Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for L’Oréal Faces Pot ...

 Firewall Daily

The cybercriminal collective R00TK1T has reportedly announced a data breach at L’Oréal on their dark web portal. Known for targeting large corporations, the group now claims to have infiltrated the prominent beauty industry giant. They assert that following the L’Oréal data breach, they gained unauthorized   show more ...

access to vital databases, compromising customer data and sensitive company information. R00TK1T’s statement, posted on various online platforms, boasts about infiltrating the fortress of L’Oréal, emphasizing their alleged prowess in breaching the company’s defenses. The group asserts control over the inner workings of the cosmetics and beauty industry giant, leaving the organization’s data vulnerable to potential misuse. L’Oréal Data Breach Claims; No Evidence Provided  Source: Twitter As with previous claims made by R00TK1T, skepticism surrounds the authenticity of the threat. The group has a track record of providing minimal evidence to support their assertions, leading cybersecurity experts to question the credibility of their declarations. While R00TK1T boldly proclaims the success of the L’Oréal cyberattack, the lack of concrete proof raises doubts about the actual extent of the breach. Source: Twitter Notably, this is not the only company targeted by R00TK1T, as the threat actor also alleges a breach on Qatar Airways, claiming possession of sensitive data related to the airline’s operations. The group has hinted at potential future data releases unless the affected companies take preventive measures. The Cyber Express, committed to uncovering the truth behind these cyber threats, reached out to L’Oréal and Qatar Airways for official statements. However, at the time of writing, no responses have been received from either organization, leaving the claims surrounding the L’Oréal data breach and the alleged Qatar Airways incident unverified. L’Oréal Data Breach Surfaces as Heiress Francoise Meyers Makes $100 Billion Fortune Adding to the complexity of the situation, the emergence of the L’Oréal data breach coincides with a significant milestone in the company’s history. L’Oreal heir Francoise Meyers recently achieved the distinction of becoming the first woman to amass a $100 billion fortune. This achievement comes amid a period of success for L’Oréal SA, with shares reaching record highs and the company poised for its best year since 1998. As the cybersecurity community closely monitors the unfolding situation, concerns persist regarding the potential fallout from the L’Oréal data breach. With the threat actor’s claims hanging in the balance, both L’Oréal and Qatar Airways are urged to address the situation promptly to ensure the security of their sensitive information and safeguard against further public disclosures by R00TK1T. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Happy 14th Birthday, ...

 Other

KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and   show more ...

support, without which I could not do what I do. As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Of course, not if you count the many years I worked as a paperboy schlepping The Washington Post to dozens of homes in Springfield, Va. (as a young teen, I inherited a largish paper route handed down from my elder siblings). True story: At the time I was hired as a lowly copy aide by The Washington Post, all new hires — everyone from the mailroom and janitors on up to the executives — were invited to a formal dinner in the Executive Suite with the publisher Don Graham. On the evening of my new hires dinner, I was feeling underdressed, undershowered and out of place. After wolfing down some food, I tried to slink away to the elevator with another copy aide, but was pulled aside by the guy who hired me. “Hey Brian, not so fast! Come over and meet Don!” I was 23 years old, and I had no clue what to say except to tell him that paper route story, and that I’d already been working for him for half my life. Mr. Graham laughed and told me that was the best thing he’d heard all day. Which of course made my week, and made me feel more at ease among the suits. I remain grateful to WaPo for instilling many skills, such as how to distill technobabble into plain English for a general audience. And how to make people the focus of highly technical stories. Because people — and their eternal struggles — are imminently relatable, regardless of whether one has a full grasp of the technical details. Words fail me when trying to describe how grateful I am that this whole independent reporter thing still works, financially and otherwise. I mostly just keep my head down researching stuff and sharing what I find, and somehow loads of people keep coming back to the site. As I like to say, I hope they let me keep doing this, because I’m certainly unqualified to do much else! Another milestone of sorts: We’ve now amassed more than 52,000 subscribers to our email newsletter, which is a fancy term for a plain text email that goes out immediately whenever a new story is published here. Subscribing is free, we never share anyone’s email address, and we don’t send emails other than new story notifications (2-3 per week). A friendly reminder that while you may see ads (or spaces where ads otherwise would be) at the top of this website, all two-dozen or so ad creatives we run are vetted by me and served in-house. Nor does this website host any third-party content. If you regularly browse the web with an ad blocker turned on, please consider adding an exception for KrebsOnSecurity.com. Our advertising partners are how we keep the lights on over here. And in case you missed any of them, here are some of the most-read stories published by KrebsOnSecurity in 2023. Happy 2024 everyone! Ten Years Later, New Clues in the Target Breach It’s Still Easy for Anyone to Become You at Experian Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach Why is .US Being Used to Phish So Many of US? Few Fortune 100 Firms List Security Pros in Their Executive Ranks Who’s Behind the Domain Networks Snail Mail Scam? Phishing Domains Tanked After Meta Sued Freenom Many Public Salesforce Sites are Leaking Private Data Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 Identity Thieves Bypassed Experian Security to View Credit Reports

image for BlackBasta Ransomwar ...

 Cybersecurity News

The infamous BlackBasta ransomware group has claimed a cyberattack on American Alarm and Communications, a prominent provider of security and communication solutions. According to the group, they have executed a successful cyberattack on the company, breaching its systems and gaining access to critical information   show more ...

including accounting, financial, and human resources records. However, the alleged data breach remains unconfirmed. Claim and Website Inaccessibility The gravity of the situation is highlighted by the fact that attempts to access the official website have proven futile, with a stern “Access is forbidden” message greeting visitors. The Cyber Express (TCE) team tried to verify the legitimacy of the claim of a cyberattack on American Alarm and Communications. The attempts to access the company’s website were met with the same forbidden message, raising suspicions of a potential cyberattack. The TCE team has contacted American Alarm and Communications, Inc. for an official statement regarding the matter. However, no response has been received from the company, adding a layer of credibility to the ransomware group’s assertions. The ambiguity about the cause of the outage – whether it stems from a simple server problem or is the outcome of a cyberattack – adds to the growing anxiety. A definitive statement from American Alarm and Communications about the nature of the incident is needed to clarify the situation. Until then, the cyberattack on American Alarm and Communications claim made by the BlackBasta ransomware group remains unverified. Cyberattack on American Alarm and Communications This American Alarm and Communications cyberattack follows BlackBasta’s previous attacks on high-profile targets, including Fortive, a global industrial technology company, in October. The repercussions of the Fortive cyberattack have echoed throughout the tech industry, prompting heightened concerns about the escalating threat of ransomware attacks on corporations. Notably, in May 2023, the BlackBasta group targeted Viking Coca-Cola, one of the largest Coca-Cola bottling partners in the United States. The ransomware attack resulted in the illicit acquisition of sensitive information, including passports, confidential details, credit card information, and employee records. Furthermore, in March of the same year, Tri Counties Bank, a Chico-based financial institution, found itself on the list of victims. The BlackBasta ransomware group exposed personal information, including U.S. passports and driver’s licenses, belonging to the bank’s customers. As this story unfolds, The Cyber Express is committed to providing regular updates on any developments in regard to the American Alarm and Communications cyberattack. The cybersecurity community remains vigilant, emphasizing the critical importance of robust defenses against the growing threat of ransomware attacks. The evolving nature of cyber threats necessitates a proactive approach from organizations to safeguard their digital infrastructure and protect sensitive information from falling into the wrong hands. Stay tuned for more updates as this ongoing story continues to unfold. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Fortnite Game Websit ...

 Cybersecurity News

The Fortnite Game website, one of the most popular online gaming platforms, experienced a temporary outage, leaving players unable to log in. The situation unfolded when numerous tweets began circulating about difficulties accessing the FortniteGame website on social media platform, X (formerly known as Twitter)   show more ...

speculating whether the cause was a cyberattack or server issues. Services have since been restored, yet the company has not provided any official explanation for the cause of the outage. Twitter Speculations and Fortnite Game Response One user took to the platform X and tweeted directly at FortniteStatus, asking, “EYO @FortniteStatus what happened? Is there a server issue or a cyberattack?” In response, Fortnite assured users, stating, “We’re aware that players may be unable to log in to Fortnite at the moment. We’ll provide an update when we have one.” As the investigation into the log-in issues continued, Fortnite acknowledged that matchmaking might be slower during this period and thanked players for their patience. Hours later, the game’s official Twitter account announced, “Hey everyone, we’ve made improvements to fix the issue, and players are able to log in again. We’ll continue to monitor the situation. Thanks for your patience while this was being resolved.” Despite these updates, Fortnite officials have not explicitly revealed whether the disruption was due to a cyberattack or server issues. The Cyber Express Team has reached out to FortniteGame for more details, but clarity is expected only once an official statement is released. But Why Fortnite Game Cyberattack Speculation? Speculation about a possible Fortnite Game cyberattack gained traction due to recent incidents in the gaming industry. In December 2023, Insomniac Games fell victim to an alleged cyberattack, with the threat actor claiming access to extensive information. The gaming industry has witnessed a surge in cyber threats, with Anonymous Sudan targeting Blizzard Entertainment and League of Legends EUW in separate attacks. The gaming community remains on high alert as cyberattacks on major gaming platforms continue to pose significant challenges. The Fortnite Game outage adds to the growing list of cyber incidents, emphasizing the need for enhanced cybersecurity measures in the gaming industry. Players are urged to stay vigilant and follow official updates from Fortnite Game for any further developments. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Australia’s Larges ...

 Data Breach News

Eagers Automotive Limited found itself at an unexpected crossroads on December 27, 2023, as it instated a trading halt to diligently attend to its continuous disclosure obligations in the wake of a newly discovered cyber incident. Amidst speculation regarding Eagers Automotive cyberattack, the company issued an   show more ...

apology to customers for any inconvenience caused by the unforeseen disruption. The cyberattack on Eagers Automotive has significantly impacted the company’s IT infrastructure, leading to widespread operational disruptions at numerous locations in Australia and New Zealand. “The company has experienced a cyber incident resulting in an outage that is disrupting parts of the company’s operations across Australia and New Zealand,” reads the Official statement by Eagers Automotive. Despite the majority of dealerships remaining open, the operational impact varies across regions and business units. The disruption primarily affects the finalization of transactions for new vehicles and certain aspects of the company’s service and parts operations. Financial Ramifications After Eagers Automotive Cyberattack While the financial impact for the year ending 31 December 2023 is expected to be related to deferred recognition of transactions in the last five days of December 2023, the company anticipates a minimal material effect of Eagers Automotive cyberattack on the Statutory Profit Before Tax for the 2023 financial year. The financial impact of the cyber incident for the year ending 31 December 2023 is expected to primarily relate to the deferral in the recognition of some transactions across the last 5 days of December 2023,” informs Eagers Automotive Spokesperson. Eagers Automotive remains confident in delivering a record underlying operating profit before tax for the same period. The deferred transactions are anticipated to be recognized in the 2024 financial year once appropriately finalized within the systems. Eagers Automotive Cyberattack: Ongoing Investigation  In response to the cyberattack on Eagers Automotive, the Firm has promptly initiated an investigation, enlisting the support of external experts to ascertain the incident’s full extent. The company prioritizes the security and privacy of customer and employee data and has notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. “A primary focus of the investigation is to understand whether any personal information has been impacted. This remains under close review. Should our investigations reveal any unauthorised access to personal information, the company will notify affected individuals in accordance with our obligations,” emphasized Eagers Automotive officials. The ongoing Eagers Automotive cyberattack investigation focuses on determining whether any personal information has been compromised. Eagers Automotive assures that affected individuals will be promptly notified if unauthorized access to personal information is discovered. Further, Eagers Automotive assures stakeholders that it will remain on a trading halt until a further ASX announcement is issued in compliance with Listing Rule 3.1. The company pledges to keep all relevant stakeholders updated as the investigation progresses and further facts are established. In the face of these operational challenges, Eagers Automotive remains steadfast in its commitment to addressing the Eagers Automotive cyberattack, minimizing disruptions, and upholding the trust and confidence of its customers and stakeholders alike. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Trends, Reports, Analysis

Experts caution that the decision to pay or not pay depends on various factors, including the type of data compromised, the availability of backups, the financial impact on the organization, and the sector in which the company operates.

 Malware and Vulnerabilities

The CERT-UA has issued a warning about a new phishing campaign orchestrated by Russian hackers known as APT28. The campaign targeted Ukraine between December 15 and 25, 2023, using phishing emails that tricked recipients into clicking on a link.

 Firewall Daily

Microsoft has once again turned off the MSIX MS-app installer. This decision from Microsoft has come lately when multiple threat organizations began using it. The threat actors were using the MS-app installer protocol to infect Windows systems with malware. To bypass security measures that would normally shield   show more ...

Windows users from malware, the attackers took advantage of the Windows AppX Installer spoofing vulnerability (CVE-2021-43890). Components like the Defender SmartScreen anti-phishing and anti-malware component and built-in browser alerts warn users against downloading these .exe files. In-depth About MS-app Installer Protocol Microsoft investigated the misuse of the App Installer by the threat actors. In response to these attacks, the tech giant has now turned off the MS-app installer protocol handler by default for its users. Explaining the exploitation of App Installer, Microsoft said, “Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-app installer URI (Uniform Resource Identifier) scheme (protocol) to distribute malware”. The financially motivated hacking group Sangria Tempest (also known as FIN7) has previously been connected to the REvil and Maze ransomware. These groups are known for their involvement in the now-defunct BlackMatter and DarkSide ransomware operations. The MS-app installer protocol handler was being abused by threat actors, who exploited it as a means of distributing ransomware through an access vector. Additionally, many fraudsters are offering a malware kit for sale that exploits the MSIX file format and the MS-app installer protocol handler. Propagation of Malicious Files MSIX application packages serve as a disguise for the malicious files. These packages are signed and distributed through Microsoft Teams or as malicious search engine advertisements on Google and other major search engines. In similar instances in December 2021, Emotet hacker group deployed malicious Windows AppX Installer packages. These packages appeared as Adobe PDF applications to stealthily infiltrate Windows 10 and Windows 11 systems. Additionally, malicious packages stored on Microsoft Azure utilizing *.web.core.windows.net URLs were used to spread the BazarLoader malware. This particular operation took advantage of the AppX Installer spoofing vulnerability. In an effort to stop Emotet’s assault, Microsoft had previously deactivated the MS-app installer protocol handler in February 2022. Microsoft center in Redmond also disabled the MS-app installer protocol handler earlier this month because victims of these assaults may also be the subject of ransomware. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

In a significant legal development, The New York Times has initiated a lawsuit against Microsoft and OpenAI, the developer of the widely-used AI chatbot ChatGPT, on allegations of copyright infringement. The renowned publication contends that its intellectual property has been misappropriated in the development of   show more ...

large language models. The NYT lawsuit against OpenAI and Microsoft claims that both companies have utilized “millions” of articles from The New York Times to enhance their AI models, which now pose direct competition to the newspaper’s content. The outcome of the lawsuit could significantly influence both the IT and media industries, potentially reshaping the operation of generative AI. It may also affect how news is produced, consumed, and monetized across these sectors. NYT Lawsuit Against OpenAI, Microsoft The NYT lawsuit against OpenAI cites particular instances in which ChatGPT blurs the distinction between AI-generated content and real reporting by frequently paraphrasing or directly quoting New York Times stories. The lawsuit highlights critical concerns about the use of AI in the journalism industry. While AI proves to be a potent tool for tasks such as data analytics and content personalization, it also raises substantial ethical and legal questions due to its dependence on copyrighted material, often used without proper acknowledgment. According to The New York Times, Microsoft and OpenAI have effectively “free-ridden” on their reporting, making money off of their material while weakening their argument for importance. “Defendants seek to free-ride on The Times’s massive investment in its journalism,” stated NYT in its complaint. The news agency also stated in its lawsuit that “using The Times’s content without payment to create products that substitute for The Times and steal audiences away from it.” The complaint further stated that “If The Times and other news organizations cannot produce and protect their independent journalism, there will be a vacuum that no computer or artificial intelligence can fill. Less journalism will be produced, and the cost to society will be enormous.” OpenAI spokesperson Lindsey Held in a conversation with The Verge said “We respect the rights of content creators and owners and are committed to working with them to ensure they benefit from AI technology and new revenue models.” Lindsey also told the media, “Our ongoing conversations with the New York Times have been productive and moving forward constructively, so we are surprised and disappointed with this development. We’re hopeful that we will find a mutually beneficial way to work together, as we are doing with many other publishers.” According to NYT, attempts were made in April to reach a licensing arrangement with Microsoft and OpenAI. Nevertheless, the negotiations collapsed and no agreement was made. Similar Incidents The New York Times is not the only organization to lodge a legal complaint against AI-generated content. Concerns regarding AI’s role in content generation are being voiced by an increasing number of writers. Earlier this year, OpenAI was sued by George R. R. Martin and John Grisham. The lawsuit alleged that OpenAI fed their books into its “large language models” without permission, violating their copyrights. An AI company was also sued by Getty Images for breaking the laws of intellectual property rights and using the images for its benefit without paying Getty Images. In case the court decides in The New York Times’ favor, it may establish a precedent requiring tech companies to pay for the use of news information protected by copyright when training their artificial intelligence models. This may result in higher expenses for AI developers and might alter the operation of generative AI. If Microsoft and OpenAI win their case, artificial intelligence (AI) in news production may become even more prevalent, which might result in an abundance of AI-generated content that lacks proper attribution or quality control. This can further damage public confidence in the media and aid in the dissemination of false information. The lawsuit between Microsoft, OpenAI, and the New York Times is just the start of a wider discussion about how AI will affect news in the future. The outcome of this legal dispute may have a significant effect on how news is created, viewed, and made money in the years to come. Around the world, policymakers, tech businesses, and news outlets will be closely monitoring the result of this lawsuit. The lawsuit’s ramifications may go well beyond what appears in The New York Times. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

LoanCare, a prominent mortgage servicing firm, is reaching out to over 1 million individuals to inform them of a recent data breach on its parent company. The notification regarding the data breach at Fidelity National Financial (FNF), the parent company, mentioned that this incident had affected the company’s   show more ...

operations.  The FNF data breach occurred as a result of a cyberattack on FNF’s internal systems, according to a notification letter sent by LoanCare to the affected individuals. A copy of this letter has been submitted to the Maine Attorney General’s Office. FNF Data Breach, and LoanCare Notifications As a subsidiary of FNF, LoanCare specializes in providing loan sub servicing for mortgage loaners, which includes banks, credit unions, and mortgage firms. FNF publicly disclosed the cyberattack in late November through a Form 8-K filing with the US Securities and Exchange Commission. The FNF data breach notice revealed that the intrusion happened on November 19. The breach led to business disruptions that prompted containment measures, including the blocking of access to certain systems. The incident was successfully contained by November 26, 2023, and FNF is now working to restore normal business operations while collaborating with its customers. In the notification letter, LoanCare disclosed that the attackers successfully exfiltrated data from FNF’s systems, compromising personal information such as names, addresses, Social Security numbers, and loan numbers. In November, LoanCare experienced a cyberattack, following the October 2023 breach of Mr. Cooper, another mortgage provider, affecting nearly 14.7 million individuals. In response to the incident, FNF initiated an investigation with the support of third-party experts, notified relevant law enforcement and governmental authorities, and took measures to assess and contain the situation, as stated by LoanCare. Who is Responsible for the FNF Data Breach? Despite the cyberattack on FNF, LoanCare emphasizes that there is currently no evidence indicating fraudulent use of the stolen personal information. Nevertheless, as a precautionary measure, the company is offering free identity monitoring services to those affected by the breach. LoanCare has reported to the Maine Attorney General’s Office that over 1.3 million individuals have been impacted by the data breach. Notably, the cybercriminal group BlackCat/Alphv is believed to be behind the attack. This notorious ransomware group previously claimed responsibility for the cyberattack on FNF.  As investigations unfold, the affected individuals are urged to remain vigilant and take advantage of the identity monitoring services provided by LoanCare to safeguard against potential misuse of their personal information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence

 Feed

Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. “A notable point about attacks that

 Feed

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said. One Albania, which has

 Feed

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities

 cloud

Source: thehackernews.com – Author: . Dec 28, 2023NewsroomCloud Security / Data Protection Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. “An attacker who has   show more ...

compromised the Fluent Bit logging container could combine that […] La entrada Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Cloud Security, Governance and Skills in 2024 Step 1 of 6 16% Who in your organization is responsible for cloud security? (Select one) No one specifically Someone on our general security team A dedicated person/team that handles cloud security Cloud   show more ...

architects and developers Original Post URL: https://securityboulevard.com/2023/12/usenix-security-23-xiaojun-xu-qingying-hao-zhuolin-yang-bo-li-david-liebovitz-gang-wang-carl-a-gunter-how-to-cover-up-anomalous-accesses-to-electronic-health-records/ Category & […] La entrada USENIX Security ’23 – Xiaojun Xu, Qingying Hao, Zhuolin Yang, Bo Li, David Liebovitz, Gang Wang, Carl A. Gunter ‘How to Cover up Anomalous Accesses to Electronic Health Records’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Sarah Hunter-Lascoskie While businesses must prevent a variety of fraud types, the most dangerous fraud is often the one that goes unnoticed for extended periods, and with no way of identifying malicious activity or the extent of damage caused. Learn the fundamental   show more ...

tenets of this kind of fraud, its prevalence, the […] La entrada What Is Friendly Fraud (and How Can You Combat It)? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman No one specifically Someone on our general security team A dedicated person/team that handles cloud security Cloud architects and developers Original Post URL: https://securityboulevard.com/2023/12/daniel-storis-distributed-architecture-drama/ Category   show more ...

& Tags: Humor,Security Bloggers Network,Daniel Stori,DevOps Satire,Sarcasm,satire,turnoff.us – Humor,Security Bloggers Network,Daniel Stori,DevOps Satire,Sarcasm,satire,turnoff.us La entrada Daniel Stori’s ‘Distributed Architecture Drama’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 aiSIEM

Source: securityboulevard.com – Author: Amy Luby, VP Ecosystems at Seceon As the curtains draw close on another tech-filled year, let’s take a delightful detour into the whimsical world of MSPs (Managed Service Providers), where predictions meet pizzazz, and success is measured in Leadership, Empathy, and a   show more ...

dash of Execution magic. In the midst of the […] La entrada Navigating the MSP Ecosystem in 2024: The Trifecta of Success – Leadership, Empathy, and Execution – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 2023

Source: securityboulevard.com – Author: Kaseya Woohoo! What an exciting year 2023 turned out to be. Right from upgrading to VSA 10 to unlocking the efficiencies between the Kaseya and Datto solutions and making the strategic acquisition of Vonahi Security, Kaseya has delivered tons of amazing benefits to its   show more ...

customers in 2023. As we stand on […] La entrada Kaseya’s 2023 Highlights and the Road Ahead – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arkose News

Source: securityboulevard.com – Author: Jenn Jeffers If you missed our recent webinar, “Foreseeing the Future Threatscape: 2024’s Bad Actor Forecast,” there’s still time to catch up on expert attack insights for next year. Hosted by top executives at Arkose Labs, including CCO Patrice Boffa, CFO Frank   show more ...

Teruel, and CPO Ashish Jain, this crystal ball session […] La entrada Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Jonathan Prokos, Neil Fendley, Matthew Green, Roei Schuster, Eran Tromer, Tushar Jois, Yinzhi Cao Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.   show more ...

Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations […] La entrada USENIX Security ’23 – ‘Squint Hard Enough: Attacking Perceptual Hashing With Adversarial Machine Learning’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Rob Burgundy Rob Burgundy Lead Anchor, WMMX Rob Burgundy, the much better-looking younger brother of Ron Burgundy, is the charismatic lead anchor at WMMX, Santa Barbara’s premier news channel, known for his striking good looks and sharp wit that outshine even his famed   show more ...

sibling at Channel 4 News in San Diego. […] La entrada 2023: Top 10 Cybersecurity Stats That Make You Go Hmmmmm – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Authors/Presenters: Varun Gandhi, Sarbartha Banerjee, Aniket Agrawal, Adil Ahmad, Sangho Lee, Marcus Peinado Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open   show more ...

Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube […] La entrada USENIX Security ’23 – Rethinking System Audit Architectures for High Event Coverage and Synchronous Log Availability – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 API security

Source: securityboulevard.com – Author: Richi Jennings Operation Triangulation research uncovers new details of fantastic attack chain. A zero click RCE, chaining four zero days over four years was one hell of an achievement. Yevgeny “Eugene” Valentinovich Kaspersky’s team call it “definitely the most   show more ...

sophisticated attack chain we have ever seen.” But does that prove Apple […] La entrada NSA iPhone Backdoor? Apple Avoids Russian Blame Game – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Clash of Clans gamers at risk while using third-party app Pierluigi Paganini December 29, 2023 An exposed database and secrets on a third-party app puts Clash of Clans players at risk of attacks from threat actors. The Cybernews research team has   show more ...

discovered that the Clash Base Designer Easy Copy […] La entrada Clash of Clans gamers at risk while using third-party app – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini New Version of Meduza Stealer Released in Dark Web Pierluigi Paganini December 29, 2023 The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER   show more ...

unit spotted the author of perspective password stealer Meduza […] La entrada New Version of Meduza Stealer Released in Dark Web – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: securityaffairs.com – Author: Pierluigi Paganini Operation Triangulation attacks relied on an undocumented hardware feature Pierluigi Paganini December 28, 2023 Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature. Researchers from the   show more ...

Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple […] La entrada Operation Triangulation attacks relied on an undocumented hardware feature – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data Pierluigi Paganini December 28, 2023 Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity   show more ...

experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple […] La entrada Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network Pierluigi Paganini December 28, 2023 A Lockbit ransomware attack against the German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) caused   show more ...

service disruptions at three hospitals. German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) announced it has suffered service disruptions […] La entrada Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Governance & Risk Management , Legislation & Litigation , Privacy Deal Follows Court Ruling That Cleared the 4-Year-Old Class Action Claim for Trial Mihir Bagwe (MihirBagwe) • December 28, 2023     Image: Shutterstock Google reached a preliminary   show more ...

settlement in a class action lawsuit that alleged the tech giant had […] La entrada Google to Settle $5B ‘Incognito Mode’ Privacy Issue Lawsuit – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Government Wave of Attacks Hits Parliament, Telecommunications Provider, National Flag Carrier Mihir Bagwe (MihirBagwe) • December 28, 2023     Albania’s Parliament and a   show more ...

telecommunications service provider suffered online attacks this week in the latest wave of hacks apparently launched […] La entrada Iranian Hackers Claim They Disrupted Albanian Institutions – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Thank you for registering with ISMG Complete your profile and stay up to date Need help registering? Contact Support Original Post URL: https://www.govinfosecurity.com/webinars/webinar-from-zero-to-hero-mastering-multi-cloud-landscape-network-w-5343 Category &   show more ...

Tags: – La entrada Webinar | From Zero to Hero: Mastering the Multi-Cloud Landscape with Network Security Intelligence – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cryptohack

Source: www.govinfosecurity.com – Author: 1 Cryptocurrency Fraud , Fraud Management & Cybercrime Also: Binance Ex-CEO’s Wealth Up $25B; Coinbase Refutes Senate Claims; $3M Scam Rashmi Ramesh (rashmiramesh_) • December 28, 2023     Image: Shutterstock Every week, ISMG rounds up cybersecurity   show more ...

incidents in digital assets. This week, Thunder Terminal successfully prevented a hack, Changpeng Zhao […] La entrada Cryptohack Roundup: Thunder Terminal Repels Attack – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.govinfosecurity.com – Author: 1 Breach Notification , Cybercrime , Fraud Management & Cybercrime Also: Yakult Australia Admits to Experiencing ‘Cybersecurity Incident’ Prajeet Nair (@prajeetspeaks) • December 28, 2023     Image: Shutterstock Every week, Information Security   show more ...

Media Group rounds up cybersecurity incidents and breaches worldwide. This week, a breach at real estate firm Wealth […] La entrada Breach Roundup: Real Estate Firm Exposes Celebrity Data – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cissp security and risk management train

Source: www.techrepublic.com – Author: TechRepublic Academy Good things are coming your way! In order for us to complete site maintenance, TechRepublic is read-only from December 22 – January 2. During this time, all logged-in actions are temporarily disabled including forums, Premium, and Resource   show more ...

Library downloads. on December 29, 2023, 5:00 AM EST Develop Valuable Security […] La entrada Develop Valuable Security and Risk Management Skills for Just $30 Through 1/1 – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 arranged

Source: go.theregister.com – Author: Team Register On Call It’s the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Register’s Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often   show more ...

indefensible. This week, meet a […] La entrada CEO arranged his own cybersecurity, with predictable results – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.schneier.com – Author: Bruce Schneier Wow: To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily   show more ...

recognizable landmarks. That […] La entrada AI Is Scarily Good at Guessing the Location of Random Photos – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier They’re short unique strings: Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven’t   show more ...

dug into the details enough to know how they can be […] La entrada Friday Squid Blogging: Sqids – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 critical infrastructure

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: In 2024, supply chain security must become a top priority. Public agencies and industry experts agree that the supply chain needs to command greater attention. Organizations need to remain cognizant of consequences surrounding supply chain security   show more ...

failures. “We need to figure out how to make the supply chain […] La entrada Supply chain trends, critical infrastructure & cyber security in 2024 – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AppSec

Source: www.cybertalk.org – Author: slandau I’m the co-founder and CTO of Atmosec, which is now under the Check Point umbrella. I’m driven by helping companies confidently secure the adoption, usage and management of any business application across their organization.  In this interview, gain valuable   show more ...

insights from SaaS security expert Misha Seltzer as he explores the dynamic […] La entrada Mastering the dynamic SaaS ecosystem and staying ahead in 2024 – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2023-12
Aggregator history
Friday, December 29
FRI
SAT
SUN
MON
TUE
WED
THU
DecemberJanuaryFebruary