The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies show more ...
The Self-proclaimed hacktivist group, Sylhet Gang, has claimed a cyberattack on the UAE’s Ministry of Defence. The attack allegedly targeted the website, stating that they had “paralyzed” the United Arab Emirates Ministry of Defence (MOD). The cyberattack claim was posted by the threat actor on its show more ...
FBI Takes Down BlackCat/Alphv Ransomware! The U.S. Department of Justice (DOJ) recently announced a major breakthrough in cybersecurity efforts with the disruption of the BlackCat ransomware group, also known as ALPHV or Noberus. This group has been a significant threat, targeting over 1,000 computer networks show more ...
Security researcher and IoT hacker Dennis Giese talks about his mission to liberate robot vacuums from the control of their manufacturers, letting owners tinker with their own devices and - importantly - control the data they collect about our most intimate surroundings. The post Episode 254: Dennis Giese’s show more ...
A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.
The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.
Attackers can chain the vulnerabilities to gain full remote code execution.
To make real change, organizations need to augment logical thinking with critical thinking.
More and more hackers are choosing to host their malicious campaigns from public services, and they're pioneering new ways of doing it.
Expel-sponsored research unveils how companies measure SOC performance and the frameworks they rely on to assess and guide their security strategies
Salvador Technologies' platform prevents downtime damages and enables full operational recovery and continuity in just 30 seconds.
As stringent new SEC reporting rules take effect, CISOs need to assess internal processes and understand their responsibilities. But there's a bright side.
Israeli intelligence said a cyber unit of Hezbollah also was involved in the cyberattack.
Large language models (LLMs) like Bard and ChatGPT can help produce simpler, more readable security documentation in a fraction of the time it takes to do it manually.
Hype won't solve operational security problems. Here are 10 important points to consider when evaluating API security solutions.
Xorbot utilizes encryption and decryption algorithms, borrowed from the Mirai source code, to encrypt communication with its command and control server and store sensitive information.
Microsoft has introduced Windows Protected Print Mode (WPP) to enhance security and eliminate vulnerabilities in the Windows print system. These changes aim to reduce the attack surface and enhance user safety.
The vulnerabilities, CVE-2023-35384 and CVE-2023-36710, allow an attacker to bypass security measures and execute code on a victim's machine by tricking Outlook into downloading a specially crafted sound file.
A Canadian-Russian man, Mikhail Vasiliev, who is facing extradition to the United States for his alleged involvement in the LockBit ransomware group, is now facing new cybercrime charges in Ontario.
The accessed data included sensitive details such as names, addresses, phone numbers, Social Security numbers, and bank account numbers of individuals associated with mortgage loans serviced by Mr. Cooper.
Manufacturers are advised to follow Secure by Design principles, provide unique setup passwords or disable them after a preset time period, and implement phishing-resistant multi-factor authentication methods to mitigate these risks.
Gas stations in Iran experienced widespread disruptions due to a cyberattack claimed by the group Predatory Sparrow, which has previously targeted Iranian critical infrastructure.
VF Corporation, one of the largest apparel companies in the world, reported a cyberattack to the U.S. Securities and Exchange Commission (SEC) on the first day of a new cyber incident reporting rule.
The SEC does not aim to manage security but wants better disclosures. The final rule requires the disclosure of material cybersecurity incidents, but does not require specific technical details to avoid providing a roadmap for future attacks.
The external assessment did not identify any significant vulnerabilities that would allow easy access to the organization's network, but the internal assessment revealed multiple weaknesses that led to domain compromise.
The Financial Stability Oversight Council has classified artificial intelligence as an "emerging vulnerability" in the financial system, acknowledging both its potential for innovation and the risks it poses.
The Play ransomware group has been targeting businesses and critical infrastructure in North America, South America, and Europe since June 2022. They use a double-extortion model, encrypting systems after exfiltrating data.
One of Westpole's customers, PA Digitale, which serves 1300 public administrations including 540 municipalities, was targeted. The incident has led to manual operations for some services and may affect salary payments.
The breach occurred after attackers exploited a critical vulnerability, known as Citrix Bleed, that had been actively exploited as a zero-day since August 2023. The company has asked users to reset their passwords.
Attackers can exploit SMTP smuggling to send spoofed emails with fake sender addresses, bypassing email security checks and putting organizations and individuals at risk for targeted phishing attacks.
The report provides guidance on open source software adoption, including criteria for selection, risk assessment, licensing, export control, maintenance, vulnerability response, and secure software delivery.
Four vulnerabilities, including a critical one, have been discovered in the widely used Perforce Helix Core Server, posing a significant risk to organizations in the gaming, government, military, and technology sectors.
Researchers at Bitdefender Labs have uncovered a new scam involving remote jobs on social media platforms. Scammers are promising payment for simply liking YouTube videos.
This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses show more ...
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Debian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.
Red Hat Security Advisory 2023-7878-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.
Washington County is on the frontlines of a massive cyberattack that began last Friday. This Washington County cyberattack has hit the computer systems with over 60000 attempts till Sunday. Tad Sours, the communications director, has compiled a record highlighting the alarming scale of this ongoing threat. On Friday, show more ...
VF Corporation, the esteemed apparel brand owner behind Vans, Supreme, and The North Face, faces a major setback following a cyberattack. This breach has severely impacted the company’s ability to meet Christmas orders, a crucial event in the retail calendar. In a regulatory statement released on Monday, the show more ...
CISA or the Cybersecurity and Infrastructure Security Agency has released its new cybersecurity information sharing strategy for 2024 to strengthen the nation’s cyber defenses in the coming year. CISA has brought this new strategy to deliver timely and useful cybersecurity information at a time when threats are show more ...
Formerly known as Nationstar Mortgages, Mr. Cooper Group, a prominent player in the nation’s mortgage and loan sector, is grappling with the aftermath of a significant cyberattack. On October 31, 2023, Mr. Cooper Group fell prey to a cyberattack that compromised the personal information of a staggering 14 show more ...
Xfinity is reaching out to its customers to inform them about a data security incident that unfolded in October 2023. The Citrix vulnerability notice, initiated today, shares details into the incident and the type of data compromised. The Xfinity data security incident originated with a vulnerability in software show more ...
AI is poised to be a game-changer, not just for hackers but also as a shield against cyber threats. As we approach 2024, understanding and tackling these challenges becomes essential. This is where insights from industry leaders and experts become invaluable. In a recent interview by The Cyber Express at The World show more ...
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware and sidestep detection tools," ReversingLabs researcher Karlo Zanki
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering remains one of the most prevalent attacks
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also tracked under the monikers Boggy Serpens, Cobalt
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura said. The malware family,
The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat and gain
Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides in Saint Petersburg and is known by the aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar,
Simon Whittaker, CEO of Vertical Structure, invited me onto the "CyberTuesday" show to share some stories and opinions from the world of cybersecurity. I couldn't resist also breaking into my Jason Statham impression at one point...
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Partner with your CFO, legal counsel and other executive stakeholders to evaluate SEC disclosure implications. Identify initial materiality thresholds, timelines, definitions, and the “crown jewels” that, if compromised, will result in a material impact. La entrada What can CISOS do to prepare for the SEC show more ...
Generative AI development has the potential to bring significant global benefits. But it will also increase risks to safety and security by enhancing threat actor capabilities and increasing the efectiveness of attacks. La entrada Safety and Security Risks of Generative Artificial Intelligence to 2025 se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Global survey results The worldwide participation in the Risk in Focus survey provides a rare opportunity to compare risk levels and internal audit planning between different regions. The strong consensus about risk and audit effort in many areas is a testament to the strength of the shared standards of the internal show more ...
In the field of risk management, self-assessment of risk level plays a crucial role for organizations and professionals seeking to understand and mitigate potential threats they may face. The risk self-assessment process allows stakeholders to identify, analyze, and evaluate risks inherent to their operations, show more ...
But what does that even mean? La entrada Red Team Operating in a Modern Environment se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.darkreading.com – Author: Joshua Goldfarb Source: Sasin Paraksa via Alamy Stock Photo APIs have become a critical part of modern business. They allow businesses to be more competitive and to meet market pressures by pushing capabilities closer to customers and increasing the pace at which a company show more ...
Source: www.darkreading.com – Author: Edge Editors Source: RossHelen editorial via Alamy Stock Photo Question: How can CISOs keep up with changing cybersecurity regulations? Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer (CISO), but show more ...
Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading Source: Jan Miks via Alamy Stock Photo More than eight years after it first came to light, an unauthenticated Java deserialization vulnerability lurking in the Google Web Toolkit open source application framework remains unpatched, and show more ...
Source: www.darkreading.com – Author: December 12, 2023 Earlier today, the United States Senate confirmed Mr. Harry Coker, Jr. as National Cyber Director in the White House Office of the National Cyber Director. Once sworn in, Mr. Coker will be the second National Cyber Director in the Office, which was show more ...
Source: www.darkreading.com – Author: Israeli cybersecurity startup Zero Networks, a leading provider of zero trust identity and network security solutions, raised $20 million in Series B funding following a five-fold increase in its revenue, bringing its total raised capital to $45 million. U.S. Venture show more ...
After years of negotiations, the European Union General Data Protection Regulation (EU GDPR) will come into effect on 25 May 2018, replacing the 22-year-old EU Data Protection Directive. At its core, the GDPR aims to put EU residents in control of their personal data. It regulates how their data is collected, show more ...
Chief Information Security Officers (CISOs) have a multitude of challenges that need to be met head on. Traditional information management challenges have broadened to accommodate the growth in technology channels, data size and an ever-evolving cybersecurity landscape. CISOs need to apply risk management techniques show more ...
In the month of May 2023, Danish, critical infrastructure was exposed to the most extensive cyber-related attack we have experienced in Denmark to date. 22 companies, that operate parts of the Danish energy infrastructure, were compromised in a coordinated attack. The result was that the attackers gained access to show more ...
In the modern digital ecosystem, the intricacies of malware infiltration within the macOS environment have evolved into a nuanced field of adversarial artistry. This report delineates a spectrum of infection techniques, shedding light on the meticulous craftsmanship that underpins malicious endeavors targeting macOS show more ...
Ransomware attacks pose a rising threat to UK businesses, prompting most to seek improved safeguards. Even cybersecurity experts can struggle to grasp the full scale of risks from sophisticated criminal groups. This document intends to empower boards, alongside their own research, to make informed, reasoned show more ...
This publication provides guidelines for how to use Rockwell Automation products to improve the security of your industrial automation system. For information on patch management options, security advisory details, and general news and awareness on industrial security from the Rockwell Automation Office of Product show more ...
Outsourcing is an essential part of business and brings with it a range of benefits. However, your supply chain also exposes you to damaging security threats. Attacks on your business via your supply chain happen because: Protected Procurement provides advice on how to develop your supply chain security, avoid show more ...
The 2023 State of Threat Intelligence report examines how and why most organizations have made the collection and analysis of threat intelligence a central element of their cybersecurity programs – and extended its use cases beyond traditional cybersecurity activities. In August 2023, we surveyed 400 show more ...
Smart buildings encompass an ever-increasing number of connected operational technology (OT) and information technology (IT) systems and devices that provide actionable insights into building performance. These insights enable data-driven decisions that increase efficiency, optimize operations, mitigate risk, and show more ...
Over the past few years, hacks against companies and governments have continued to grow. and their methods become more varied and effective. Memorable hacks include the attack against Yahoo!, which compromised every active account-a total of 3 billion, the Wannacry ran- somware attacks which struck across the globe. show more ...
Source: www.schneier.com – Author: Bruce Schneier OpenAI Is Not Training on Your Dropbox Documents—Today There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a show more ...
Source: www.schneier.com – Author: Bruce Schneier More unconstrained surveillance: Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. show more ...
Source: thehackernews.com – Author: . The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. “PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the show more ...
Source: thehackernews.com – Author: . Dec 19, 2023NewsroomCryptojacking / Cyber Threat The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a show more ...
Source: thehackernews.com – Author: . Dec 19, 2023NewsroomRansomware / Threat Intelligence The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. “Play show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan. IBM’s security team discovered this evasive threat show more ...
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation (FBI). “ALPHV Blackcat affiliates have extensive show more ...
Source: www.bleepingcomputer.com – Author: Bill Toulas An international law enforcement operation codenamed ‘Operation HAECHI IV’ has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. The South Korean authorities led HAECHI operations show more ...
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates. Although the company only mentions the KB50532288 optional preview update as the originating update for these Wi-Fi show more ...
Source: www.bleepingcomputer.com – Author: Lawrence Abrams An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware show more ...
