Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for A Day in the Life of ...

 Firewall Daily

In the world of cybersecurity where security professionals and hackers collide, Chief Information Security Officers (CISOs) play a pivotal role in safeguarding organizations from potential threats. Dr. Yusuf Hashmi, the Group CISO at Jubilant Bhartia Group, provides us with an exclusive insight with The Cyber Express,   show more ...

his daily routine, and the challenges he faces in securing sensitive data. Morning Rituals: Team Collaboration and Incident Evaluation For Dr. Hashmi, the day kicks off with a focus on team dynamics. He emphasizes the importance of meeting with his team first thing in the morning to assess any incidents that may have occurred overnight. This practice not only fosters a sense of camaraderie but also ensures that everyone is on the same page regarding the current security practices. “The first thing that I do is make sure that I meet my team right. Just to take a stocktake of what happened last day and all. Is there anything that needs to be addressed that happened overnight and all? So that gives some”, says Dr. Yusuf Hashmi in a conversation with The Cyber Express. Following the team meeting, Dr. Hashmi delves into his security dashboards, examining them for any signs of major security incidents. This proactive approach allows him to identify potential threats early on, providing a foundation for swift and effective response. Keeping Calm in the Storm: Navigating a Data Breach Inevitably, data breaches are a concern for every CISO. Dr. Hashmi advises against panic when discovering a data breach, emphasizing the need to remain calm and collected. He stresses the importance of understanding the extent of the breach before taking action, avoiding unnecessary alarm among colleagues and stakeholders. This measured approach allows for a thorough investigation and a more informed response. Talking about keeping cool in a data breach situation, Dr. Hashmi says, “Usually you should not panic about if there’s a data breach because that’s where things start falling apart. Maintaining the cool is the first step when you actually see if something which has is beyond normal right.” The Road to CISO: From Beginner to Leader Dr. Hashmi acknowledges that his journey to becoming a CISO involved a strong background in infrastructure. He suggests that those aspiring to reach the CISO level should start by gaining a deep understanding of the infrastructure they are tasked with protecting. This includes knowledge of servers, networks, user access control, and overall security management systems. Additionally, Dr. Hashmi highlighted the significance of hands-on experience, recommending that individuals begin their cybersecurity careers as analysts on the security operations team. This ground-level understanding at the heart of security operations forms a crucial foundation for anyone aiming to ascend to the role of CISO. Furthermore, he highlights the necessity of technological prowess in the field of cybersecurity. CISOs must comprehend and leverage various technologies to detect, prevent, and respond to potential threats effectively. Without this technical proficiency, conveying the importance of security measures to organizational management becomes a challenging task. Final Thoughts In conclusion, Dr. Hashmi asserts that a successful journey to becoming a CISO involves a holistic understanding of infrastructure, hands-on experience at the ground level, and proficiency in the technological aspects of cybersecurity. The life of a CISO is undoubtedly demanding, requiring a unique blend of technical expertise, leadership skills, and the ability to navigate high-pressure situations. Dr. Yusuf Hashmi’s experiences shed light on the strategic mindset and skill set required to thrive in this crucial role, offering valuable insights for aspiring cybersecurity professionals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Unreported Cyberatta ...

 Firewall Daily

Kraft Foods, a division of the food giant Kraft Heinz, has allegedly fallen victim to a cyberattack by the notorious Snatch Ransomware. The Kraft Heinz cyberattack, dating back to August, was only made public through a dark web channel typically used by threat actors to announce data breaches. The company, known for   show more ...

producing some of the world’s most beloved food products, is yet to release an official statement, leaving the claims surrounding the Kraft Foods data breach unverified. The Alleged Kraft Foods Cyberattack The Cyber Express has reached out to the organization for more information regarding the Kraft Foods cyberattack. As of now, no official response has been received, leaving room for speculation and concern. The threat actors responsible for the breach often use this dark web channel to announce and discuss their illicit activities, heightening the severity of the situation. Source: Twitter Earlier this year, Aetna filed a lawsuit against Kraft Heinz, accusing the company of mishandling data and breaching fiduciary duties. The lawsuit alleges that Aetna took over US$1.3 billion from Kraft Heinz to pay providers. While it is too early to definitively link the current Kraft Foods data breach to the lawsuit, the timing raises questions about a possible connection between the two incidents. Aetna’s Fiduciary Breach Allegations The lawsuit, filed by an employee benefits group at Kraft Heinz, accuses Aetna of breaching fiduciary duties under the Employee Retirement Insurance Security Act (ERISA). Aetna, which has served as a third-party claims administrator for Kraft Heinz for approximately 16 years, is alleged to have engaged in fraudulent conduct, hindering Kraft Heinz’s efforts to investigate and understand Aetna’s actions. Kraft Heinz is seeking reimbursement for losses tied to Aetna’s alleged fiduciary breach and any related profits. The company is also pursuing a preliminary injunction to compel Aetna to provide more complete claims data, shedding light on the extent of the alleged misconduct. Who is the Snatch Ransomware Group? The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are actively involved in addressing the cyber threat. They have released a joint Cybersecurity Advisory (CSA) to disseminate known ransomware Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Snatch ransomware variant. Snatch threat actors have consistently evolved their tactics since mid-2021, targeting critical infrastructure sectors, including the Defense Industrial Base, Food and Agriculture, and Information Technology sectors. Known for conducting ransomware operations involving data exfiltration and double extortion, Snatch threat actors pose a significant threat to organizations, demanding ransom and threatening to expose victims’ data if payment is not made. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Defiance City Hit by ...

 Firewall Daily

The City of Defiance has fallen victim to a cyberattack orchestrated by the notorious Knight ransomware group. The City of Defiance data breach was first brought to light on December 13, 2023, when Knight officially listed the City of Defiance as their latest target. The threat actor, known as Knight, revealed their   show more ...

malicious intent on the dark web, declaring, “DEFIANCE, a great place to live.” The dark web post indicated that the attackers had successfully breached the city’s internal network, gaining access to over 390 gigabytes of sensitive data.  Among the compromised files were employee records, law enforcement videos, emails, and various confidential documents, including contracts. City of Defiance Data Breach Decoded Defiance, Ohio, the city in the crosshairs of this alleged cyber attack, is situated about 55 miles southwest of Toledo and 47 miles northeast of Fort Wayne, Indiana. With a population of 17,066 as per the 2020 census, the city now faces the fallout of a cyber incident that has put its residents and infrastructure at risk. The ominous disclosure included a countdown on the dark web, with a promise to reveal download links at the end of the ticking clock. The City of Defiance’s contact information, including its address and phone number, was also disclosed, adding an unsettling dimension to the cyber threat. The Cyber Express, eager to shed light on the situation, reached out to the City of Defiance for an official statement or response. As of the time of writing, no communication or acknowledgment has been received from the affected city. Who is the Knight Ransomware Group? Knight ransomware group, a relatively recent entrant into the cybercrime arena since August 2023, follows the disturbing trend of employing double extortion tactics. This modus operandi involves encrypting files on victims’ machines and exfiltrating sensitive data for extortion purposes. Interestingly, Knight’s predecessor, Cyclops, was equipped with multi-OS tools for Windows, Linux, and Mac OS. While the investigation has currently identified a Windows version of the Knight ransomware, there is a looming concern that other versions tailored for different operating systems may be in development. Notably, Knight has been previously implicated in phishing campaigns targeting Italian organizations. These campaigns leverage malicious email attachments, a tactic reminiscent of an advisory issued by CERT Italy in early September. Security researcher @felixw3000 had also reported similar activities in August. Furthermore, the delivery of Knight ransomware is often facilitated by the notorious Remcos and Qakbot malware. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ten Years Later, New ...

 A Little Sunshine

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “Rescator,” which also was the   show more ...

handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator. Rescator, advertising a new batch of cards stolen in a 2014 breach at P.F. Chang’s. Shortly after breaking the Target story, KrebsOnSecurity reported that Rescator appeared to be a hacker from Ukraine. Efforts to confirm my reporting with that individual ended when they declined to answer questions, and after I declined to accept a bribe of $10,000 not to run my story. That reporting was based on clues from an early Russian cybercrime forum in which a hacker named Rescator — using the same profile image that Rescator was known to use on other forums — claimed to have originally been known as “Helkern,” the nickname chosen by the administrator of a cybercrime forum called Darklife. KrebsOnSecurity began revisiting the research into Rescator’s real-life identity in 2018, after the U.S. Department of Justice unsealed an indictment that named a different Ukrainian man as Helkern. It may be helpful to first recap why Rescator is thought to be so closely tied to the Target breach. For starters, the text string “Rescator” was found in some of the malware used in the Target breach. Investigators would later determine that a variant of the malware used in the Target breach was used in 2014 to steal 56 million payment cards from Home Depot customers. And once again, cards stolen in the Home Depot breach were sold exclusively at Rescator’s shops. On Nov. 25, 2013, two days before Target said the breach officially began, Rescator could be seen in instant messages hiring another forum member to verify 400,000 payment cards that Rescator claimed were freshly stolen. By the first week of December, 2013, Rescator’s online store — rescator[.]la — was selling more than six million payment card records stolen from Target customers. Prior to the Target breach, Rescator had mostly sold much smaller batches of stolen card and identity data, and the website allowed cybercriminals to automate the sending of fraudulent wire transfers to money mules based in Lviv, Ukraine. Finally, there is some honor among thieves, and in the marketplace for stolen payment card data it is considered poor form to advertise a batch of cards as “yours” if you are merely reselling cards sold to you by a third-party card vendor or thief. When serious stolen payment card shop vendors wish to communicate that a batch of cards is uniquely their handiwork or that of their immediate crew, they refer to it as “our base.” And Rescator was quite clear in his advertisements that these millions of cards were obtained firsthand. FLASHBACK The new clues about Rescator’s identity came into focus when I revisited the reporting around an April 2013 story here that identified the author of the OSX Flashback Trojan, an early malware strain that quickly spread to more than 650,000 Mac computers worldwide in 2012. That story about the Flashback author was possible because a source had obtained a Web browser authentication cookie for a founding member of a Russian cybercrime forum called BlackSEO. Anyone in possession of that cookie could then browse the invite-only BlackSEO forum and read the user’s private messages without having to log in. BlackSEO.com VIP member “Mavook” tells forum admin Ika in a private message that he is the Flashback author. The legitimate owner of that BlackSEO user cookie went by the nickname Ika, and Ika’s private messages on the forum showed he was close friends with the Flashback author. At the time, Ika also was the administrator of Pustota[.]pw — a closely-guarded Russian forum that counted among its members some of the world’s most successful and established spammers and malware writers. For many years, Ika held a key position at one of Russia’s largest Internet service providers, and his (mostly glowing) reputation as a reliable provider of web hosting to the Russian cybercrime community gave him an encyclopedic knowledge about nearly every major player in that scene at the time. The story on the Flashback author featured redacted screenshots that were taken from Ika’s BlackSEO account (see image above). The day after that story ran, Ika posted a farewell address to his mates, expressing shock and bewilderment over the apparent compromise of his BlackSEO account. In a lengthy post on April 4, 2013 titled “I DON’T UNDERSTAND ANYTHING,” Ika told Pustota forum members he was so spooked by recent events that he was closing the forum and quitting the cybercrime business entirely. Ika recounted how the Flashback story had come the same week that rival cybercriminals tried to “dox” him (their dox named the wrong individual, but included some of Ika’s more guarded identities). “It’s no secret that karma farted in my direction,” Ika said at the beginning of his post. Unbeknownst to Ika at the time, his Pustota forum also had been completely hacked that week, and a copy of its database shared with this author. A Google translated version of the farewell post from Ika, the administrator of Pustota, a Russian language cybercrime forum focused on botnets and spam. Click to enlarge. Ika said the two individuals who tried to dox him did so on an even more guarded Russian language forum — DirectConnection[.]ws, perhaps the most exclusive Russian cybercrime community ever created. New applicants of this forum had to pay a non-refundable deposit, and receive vouches by three established cybercriminals already on the forum. Even if one managed to steal (or guess) a user’s DirectConnection password, the login page could not be reached unless the visitor also possessed a special browser certificate that the forum administrator gave only to approved members. In no uncertain terms, Ika declared that Rescator went by the nickname MikeMike on DirectConnection: “I did not want to bring any of this to real life. Especially since I knew the patron of the clowns – specifically Pavel Vrublevsky. Yes, I do state with confidence that the man with the nickname Rescator a.k.a. MikeMike with his partner Pipol have been Pavel Vrublevsky’s puppets for a long time.” Pavel Vrublevsky is a convicted cybercriminal who became famous as the CEO of the Russian e-payments company ChronoPay, which specialized in facilitating online payments for a variety of “high-risk” businesses, including gambling, pirated Mp3 files, rogue antivirus software and “male enhancement” pills. As detailed in my 2014 book Spam Nation, Vrublevsky not-so-secretly ran a pharmacy affiliate spam program called Rx-Promotion, which paid spammers and virus writers to blast out tens of billions of junk emails advertising generic Viagra and controlled pharmaceuticals like pain relief medications. Much of my reporting on Vrublevsky’s cybercrime empire came from several years worth of internal ChronoPay emails and documents that were leaked online in 2010 and 2011. Pavel Vrublevsky’s former Facebook profile photo. ZAXVATMIRA In 2014, KrebsOnSecurity learned from a trusted source close to the Target breach investigation that the user MikeMike on DirectConnection — the same account that Ika said belonged to Rescator — used the email address “zaxvatmira@gmail.com.” At the time, KrebsOnSecurity could not connect that email address to anything or anyone. However, a recent search on zaxvatmira@gmail.com at the breach tracking service Constella Intelligence returns just one result: An account created in November 2010 at the site searchengines[.]ru under the handle  “r-fac1.” A search on “r-fac1” at cyber intelligence firm Intel 471 revealed that this user’s introductory post on searchengines[.]ru advertised musictransferonline[.]com, an affiliate program that paid people to drive traffic to sites that sold pirated music files for pennies apiece. According to leaked ChronoPay emails from 2010, this domain was registered and paid for by ChronoPay. Those missives also show that in August 2010 Vrublevsky authorized a payment of ~$1,200 for a multi-user license of an Intranet service called MegaPlan. ChronoPay used the MegaPlan service to help manage the sprawling projects that Vrublevsky referred to internally as their “black” payment processing operations, including pirated pills, porn, Mp3s, and fake antivirus products. ChronoPay employees used their MegaPlan accounts to track payment disputes, order volumes, and advertising partnerships for these high-risk programs. Borrowing a page from the Quentin Tarantino movie Reservoir Dogs, the employees adopted nicknames like “Mr. Kink,” “Mr. Heppner,” and “Ms. Nati.” However, in a classic failure of operational security, many of these employees had their MegaPlan account messages automatically forwarded to their real ChronoPay email accounts. A screen shot of the org chart from ChronoPay’s MegaPlan Intranet system. When ChronoPay’s internal emails were leaked in 2010, the username and password for its MegaPlan subscription were still working and valid. An internal user directory for that subscription included the personal (non-ChronoPay) email address tied to each employee Megaplan nickname. That directory listing said the email address zaxvatmira@gmail.com was assigned to the head of the Media/Mp3 division for ChronoPay, pictured at the top left of the organizational chart above as “Babushka Vani and Koli.” [Author’s note: I initially overlooked the presence of the email address zaxvatmira@gmail.com in my notes because it did not show up in text searches of my saved emails, files or messages. I rediscovered it recently when a text search for zaxvatmira@gmail.com on my Mac found the address in a screenshot of the ChronoPay MegaPlan interface.] The nickname two rungs down from “Babushka” in the ChronoPay org chart is “Lev Tolstoy,” which the MegaPlan service showed was picked by someone who used the email address v.zhabukin@freefrog-co-ru. ChronoPay’s emails show that this Freefrog email address belongs to a Vasily Borisovich Zhabykin from Moscow. The Russian business tracking website rusprofile[.]ru reports that Zhabykin is or was the supervisor or owner of three Russian organizations, including one called JSC Hot Spot. [Author’s note: The word “babushka” means “grandma” in Russian, and it could be that this nickname is a nod to the ChronoPay CEO’s wife, Vera. The leaked ChronoPay emails show that Vera Vrublevsky managed a group of hackers working with their media division, and was at least nominally in charge of MP3 projects for ChronoPay. Indeed, in messages exposed by the leaked ChronoPay email cache, Zhabykin stated that he was “directly subordinate” to Mrs. Vrublevsky]. CYBERCRIME HOTSPOT JSC Hot Spot is interesting because its co-founder is another ChronoPay employee: 37-year-old Mikhail “Mike” Shefel. A Facebook profile for Mr. Shefel says he is or was vice president of payment systems at ChronoPay. However, the last update on that profile is from 2018, when Shefel appears to have legally changed his last name. Archive.org shows that Hot Spot’s website — myhotspot[.]ru — sold a variety of consulting services, including IT security assessments, code and system audits, and email marketing. The earliest recorded archive of the Hot Spot website listed three clients on its homepage, including ChronoPay and Freefrog. ChronoPay internal emails show that Freefrog was one of its investment projects that facilitated the sale of pirated Mp3 files. Rusprofile[.]ru reports that Freefrog’s official company name — JSC Freefrog — is incorporated by a thinly-documented entity based in the Seychelles called Impex Consulting Ltd., and it is unclear who its true owners are. However, a search at DomainTools.com on the phone number listed on the homepage of myhotspot[.]ru (74957809554) reveals that number is associated with eight domain names. Six of those domains are some variation of FreeFrog. Another domain registered to that phone number is bothunter[.]me, which included a copyright credit to “Hot Spot 2011.” At the annual Russian Internet Week IT convention in Moscow in 2012, Mr. Shefel gave a short presentation about bothunter, which he described as a service he designed to identify inauthentic (bot) accounts on Russian social media networks. Interestingly, one of r-fac1’s first posts to Searchengines[.]ru a year earlier saw this user requesting help from other members who had access to large numbers of hacked social media accounts. R-fac1 told forum members that he was only looking to use those accounts to post harmless links and comments to the followers of the hacked profiles, and his post suggested he was testing something. “Good afternoon,” r-fac1 wrote on Dec. 20, 2010. “I’m looking for people with their own not-recently-registered accounts on forums, (except for search) Social networks, Twitter, blogs, their websites. Tasks, depending on your accounts, post text and a link, sometimes just a link. Most often the topic is chatter, relaxation, discussion. Posting my links in your profiles, on your walls. A separate offer for people with a large set of contacts in instant messengers to try to use viral marketing.” Neither Mr. Shefel nor Mr. Zhabykin responded to requests for comment. WHERE ARE THEY NOW? Mr. Zhabykin soon moved on to bigger ventures, co-founding a cryptocurrency exchange based in Moscow’s financial center called Suex. In September 2021, Suex earned the distinction of becoming the first crypto firm to be sanctioned by the U.S. Department of the Treasury, which effectively blocked Suex from the global financial system. The Treasury alleged Suex helped to process millions in criminal transactions, including the proceeds of numerous ransomware attacks. “I don’t understand how I got mixed up in this,” Zhabykin told The New York Times in 2021. Zhabykin said Suex, which is registered in the Czech Republic, was mostly a failure and had conducted only a half dozen or so transactions since 2019. The Russian business tracking service Rusprofile says Zhabykin also is the owner of a company based in the United Kingdom called RideWithLocal; the company’s website says it specializes in arranging excursions for extreme sports, including snowboarding, skiing, surfing and parasailing. Images from the RideWithLocal Facebook page show helicopters dropping snowboarders and skiers atop some fairly steep mountains. A screenshot from the Facebook page of RideWithLocal. Constella Intelligence found a cached copy of a now-deleted LinkedIn profile for Mr. Zhabykin, who described himself as a “sporttech/fintech specialist and mentor.” “I create products and services worldwide, focusing on innovation and global challenges,” his LinkedIn profile said. “I’ve started my career in 2002 and since then I worked in Moscow, different regions of Russia, including Siberia and in Finland, Brazil, United Kingdom, Sri Lanka. Over the last 15 years I contributed to many amazing products in the following industries: sports, ecology, sport tech, fin tech, electronic payments, big data, telecommunications, pulp and paper industry, wood processing and travel. My specialities are Product development, Mentorship, Strategy and Business development.” Rusprofile reports that Mikhail Borisovich Shefel is associated with at least eight current or now-defunct companies in Russia, including Dengi IM (Money IM), Internet Capital, Internet Lawyer, Internet 2, Zao Hot Spot, and (my personal favorite) an entity incorporated in 2021 called “All the Money in the World.” Constella Intelligence found several official documents for Mr. Shefel that came from hacked Russian phone, automobile and residence records. They indicate Mr. Shefel is the registrant of a black Porsche Cayenne (Plate:X537SR197) and a Mercedes (Plate:P003PX90). Those vehicle records show Mr. Shefel was born on May 28, 1986. Rusprofile reveals that at some point near the end of 2018, Shefel changed his last name to Lenin. DomainTools reports that in 2018, Mr. Shefel’s company Internet 2 LLC registered the domain name Lenin[.]me. This now-defunct service sold physical USSR-era Ruble notes that bear the image of Vladimir Lenin, the founding father of the Soviet Union. Meanwhile, Pavel Vrublevsky remains imprisoned in Russia, awaiting trial on fraud charges levied against the payment company CEO in March 2022. Authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes. They also accused Vrublevsky of facilitating money laundering for Hydra, the largest Russian darknet market. Hydra trafficked in illegal drugs and financial services, including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. In 2013, Vrublevsky was sentenced to 2.5 years in a Russian penal colony for convincing one of his top spammers and botmasters to launch a distributed denial-of-service (DDoS) attack against a ChronoPay competitor that shut down the ticketing system for the state-owned Aeroflot airline. Following his release, Vrublevsky began working on a new digital payments platform based in Hong Kong called HPay Ltd (a.k.a. Hong Kong Processing Corporation). HPay appears to have had a great number of clients that were running schemes which bamboozled people with fake lotteries and prize contests. KrebsOnSecurity sought comment on this research from the Federal Bureau of Investigation (FBI) and the U.S. Secret Service, both of which have been involved in the Target breach investigation over the years. The FBI declined to comment. The Secret Service declined to confirm or dispute any of the findings, but said it is still interested in hearing from anyone who might have more information. “The U.S. Secret Service does not comment on any open investigation and won’t confirm or deny the accuracy in any reporting related to a criminal manner,” the agency said in a written statement. “However, If you have any information relating to the subjects referenced in this article, please contact the U.S. Secret Service at mostwanted@usss.dhs.gov. The Secret Service pays a reward for information leading to the arrest of cybercriminals.”

image for Head in the Clouds: ...

 Firewall Daily

The significance of cloud security has risen dramatically in the past few years. As businesses move towards digitalization, safeguarding applications and data in the cloud has become an integral part of organizations. The year 2024 marks a pivotal moment, with several leading companies leading the security domain with   show more ...

cutting-edge cloud security solutions.  Protecting applications and data in cloud computing is indispensable for any company aiming to uphold security standards. As organizations increasingly embrace cloud computing for expansion, modernization, and competitive advantage, they concurrently expose themselves to new security challenges. The paradigm shift towards cloud transformation and the prevalence of remote work has redefined the requirements for better security measures.  In a comprehensive overview, The Cyber Express brings you the top 10 cloud security companies that stand out in addressing the security needs brought about by cloud adoption and remote work trends. The list is presented without specific ranking, offering insights into the diverse strategies employed by these organizations in ensuring the security of cloud-based environments.  Why Choose Cloud Security for Protecting Devices?  One of the main reasons why corporations are choosing cloud security over traditional methods in 2024 is its ability to deliver unmatched scalability and flexibility, effortlessly adapting to new technologies. It ensures robust protection that seamlessly accommodates the expansion or contraction of devices and networks.   The centralized management system facilitates streamlined operations, enabling consistent policy implementation across a diverse range of devices. Real-time updates and threat intelligence empower a proactive defense strategy against emerging vulnerabilities, while granular access controls cater to secure collaboration, especially in the prevalent era of remote work and BYOD policies.  Beyond its adaptability, the cost-efficient subscription model of cloud security minimizes upfront investments and allows for seamless scalability. The inherent disaster recovery capabilities and data redundancy inherent in the cloud infrastructure enhance overall resilience, reducing downtime in the event of device failure or security breaches.  Furthermore, cloud security’s alignment with regulatory standards not only addresses legal requirements but also fosters trust among stakeholders. In essence, the adoption of cloud security becomes indispensable for device protection, offering a comprehensive, adaptive, and cost-effective defense strategy in IT companies.  Ahead of the Curve: Top 10 Cloud Security Firms for 2024  This compilation presents the top 10 cloud security companies of 2024, highlighting the top-dogs of cloud security who excel in protecting data, strengthening infrastructure, and addressing the complexities of cloud-based threats.  1. Cyble Cyble offers a comprehensive defense against cyber threats through its Early Warning System, the Cyble Vision platform. Providing end-to-end visibility across the external threat types, Cyble’s platform includes dark web monitoring, cybercrime monitoring, attack surface exposure, brand monitoring, threat Intelligence, and third-party risk monitoring.  With rapid data processing using AI/ML and NLP technologies, Cyble delivers insights within two minutes via web and API, boasting over 40 alert types across six use cases. The flagship SaaS platform, Cyble Vision, unifies a comprehensive service package for multiple security needs.   Security and compliance measures include robust authentication, encryption, rate limiting, input validation, auditing, and adherence to industry standards. The Threat Intelligence module, backed by global data sources and a partnership with Google, enhances collective security intelligence, fortifying cybersecurity globally. 2. Datadog Datadog’s Cloud Security Management streamlines security for DevOps and Security teams, offering vulnerability management, compliance checks, threat detection, identity risk assessments, and a unified resource inventory. With real-time observability, teams promptly address issues, improving overall security posture.   Cloud Security Posture Management ensures continuous configuration checks, and monitoring adherence to industry benchmarks like CIS, PCI DSS, and SOC 2. Datadog’s unified platform, featuring Cloud Workload Security and Cloud Infrastructure Entitlement Management, provides kernel-level visibility, workload threat detection, and protection against IAM-based attacks. The Security Inbox prioritizes and correlates security data, enhancing actionable insights for efficient mitigation and proactive defense. 3. Check Point Check Point CloudGuard ensures automated, unified cloud-native security for applications, workloads, and networks from code to cloud. This comprehensive solution offers confidence in automating security, preventing threats, and managing posture at cloud speed and scale. With 30 days of free AppSec and lifetime protection against Log4j exploits, CloudGuard integrates threat prevention, high-fidelity posture management, and automated DevSecOps.   It provides unified security across multi-cloud environments, boasting 4,000+ loyal customers, and is the security partner for Microsoft Azure. CloudGuard’s capabilities include cloud network security, security posture management, cloud intelligence, workload protection, application security, and developer security. 4. VMware VMware Cloud Web Security defends VMware vSphere and Cloud Foundation deployments, safeguarding workloads from breaches. The cloud-hosted service protects users and infrastructure accessing SaaS and Internet apps, ensuring visibility, control, and compliance. With the rise of unapproved apps and the vanishing network perimeter, the solution addresses risks like advanced threats and data exposure.   VMware Cloud Web Security resolves multiple cloud security-related issues, offering a seamless user experience, local presence, a single management pane, and pervasive security. It adapts to emerging threats, simplifies operations, and reduces costs, enhancing security for users anywhere. Use cases include web security, email protection, SaaS visibility, and compliance assurance. Deployed through VMware SASE PoPs, it integrates with SD-WAN and Secure Access or operates as a standalone web proxy. 5. Skyhigh Security Skyhigh Security offers a comprehensive Security Service Edge (SSE) platform, ensuring collaborative ease across applications without compromising security. Enable your remote workforce with Skyhigh Security’s Skyhigh Security solution, addressing cloud, web, data, and network security needs. The platform features Secure Remote Worker capabilities, a Secure Cloud Network with advanced Data Loss Prevention (DLP), Cloud-Native Application Services for consolidated security, and a Cloud Access Security Broker (CASB) for cloud app security.   The Private Access (ZTNA) network provides an alternative VPN solution, while the Cloud-Native Application Protection Platform secures the enterprise cloud-native application ecosystem. Skyhigh Security is recognized as a Visionary in the 2023 Gartner Magic Quadrant for SSE. With a converged platform and numerous accolades, it serves 3000+ customers, including 80% of global banks and 25% of Fortune 500 companies.  6. Lacework Lacework, a leading cloud-native application protection platform (CNAPP), ensures end-to-end security from code to the cloud. The service offers Lacework AI Assist for simplified security through AI-powered experiences. The platform empowers developers to prevent production risks using software composition analysis, static application security testing, and more.   Achieve faster outcomes and better security with an 81% value realization in under a week, replacing an average of 2-5 tools and reducing alerts by 100:1. The data-driven CNAPP correlates cloud data for interconnected insights, enabling behavior-based threat detection. Trusted by companies like LendingTree and fuboTV, Lacework automates compliance, providing a comprehensive solution for modern IT environments. 7. Qualys Qualys Cloud Agent delivers real-time, global visibility and response with over 85 million agents deployed globally. Offering flexibility and ease of installation, the lightweight agent ensures real-time updates. Beyond traditional scanning, it operates where network scanning is impractical.   The single-agent architecture covers a range of functions, including asset management, vulnerability management, patch management, EDR, policy compliance, and more. Qualys Cloud Agent provides enhanced visibility, installs everywhere with enterprise scalability, and extends coverage through Qualys Gateway Service.   It simplifies asset discovery in containers and dynamic cloud environments. Integrated with the Enterprise TruRisk Platform, it enables quick response to threats and compliance monitoring. 8. Symantec Symantec, now a part of Broadcom since 2019, is a cybersecurity giant offering a data-centric hybrid security platform. Their comprehensive solutions cover Endpoint, Network, Email, and Cloud security, employing advanced, multi-layered defenses against various threats. Symantec’s product categories include Endpoint Security, Information Security, Web Security, and Data Protection, ensuring unparalleled protection and insight to reduce risks.   Their services encompass prevention, detection, response, and remediation actions with a focus on advanced threat detection. Additionally, Symantec protects corporate assets, secure web and email usage, workload protection in the cloud, and compliance assurance across hybrid cloud environments, emphasizing continuous automated compliance and risk assessment. 9. Netskope Netskope is a cloud security company that provides organizations with enhanced visibility, control, and protection of their cloud applications. The company offers an integrated suite of cloud security solutions built to secure enterprise cloud-based data, applications, and users. Netskope is one of the highest-valued private cybersecurity companies — and has used its funding to assemble an impressive array of cloud security services.  Netskope’s core products include security service edge (SSE), next-gen secure web gateway (SWG), cloud access security broker (CASB), private access for zero trust network access (ZTNA), data loss prevention (DLP), remote browser isolation, SaaS security posture management, and IoT security. Netskope’s analytics engine also gives visibility into user behavior and suspicious activity across the cloud environment. 10. Tenable Cloud Security (Ermetic) Tenable Cloud Security, previously Ermetic, offers holistic protection for AWS, Azure, and Google Cloud, focusing on revealing, remediating, and relaxing security concerns. Their Cloud-Native Application Protection Platform covers Cloud Infrastructure Entitlement Management, Cloud Workload Protection, CSPM, Kubernetes Security Posture Management, Infrastructure as Code Scanning, Network Visualization, and Just-In-Time Access.   The platform, trusted by enterprises and loved by developers, streamlines security efforts, providing visualizations, collaborative tools, and compliance management. Testimonials from security professionals highlight its efficiency, saving time and resources. The platform’s effectiveness is supported by research, as demonstrated in the Osterman Research: State of Cloud Security Maturity Report involving over 300 organizations.  Conclusion  Looking ahead, the landscape of cybersecurity in 2024 is positioned for ongoing evolution. 2024 is expected to witness a transformative shift in the use of cloud security, as organizations prioritize the protection of applications and data against modern-day threats.   With the increasing adoption of cloud computing for expansion, modernization, and competitive advantage, businesses are exposed to new security challenges, necessitating innovative solutions.  As 2024 draws to a close, we spotlight the top 10 leading cloud security companies tackling these challenges head-on. Each company showcases distinct strategies and capabilities, underscoring the crucial role of cloud security amid the evolving demands spurred by the rise in cloud adoption and remote work trends.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information. 

image for LockBit Expands its ...

 Firewall Daily

Dawsongroup, a B2B asset hiring and funding company, has reportedly fallen prey to a LockBit ransomware attack. The Dawsongroup cyberattack, purportedly orchestrated by LockBit, was identified by the ThreatMon Threat Intelligence Team. The Cyber Express has contacted Dawsongroup to obtain an official statement   show more ...

regarding the incident. However, as of the time of this report, no response has been received from Dawsongroup. In an effort to verify these claims, we attempted to access Dawsongroup’s website on our systems and found that the website is currently functioning without any apparent issues. Dawsongroup Cyberattack A Twitter user, going by the name ThreatMon Advanced Ransomware Monitoring, has posted about the purported ransomware attack on Dawsongroup that reportedly occurred at 21:36 UTC +3 on December 13, 2023. LockBit Ransomware group, active since September 2019, primarily targets businesses and government agencies, employing a double extortion tactic to coerce victims into paying. If confirmed, the cyberattack on Dawsongroup could have widespread ramifications. As a B2B company connected to various businesses, the exposure of its data poses a substantial risk of data theft for linked companies. Dawsongroup, specializing in wheeled assets, automation solutions, and global modular temperature control solutions, boasts assets across 30,000 links in the supply chain, spanning diverse industry sectors. The potential leakage of data from this extensive network is a significant concern. The alleged LockBit ransomware attack on Dawsongroup signals the need for enhanced cybersecurity measures in the business arena. Critical measures include investing in advanced threat detection mechanisms, conducting regular security audits, implementing dedicated employee training programs, and establishing robust incident response plans. While the authenticity of the cyberattack remains unverified without an official statement from Dawsongroup, assertions by the LockBit ransomware group on the dark web add weight to the issue. The incident’s potential consequences for other victims within the ecosystem highlight the interconnected nature of the modern globalized world, emphasizing the crucial role of cybersecurity in safeguarding businesses against evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Pro-Ukraine Group Cl ...

 Data Breach News

The pro-Ukraine hacking group known as Twelve has claimed responsibility for infiltrating the systems of SKTB Biofizpribor, a Russian organization specializing in science and medical research. The group made their announcement regarding SKTB Biofizpribor data breach through a post on a public forum, taunting the   show more ...

organization for its perceived security vulnerabilities. SKTB Biofizpribor Data Breach: A Multifaceted Target The message posted by Twelve regarding SKTB Biofizpribor data breach reads, “Hi there friends! We have a new hack. SKTB Biofizpribor, has your (*) already felt the problem?” The provocative language suggests a deliberate attempt to humiliate the targeted organization. SKTB Biofizpribor is known for conducting space tests, manufacturing low-voltage electronics for medical purposes, and engaging in research in the fields of ecology and biology. The post continues, criticizing the organization for its purported lack of awareness regarding its own security flaws. “But the main problem of such companies is that scattered on different tasks and flying into space, they do not see their own leaking security system under their noses,” the post reads. Twelve claims to have successfully data breached SKTB Biofizpribor’s security, stating, “But we have to note that we didn’t see anything either. Neither in their protection nor in the 11 TB of data that we did a great job on.” The pro-Ukraine group appears to be capitalizing on a perceived vulnerability in the security infrastructure of organizations with diverse focuses. The message concludes with a taunting note, labeling SKTB Biofizpribor as “stupid guys in every sense” and highlighting that the group has successfully targeted others in a similar fashion. In a bold move, Twelve goes on to announce a “New Year’s promotion” in the post, inviting others to contact them for assistance in disrupting their company’s operations, promising to halt work at least until the New Year. The post suggests that, with polite requests, the group may extend the disruption of operations until the end of February. Source: Twitter Geopolitical Context: Targeting Russian Organizations Amid War The cyberattack by Twelve takes place against the backdrop of the ongoing conflict between Ukraine and Russia. The group’s choice to target a Russian organization involved in science and medical research adds a new dimension to the cyber warfare dynamics between the two nations. As tensions escalate, cyber operations become an increasingly common and potent tool for actors seeking to gain an advantage in the conflict. The cyberattack by Twelve raises concerns about the growing sophistication and audacity of hacking groups engaging in cyber warfare, highlighting the need for organizations to remain vigilant and invest in robust cybersecurity measures to safeguard sensitive data and operations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Govt., Critical Infrastructure

Harry Coker Jr., a Navy veteran and former executive director of the National Security Agency, will lead the Office of the National Cyber Director and be responsible for implementing the national cybersecurity strategy.

 Identity Theft, Fraud, Scams

A new variant of the BazarCall attack that incorporates Google Forms to deceive victims. In this phishing campaign, scammers send emails pretending to be payment notifications or subscription confirmations from well-known brands.

 Malware and Vulnerabilities

Volt Typhoon utilizes living-off-the-land techniques and hands-on-keyboard activity to evade detection, routing malicious traffic through compromised SOHO network devices and relying on customized versions of open-source tools for communication.

 Incident Response, Learnings

French police have arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with money laundering. The suspect was apprehended after being linked to digital wallets that received millions of dollars from suspicious sources.

 Feed

Red Hat Security Advisory 2023-7820-03 - Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

 Feed

Red Hat Security Advisory 2023-7792-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7791-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7789-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2023-7788-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2023-7786-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2023-7785-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7782-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include an information leakage vulnerability.

 Feed

Red Hat Security Advisory 2023-7778-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Debian Linux Security Advisory 5577-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Ubuntu Security Notice 6555-2 - USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges.

 Feed

Ubuntu Security Notice 6555-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled   show more ...

memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information.

 Feed

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This variant of the exploit applies a new technique to escape the sandbox.

 Feed

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 Data Breach News

Switzerland’s district court has announced that it fell victim to a cyberattack. The affected area by the Switzerland District Court cyberattack is the German-speaking district of March in central Switzerland, home to approximately 45,000 residents. While the details of the cyberattack on the Switzerland   show more ...

District Court are yet to be revealed, the limited information provided on the court’s website implies that it could potentially be a ransomware attack. Switzerland District Court Cyberattack The court’s website states, “The March district was the victim of a cyberattack. The entire IT system had to be shut down to protect the data. It is currently unclear when the IT will be available again, but it could take several days.” Even though the court’s phone lines are temporarily down, scheduled hearings should proceed as planned. It comes after a ransomware attack in November against the Zollikofen, a suburb of Bern. Authorities turned off and disconnected their computer networks as a precaution after the cyberattack on Switzerland district court, attackers encrypted administration data, according to Swiss news outlet Inside IT. The Swiss government alerted the public earlier this year to the possibility that ransomware attackers had gained access to state data after attacking an IT company, reported The Record. Although many financially driven ransomware gangs steer clear of victims within Russia’s perceived sphere of influence, they frequently choose victims from outside the country based on opportunity. After Russia invaded Ukraine, Switzerland, which has maintained a neutral foreign policy toward military conflict for the previous 200 years, imposed sanctions against the Russian Federation through the European Union. Not the First Incident The Switzerland District Court cyberattack is not the first incident of its kind. A few days back, the Kansas Court had also been targeted in a massive cyberattack with far-reaching impacts. The event affected systems for marriage license applications and court fee payments, which also affected operations at the Kansas Court System. In another incident, the International Criminal Court (ICC), which has its main office in The Hague, the Netherlands, has strengthened its online security measures following the discovery of a significant cyber security incident that it determined to be an act of espionage five weeks ago. The International Criminal Court (ICC) stated that while it is not possible to determine the identity of the attacker with the evidence currently available, a criminal investigation is being carried out by the Dutch law enforcement authorities. In response to the attack, the ICC said that the court is strengthening its framework for risk management and developing plans of action to be prepared for any possible fallout from the cyberattack, including any potential security risk to witnesses, victims, court staff, and the court’s operations. The International Criminal Court (ICC) said that all States Parties share responsibility for mitigating the growing threat of cyberattacks and safeguarding the ICC to ensure its ability to carry out its vital mandate of justice and accountability. Although the scope of the cyberattack on Switzerland district court is still being investigated, preliminary findings indicate that data, including district court case records on appeal and Office of Judicial Administration files, were compromised. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive

 Feed

Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting them millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of cybercrime,

 Feed

A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi. The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it's implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor. "Recent Gaza Cybergang activities show

 Feed

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader

 Feed

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in

 Feed

Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been tied to a nation-state group known as APT29, which is also tracked as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. It's notable for the supply chain

 Feed

Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene

 Feed

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in

 Celebrities

A hacker bursts the bubble of inflatable fetish fans, Hollywood celebrities unwittingly record videos in a Kremlin plot, and there's a particularly devious WordPress-related malware campaign. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 The cyber threat to critical infrastructure is increasing, prompting cyber government agencies to issue more warnings and advisories for industrial businesses. Against this backdrop, MITRE has launched EMB3D, a new threat model framework for defenders tasked   show more ...

with protecting operational technology (OT) and industrial control systems (ICS). EMB3D provides a knowledge […] La entrada MITRE Launches Critical Infrastructure Threat Model Framework – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attacks

Source: www.infosecurity-magazine.com – Author: 1 Russia is set to ramp up cyber campaigns targeting Ukraine’s allies as kinetic warfare slows this winter, according to a report by Cyjax. Researchers noted that Russia’s missile production is struggling to keep pace with its tactical, operational and   show more ...

strategic usage, due to factors including economic sanctions and a shortage […] La entrada Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Catastrophic

Source: www.infosecurity-magazine.com – Author: 1 The UK is at high risk of a “catastrophic” ransomware attack, with the government ill-prepared to deal with this threat, according to a new Parliamentary report. The Joint Committee on the National Security Strategy found that “large swathes” of UK   show more ...

critical national infrastructure (CNI) are vulnerable to ransomware due to […] La entrada UK at High Risk of Catastrophic Ransomware Attack, Government Ill-Prepared – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Microsoft ended the year with a relatively light patch-load, issuing updates for 34 vulnerabilities including one zero-day first reported back in August. CVE-2023-20588 is a “division-by-zero” vulnerability affecting specific AMD processors that can   show more ...

“potentially return speculative data resulting in loss of confidentiality.” Microsoft addressed the vulnerability in its Patch Tuesday […] La entrada Microsoft Fixes 34 CVEs and One Zero-Day in December Patch Tuesday – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 The UK’s data protection regulator has fined the Ministry of Defence (MoD) £350,000 ($439,000) after a serious email error which could have led to loss of life. The Information Commissioner’s Office (ICO) said the email in question was sent by the   show more ...

UK’s Afghan Relocations and Assistance Policy (ARAP), which is […] La entrada UK Ministry of Defence Fined For Afghan Data Breach – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 claims

Source: www.infosecurity-magazine.com – Author: 1 Ukraine has claimed a major scalp in the ongoing cyber-war with Russia, saying it has effectively crippled the Kremlin’s tax system. The country’s Ministry of Defense said its Defence Intelligence unit (GUR) conducted a “special operation” leading to the   show more ...

compromise of central servers of Russia’s Federal Taxation service (FTS), and […] La entrada Ukraine Claims it “Paralyzed” Russia’s Tax System – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BazaCall

Source: thehackernews.com – Author: . Dec 13, 2023NewsroomCyber Threat / Phishing Attack The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an “attempt to elevate the perceived   show more ...

authenticity of the initial malicious emails,” cybersecurity firm Abnormal Security […] La entrada BazaCall Phishing Scammers Now Leveraging Google Forms for Deception – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 13, 2023NewsroomMobile Communication / Firmware security Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises   show more ...

Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of […] La entrada Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Analyze

Source: thehackernews.com – Author: . Malware analysis encompasses a broad range of activities, including examining the malware’s network traffic. To be effective at it, it’s crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and   show more ...

the tools you’ll need to address them. Decrypting HTTPS traffic […] La entrada How to Analyze Malware’s Network Traffic in A Sandbox – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Afghanistan

Source: www.bitdefender.com – Author: Graham Cluley The British Ministry of Defence (MoD) has been fined £350,000 for recklessly causing a data breach that exposed the personal details of citizens of Afghanistan who were seeking to flee the country after the Taliban took control in 2021. The breach, which the   show more ...

Information Commissioner’s Office (ICO) data watchdog […] La entrada UK’s Ministry of Defence fined after Bcc email blinder that put the lives of Afghan citizens at risk – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Webinar In China, clouds are a symbol of luck. See multiple layering of clouds in a blue sky can mean you are in line to receive eternal happiness. If only that was true in the complex world of IT, where multi-cloud compute environments are rapidly becoming the   show more ...

norm. But […] La entrada Learning the safety language of the cloud – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database. The database is owned and operated by DonorView – provider of a cloud-based fundraising   show more ...

platform used by schools, charities, religious institutions, and other groups focused […] La entrada Nearly a million non-profit donors’ details left exposed in unsecured database – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Alan Bavosa, VP of Security Products, Appdome In recent years, mobile apps have surged in popularity providing consumers with instant access to a variety of life essentials such as finances, education, and healthcare to life’s pleasures such as   show more ...

shopping, sports, and gaming. In fact, a recent study titled […] La entrada Ushering in the Next Phase of Mobile App Adoption: Bolstering Growth with Unyielding Security – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Nik Hewitt, Sr. Content Marketing Manager, TrueFort Welcome to the era of Cybercrime as a Service, or CaaS, which, quite alarmingly, is like an online marketplace for cybercriminals and their services. While nothing new, it’s on the rise and a   show more ...

game-changer. Now, anyone with an internet connection and […] La entrada The Rising Tide of Cybercrime as A Service (CaaS) – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Steve Soukup, CEO, DefenseStorm Innovative technology has revolutionized the way we work and live by unlocking a wealth of new capabilities. As artificial intelligence makes daily operations more efficient and flexible, people become increasingly   show more ...

reliant on the luxury of digital technology. Of course, businesses then competitively introduce the […] La entrada The Human Firewall: Strengthening the Weakest Link in Cybersecurity – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team www.cyberdefensemagazine.com is using a security service for protection against online attacks. This process is automatic. You will be redirected once the validation is complete. Reference ID IP Address Date and Time 3dc7dfbd7081283bcc5956880acf9126 68.   show more ...

178.221.220 12/14/2023 07:46 AM UTC Protected by StackPath Original Post URL: https://www.cyberdefensemagazine.com/the-emergence-of-ai-in-the-enterprise-know-the-security-risks/ Category & Tags: Cyber Security […] La entrada The Emergence of AI In the Enterprise: Know the Security Risks – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISO

Source: www.cybertalk.org – Author: slandau By Marco Eggerling, Global CISO, Check Point Software Technologies. Regarding ransomware, there’s a big misconception in the industry. The conventional wisdom is that ransomware threats will escalate and that we’ll continue to battle them in perpetuity. However,   show more ...

while millions of ransomware attacks continue to occur annually, last year, ransomware threats […] La entrada Ransomware: Is it about to go extinct? – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up, just as they have, year-to-year, for the past 20 years. Related: Adopting an assume-breach mindset With that in mind, Last   show more ...

Watchdog invited the cybersecurity experts we’ve worked […] La entrada LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1) – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Nudge Security Blog As the holidays continue to wash through and the year begins to wind down, our chat channels at Nudge Security begin to fill up with recipes. Cocktails, elixirs, sweets, sides…it seems we make ‘em all. Rather than relegate these morsels to the   show more ...

confines of our Slack archive, we […] La entrada Our favorite recipes for the holiday season – Nudge Security – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Telecom Operator Slowly Restores Voice Service Mihir Bagwe (MihirBagwe) • December 13, 2023     The Kyivstar logo on a storefront in Zdolbuniv, Ukraine, in January 2021 (Image: Shutterstock)   show more ...

Ukraine’s domestic security agency on Wednesday fingered Russian military hackers as being […] La entrada Ukraine Fingers Russian Military Hackers for Kyivstar Outage – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Fraud Management & Cybercrime , Ransomware ‘Oxygen of Publicity’ Helps Intimidate Victims and Recruit Affiliates, Experts Warn Mathew J. Schwartz (euroinfosec) • December 13, 2023     The next frontier for ransomware gangs is marketing. (Image:   show more ...

Shutterstock) Seeking to maximize profits no matter the cost, ransomware groups have been bolstering […] La entrada Ransomware Groups’ Latest Tactic: Weaponized Marketing – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Approves

Source: www.govinfosecurity.com – Author: 1 Breach Notification , Governance & Risk Management , Privacy New FCC Disclosure Rules Cover All Personal Information of Telecom Customers Chris Riotta (@chrisriotta) • December 13, 2023     Image: Shutterstock The U.S. Federal Communications Commission voted   show more ...

Wednesday along party lines to update 16-year-old privacy protection rules and expand breach […] La entrada FCC Approves Major Updates to Data Breach Notification Rules – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Governance & Risk Management , Healthcare , HIPAA/HITECH Regulators Advised to Protect Patients From ‘Warrantless’ Requests on Prescriptions Marianne Kolbasuk McGee (HealthInfoSec) • December 13, 2023     Image: Getty Three members of Congress are   show more ...

urging the Department of Health and Human Services to improve HIPAA privacy protections around pharmacy […] La entrada Lawmakers Urge HHS to Shield Pharmacy Records From Police – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Artificial Intelligence & Machine Learning , Government , Industry Specific Government Currently Focused on Assessing AI Risks, Fostering Innovation Akshaya Asokan (asokan_akshaya) • December 13, 2023     Secretary of State for Science, Innovation and   show more ...

Technology Michelle Donelan speaking Wednesday before the U.K. Parliament (Image: U.K. Parliament) The U.K. government […] La entrada UK in No Rush to Legislate AI, Technology Secretary Says – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft’s Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals.   show more ...

Storm-1152 is a major cybercrime-as-a-service provider and the number one seller of fraudulent Outlook accounts, […] La entrada Microsoft seizes domains used to sell fraudulent Outlook accounts – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named ‘KV-botnet’ it uses since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly   show more ...

targets routers, firewalls, and VPN devices to proxy malicious traffic so it […] La entrada Stealthy KV-botnet hijacks SOHO routers and VPN devices – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate. BazarCall, first documented in 2021, is a phishing attack utilizing an email resembling a   show more ...

payment notification or subscription confirmation to security software, computer support, streaming […] La entrada BazarCall attacks abuse Google Forms to legitimize phishing emails – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims’ ransom payments. “New arrest in the Hive ransomware affair: after the international search in January to   show more ...

dismantle this network of hackers constituting a serious threat, the Judicial Police arrested in […] La entrada French police arrests Russian suspect linked to Hive ransomware – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation’s Tor websites suddenly   show more ...

became inaccessible without warning. Affiliates associated with NoEscape claimed that the ransomware operators pulled an exit […] La entrada LockBit ransomware now poaching BlackCat, NoEscape affiliates – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Thursday, December 14
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary