Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for LockBit Ransomware A ...

 Firewall Daily

The reputed German Energy Agency, Dena, has allegedly fallen prey to the notorious LockBit ransomware group. The Dena cyberattack came to light via a post on the threat actor’s dark web platform, where they disclose data breach incidents and include affected entities in their expanding list of victims. Having   show more ...

previously faced the ALPHV ransomware group, Dena now encounters a new threat from the LockBit gang, issuing a menacing ultimatum with a deadline of December 26, 2023. The threat actor asserts an alleged attack on the agency’s website. German Energy Agency Dena Cyberattack Source: Twitter The Cyber Express, seeking to shed light on this cybersecurity incident, reached out to the organization for official statements or responses regarding the Dena cyberattack. Regrettably, as of the time of this writing, no official communication has been received, leaving the claims of the German Energy Agency dena cyberattack unverified. The gravity of the situation is heightened by the threat actor’s assertion that they will publish the compromised data by the specified deadline. This looming deadline places immense pressure on Dena, yet without confirmation of the breach from the organization, the veracity of the threat actor’s claims remains uncertain. The LockBit ransomware group has been on a spree of cyberattacks throughout 2023, leaving a trail of victims in its wake. The group has employed a consistent modus operandi, posting messages on their leak site accompanied by deadlines. Among their recent claims are attacks on the MIRLE Group, an alleged cyberattack on Shimano and many more.  Who is the LockBit Ransomware Group? According to insights from BlackBerry, the LockBit ransomware gang is one of the most notorious hacker group. The group has claimed to be the “Robin Hood” of ransomware groups, however, their actions contradicts their statement.  While the FBI has not explicitly linked LockBit to Russian origins, their public communications, which reflect a broadly anti-Western stance, suggest affiliations with Russia and global affiliates. Notably, the group advocates for the “ethical” use of ransomware, asserting that they refrain from targeting healthcare, education, charitable, or social service organizations. Operating through a dark web portal on The Onion Router (TOR) network, the LockBit group not only recruits talent but also releases data from victims who resist their demands. The group, adopting a peculiar business model, assures victims that paying the ransom will result in the safe return of their data. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyberattack on India ...

 Firewall Daily

The StarsX Team hacker group has claimed responsibility for an alleged cyberattack on Indian government websites. The group made its announcement on a dark web forum, providing links to substantiate their claims. The attached links contained a list of alleged victims and references to check-host.net to support their   show more ...

assertions. Notably, the threat actor appears to be affiliated with Indonesia, as indicated by the Indonesian flag attached to the threat actor’s name. The claimed cyberattack specifically targeted five government websites: the Department of Justice, High Court of Punjab and Haryana, UP Police, Intellectual Property India, and the Employees’ State Insurance Corporation. Despite these claims, a closer inspection reveals that all the mentioned websites are currently functioning normally, showing no signs of the Distributed Denial of Service (DDoS) attack alleged by the threat actor. Claims of Cyberattack on Indian Government Websites Source: Twitter A DDoS attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. It involves the use of multiple compromised computers or devices to generate traffic, making it challenging for the targeted system to handle legitimate requests. Source: Twitter The Cyber Express reached out to some of the affected organizations to verify the alleged cyberattack on Indian government websites. As of now, no official statements or responses have been received, leaving the claims unverified. It’s worth noting that the StarsX Team hacker group has a history of targeting multiple countries. In a post from October, the group declared its intentions, stating that they are fighting to defend Palestine’s right to independence. The group condemned Israel, India, France, and America for alleged oppression of the Palestinian people and human rights violations. StarsX Team specifically identified these countries as their main targets. More Cyberattack Claims by StarsX Team Hacker Group Amidst the Israel-Hamas conflict, hacktivist collectives such as IRoX Team and StarsX Team have aligned themselves with opposing sides, conducting cyberattacks against each other’s digital infrastructure. The hacktivist groups have declared allegiance to Palestine and identified nations supporting Israel, including India, as their next targets. This increase in hacktivist activities coincided with the conflict between Israel and Hamas in October. The hackers accused certain countries of supporting Israel and condemned them for their involvement. Despite a temporary halt due, cyberattacks targeting countries supporting Israel resumed as indicated in a Telegram message. The message specifically called out India, the United Kingdom, and Australia as supporters of Israel, stating that they would not be spared from hacktivist actions. The situation reflects the growing intersection between geopolitical conflicts and cyber warfare, where hacktivist groups leverage digital means to express their political stances and carry out cyberattacks on perceived adversaries. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Invoices for deliver ...

 Business

At the end of the year, before the Christmas and New Year holidays, the accounting departments of many companies are busy — to put it mildly; especially in countries where the fiscal year is aligned with calendar year. Accountants are busy with financial reporting, planning budgets for the next financial period, and   show more ...

so on. And all that despite the pre-holiday fever where corporate parties are common and colleagues are often not so much in the mood for work. So, of course, cybercriminals cant ignore this situation: theyre actively sending fake invoices to random employees of companies, in the hope that someone will approve payment in the midst of document flood. Fraudulent email red-flags Firstly, the very fact that an email was sent to a random employee, and not directly to the accounting department, should get alarm bells ringing. Criminals usually have no means to obtain the real email addresses of corporate accountants; they use spam mailing databases, consisting primarily of publicly available contacts — so those emails are usually received by employees in HR, PR, technical support, and so on. Sometimes the senders of the fraudulent emails write that theyve lost the correct address, or made a typo while writing it down, so they ask to forward the invoice to accounting, or sometimes they dont bother themselves with explanations. Anyway, this cannot be an excuse for sending an email to a random address. If the invoice is really needed by one of the companys employees, they would contact the sender themselves, find out the reasons for the delay in delivery and, if necessary, clarify the email address of the accounting department. Forwarding unexpected emails to colleagues may do more harm than good, for a fraudulent email forwarded by a co-worker is more likely to work. If you forward an invoice to accountants, they may think that you want it to be paid. And in general, an email from an employee of the same company arouses less suspicion than external correspondence. Secondly, criminals understand that demanding a large amount of money is a bad idea. Its less likely that such an invoice will be paid without additional enquiries. Thats why they issue invoices for relatively small amounts — insignificant by the standards of a large company. Thirdly, in the vast majority of cases these kinds of invoices are for correspondence delivery services. Moreover, the accompanying email is written as vaguely as possible so that its not always clear whether the invoice was issued directly by the sender of some documents or by the delivery company. What are the scammers counting on? As mentioned earlier, criminals count on the year-ends heavy workload, folks general inattention, and non-specialists help in forwarding such emails to the accounting department. But the main reason why such schemes work is impunity. By and large, theyre not afraid of legal consequences. Fraudsters register a real company and send out invoices. Legally, this is a service that was paid for but not provided. Yet if someone were to take this to court, theyd probably be found guilty. But will anyone go to court over such trifling amounts of money? If you try to search the internet by the name of the company that issued the invoice, youll probably find a whole host of indignant comments from businesses that were deceived in a similar way. Presumably, from time to time, criminals change the legal entity trifling amounts — closing one company through bankruptcy and opening another one. How to stay safe? To begin with, we highly recommend using security solutions with effective anti-spam technologies at the corporate mail gateway level. As a rule, attackers send such emails in large quantities, which allows us timely classify such emails as spam. In addition, you should inform employees that an email received unexpectedly from someone unknown demanding a payment or personal data is a definitely a suspicious email. And if they want to forward it somewhere, they should send it only to the information security department with the comment possible fraud. Ideally, its a good idea to periodically increase employee security awareness; for example, using the automated online Kaspersky Automated Security Awareness Platform. This would allow employees to be prepared for unexpected emails from attackers, be they simple fraudulent spam emails or sophisticated spearphishing.

image for France Boosts ICC Cy ...

 Cybersecurity News

In response to a recent cyberattack, France has announced an additional allocation of US$465,000 (€500,000) to enhance the International Criminal Court (ICC) cybersecurity measures. The official release underlines France’s condemnation of the cyber threats and attacks on the Court, emphasizing the severe   show more ...

impact on its vital functions. Critical Focus on ICC Cybersecurity The French government expresses unwavering support for the ICC cybersecurity, recognizing its pivotal role as the only permanent international criminal court combatting impunity for the most serious global crimes. Source: Twitter Minister for Europe and Foreign Affairs Catherine Colonna reiterated this commitment on various occasions, including the 75th anniversary of the Universal Declaration of Human Rights on December 10 and the 25th-anniversary commemoration of the Rome Statute on July 17 in New York. France affirms its dedication to making the Rome Statute universal and ensuring the Court’s ability to fulfill its mission independently and impartially. This commitment is crucial to delivering justice to victims of international crimes. “France will continue its efforts to make the Rome Statute universal and to enable the Court to carry out its mission independently and impartially, as this is vital to ensuring that victims obtain justice,” reads the official release. Cyberattacks on France in 2023 The move to enhance cybersecurity comes amid a surge in cyber threats against France in 2023. In May, the politically motivated group NoName targeted French government websites, including the National Center for Space Studies and the Ministry of Labor. The group also claimed responsibility for an attack on the French Senate, citing displeasure with France’s collaboration with Ukraine on an aid package. In July, the notorious hacker collective Usersec joined forces with Anonymous Russia to announce a series of website defacement attacks on France. The threat was boldly proclaimed on the dark web, revealing plans for a coordinated assault. Additionally, Anonymous Sudan, a hacktivist group, threatened cyberattacks on France in August. While there have been no recent reports of attacks, the group has previously targeted hospitals, educational institutions, media companies, and the communication industry in France. In the same month, a threat group identifying as “We are KILLNET” executed a targeted cyberattack on France, focusing on its travel infrastructure. The attack strategically targeted iconic locations such as Metro France and the Heads of the Railway Station of France, indicating a deliberate and organized approach rather than a random cyber assault. France’s commitment to fortifying the ICC’s cybersecurity highlights the nation’s determination to combat cyber threats and protect the integrity of international institutions, signaling a proactive stance in the face of evolving cyber challenge

image for Ukrainian Cyber Stri ...

 Cybersecurity News

The Defence Intelligence of Ukraine infiltrated the Russian Federal Tax Service (FTS) – a significant blow to the aggressor state’s key institution. The operation, executed by Ukrainian military intelligence officers, involved breaching the heavily fortified central server of the Russian Federal Tax Service,   show more ...

subsequently extending to over 2,300 regional servers across Russia, including the temporarily occupied Crimea. Ukrainian Military Deploys Malware on Servers, IT Provider During the special operation, malware was deployed, infecting all targeted servers, as reported by Ukraine’s official website. Simultaneously, the Russian IT company Office.ed-it.ru, responsible for servicing the FTS, fell victim to a similar attack. The configuration files crucial for the operation of the extensive Russian taxation system were obliterated, destroying the entire database and its backup copies. The aftermath of the cyber onslaught has left the FTS in disarray. Communication between the central office in Moscow and the 2,300 territorial departments, as well as the connection between the Russian Federal Tax Service and Office.ed-it.ru, remains paralyzed. Source: Defence Intelligence of Ukraine Essentially, this marks the complete destruction of the infrastructure of one of Russia’s main state bodies and the loss of extensive tax data for an extended period. Source: Defence Intelligence of Ukraine The Ukrainian military intelligence now holds the reins of internet traffic for tax data across Russia. Source: Defence Intelligence of Ukraine Despite the Russians’ four-day-long attempts to restore the tax service’s functionality, experts predict that the paralysis of the Russian Federal Taxation Service will persist for at least a month. The complexity of the attack makes it nearly impossible to entirely revive the tax system of the aggressor state. Continued Assault on Kremlin Regime This recent cyber operation by the Defence Intelligence of Ukraine follows a pattern of successful attacks against key Russian agencies. Notably, the Ukrainian military intelligence recently targeted the Russian Federal Air Transport Agency (Rosaviatsia), gaining access to classified service data. The cumulative impact highlights a serious blow to the Kremlin regime, temporarily stripping it of control over critical financial structures and tax administration. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ukraine’s Largest ...

 Firewall Daily

A powerful cyberattack has affected Kyivstar, the largest telecommunications company in Ukraine, causing phone and internet services to be disrupted for people nationwide. Kyivstar confirmed the incident on Tuesday in a Facebook post, stating that the Kyivstar cyberattack resulted in a “technical failure” that   show more ...

prevented clients from accessing the internet or their mobile devices. According to the corporate website, Kyivstar provides services to over 24 million cell phone subscribers and over 1.1 million home internet users. Kyivstar Cyberattack Decoded Facebook Update by Kyivstar Authorities in the Ukrainian city of Sumy, located in the north, have cautioned that the Kyivstar cyberattack has also impacted their air raid alarm system. The regional military administration of Sumy sent a statement on Telegram stating that “the notification system will not work temporarily.” Telegram Post by Sumy’s regional military administration Oleksandr Komarov, CEO of Kyivstar said, “Unfortunately, the operator was the target of a very strong cyberattack this morning, which has prevented access to the internet and communications services.” He claimed in a video message that the Kyivstar cyberattack was conducted by Russian-backed cyber adversaries. According to Komarov, cyberspace is just one of the many elements of the conflict with the Russian Federation. Oleksandr continued, “It is still not completely clear” when the telecom giant will resume regular operations in his video statement. The parent company of Kyivstar, VEON, which is based in the Netherlands, stated in a release that its technical teams are “working on eliminating the consequences of the hacker attack and restoring communication as soon as possible.” Kyivstar Network to Collaborate with Ukrainian Law Enforcement To find out the specifics and impacts of the cyberattack on Kyivstar network, they are closely collaborating with Ukrainian law enforcement. In order to put in place extra security measures to stop any repetition, VEON and Kyivstar are carrying out a comprehensive internal investigation of the incident. As per Kyivstar’s knowledge at the time of this release, no subscriber’s personal information has been compromised. The release also stated, “The exact magnitude of the financial impact is not yet quantifiable as it will depend on how long services are impacted.” While apologizing for the “temporary inconvenience” and promising to reimburse impacted users, Kyivstar insisted that subscriber privacy had not been violated. “Indeed, our adversaries are cunning. However, we are prepared to meet any challenges head-on, conquer them, and carry on working for Ukrainians,” the business continued. Cybercriminals also targeted Monobank, one of the biggest banks in Ukraine, at the same time as Kyivstar cyberattack. Oleh Gorokhovsky, a co-founder of the bank, stated in a post on Telegram that the company had been the victim of a “massive DDoS” attack—a term used to describe cyberattacks in which large amounts of unsolicited traffic are sent in an attempt to bring down websites and services—but that “everything is under control.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Akira Ransomware Hit ...

 Firewall Daily

The notorious Akira ransomware group has targeted Wondrium, an expansive online education platform covering a multitude of subjects. The alleged cyberattack on Wondrium raises alarms due to claims by cybercriminals of gaining control over clients’ personal data and sensitive information. The purported   show more ...

cyberattack on Wondrium carries significant implications, potentially jeopardizing sensitive client data, financial records, and intricate course details. If confirmed, the fallout could be extensive. The Cyber Express team has reached out to Wondrium to gather more information about the alleged cyberattack. However, at the time of writing this report, no official comment was received. Cyberattack on Wondrium Wondrium joins a growing list of high-profile entities targeted by the Akira ransomware group, underlining the urgency for organizations to bolster their digital defenses in the face of constantly increasing amounts of cyber threats. “60 GB of data will be uploaded. Clients information, lots of accounting and finance data, course info, and even a holiday video! We will update soon,” read the dark web post by the hacker collective while claiming the cyberattack on Wondrium. (Source: Twitter) Wondrium, formerly known as The Teaching Company, stands as a prominent media production firm specializing in educational content creation. Renowned for its diverse array of video and audio materials, including courses, documentaries, and series, it operates under two distinct content brands: Wondrium and The Great Courses. Founded by Tom Rollins, the company’s headquarters are located in Chantilly, Virginia, United States. Wondrium operates under the umbrella of its parent organization, Brentwood Associates. Impact of Wondrium Cyberattack The estimated annual revenue of Wondrium falls within the range of $150 million to $250 million. If confirmed, the cyberattack on Wondrium could have severe repercussions. Exposure of client information from the alleged cyberattack on Wondrium can lead to serious identity impersonation threats, security threats and vulnerability towards falling prey to phishing attacks. Moreover, the compromise of accounting and finance data poses a significant threat, potentially leading to financial crimes and fraud for clients, while also subjecting Wondrium to potential fines and expenses. Reputational damage is another threat to Wondrium currently, it might lose client trust in the market and might also start losing its business. The cyberattack on Wondrium is part of a disturbing trend. Preventing such incidents requires a multifaceted approach like regularly updating software and operating systems is crucial to patch vulnerabilities that cybercriminals exploit. Implementing strong authentication practices, such as multi-factor authentication, adds an extra layer of security, making unauthorized access more challenging. Employee training on cybersecurity best practices, including recognizing phishing attempts and practicing safe online behavior, is paramount. Employing robust firewalls and security software helps monitor and filter network traffic for potential threats. Additionally, regular data backups ensure that critical information is secure and can be swiftly recovered in the event of a cyber incident, such as a ransomware attack or data loss, minimizing potential damage. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Incident Response, Learnings

An independent review found that the breach was a result of multiple factors and highlighted the organization's lack of a data protection strategy. It also noted that the PSNI had not fully implemented the 2018 Data Protection Act.

 Breaches and Incidents

The Lazarus APT group, in Operation Blacksmith, exploits the Log4Shell vulnerability to deploy new malware threats, focusing on global manufacturing, agricultural, and physical security sectors. The campaign is believed to have been active since March. Organizations are suggested to engage with threat intel sharing platforms to stay ahead of the curve in protecting systems.

 Incident Response, Learnings

As a result of the investigation, disciplinary action has been taken against 15 Air National Guard leaders, including the removal of commanders, and the USAF has implemented reforms to strengthen classified data access standards.

 Breaches and Incidents

The effects of a November ransomware attack against Oceanside, California’s Tri-City Medical Center were contained more than two weeks ago, but now those behind the cyber incident are publishing stolen data on the dark web.

 Malware and Vulnerabilities

Sophos has backported the patch for CVE-2022-3236 to end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the vulnerability. The code injection vulnerability is being actively exploited by threat actors to target South Asia.

 Breaches and Incidents

The exposed information included donor names, addresses, payment methods, and even sensitive data about children associated with the organizations, posing a potential risk for phishing attacks and fraudulent donation requests.

 Feed

Ubuntu Security Notice 6549-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Debian Linux Security Advisory 5576-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

 Feed

Ubuntu Security Notice 6548-3 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in   show more ...

certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6534-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6553-1 - Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial of service via application crash.

 Feed

Ubuntu Security Notice 6554-1 - Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation.

 Feed

Ubuntu Security Notice 6548-2 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in   show more ...

certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6549-2 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6534-2 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6552-1 - Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly handled certain specially crafted Spotlight requests. A remote attacker could possibly use this issue to cause heap corruption and execute arbitrary code.

 Feed

Ubuntu Security Notice 6551-1 - It was discovered that Ghostscript incorrectly handled writing TIFF files. A remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service.

 Cybersecurity News

The United States Senate officially announced Harry Coker, Jr. as the National Cyber Director in the White House Office of the National Cyber Director (ONCD), marking a pivotal milestone in fortifying the nation’s cybersecurity posture. In his capacity within the ONCD, Coker assumes a central role as the   show more ...

principal advisor to the President on matters of cybersecurity policy and strategy. In an official statement, Drenan Dudley, the Acting National Cyber Director, expressed delight at the Senate’s decision, stating, “We are pleased that the Senate has confirmed Mr. Coker as our next National Cyber Director.” Established in 2021 to navigate the evolving cybersecurity landscape, the ONCD faced a leadership vacuum after the departure of inaugural director Chris Inglis in February. Dudley, who took on the role in November, conveyed his enthusiasm for Coker’s stewardship, emphasizing the pivotal role he will play in advancing the implementation of President Biden’s National Cybersecurity Strategy. Dudley highlighted Coker’s extensive four-decade experience in both the public and private sectors, expressing confidence that it would significantly contribute to ONCD’s success. Looking ahead to Coker’s leadership, Dudley stated, “We anticipate his guidance in advancing the work underway to implement President Biden’s National Cybersecurity Strategy. On behalf of the entire team, we welcome Mr. Coker’s stewardship in this next chapter for ONCD.” Harry Coker: A Seasoned Leader with a Rich Background Harry Coker, Jr. brings to the role an impressive four-decade career, blending his expertise from both the public and private sectors. As a graduate of the US Naval Academy, the Naval Postgraduate School, and Georgetown University Law Center, Coker’s educational foundation is robust. His recent role as the Executive Director of the National Security Agency (NSA) showcased his leadership prowess, earning him accolades like the National Intelligence Distinguished Service Medal, the NSA Director’s Distinguished Service Medal, and the IC EEOD Outstanding Leadership Award. As indicated in a biography provided by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, where he serves as a senior fellow, Coker occupied significant roles within the CIA over a seventeen-year span. These pivotal positions included assignments in the Directorate of Digital Innovation, the Directorate of Science & Technology, and the Director’s Area. His service included roles such as the Director of the Open Source Enterprise, responsible for leveraging publicly available information, and Deputy Director of the CIA’s Office of Public Affairs, overseeing the Agency’s internal and external communications and media relations. Notably, Coker was part of the select team that designed the Agency’s organizational construct and operating model. His leadership was integral to formulating and executing the Diversity in Leadership Study, and he served on the Executive Diversity & Inclusion Council. Recognition for his contributions came in the form of the Presidential Rank Award and the CIA’s prestigious Don Cryer Award for Diversity & Inclusion. Coker’s Vision for the Future: Building on ONCD’s Foundation During his nomination testimony, Coker expressed appreciation for the existing work ONCD has undertaken, including the comprehensive strategy, implementation plan, and national cyber workforce and education strategy. He assured the Senate Homeland Security and Governmental Affairs Committee that he would “frankly, continue the good work that ONCD has done with its partners.” Coker’s commitment to advancing the National Cybersecurity Strategy aligns with the ONCD’s multifaceted approach outlined in its implementation guide. This guide considered a “living document,” encompasses over 65 initiatives addressing critical areas such as infrastructure regulations, cyber diplomacy, and workforce issues. Coker’s leadership is crucial in navigating this intricate landscape and ensuring the successful execution of these initiatives. Challenges on the Horizon: Navigating Friction and Overlapping Authorities Coker steps into his role amidst reports of friction among top cybersecurity officials, highlighting the complexity of the cybersecurity landscape. Inglis, the former ONCD director, reportedly left the office due to a tense relationship and seemingly overlapping authorities with Anne Neuberger, the deputy national security adviser for cyber and emerging technology, and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA). These dynamics add an additional layer of complexity to Coker’s responsibilities. As the National Cyber Director, he will need to navigate and foster collaboration among key players in the cybersecurity domain, ensuring a unified and strategic approach to addressing the nation’s cyber threats. Optimism for the Future: Coker’s Leadership and Cybersecurity Resilience As the Senate’s confirmation of Harry Coker, Jr. ushers in a new era for the ONCD, there is a palpable sense of optimism for the future of cybersecurity initiatives in the United States. With Coker’s wealth of experience, commitment to diversity and inclusion, and dedication to advancing the National Cybersecurity Strategy, the nation is poised to strengthen its resilience against evolving cyber threats. As he takes the helm at the ONCD, Coker’s leadership is expected to be instrumental in shaping a more secure and robust cybersecurity landscape for the United States.

 Data Breach News

In a recent development following The Cyber Express’ report on the Toyota Financial Services cyberattack, the European branch of the Japanese automaker’s financing and leasing subsidiary has now confirmed that a third party claims to have stolen data from TFS. The official statement from Toyota Financial   show more ...

Services Europe & Africa reveals that the hacker group provided access to the data via download. An official spokesperson told The Cyber Express, “We can confirm that a third party has posted data that it claims to have stolen from TFS. They have provided access to the data via download. Law enforcement and certain authorities have been informed. We are working tirelessly to investigate the issue and the data in question.” Toyota Financial Services Cyberattack: Officials Exercise Caution Speculations arose when it was reported that criminal operators were demanding US$8 million to delete the allegedly stolen data, providing a sample of 32 documents from 10 separate files. The situation is being closely monitored, and the company officials remain cautious about commenting on the current status, including any potential contact with hackers. The Cyber Express reached out to Toyota Financial Services for further details. The officials responded to TCE, “We cannot comment on the current status, including whether or not we have been in contact with hackers, but can confirm that we are following the advice of law enforcement authorities and legal experts.” The official website statement, released on November 16, mentioned that unauthorized activity was detected on systems, leading to the compromise of personal data. Affected customers have been informed, and Toyota Kreditbank’s systems have been gradually restarted since December 1st, with the highest priority placed on the security of personal data and customer protection. At the time of this report, more than 6,000 viewers have visited the Medusa Toyota Financial Services blog post, raising concerns about the extent of the cyberattack and its potential implications. For a detailed report on the Toyota Financial Services Cyberattack Click Here Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

The UK Ministry of Defence (MoD) is now grappling with a £350,000 (approximately $440,000) fine imposed by the Information Commissioner’s Office (ICO) due to the Afghan evacuation data breach. The security lapse occurred in safeguarding the information of Afghans seeking relocation after the Taliban’s   show more ...

takeover in 2021. The ICO stated that this oversight had the potential to pose a serious threat to the lives of individuals involved. Addressing the issue, U.K. Information Commissioner John Edwards expressed deep regret over the Afghan evacuation data breach, emphasizing the breach’s severity in failing to uphold the security obligations owed to those who had collaborated with the British government. Edwards asserted that, despite the challenging circumstances in the summer of 2021, the urgency of protecting vulnerable individuals demanded a more robust response. What is the Afghan Evacuation Data Breach? The incident leading to the fine occurred on September 20, 2021, when the UK Ministry of Defence mistakenly sent an email containing personal information about 245 individuals to a list of Afghan nationals eligible for evacuation. This email, intended for the U.K.’s Afghan Relocations and Assistance Policy (ARAP), inadvertently exposed sensitive data to all recipients, raising concerns about potential reprisals. The ICO noted that the disclosed information, if accessed by the Taliban, could jeopardize lives. The error prompted immediate actions from the UK Ministry of Defence, including requesting recipients to delete the email, change their addresses, and contact ARAP with updated information. An investigation followed, leading to Secretary of State for Defence, Ben Wallace, issuing an apology to Parliament. Wallace acknowledged the need for enhanced email policies within ARAP, pledging the implementation of a “second pair of eyes’ ‘ rule to review emails before sending them to external recipients. The ICO revealed that ARAP’s violation of data protection laws stemmed from not using secure data transfer services or bulk email methods when transmitting sensitive information. Ministry of Defence Responds to the Afghan Evacuation Data Breach Subsequent investigations uncovered two more data breaches on September 7, 2021, and six days later, involving 13 and 55 email addresses, respectively. The ARAP team, lacking specific guidance on security risks, relied on the UK Ministry of Defence’s broader email policy. A Ministry of Defence spokesperson, acknowledging the severity of the situation, stated that the agency cooperated fully with the ICO’s investigation. They announced the introduction of measures aligned with the ICO’s recommendations, details of which will be shared in due course. The fine, initially set at £1,000,000, was reduced to £700,000 (about $879,000) and subsequently halved due to its impact on the public sector. ICO’s Edwards emphasized that upholding data protection standards is non-negotiable, stressing that the consequences of breaches could be life-threatening. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch

 Feed

Ukraine's biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues

 Feed

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

 Feed

Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure

 Feed

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an

 Feed

The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today. BazaCall (aka BazarCall), which was first

 cyber

Source: thehackernews.com – Author: . Let’s begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it’s the EHR, and the difference is stark: according   show more ...

to a study, EHRs can sell for up to […] La entrada Unveiling the Cyber Threats to Healthcare: Beyond the Myths – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 12, 2023NewsroomCyber Espionage / Malware The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking   show more ...

the adversary under the name ITG05, which is also […] La entrada Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: go.theregister.com – Author: Team Register Sponsored Feature Most experts agree cybersecurity is now so complex that managing it has become a security problem in itself. This has happened gradually over the last 25 years, often for perfectly good reasons. Hackers targeted weaknesses in isolated systems   show more ...

such as email, office applications or Windows PCs and […] La entrada Cyber security isn’t simple, but it could be – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel’s NSO should be considered cyber mercenaries – and become the subject of a concerted international response – according to a Monday report from Delhi-based think tank   show more ...

Observer Research Foundation (ORF). Author Fitri Bintang Timur argued the term […] La entrada Think tank report labels NSO, Lazarus, as ‘cyber mercenaries’ – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register It’s the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let’s start with Apple, since two of the bugs Cupertino   show more ...

disclosed yesterday may have already been used for evil […] La entrada Final Patch Tuesday of 2023 goes out with a bang – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

Source: go.theregister.com – Author: Team Register An ex-First Republic Bank cloud engineer was sentenced to two years in prison for causing more than $220,000 in damage to his former employer’s computer network after allegedly using his company-issued laptop to watch pornography. Miklos Daniel Brody, 38,   show more ...

of San Francisco, pleaded guilty in April to two charges […] La entrada Cloud engineer wreaks havoc on bank network after getting fired – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register There was only one US Air National Guardsman behind the leak of top-secret US military documents on Discord, but his chain of command bears some responsibility for letting it happen on their watch. The US Air Force reached that conclusion in an August report   show more ...

[PDF] made public yesterday into […] La entrada Discord in the ranks: Lone Airman behind top-secret info leak on chat platform – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register An official review of the Police Service of Northern Ireland’s (PSNI) August data breach has revealed the full extent of the impact on staff. The incident, which affected 9,483 officers, was branded “the most significant data breach that has ever   show more ...

occurred in the history of UK policing” by Commissioner […] La entrada Northern Ireland cops count human cost of August data breach – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arrest

Source: www.tripwire.com – Author: Graham Cluley A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Spain’s National Police arrested a Venezuelan man in   show more ...

Alicante on Thursday, in the belief that he […] La entrada Kelvin Security cybercrime gang suspect seized by Spanish police – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CVE-2023-35628

Source: krebsonsecurity.com – Author: BrianKrebs The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any   show more ...

of the vulnerabilities in December’s patch batch. Still, […] La entrada Microsoft Patch Tuesday, December 2023 Edition – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CCSP

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Become a stronger cloud security leader. The CCSP (Certified Cloud Security Professional) certification is perceived as the gold standard in cloud security. The CCSP cert is so highly valued that it has been ranked among the top preferred   show more ...

credentials for security experts. This certification shows that an individual […] La entrada The ultimate guide to the CCSP certification – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido Stockhom, Sweden & Boston, Mass., Dec. 12, 2023 – Detectify, the External Attack Surface Management platform powered by elite ethical hackers, has today released its “State of EASM 2023” report. The research incorporates insights from Detectify’s   show more ...

customer base and provides a snapshot of the threat landscape faced by core industries […] La entrada News alert: Detectify’s EASM research reveals top overlooked vulnerabilities from 2023 – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit. The post Sophos Patches EOL Firewalls Against Exploited Vulnerability appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/sophos-patches-eol-firewalls-against-exploited-vulnerability/ Category & Tags: Vulnerabilities,exploited,Sophos – Vulnerabilities,exploited,Sophos La entrada Sophos Patches EOL Firewalls Against Exploited Vulnerability – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: SecurityWeek News Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens. The post Cyberattack Cripples Ukraine’s Largest Telecom Operator appeared first   show more ...

on SecurityWeek. Original Post URL: https://www.securityweek.com/cyberattack-cripples-ukraines-largest-telcom-operator/ Category & Tags: Cyberwarfare,Featured,Kyivstar,Russia,Ukraine – Cyberwarfare,Featured,Kyivstar,Russia,Ukraine La entrada Cyberattack Cripples Ukraine’s Largest Telecom Operator – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ryan Naraine Microsoft warns of critical spoofing and remote code execution bugs in the Windows MSHTML Platform and Microsoft Power Platform Connector. The post Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws appeared first on SecurityWeek.   show more ...

Original Post URL: https://www.securityweek.com/microsoft-patch-tuesday-critical-spoofing-and-remote-code-execution-flaws/ Category & Tags: Phishing,Vulnerabilities,Microsoft,Patch Tuesday,remote code execution,Windows MSHTML – […] La entrada Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Adobe

Source: www.securityweek.com – Author: Ryan Naraine Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues. The post Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/adobe-patches-207-security-bugs-in-mega-patch-tuesday-bundle/ Category & Tags: Application Security,Malware & Threats,Vulnerabilities,Adobe,Illustrator,Patch Tuesday – […] La entrada Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug. The post SAP Patches Critical Vulnerability in Business Technology Platform appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/sap-patches-critical-vulnerability-in-business-technology-platform/ Category & Tags: Vulnerabilities,SAP – Vulnerabilities,SAP La entrada SAP Patches Critical Vulnerability in Business Technology Platform – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ryan Naraine New iMessage Contact Key Verification feature in Apple’s iOS and macOS platforms help catch impersonators on its iMessage service. The post Apple Sets Trap to Catch iMessage Impersonators appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/apple-sets-trap-to-catch-imessage-impersonators/ Category & Tags: Mobile & Wireless,Nation-State,Featured,iMessage,iOS 17.2,macOS 14.2,nso group,Zero-Day – Mobile & Wireless,Nation-State,Featured,iMessage,iOS […] La entrada Apple Sets Trap to Catch iMessage Impersonators – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks. The post Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/flaws-in-backup-migration-and-elementor-wordpress-plugins-allow-remote-code-execution/ Category & Tags: Vulnerabilities,WordPress – Vulnerabilities,WordPress La entrada Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Eduard Kovacs ICS Patch Tuesday: Siemens and Schneider Electric address dozens of vulnerabilities affecting their industrial products. The post ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability appeared first on SecurityWeek. Original Post   show more ...

URL: https://www.securityweek.com/ics-patch-tuesday-electromagnetic-fault-injection-critical-redis-vulnerability/ Category & Tags: ICS/OT,ICS,ICS Patch Tuesday – ICS/OT,ICS,ICS Patch Tuesday La entrada ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Associated Press Air Force disciplines 15 personnel as the inspector general finds that security failures led to massive classified documents leak. The post Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak appeared first   show more ...

on SecurityWeek. Original Post URL: https://www.securityweek.com/air-force-disciplines-15-as-ig-finds-that-security-failures-led-to-massive-classified-documents-leak/ Category & Tags: Data […] La entrada Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 China

Source: www.securityweek.com – Author: Ionut Arghire A recent emergence on the threat landscape, the Sandman APT appears linked to a Chinese hacking group. The post Sandman Cyberespionage Group Linked to China appeared first on SecurityWeek. Original Post URL: https://www.securityweek.   show more ...

com/sandman-cyberespionage-group-linked-to-china/ Category & Tags: Cyberwarfare,China,espionage,Sandman – Cyberwarfare,China,espionage,Sandman La entrada Sandman Cyberespionage Group Linked to China – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Pixel B via Shutterstock MITRE, in collaboration with researchers from three other organizations, this week released a draft of a new threat-modeling framework for makers of embedded devices used in critical infrastructure   show more ...

environments. The goal with the new EMB3D Threat Model is to give device makers […] La entrada MITRE Debuts ICS Threat Modeling for Embedded Systems – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Wednesday, December 13
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary