million, has yet to release any official statements regarding the alleged cyberattack. The situation bears resemblance to an earlier incident this year when Hunters International garnered notoriety for seizing control of the Hive ransomware from its original operators. Notably, on November 22, the Hunters International ransomware group shifted its focus to the Crystal Lake Health Center, a healthcare facility based in the USA. Known for audaciously targeting organizations, the hacking group claims access to a substantial 137.6 gigabytes of sensitive data from the healthcare facility. The cybercriminals boldly declared their responsibility for the cyberattack through a dark web posting, further emphasizing the group’s brazen approach to their illicit activities. As the L’Azienda USL di Modena Regional Health Service navigates the aftermath of the alleged breach, the cybersecurity landscape faces heightened scrutiny. Organizations worldwide are urged to reinforce their digital defenses against the evolving tactics of cyber adversaries, emphasizing the importance of proactive measures to safeguard sensitive information and maintain the integrity of critical services. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyble Reveals ‘Hig ...

 Firewall Daily

Prajitesh Singh, a senior researcher at Cyble Research & Intelligence Labs, detected a crucial Cross-Site Scripting Vulnerability (CVE-2023-6333) in ControlByWeb’s X-301 and X-332 web-enabled Ethernet I/O modules. These modules hold key roles in Critical Infrastructure sectors, heightening the potential   show more ...

impact of cyber threats on crucial systems. Cyble partnered with the vendor to disclose these findings and jointly submitted the information to the Cybersecurity and Infrastructure Security Agency (CISA) using the Vulnerability Information and Coordination Environment (VINCE) platform for the Coordinated Vulnerability Disclosure (CVD) program. The severity of the (CVE-2023-6333) vulnerability prompted its categorization as “high-severity” by CISA, highlighting its criticality and associated risks. Decoding ControlByWeb Vulnerability X332 relay (Source: https://www.controlbyweb.com/x332/) These impacted products serve as essential components across Multiple Critical Infrastructure sectors, with diverse industrial applications spanning motor control, lighting, coil management, pump regulation, valve operation, belt control, and more. Potential compromises in these systems could trigger a spectrum of severe consequences, from financial setbacks to the disruption of vital supply chains. Furthermore, vulnerabilities in these products could provide malicious actors with avenues to manipulate these systems, leading to physical infrastructure damage and endangering the safety of operators involved. A prime illustration of malicious actors’ keenness to compromise analogous systems emerged from the recent assault on the Municipal Water Authority of Aliquippa in western Pennsylvania. This incident was linked to CyberAv3ngers, an Iranian-backed cyber group, spotlighting their persistent pursuits in actively seeking fresh avenues to disrupt national services. Their focus particularly revolves around exploiting vulnerabilities and misconfigurations present in Industrial Control System (ICS) assets. Should an attack successfully breach these systems within an Operational Technology (OT) environment, the repercussions can be severe for the organization, national critical infrastructure, global supply chains, and the physical safety of engineers, operators, and heavy machinery alike. Mitigation Against the ControlByWeb Vulnerability Ensuring the security of these critical systems hinges on embracing a proactive approach against threats. Organizations can achieve this by adopting platforms like ODIN, specifically designed to furnish real-time threat intelligence. Such tools aid users in scanning internet-exposed assets, providing actionable insights that flag potentially vulnerable systems and products susceptible to targeting by malicious actors, ultimately safeguarding against potential compromises. Empowered by these insights, organizations can proactively address these products by rectifying identified vulnerabilities, implementing patches, deploying software updates, and disseminating information to their user base and relevant authorities. This promotes an atmosphere of collaborative information sharing and joint efforts to tackle potential threats. Singh emphasizes the collective impact of compromised critical products, stressing that the ramifications transcend individual organizations, industries, or nations. Given their integral role in the global economy, national security, international trade, and manufacturing, ensuring the continued security of these sectors is a universal concern. This imperative involves a collaborative effort encompassing entities from public organizations like CISA to OT/IT component manufacturers and all stakeholders in between. Cyble remains vigilant in its pursuit of vulnerabilities across exposed products, utilizing proprietary AI and ML algorithms embedded in all Cyble products. This proactive approach allows us to detect and report potential threats in real-time, often identifying issues before exploitation occurs. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for China Targets US: Al ...

 Cybersecurity News

Government officials and cybersecurity experts in the United States are claiming that the Chinese military is trying to breach vital infrastructure in the country, such as transportation networks and water and electricity utilities. Based on a report initially disclosed by The Washington Post, relying on information   show more ...

from anonymous officials and security experts, it is alleged that hackers associated with China’s People’s Liberation Army successfully breached the computer networks of approximately twenty-two significant organizations over the past year. The purpose of this infiltration was purportedly to execute a substantial cyberattack on the United States. Chinese-Affiliated Cyberattack on the US The incursions are suggested to be a part of larger attempts to devise strategies for inciting fear, destabilizing the situation, and impeding supplies if the United States and China go to war. A major port on the West Coast, an oil and gas pipeline, and a water utility in Hawaii are among the victims that Chinese hackers are allegedly targeting. It is also reported that the hackers made an effort to compromise the Texas power grid operator. In addition to people living in the United States, “several entities” allegedly outside the country are also listed as victims. Brandon Wales, the Executive Director at CISA told Washington Post, “It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis.” At the moment, no breach has been discovered to impact industrial control systems that perform vital tasks. The U.S. Pacific Fleet is based in Hawaii, therefore attacking a utility there is noteworthy. In the event of war, cutting off a utility could cause delays in the deployment of soldiers and supplies. Buzz on Social Media A lot of X (formerly Twitter) users are discussing the alleged Chinese-affiliated cyberattack on the US and suggest that they have “never seen” a cyber-incident of this magnitude. Experts are also expressing “astonishment” at the massive magnitude of the purported China-affiliated cyber-incident. Some experts are also suggesting that the cyberattack on the US is an attempt to target the banking sector and weaken the US’ Dollar. A few days back, Saudi Crown Prince Mohammed bin Salman met Russian President Vladimir Putin after Saudi Arabia joined the BRICS alliance to talk about ending the US dollar. Not the First Incident The report discussing the alleged Chinese-affiliated cyberattack on the US is a development in previous allegations, especially those that discussed Volt Typhoon, an alleged state-sponsored hacking outfit based in China that is also mentioned in the study. Researchers from Microsoft Corp. issued a warning in May about the Volt Typhoon, which has been active since mid-2021, and its possible preparation to interfere with U.S.-Asian communication networks in an emergency. The industries that the group targets are government, information technology, manufacturing, utilities, construction, communications, maritime, and education. Volt Typhoon campaigns prioritize stealth by employing cutting-edge strategies including hands-on keyboard activity and LOLBins living off the land. Obtaining credentials, preparing data for exfiltration, and utilizing legitimate credentials to remain persistent in infiltrated systems are some of the group’s strategies. Along with authorities from Australia, Canada, New Zealand, and the United Kingdom (the so-called Five Eyes countries), the National Security also released a Joint Cybersecurity Advisory that served as a manual for the strategies, methods, and protocols used in the purportedly Chinese state-sponsored attacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anonymous Collective ...

 Firewall Daily

The notorious hacktivist group, Anonymous Collective, targeted the United Arab Emirates’ government portal, claiming to have taken it offline. The group’s message explicitly links the UAE government portal cyberattack to the ongoing Israel-Hamas conflict, urging the UAE to cease its support for Israel and   show more ...

stand in solidarity with Palestine. Anonymous goes further, suggesting that Middle Eastern countries could have curtailed the conflict by temporarily cutting off oil supplies to the West, accusing them of prioritizing power and money over human lives. UAE Government Portal Cyberattack Claims and Counterclaims The extent of the UAE government portal cyberattack, including details about data compromise, remains undisclosed by Anonymous Collective. The Cyber Express Team reached out to officials for verification of the UAE government portal cyberattack claim but an official response is still pending. Source: Twitter Intriguingly, attempts to access the UAE government’s official website contradicted the hacktivist group’s claim of a UAE government portal cyberattack, indicating that the website was fully accessible. This raises questions about the accuracy of Anonymous Collective’s assertions about the cyberattack on the UAE government Portal, suggesting a potential tactic to gain attention and deliver a political message. Anonymous Collective’s Previous Cyberattacks  This incident follows Anonymous Collective’s claimed responsibility for a cyberattack on Cosmote, Greece’s largest mobile network operator, in December. The inaccessibility of Cosmote’s official website, persisting to date, has sparked concerns and questions about the validity of the hacktivist group’s statement. Despite this, no official statement from authorities has been released. In November 2023, Anonymous Collective orchestrated a Distributed Denial of Service (DDoS) attack on Cairo International Airport, alleging it was a response to Egypt’s perceived support for Israel in the Gaza conflict. The airport’s digital infrastructure, including its website and mobile application, reportedly suffered extensive damage, resulting in losses totaling millions of dollars. Once again, no official statement has been issued in response to this cyber assault. Anonymous Collective’s cyber offensives highlight the intensifying geopolitical tensions in the Middle East, particularly regarding the Israel-Hamas conflict. The group’s targeting of government portals, major corporations, and critical infrastructure highlights the interconnected nature of cyber warfare and geopolitical conflicts, as hacktivists use digital means to express their political and ideological stances. As governments and organizations grapple with these cyber threats, the far-reaching impacts of these attacks continue to reverberate, demanding a comprehensive and coordinated response to safeguard digital infrastructure and mitigate potential fallout. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Revealing the Editbo ...

 Dark Web News

A new menace has emerged on the dark web— the Editbot stealer. Recently discovered by Cyble Research and Intelligence Labs (CRIL), this Python-based information stealer poses a significant risk to social media users’ sensitive data. Initially detected in a WinRAR archive file on VirusTotal, the Editbot stealer   show more ...

exhibited minimal detection rates, prompting further analysis by CRIL. What unfolded was a meticulously designed multi-stage attack aimed at evading detection, downloading additional payloads, and establishing persistence on the victim’s system. Editbot Stealer: The New Information Stealer on the Dark Web Source: Cyble The campaign orchestrated by Threat Actors (TAs) involves leveraging open-source code-sharing platforms like Gitlab to fetch subsequent stage payloads. The downloaded payload, a Python-based stealer, is adept at pilfering critical information such as passwords, cookies, and web data. To complete its malicious agenda, the Editbot stealer utilizes a Telegram channel to transmit the stolen data back to the TAs. Source: Cyble Cyble Research and Intelligence Labs (CRIL) investigation on December 5th uncovered a potentially malicious RAR file on VirusTotal, leading to a swift examination as similar files surfaced within a short timeframe. The identified archive file is linked to a deceptive social media scam targeting users with the premise of a ‘defective product to be sent back.’ TAs exploit the appeal of popular products to lure users into interacting with deceptive pages, expanding their reach through user engagement. Source: Cyble The Editbot stealer employs a multi-stage infection strategy, utilizing a first-stage malicious batch file named “Screenshot Product Photo Sample.bat” and a JSON file named “manifest.json.” Through PowerShell commands, the TAs ensure persistence by downloading and executing the Python-based stealer at every login session. Source: Cyble The Features and Capabilities of Editbot Stealer Source: Cyble The technical analysis of the Editbot stealer reveals a highly sophisticated piece of malware. The Python script “libb1.py” enumerates running processes, extracts sensitive information from various web browsers, and transmits the data to a specified Telegram channel. Source: Cyble Upon execution, the stealer captures running processes and extracts sensitive information from browsers such as Chrome, Firefox, Edge, Opera, Brave-Browser, CocCoc, and Chromium. It meticulously retrieves files like Cookies, Login Data, Web Data, and Local State, saving them in a designated directory within the %temp% folder. Source: Cyble The Editbot stealer goes further by decrypting passwords and saving login details, URLs, and decrypted passwords in a text file named “pass.txt.” It also delves into the SQLite database file “Cookies,” extracting cookie information and storing details in “cookie.txt” if associated with a social media site. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

The exploit, which is an XSS vulnerability, allows players to display GIFs using HTML code blocks in-game. This poses a potential security threat to players, as the exploit can access player IP addresses and potentially execute code on their PCs.

 Malware and Vulnerabilities

Around 1,450 instances of pfSense, an open-source firewall and router software, are vulnerable to command injection and cross-site scripting flaws. These flaws, if exploited together, could allow attackers to execute remote code on the system.

 Feed

Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.

 Feed

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials,   show more ...

typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.

 Feed

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated   show more ...

in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in   show more ...

certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6547-1 - it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks.

 Feed

Ubuntu Security Notice 6546-1 - Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. Reginaldo Silva   show more ...

discovered that LibreOffice incorrectly handled certain non-typical hyperlinks. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary scripts.

 Feed

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

 Feed

Red Hat Security Advisory 2023-7714-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Cybersecurity News

Taiwan is intensifying efforts to fortify Taiwan cybersecurity defenses against a potential full-blown cyberattack from China. As fears mount over the vulnerability of Taiwan’s financial system to advanced hacks, government officials and financial institutions in Taipei are collaborating with US cybersecurity   show more ...

experts to enhance their digital resilience. Taiwan Cybersecurity: Alarming Rise in State-Sponsored Attacks The urgency to strengthen Taiwan cybersecurity is highlighted by the sharp increase in state-sponsored cyberattacks, which have more than doubled in the past three years. Taiwanese cybersecurity firm TeamT5 reports that the island’s government agencies and companies often remain oblivious to these sophisticated attacks, emphasizing Taiwan’s near-zero capability to defend itself effectively. Taiwan’s Ministry of Digital Affairs notes that the frequency and intensity of cyber threats surge in response to geopolitical events. For instance, during former House Speaker Nancy Pelosi’s visit in August 2022, Taiwan experienced a staggering 23-fold increase in foreign cyberattacks. The vulnerability was further highlighted as some government websites temporarily went offline due to distributed denial-of-service (DDoS) attacks. Taiwan Cybersecurity: Financial Sector Unprepared Despite hosting the world’s most advanced chipmaking technology, Taiwan’s financial sector still lags in cybersecurity preparedness. Simulated cyberattacks, including a recent drill by Boston-based SimSpace, revealed that Taiwan’s banks remain inadequately prepared to counter sophisticated threats, raising concerns about the potential impact on the island’s financial stability. Collaboration with US Experts In a bid to address these vulnerabilities, Taiwan is actively seeking assistance from US cybersecurity experts. The government is engaging with the US Treasury Department and collaborating with SimSpace Corp. to conduct simulated cyberattacks. The involvement of the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection aims to facilitate intelligence sharing on financial security and build simulators to replicate large-scale cyberattacks on the finance industry and trading systems. The looming threat of a cyberattack from China on Taiwan’s financial system is perceived as a potential prelude to military action. Chinese officials have expressed their preference for Taiwan’s voluntary unification with the People’s Republic but have not ruled out military force. President Joe Biden’s commitment to defending Taiwan in the event of an attack has escalated tensions between the US and China. Future Drills and Challenges in Taiwan Cybersecurity Taiwan envisions future drills that simulate infrastructure destruction leading to blackouts and communication breakdowns, mirroring events that might occur during natural disasters or military conflicts. The island seeks to avoid a repeat of previous cyber incidents, such as the 2020 ransomware attacks on major Taiwanese companies, linked to state-sponsored Chinese hackers. As Taiwan grapples with the increasing sophistication of cyber threats, the collaboration with US experts and the commitment to enhance Taiwan cybersecurity measures underscore the island’s recognition of the urgent need to fortify its digital defenses. In the face of geopolitical tensions and the potential for military action, Taiwan aims to bolster its resilience against cyber threats that could jeopardize its financial stability and national security. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

Norton Healthcare, a nonprofit healthcare institution, based in Kentucky, has acknowledged that during a previous ransomware assault, hackers gained access to the personal information of millions of patients and staff members during the Norton Healthcare cyberattack. Norton is the third-largest private employer in   show more ...

Louisville, Kentucky, and runs over 40 clinics and hospitals in the area. The organization employs over 20,000 people and has over 3,000 medical professionals on staff. Cyberattack on Norton Healthcare Norton stated that during its May ransomware attack, hackers gained access to the private information of about 2.5 million patients as well as staff and their dependents in a filing sent to Maine’s attorney general. The organization stated in a letter to individuals impacted that hackers gained access to “certain network storage devices between May 7 and May 9,” but they were unable to gain access to either Norton MyChart, the company’s electronic medical record system, or Norton Healthcare’s medical record system. On the other hand, Norton acknowledged that after a “time-consuming” internal investigation, which the company finished in November, it was discovered that hackers had access to a “wide range of sensitive information,” including names, dates of birth, Social Security numbers, information about health and insurance, and medical identification numbers. Details of the Norton Healthcare Cyberattack According to Norton Healthcare, the compromised information might have included digital signatures, driver’s license or other official ID numbers, and financial account details for some people. It’s uncertain if any of the information that was accessed was encrypted. The organization asserts that it reported the Norton cyberattack to law enforcement and that it paid no ransom. The infamous ALPHV/BlackCat ransomware gang claimed responsibility for the incident in May, according to data breach news site DataBreaches.net. The group claimed to have exfiltrated nearly five terabytes of data, but the organization did not identify the hackers behind the onslaught. This year, a number of U.S.-based healthcare firms, including Norton Healthcare, have suffered a data breach that has affected millions of people. US Healthcare Cyberattacks on the Rise According to a recent announcement from the U.S. Department of Health and Human Services (HHS), ransomware attacks have increased nearly threefold over the last four years, while “large breaches” reported to the Office for Civil Rights have increased more than twice. According to the federal government department, approximately 88 million people were impacted by the breaches reported this year, a 60% increase from 2022. The largest healthcare data breach of 2023, according to the HHS data breach site, involved the American healthcare company HCA Healthcare. Hackers had uploaded private patient information on a popular cybercrime forum, exposing the personal information of about 11 million patients. The second-largest healthcare data breach occurred at Perry Johnson & Associates, or PJ&A, a medical transcription firm with headquarters in Nevada. A cyberattack exposed nearly nine million patients’ private information. A breach at the massive American dentistry company Managed Care of North America (MCNA) that affected 8.9 million of the company’s clients came next. The Norton cyberattack underscores the critical need for robust cybersecurity measures, particularly within the healthcare sector. With millions of patients and staff members affected, the incident exposes the vulnerability of sensitive personal information to malicious actors. As the third-largest private employer in Louisville, Kentucky, Norton Healthcare’s significant reach and impact necessitate a comprehensive reevaluation of cybersecurity protocols to safeguard against future threats. The surge in healthcare-related data breaches, as highlighted by the U.S. Department of Health and Human Services, emphasizes the urgency for organizations to fortify their defenses against evolving cyber threats. The breach at Norton Healthcare, along with other major incidents in 2023, reinforces the imperative for a proactive approach to cybersecurity in the healthcare industry, incorporating encryption, regular audits, and heightened vigilance to protect the privacy and well-being of patients and staff alike. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

 Feed

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file

 Feed

A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. "MrAnon Stealer steals its victims' credentials, system

 Feed

2023 has seen its fair share of cyber attacks, however there’s one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the beginning.  Why non-human access is a cybercriminal’s paradise  People always

 Feed

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?  Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social

 Feed

The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and

 Cyber Security News

Source: thehackernews.com – Author: . Dec 11, 2023NewsroomThreat Intelligence / Cyber Attack Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that’s known to use a backdoor known as KEYPLUG.   show more ...

The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team […] La entrada Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts.   show more ...

Cisco Talos is tracking the activity under the name Operation […] La entrada Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 11, 2023The Hacker NewsvCISO / Cybersecurity In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a   show more ...

vCISO, come in. You are the person who […] La entrada Playbook: Your First 100 Days as a vCISO – 5 Steps to Success – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading Source: agefotostock via Alamy Stock Photo Interpol has announced Operation Storm Makers II, a coordinated effort among 27 individual Asian countries targeting cyber-fraud operations engaging in human trafficking to perpetuate their scams.   show more ...

But it appears that this kind of insidious operation is expanding to other parts […] La entrada Cybercrime Orgs Increasingly Use Human Trafficking to Staff Scam Mills – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE Orlando, FL, December 11, 2023 – Fortress Information Security (Fortress) and CodeSecure today announced a partnership to offer new capabilities to map open-source software components and find and understand quality and security defects in third party or   show more ...

commercial software. CodeSecure, a leading provider of application security testing products, enables Fortress to expand its […] La entrada Fortress Information Security & CodeSecure Team Up to Analyze SBOMs & Remediate Critical Vulnerabilities – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Convincing

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: AKP Photos via Alamy Stock Photo Attackers have used hundreds of fake profiles on LinkedIn — many very convincing — to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in   show more ...

specific roles to provide sensitive corporate information. In […] La entrada Convincing LinkedIn ‘Profiles’ Target Saudi Workers for Information Leakage – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Panther Media GmbH via Alamy Stock Photo Ghana’s Cyber Security Authority will lead the newly launched African Network of Cybersecurity Authorities (ANCA), a body established to improve cybersecurity coordination across the   show more ...

continent. Dr. Albert Antwi-Boasiako will serve as the inaugural chair of ANCA and […] La entrada Ghana Official to Head Africa’s New Cybersecurity Authority – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: David Carillet via Shutterstock North Korean hackers are still exploiting Log4Shell around the world. And lately, they’re using that access to attack organizations with one of three new remote access Trojans (RATs) written in   show more ...

the rarely seen “D” (aka dlang) programming language. The group behind this […] La entrada Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in ‘D’ – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading Source: imageBROKER.com GmbH & Co. KG via Alamy Stock Photo Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to   show more ...

a growing web of Chinese government-backed advanced persistent threat […] La entrada Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, the plugin helps admins automate site backups to local   show more ...

storage or a Google Drive account. The security bug (tracked as […] La entrada 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka “Log4Shell,” this time to deploy three previously unseen malware families written in DLang. The new malware are two remote access trojans (RATs)   show more ...

named NineRAT and DLRAT and a malware downloader named BottomLoader. The D programming language is […] La entrada Lazarus hackers drop new RAT malware using 2-year-old Log4j bug – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players’ IP addresses. While initially thought to be a more severe Cross Site Scripting (XSS) flaw, which allows   show more ...

JavaScript code to be executed in a client, […] La entrada Counter-Strike 2 HTML injection bug exposes players’ IP addresses – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. “Apple is aware of a report that this issue may have been exploited against versions   show more ...

of iOS before iOS 16.7.1,” the company said […] La entrada Apple emergency updates fix recent zero-days on older iPhones – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Toyota Germany is informing customers that their personal data has been stolen in a ransomware attack last month. The post Toyota Germany Says Customer Data Stolen in Ransomware Attack appeared first on SecurityWeek. Original Post URL: https://www.securityweek.   show more ...

com/toyota-germany-confirms-personal-information-stolen-in-ransomware-attack/ Category & Tags: Data Breaches,data breach,ransomware,Toyota – Data Breaches,data breach,ransomware,Toyota La entrada Toyota Germany Says Customer Data Stolen in Ransomware Attack – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Eduard Kovacs The FBI has issued guidance for SEC data breach reporting requirements and how disclosures can be delayed. The post FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure  appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/fbi-issues-guidance-for-delaying-sec-required-data-breach-disclosure/ Category & Tags: Data Breaches,Government – Data Breaches,Government La entrada FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure  – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Associated Press New “Sentinel” nuclear missiles will operate within a closed network but have additional security measures at the boundary and inside the network, enabling effective operation in a cyber-contested environment. The post A Gigantic New ICBM Will   show more ...

Take US Nuclear Missiles Out of the Cold War-Era but Add 21st-Century Risks […] La entrada A Gigantic New ICBM Will Take US Nuclear Missiles Out of the Cold War-Era but Add 21st-Century Risks – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.securityweek.com – Author: Ryan Naraine Cupertino’s flagship mobile OS vulnerable to arbitrary code execution and data exposure security vulnerabilities. The post Apple Ships iOS 17.2 With Urgent Security Patches appeared first on SecurityWeek. Original Post URL: https://www.securityweek.   show more ...

com/apple-ships-ios-17-2-with-urgent-security-patches/ Category & Tags: Mobile & Wireless,Vulnerabilities,Apple,Featured,iOS 16.7.3,iOS 17.2,iPhone,WebKit – Mobile & Wireless,Vulnerabilities,Apple,Featured,iOS 16.7.3,iOS 17.2,iPhone,WebKit La entrada Apple Ships iOS 17.2 With Urgent Security Patches – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 5G

Source: www.securityweek.com – Author: Ionut Arghire Researchers call attention to 14 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers. The post ‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/5ghoul-vulnerabilities-haunt-qualcomm-mediatek-5g-modems/ Category & Tags: IoT Security,Mobile & Wireless,Vulnerabilities,5G,CVE-2023-33042,CVE-2023-33043,MediaTek,Qualcomm – IoT Security,Mobile & […] La entrada ‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 alphv

Source: www.securityweek.com – Author: Ionut Arghire Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers. The post Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen appeared first on SecurityWeek. Original   show more ...

Post URL: https://www.securityweek.com/norton-healthcare-ransomware-hack-2-5-million-personal-records-stolen/ Category & Tags: Data Breaches,Fraud & Identity Theft,Ransomware,Alphv,blackcat,data extortion,Norton Healthcare – Data […] La entrada Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chromecast

Source: www.securityweek.com – Author: Eduard Kovacs Google has patched several high and moderate-severity Chromecast vulnerabilities demonstrated earlier this year at a hacking competition.  The post Google Patches Chromecast Vulnerabilities Exploited at Hacking Contest appeared first on SecurityWeek. Original   show more ...

Post URL: https://www.securityweek.com/google-patches-chromecast-vulnerabilities-exploited-at-hacking-contest/ Category & Tags: Vulnerabilities,Chromecast,hacking competition – Vulnerabilities,Chromecast,hacking competition La entrada Google Patches Chromecast Vulnerabilities Exploited at Hacking Contest – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations. The post North Korean Hackers Developing Malware in Dlang Programming Language appeared first on SecurityWeek. Original Post   show more ...

URL: https://www.securityweek.com/north-korean-hackers-developing-malware-in-dlang-programming-language/ Category & Tags: Malware & Threats,Lazarus,malware,North Korea – Malware & Threats,Lazarus,malware,North Korea La entrada North Korean Hackers Developing Malware in Dlang Programming Language – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BlackBerry

Source: go.theregister.com – Author: Team Register BlackBerry has decided its plan to split into two separate companies is not a good idea and will instead reorganize itself into two independent divisions. The former smartphone champ has two businesses: cyber security and IoT. Neither has thrived in recent   show more ...

years so, in pursuit of greater shareholder value, […] La entrada BlackBerry squashes plan to spin out its IoT biz – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Hundreds of suspected people smugglers have been arrested, and 163 potential victims rescued from servitude, as part of an Interpol-coordinated operation dubbed “Turquesa V” that targeted cyber criminals who lure workers into servitude to carry out   show more ...

their scams. The international law enforcement agency on Monday unveiled details of the […] La entrada Interpol moves against human traffickers who enslave people to scam you online – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​The Ukrainian government’s military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency’s database and backup copies. Following this operation, carried out by cyber units within Ukraine’s   show more ...

Defense Intelligence, military intelligence officers breached Russia’s federal taxation service central servers and 2,300 regional servers across […] La entrada Ukrainian military says it hacked Russia’s federal tax agency – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira’s security software. A considerable number of Windows 11 and Windows 10 customers have   show more ...

experienced these system freezes, with most linking the issues to Avira. According […] La entrada Avira antivirus causes Windows computers to freeze after boot – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Today is Microsoft’s December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution (RCE) bugs were fixed, Microsoft only   show more ...

rated three as critical. In total, there were four critical vulnerabilities, with one […] La entrada Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Mayank Parmar Microsoft has published a new update for Windows 11 versions 23H2 and 22H2 (KB5033375) to fix security vulnerabilities and improve Copilot. Windows 11’s December 2023 Update advances to Build 22631.2861 and adds new features like Copilot for   show more ...

multiple displays and Alt-Tab. You can grab the Patch by going to Start > Settings > Windows Update and clicking […] La entrada Windows 11 KB5033375 update released with upgraded Copilot AI-assistant – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Microsoft has released the KB5033372 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes Copilot for Windows and nineteen other changes to the operating system. KB5033372 is a mandatory Windows 10 cumulative update containing the   show more ...

December 2023 Patch Tuesday security updates. Windows users can install this […] La entrada Windows 10 KB5033372 update released with Copilot for everyone, 20 changes – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. The flaw is a code injection problem in the User Portal and Webadmin of   show more ...

Sophos Firewall, allowing remote code execution. Sophos fixed the security […] La entrada Sophos backports RCE fix after attacks on unsupported firewalls – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Kyivstar, Ukraine’s largest telecommunications service provider serving over 25 million mobile and home internet subscribers, has suffered a cyberattack impacting mobile and data services. The official website is offline, but the company informed   show more ...

subscribers via its social media channels that it was targeted by hackers this morning, causing a […] La entrada Ukraine’s largest mobile carrier Kyivstar down following cyberattack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company.  First Republic Bank was a commercial bank in   show more ...

the U.S., employing over seven thousand […] La entrada Cloud engineer gets 2 years for wiping ex-employer’s code repos – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Tuesday, December 12
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary