Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cyberattack Rocks In ...

 Data Breach News

The Sony-owned game development powerhouse, Insomniac Games, found itself ensnared in an alleged ransomware attack this week, marking the biggest gaming data breach of 2023. The Insomniac Games data leak reportedly contained a dump of staggering 1.67 terabytes of sensitive data, including future projects and gaming   show more ...

models. The compromised information also includes assets and story spoilers from unreleased games, a roadmap of upcoming titles, internal company communications, personal data of employees, such as passport scans and compensation figures, and much more. One of the key details leaked in the alleged Insomniac Games cyberattack is the gameplay, characters, and voice artists in the upcoming Marvel’s Wolverine video game. Rhysida Ransomware Asserts Insomniac Games Data Leak  Source: Twitter The ransomware group, Rhysida, specifically targeted Insomniac Games due to its status as a prominent and successful studio, making it a perfect candidate for substantial monetary gain.  The ransom demanded amounted to $2 million, a demand that most organizations would back out from. The Cyber Express had previously reported the initial Insomniac Games breach last week, shedding light on the severity of the situation. The Trend Trackers Hub on X, a micro-blogging platform, shared a revealing video showcasing the first alleged gameplay footage of Marvel’s Wolverine. Notably, the leaked information extended beyond the Wolverine title, unraveling a comprehensive list of the studio’s planned projects with release timelines: Marvel’s Venom – 2025 Marvel’s Wolverine – 2026 Marvel’s Spider-Man 3 – 2028 Ratchet and Clank – 2029 X-men – 2030 Marvel’s Spider-Man 2, Marvel’s Wolverine, and Marvel’s [Additional Titles] Marvel’s Wolverine Video Game Leak and Other Sensitive Data Furthermore, the leaked data unveiled plans for PC ports of Spider-Man 3. The Wolverine video game leak allegedly consisted of cast members, and voice actors, including Krizia Bajos as Jean Grey, Liam McIntyre as Wolverine, and Troy Baker as Sinister.  While these revelations are hyping the Marvel fans, their authenticity remains unverified. Despite numerous attempts to seek clarification from Insomniac Games, no official statement or response has been issued at the time of writing, leaving the claims surrounding the Insomniac Games breach in a state of uncertainty. The leaked footage of Marvel’s Wolverine video game hints at an expansive open-world setting with innovative gaming mechanics. Notably, the introduction of the in-game ability called “Imagine” allows the main character to relive specific moments from their memory. Other leaked abilities include the use of “smell,” a nod to the Wolverine franchise where the character relies on a heightened sense of smell to locate people, memories, and locations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Can you trust Window ...

 Business

Due to mass password leaks, user forgetfulness, and other problematic areas of modern information security, alternative ways of logging in to systems and corporate software are gaining ground. Besides the familiar authenticator apps and various contactless cards and USB tokens, fingerprint-based biometric   show more ...

authentication is a popular choice — especially since laptop keyboards these days often come with built-in scanners. This method does seem rather reliable at first glance; however, a recent report by Blackwing Intelligence casts doubt upon this assertion. The authors managed to hack the biometric authentication system and log in to Windows using Windows Hello on Dell Inspiron 15 and Lenovo ThinkPad T14 laptops, as well as using the Microsoft Surface Pro Type Cover with Fingerprint ID keyboard for Surface Pro 8 and Surface Pro X tablets. Lets have a look at their findings to see whether you should update your cyberdefense strategy. Anatomy of the hack First of all, we must note that this was a hardware hack. The researchers had to partially disassemble all three devices, disconnect the sensors from the internal USB bus, and connect them to external USB ports through a Raspberry PI 4 device that carried out a man-in-the-middle attack. The attack exploits the fact that all chips certified for Windows Hello must store the fingerprint database independently, in the on-chip memory. No fingerprints are ever transmitted to the computer itself — only cryptographically signed verdicts such as User X successfully passed verification. In addition, the protocol and the chips themselves support storing multiple fingerprints for different users. The researchers were able to perform the spoofing, although attacks varied for different laptop models. They uploaded onto the chip additional fingerprints, supposedly for a new user, but were able to modify the data exchange with the computer so that information about the successful verification of the new user would be associated with the ID of the old one. The main reason the spoofing worked was that all verified devices deviate to some degree from the Secure Device Connection Protocol (SDCP), which Microsoft developed specifically to head off such attacks. The protocol takes account of many common attack scenarios — from data spoofing to replaying a data exchange between the operating system and the chip when the user is not at the computer. Hacking the implementation of the security system on a Dell (Goodix fingerprint scanner) proved possible due to the fact that the Linux driver doesnt support SDCP, the chip stores two separate databases for Windows and Linux, and information about the choice of database is transmitted without encryption. Lenovo (Synaptics chip) uses its own encryption instead of SDCP, and the authors managed to figure out the key generation mechanism and decrypt the exchange protocol. Rather jaw-droppingly, the Microsoft keyboard (ELAN chip) doesnt use SDCP at all, and the standard Microsoft encryption is simply absent. Main takeaways Hardware hacks are difficult to prevent, yet equally if not more difficult to carry out. This case isnt about simply inserting a USB flash drive into a computer for a minute; skill and care are required to assemble and disassemble the target laptop, and throughout the period of unauthorized access the modifications to the computer are obvious. In other words, the attack cannot be carried out unnoticed, and its not possible to return the device to the rightful user before the hack is complete and the machine is restored to its original form. As such, primarily at risk are the computers of company employees with high privileges or access to valuable information, and also of those who often work remotely. To mitigate the risk to these user groups: Dont make biometrics the only authentication factor. Complement it with a password, authenticator app, or USB token. If necessary, you can combine these authentication factors in different ways. A user-friendly policy might require a password and biometrics at the start of work (after waking up from sleep mode or initial booting), and then only biometrics during the working day; Use external biometric scanners that have undergone an in-depth security audit; Implement physical security measures to prevent laptops from being opened or removed from designated locations; Combine all of the above with full-disk encryption and the latest versions of UEFI with secure boot functions activated. Lastly, remember that, although biometric scanners arent perfect, hacking them is far more difficult than extracting passwords from employees. So even if biometrics arent not the optimal solution for your company, theres no reason to restrict yourself to just passwords.

image for Kitco.com Hit by Cyb ...

 Data Breach News

Kitco.com, a leading online media platform recognized for its extensive coverage spanning Gold and Silver News, Live Prices, Charts, Rates, Mining, ETFs, FOREX, Bitcoin, cryptocurrencies, and stock markets, faces the aftermath of a major cyberattack. Users attempting to access the site are greeted with a message,   show more ...

confirming a temporary disruption due to a cyberattack on Kitco. The message displayed on the official website reads: “Our website is currently experiencing a temporary disruption due to a cybersecurity incident. Our team is actively working to resolve this issue as quickly as possible. We are committed to ensuring the security and integrity of our services and apologize for any inconvenience this may cause.” The cyberattack on Kitco has prompted the company to take precautionary measures, leading to the temporary suspension of its website services. While the message assures users that the team is diligently addressing the situation, no additional details regarding the extent of the Kitco cyberattack or potential data compromise have been disclosed. For urgent inquiries, the company has provided an alternative contact method, urging users to reach out to customer service at cs@kitco.com. The message concludes with a sincere apology for any inconvenience caused and an expression of gratitude for the continued support from users. The platform reiterates its commitment to restoring full functionality as soon as possible. Cyberattack on Kitco: Users Concerned  News of the Kitco.com cyberattack quickly spread across social media platforms, particularly on Twitter, where users shared screenshots of the website’s downtime. The news of a cyberattack on Kitco has sparked concerns among Kitco.com’s user base, as many rely on the platform for real-time updates on precious metals, mining news, and market trends. The lack of detailed information surrounding the Kitco cyberattack has left users anxious about the security of their data and the potential impact on Kitco.com’s services. The company’s handling of the situation, including the swift suspension of website services and the proactive communication through the displayed message, indicates a commitment to resolving the issue promptly. Cyberattack on Kitco Echoes Other Media Threats This event follows a similar cyberattack on The Guardian, a prominent UK newspaper, in December 2022, where a ransomware attack disrupted operations and resulted in the theft of personal data belonging to UK staff. Cybersecurity incidents in media entities are highly visible to the public, even if they have a relatively minor impact or are unsuccessful. In February 2023, Virgin Media TV experienced an attempted hack, forcing some programming off the air while the company worked to mitigate the incident. This emphasizes the vulnerability of media platforms to cyber threats and the potential impact on their operations. Notably, media platforms are also attractive targets for hacktivists seeking to broadcast messages to a wider audience. After the Russian invasion of Ukraine in February, pro-Ukrainian groups took over Russian TV channels to convey messages opposing the Kremlin’s actions. As the cybersecurity landscape continues to evolve, incidents like the Kitco.com cyberattack highlight the importance of robust security measures for online platforms that handle sensitive financial information. The affected website assures users that efforts are underway to restore full functionality, and updates on the situation are eagerly awaited by Kitco.com’s user base and the wider online community. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Top 25 Cybersecurity ...

 Firewall Daily

In an era marked by relentless technological evolution and the omnipresence of cyber threats, the role of cybersecurity professionals has become increasingly important. The cybersecurity CEOs embody a remarkable blend of expertise, adaptability, and forward-thinking leadership that sets them apart in security domain.   show more ...

As stewards of technological advancement, these CEOs are not merely guardians of data; they are architects of the future, steering their organizations with unparalleled vision and resilience. In the face of a ransomware groups, self-proclaimed hacktivist organizations, these leaders have demonstrated an unwavering commitment to innovation, employing cutting-edge technologies to fortify security and protect against formidable hackers. Who are the Top 25 Cybersecurity CEOs to Watch in 2024? Beyond their technical prowess, these CEOs have proven their strategic acumen, navigating the complex intersection of technology, business, and security with finesse. Their ability to anticipate and proactively address online threats places them at the forefront of the cybersecurity industry. As we approach the end of 2023, The Cyber Express has compiled a list of cybersecurity firm CEOs to watch in 2024. 1. Nikesh Arora, Chairman and CEO at Palo Alto Networks 2. Kevin Mandia, CEO at Mandiant 3. George Kurtz, co-founder and CEO at CrowdStrike 4. Sumit Dhawan, CEO at Proofpoint 5. Bryan Palma, CEO at Trellix 6. Amit Yoran, CEO at Tenable 7. Sumedh Thakar, President and CEO at Qualys 8. Kyle Hanslovan, CEO and co-founder at Huntress 9. Corey Thomas, CEO at Rapid7 10. Eyal Wachsman, co-founder and CEO at Cymulate 11. Ken Xie, Founder, Chairman and CEO at Fortinet 12. Gary Steele, President and CEO at Splunk Inc 13. Poppy Gustafsson, CEO at Darktrace PCL 14. Eric Harmon, CEO at Trustwave 15. Rajat Bhargava, CEO and co-founder at JumpCloud 16. Jay Chaudhry, Chairman, Founder and CEO at Zscaler 17. Eva Chen, CEO at Trend Micro 18. Beenu Arora, co-founder and CEO at Cyble Inc 19. Kabir Barday, Founder and CEO at OneTrust 20. Kris Hagerman, CEO at Sophos 21. Matt Cohen, CEO at CyberArk 22. Greg Johnson, CEO at McAfee 23. Charlie Thomas, CEO at Deepwatch 24. Stu Sjouwerman, CEO at KnowBe4 25. Sanjay Mirchandani, President and CEO at Commvault Conclusion Cybersecurity is a dynamic field requiring dynamic individuals who can juggle multiple security concerns. These cybersecurity CEOs have proven their metal by consistently providing a safer environment for organizations and netizens. By continuously adapting to new technologies and monitoring the deep and dark web, these cybersecurity CEOs are paving the way for better security and safety for individuals, groups, and world governments.

image for Stocks Plunge After ...

 Firewall Daily

HCL Technologies, a prominent IT giant, disclosed a ransomware attack impacting a specific project within its isolated cloud environment. As investigations unfold to uncover the origins of the HCL Cyberattack, the company pledges to initiate necessary corrective measures, as indicated in a regulatory filing. HCL   show more ...

Cyberattack: What We Know So Far In a statement acknowledging the HCL Cyberattack, the company said, “This is to inform you that HCLTech has become aware of a ransomware incident in an isolated cloud environment for one of its projects. There has been no impact observed due to this incident on the overall HCLTech network.” HCL Technologies reaffirmed that protecting confidential data is of utmost importance. Following the HCL Cyberattack, the company quickly launched a thorough investigation, working closely with pertinent parties to identify the underlying cause and carry out the necessary corrective actions. Statement released post the HCL Cyberattack “Cybersecurity and data protection is a top priority for HCLTech. A detailed investigation is underway in consultation with relevant stakeholders to assess the root cause and take remedial action as necessary,” the HCL Tech statement stated. The HCL Cyberattack happened just a few days after HCL Tech became the 13th largest listed business in India after crossing the Rs 4 trillion market capitalization threshold on the stock exchanges. Tata Consultancy Services has the biggest m-cap among major IT companies, with Infosys following closely behind. HCL reported a year-on-year revenue growth of 8% in Q2FY24 while maintaining solid margins. Because of the significant acquisitions made during the quarter, higher profitability is also anticipated to be reported. HCL Tech closed 16 large deals in the second quarter, totaling $3.969 billion in contract values. Six of these were in the software space and seven were in the services sector, reported Business Standard. Afterwards, on December 14, HCL Tech declared that it had won a contract from Victoria, Australia’s Department of Transport and Planning. For those who utilize public transportation, it will automate the concession entitlement procedure. At 10:15 a.m. on Wednesday, HCL Tech’s shares were up 0.36 percent at Rs 1,493.5 a share on the BSE. However, the HCL cyberattack resulted in a massive plunge in the company’s stocks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for ALPHV/BlackCat Websi ...

 Cybersecurity News

BlackCat Website Unseized? Just hours following the FBI’s announcement regarding the seizure of the ALPHV/BlackCat threat group’s website, the hacker collective is now asserting that they have reestablished control, accompanied by a menacing message directed at the FBI. In a widely circulated dark web post   show more ...

concerning the resurgence of the ALPHV BlackCat website, the ransomware group divulges the repercussions of the takedown and provides specific details of the exposed information to the FBI. For the unversed, less than 24 hours ago, the U.S. Department of Justice (DOJ) declared the disruption of the BlackCat ransomware group through the seizure of their leak site. Additionally, the DOJ revealed that the FBI’s decryption tool aided in restoring data for more than 500 ransomware victims, alongside the seizure of “several websites” affiliated with the ALPHV/Blackcat ransomware gang as part of a multinational law enforcement effort. BlackCat Website Unseized: FBI’s official post. (Source: Twitter) BlackCat Website Unseized “As you all know, the FBI received the keys to our blog, now we will tell you how it all happened,” begins the post, which goes on to explain how the FBI has access to only one DCs, while the others remained untouched. “The maximum that they have is the keys for the last month and a half, that’s about 400 companies, but now, because of them, more than 3000 companies will never receive their keys.” “Because of their actions, we are introducing new rules, or rather we are removing all rules, except one, you cannot touch the CIS, you can now block hospitals, nuclear power plants, anything, anywhere.” Message posted by the hacker collective following the seizing of their leak site by the FBI (Source: Twitter) The dark web post further stated that the rate is not 90% for all advertisers, however, no discount will be given to companies and the payment is what they have indicated. The hacker collective concluded the post by stating that they will “take into account” their mistake and “work even harder”, and are waiting for “requests for discounts that no longer exist”. The post also included a link to their new portal. The open-source community @vxunderground tweeted about receiving a message from the hacker collective, stating, “ALPHV ransomware group administrative group has contacted us to inform us they have moved their servers and blogs,” alongside a screenshot of the conversation. (Source: Twitter) This post has stirred significant attention on social media, sparking curiosity about the true nature of the situation. Amidst the substantial FBI crackdown, the revelation from BlackCat suggesting minimal impact raises compelling questions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Singapore’s ASA Ho ...

 Firewall Daily

The notorious BianLian ransomware group has expanded its list of victims, adding the name of Air Sino-Euro Associates (ASA Holidays). The alleged ASA Holidays cyberattack has exposed a humungous amount of the company’s data, risking the privacy and security of its employees and clients. Although no official   show more ...

confirmation of the alleged cyberattack on ASA Holidays has been published by the company, the ransomware group BianLian has boldly claimed to have extracted a huge amount of sensitive data. The Cyber Express team, while researching the alleged attack, checked out the website for any form of disruptions or malfunctioning. However, the website seems to be operational at the moment and doesn’t show any sign of the attack. We have also reached out to ASA Holidays for an official confirmation of the details of the alleged cyberattack. Still, an official comment wasn’t available at the time of writing this report. Decoding ASA Holidays Cyberattack Claims According to the screenshot of a dark web post by the BianLian ransomware group’s leak portal, published on X, the BianLian ransomware group-led alleged cyberattack on ASA Holidays has possibly exposed around 736 GB of the company’s data. This has led to a data leak risk for a massive travel agency worth millions. Credit: FalconFeedsio on “X” The data stolen by the BianLian Ransomware group in the alleged ASA Holidays cyberattack contains the company’s finance-related data, human resource details, and clients’ and partners’ business information. The alleged cyberattack has also exposed the company’s private personal data, internal and external correspondence, and SQL databases. As per the updates at the time of writing this report, the data of ASA Holidays has not been published and no specific deadline of ransom amount has been assigned for publishing the data extracted from the alleged cyberattack. Who is the BianLian Ransomware Group? US cyber defense agency CISA has been closely following the BianLian ransomware group and has published an advisory report on the same. Since June 2022, companies in several crucial infrastructure sectors in the United States have been the target of BianLian, a cybercriminal outfit that develops, deploys, and demands data using ransomware. They have also targeted essential infrastructure industries in Australia. The group accesses target systems using legitimate Remote Desktop Protocol (RDP) credentials. For credential harvesting and discovery, it employs command-line scripting and open-source tools. Finally, it uses File Transfer Protocol (FTP), Rclone, or Mega to exfiltrate victim data. Actors from the BianLian group then threatened to release data to extract money. Before switching to mainly exfiltration-based extortion around January 2023, the BianLian group used a double-extortion methodology in which they first encrypted the victims’ systems after exfiltrating the data. Impact of the Cyberattack on ASA Holidays The alleged ASA Holidays cyberattack, if proven true can have serious consequences across multiple aspects of its business operations. Firstly, the compromise of sensitive customer information, such as personal data and payment details, could lead to a damaging data breach. Beyond eroding customer trust, this may result in legal repercussions and financial losses for both affected individuals and the company. Secondly, the operational disruption caused by the cyberattack might impact essential services, such as online booking systems and communication channels. This downtime could lead to substantial financial losses and adversely impact the company’s reputation, especially if customers experience difficulties in utilizing ASA Holidays’ services. Thirdly, in addition to the immediate impacts, the financial toll could extend to theft of company funds, payment related fraud, and the expenses associated with recovering from the attack. Lastly, the reputational damage stemming from negative publicity and social media backlash could further exacerbate the company’s woes. Legal and regulatory repercussions may also arise due to violations of data protection laws, potentially leading to penalties and legal actions. Moreover, the indirect effects on the supply chain, such as disruptions to third-party vendors providing critical services, and increased insurance costs further compound the multifaceted challenges that the company would face in the aftermath of the cyberattack on ASA Holidays. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

The malware utilizes extensive commands from its C2 server, enabling it to exfiltrate valuable user information, including browser credentials and cryptocurrency wallet details.

 Malware and Vulnerabilities

MetaStealer is a popular piece of malware that has been observed in recent malicious ad campaigns. The developers of MetaStealer have announced that they are releasing a new and improved version of the malware.

 Companies to Watch

American identity and access management company Okta is acquiring Israeli cybersecurity company Spera for approximately $100-130 million, marking Okta's first acquisition in Israel and highlighting the strength of the Israeli cyber industry.

 Companies to Watch

The oversubscribed Series B funding round was led by Bain Capital Ventures. The company aims to use the funds to expand its product lines, enhance its services, and strengthen its sales and marketing efforts.

 Incident Response, Learnings

Israel has identified Iran and Hezbollah as the perpetrators of a cyberattack on the Ziv Medical Center. The attack, which occurred last month, resulted in the theft of 500GB of medical data.

 Threat Actors

The Sidewinder group, a sophisticated APT group originating from South Asia, is behind a highly targeted cyber threat campaign involving a malicious Word document with an embedded macro, potentially targeting Nepalese government officials.

 Feed

Gentoo Linux Security Advisory 202312-3 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 102.12 are affected.

 Feed

Ubuntu Security Notice 6561-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and   show more ...

features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

 Feed

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.

 Feed

Ubuntu Security Notice 6560-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and   show more ...

features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Luci Stanescu discovered that OpenSSH incorrectly added destination constraints when smartcard keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

 Feed

Red Hat Security Advisory 2023-7875-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2023-7874-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2023-7873-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-7872-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

 Feed

In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the   show more ...

beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.

 Features

In a recent interview at World CyberCon India’s second edition, Jaspal Singh Sawhney, Chief Information Security and Privacy Officer at Tata Communications, shared valuable insights into the evolving cybersecurity landscape. Focusing on the use of AI and ML by both threat actors and industry players, Sawhney   show more ...

highlighted the unique challenges faced by cyber defenders. This article explores his perspective on tackling these challenges and delves into future trends, emphasizing the role of connectivity, convergence, and the need for proactive adaptation in the ever-changing cybersecurity landscape. Jaspal Singh Sawhney Perspective on AI/ML Challenges in Cybersecurity With a focus on the use of artificial intelligence (AI) and machine learning (ML) by both threat actors and industry players, Sawhney emphasized the unique challenges faced by cyber defenders. “The use of AI/ML by threat actors and the industry presents a unique challenge for cyber defenders because you have to protect against what the bad guys are doing using this technology, while also protecting the business logic and generative engines for enterprises solving their business problems using AI/ML,” Sawhney explained to The Cyber Express. One of the key trends Sawhney highlighted was the increasing sophistication of cyber threats due to the use of AI/ML. He pointed out that this trend would make attacks appear more realistic and penetrative, requiring cybersecurity professionals to stay ahead of evolving tactics. Future Trends: Connectivity and Convergence Looking ahead to 2024, Sawhney identified several factors that would shape the cybersecurity landscape. Beyond the continued use of AI/ML in cyberattacks, he emphasized the growing significance of connectivity, particularly with the widespread adoption of technologies like 5G and the Internet of Things (IoT). “More connectivity, whether it’s using 5G or IoT networks, will lead to more convergence on cyber-physical systems,” Sawhney stated. He highlighted the need for enhanced cybersecurity measures to protect critical utility networks, including power, space research, traffic management, healthcare, and more. Sawhney also highlighted the role of Secure Access Service Edge (SASE) and edge computing in the evolving cybersecurity landscape. As organizations embrace these technologies, there is an increased risk associated with data processing at the endpoints, which may not always be secured at an enterprise-grade level. “With the use of SASE and more emphasis on edge computing, we will see more data processing happening at the endpoints,” Sawhney explained. “How security and defenses evolve to protect against these vulnerabilities will be an important area to watch.” Proactive Adaptation for an Ever-Changing Landscape Jaspal Singh Sawhney’s insights provide a comprehensive understanding of the challenges and trends shaping the cybersecurity landscape. As organizations navigate the increasing use of AI/ML in cyber threats and the expanding connectivity landscape, a proactive and adaptive approach is crucial to staying ahead of the ever-changing threat landscape. The intersection of technology and cybersecurity demands continuous vigilance and strategic adaptation to ensure robust protection against emerging risks.

 Firewall Daily

Veon Ltd. has shared an update on the Kyivstar cyberattack, stating the restoration of services. All of Veon Ltd.’s communication services, including phone lines, internet, SMS, fixed connectivity, and the self-care application MyKyivstar, are now operational and accessible throughout Ukraine. They are also   show more ...

concentrating on stabilizing the network and making sure that roaming clients can access all of the services available to them. Restoring high-speed mobile internet in the Kyiv metro is one of the major updates as of right now. Veon, Ltd. is a Ukrainian digital operator that offers calling and internet services. Update on the Kyivstar Cyberattack Veon has released an update on the Kyivstar cyberattack. As of Tuesday, 99% of Kyivstar’s base stations within the boundaries of the Ukrainian government are functioning, having almost entirely recovered from the massive cyberattack that occurred on December 12. Oleksandr Komarov, CEO of Kyivstar, stated, “Recovering from one of the largest cyber-attacks our industry has ever seen, our teams have restored communication services with significant speed while prioritizing the safety and the stability of the Kyivstar network and quality of customer experience.” He also stated as an update on the Kyivstar cyberattack that their teams are still working to enhance the user experience and troubleshooting any technical difficulties that could affect quality and accessibility. In the concluding statement, Komarov said, “We are proactively addressing all remaining pain points and would like to express our gratitude to Kyivstar customers for their support and patience. Kyivstar will continue to be the backbone of Ukraine’s connectivity and resilience going forward.” Additionally, VEON and Kyivstar expressed their gratitude to the Ukrainian authorities for their prompt action, help in stopping the attack, and assistance in getting services back up. VEON and Kyivstar reaffirmed their dedication to maintaining Ukraine’s resilience and connectivity through this notice on the Kyivstar cyberattack. Kyivstar Cyberattack in Brief A “powerful hacker attack” was reported by Kyivstar last week. In several areas, the attack affected air raid alarm systems and IT infrastructure, creating chaos for the Ukrainian citizens. The Kyivstar cyberattack had resulted in a “technical failure”, preventing the mobile phone users from accessing internet and calling services. Authorities from the Ukrainian city of Sumy had also witnessed a setback to their air raid alarm system due to the fallout of the Kyivstar cyberattack. The company managed to secure the IT hub and the services were restored almost after a week of disruptions. According to Kyivstar statement, the attack was related to the ongoing hostilities with Russia. Talking about the attack, Oleksandr Komarov, CEO of Kyivstar stated, “Unfortunately, the operator was the target of a very strong cyberattack this morning, which has prevented access to the internet and communications services.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or

 Feed

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as voice phishing, romance scams, online sextortion, investment fraud, money laundering

 Feed

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July

 Feed

Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," Mark Loman, vice

 Feed

Hands-On Review: Memcyco’s Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and data theft causing reputation damage and financial losses for both organizations and customers. The Growing Threat of

 BlackCat

Source: thehackernews.com – Author: . Dec 19, 2023NewsroomRansomware / Cybercrime The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court   show more ...

documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted […] La entrada FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Behind

Source: thehackernews.com – Author: . Dec 19, 2023NewsroomRansomware / Russian Hackers Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged   show more ...

role in launching thousands of attacks across the world. Matveev, […] La entrada Behind the Scenes of Matveev’s Ransomware Empire: Tactics and Team – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Abusing

Source: thehackernews.com – Author: . Dec 19, 2023The Hacker NewsSoftware Security / Threat intelligence Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. “Malware   show more ...

authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord […] La entrada Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people   show more ...

still engaging in insecure behaviors at […] La entrada Are We Ready to Give Up on Security Awareness Training? – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Dec 19, 2023NewsroomCyber Espionage / Cyber Attack The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania.   show more ...

The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the […] La entrada Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley Episode 21 | Cyber Stories with Graham Cluley Thanks to Simon Whittaker, and the rest of the team at Vertical Structure, for inviting me onto the “CyberTuesday” show to share some opinions and stories from the world of cybersecurity. I couldn’t resist   show more ...

also breaking into my Jason Statham impression […] La entrada Sharing stories on the CyberTuesday podcast – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 certification

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: The ultimate guide to the CISSP includes everything that you need to know about this premiere cyber security leadership certification. Expand your knowledge, develop your skill set, and lead. A brief introduction… Established in the early 1990s,   show more ...

the CISSP (Certified Information Systems Security Professional) qualification has become the […] La entrada The ultimate guide to the CISSP certification – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Comcast’s Xfinity customer data exposed after CitrixBleed attack Pierluigi Paganini December 19, 2023 Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is   show more ...

notifying its customers about the compromise of their data in a cyberattack that involved the […] La entrada Comcast’s Xfinity customer data exposed after CitrixBleed attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AlphV/BlackCat ransomware

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 19, 2023 The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. BlackCat/ALPHV ransomware gang has been active since November 2021, the list of   show more ...

its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES […] La entrada FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season Pierluigi Paganini December 19, 2023 Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and   show more ...

citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has identified a new fraudulent campaign […] La entrada Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Corey Sinclair As we prepare to ring in the new year, the ever-evolving cybersecurity landscape promises to bring new cyber threat actors, vulnerabilities, and weaknesses to counter. As technology evolves, so do cyber threat actors’ tactics, techniques, and procedures   show more ...

(TTPs) to take advantage of unsuspecting organizations for personal gain. Here are […] La entrada Insight – The Evolving Cybersecurity Landscape in 2024: Predictions and Preparations – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: securityboulevard.com – Author: Michael Vizard Cisco is moving to pervasively apply artificial intelligence (AI) in a way that should lower the bar in terms of the level of expertise required to achieve and maintain cybersecurity. DJ Sampath, vice president of product for AI at Cisco, said Cisco AI   show more ...

Assistant for Security will, for example, […] La entrada Cisco Details AI Strategy for Simplifying Cybersecurity – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Security Boulevard The Home of the Security Bloggers Network Original Post URL: https://securityboulevard.com/2023/12/def-con-31-secretary-of-us-homeland-security-alejandro-mayorkas/ Category & Tags: Security Bloggers Network,Cybersecurity,DEF Con   show more ...

31,DEFCONConference,governance,Information Security,national security,Security Conferences,USCG,USDHS – Security Bloggers Network,Cybersecurity,DEF Con 31,DEFCONConference,governance,Information Security,national security,Security Conferences,USCG,USDHS La entrada DEF CON 31 – Secretary of US Homeland Security Alejandro Mayorkas – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA

Source: securityboulevard.com – Author: Jeffrey Burt The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity agencies in the   show more ...

United States and Australia. The U.S. Cybersecurity and Infrastructure Security […] La entrada Play Ransomware Has Hit 300 Entities Worldwide: FBI – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Account Compromise

Source: securityboulevard.com – Author: Farah Iyer Recent findings from Microsoft Threat Intelligence reveal a concerning trend: threat actors exploiting vulnerabilities in Microsoft 365 and Azure environments to execute attacks, with a focus on OAuth application abuse. In this blog post, we explore two   show more ...

incidents included in Microsoft’s findings. We explore the actions involved in each […] La entrada Securing Against OAuth Exploitation: A Step-By-Step Guide – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 alphv

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading Source: Imagebroker via Alamy Stock Photo After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group’s network. Experts   show more ...

speculate this could be a wrap for the ransomware group just in […] La entrada Feds Snarl ALPHV/BlackCat Ransomware Operation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Irina Anosova via Shutterstock Qakbot malware is back less than four months after US and international law enforcement authorities dismantled its distribution infrastructure in a widely hailed operation dubbed “Duck Hunt.   show more ...

” In recent days, several security vendors have reported seeing the malware being distributed via phishing […] La entrada Fresh Qakbot Sightings Confirm Recent Takedown Was a Temporary Setback – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE Respondents overwhelmingly prefer the NIST CSF framework Results show that companies lag in training and cyber-readiness exercises Herndon, Va., December 19, 2023 – Expel, the security operations provider that aims to make security easy to understand, use   show more ...

and improve, today released a new research report, “Frameworks, Tools and Techniques: […] La entrada SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Comcast

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Sunrise Photos via Alamy Stock Photo The now-infamous CitrixBleed vulnerability has claimed possibly its biggest kill yet: 35 million customers of Comcast Xfinity. Since at least August, attackers have been exploiting CVE-2023-4966   show more ...

(aka CitrixBleed), a 7.5 high-severity vulnerability affecting Citrix Systems’ NetScaler ADC and Gateway networking […] La entrada Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Associates

Source: www.darkreading.com – Author: PRESS RELEASE MARLTON, N.J., Dec. 19, 2023 /PRNewswire/ –– Approximately 35 million consumers are being notified that their confidential information was compromised due to a vulnerability in software created by Citrix and used by Xfinity. The data breach   show more ...

lawyers at Console & Associates, P.C. are investigating claims on behalf of anyone affected by the […] La entrada Console & Associates, P.C.: Comcast Xfinity Reports Data Breach Exposing Confidential Information of 35M Customers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE REHOVOT, Israel Salvador has built its market-leading cyber-attack recovery platform with its patented security failover technology to prevent downtime damage and ensure ongoing operational continuity for Operational Technology (OT) and Industrial Control   show more ...

Systems (ICS). With the average downtime period after a cyber-attack being up to 3 weeks and leading to the […] La entrada Salvador Technologies Raises $6M to Empower Cyber Resilience in Operational Technologies and Critical Infrastructures – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer 3 Min Read Source: monticello via Shutterstock Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems   show more ...

without any user interaction. Unusually, both of them can be triggered using a […] La entrada Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Igor Stevanovic via Alamy Stock Photo Microsoft has identified four vulnerabilities in the Perforce source-code management platform, the most critical of which gives attackers access to a highly privileged Windows OS account   show more ...

to potentially take over the system via remote code execution (RCE) and even perform […] La entrada Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chose

Source: www.darkreading.com – Author: Alex Haynes Source: James Brown via Alamy Stock Photo COMMENTARY Ever since large language models (LLMs) like ChatGPT burst onto the scene a year ago, there have been a flurry of use cases for leveraging them in enterprise security environments. From the operational, such   show more ...

as analyzing logs, to assisting detection of […] La entrada Why I Chose Google Bard to Help Write Security Policies – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Hands-On Review: Memcyco’s Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial   show more ...

scams and data theft causing reputation damage and financial losses for both organizations and customers. […] La entrada Product Explained: Memcyco’s Real-Time Defense Against Website Spoofing – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Cybersecurity researchers have uncovered a novel targeted malspam operation deploying password-stealing malware. The campaign was discovered by Sophos X-Ops and described in an advisory published today. According to the report, the attackers employed social   show more ...

engineering tactics, utilizing emailed complaints about service issues or requests for information to establish trust with […] La entrada Hospitality Industry Faces New Password-Stealing Malware – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Over the past two years, 85% of companies globally have experienced cyber incidents, with 11% attributed to the unauthorized use of shadow IT. The figures originate from a recent study conducted by cybersecurity company Kaspersky, exposing a concerning pattern   show more ...

in the corporate realm. According to Kaspersky, firms are encountering a […] La entrada New Report: 85% Firms Face Cyber Incidents, 11% From Shadow IT – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BlackCat

Source: www.infosecurity-magazine.com – Author: 1 Despite law enforcement efforts to take down the notorious ALPHV/BlackCat ransomware gang, the cybercriminals are not going down without a fight. Latest developments have shown that the site that was supposedly ‘taken down’ by the FBI has now been   show more ...

‘unseized.’ The US Department of Justice (DoJ) announced a technical operation […] La entrada BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Wednesday, December 20
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary