Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Possible Cyberattack ...

 Firewall Daily

The Rhysida ransomware group has allegedly claimed an Aspiration Training cyberattack on its dark web portal. Adding the award-winning specialist training provider to their list of victims, the threat actor’s ominous post, stating “Aspiration Training LTD – 6 days 23:02:38,” intensifies the   show more ...

pressure on the company with the deadline looming in less than a week. Despite the claims of a cyberattack on Aspiration Training, a visit to the Aspiration Training website reveals that it remains operational with no apparent signs of a cyberattack. This discrepancy raises questions about the nature and extent of the alleged breach. While the threat actor suggests a time-sensitive situation, the lack of exclusive information or sample data leaves room for skepticism. Alleged Claims of Aspiration Training Cyberattack Source: Twitter One plausible scenario is that the threat actors targeted the backend of the website, possibly gaining control over the database. However, without official confirmation from Aspiration Training, it is challenging to ascertain the accuracy of these claims. The Cyber Express, in pursuit of the truth, reached out to Aspiration Training for an official statement regarding the alleged cyberattack. Regrettably, at the time of writing, no response has been received, leaving the claims of the Aspiration Training cyberattack stand unverified. The threat actor’s post emphasizes their intent to sell exclusive data related to Aspiration Training. The message, posted on the dark web, states, “With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. We sell only to one hand, no reselling, you will be the only owner! @DarkWebInformer Price: 1 BTC. Leave your mail and comment. We cannot answer if your price looks like a joke.” The Rhysida Ransomware Group: Recent Cyberattacks This incident echoes previous cyber threats where the Rhysida ransomware group targeted prominent entities like the National British Library and Insomniac Games. In both cases, the threat actors imposed a 7-day deadline, creating urgency to comply with ransom demands. The National British Library incident involved a similar message from the hackers, urging potential buyers to bid on exclusive data without specifying the nature of the information. The data, allegedly available for 20 BTC, raised concerns about the potential exposure of sensitive information. The Insomniac Games cybersecurity incident, linked to the Rhysida ransomware, generated attention on the dark web. The threat actor claimed to have accessed a large amount of data, heightening concerns within the cybersecurity community. However, it is crucial to note that, as of now, the Insomniac Games cyberattack remains unverified, emphasizing the importance of accurate information in navigating data breach claims and assertions of the dark web. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Unveiling Zeppelin2 ...

 Dark Web News

In a recent development on an underground forum, a user is actively promoting the sale of Zeppelin2 ransomware, offering both its source code and a cracked version of its builder tool. This malicious software, known for its destructive capabilities, has caught the attention of cybersecurity experts and law enforcement   show more ...

agencies worldwide. The forum post claims that the user successfully cracked the Zeppelin2 builder tool, originally designed to encrypt data, by bypassing its security measures. The post showcases screenshots of the source code and highlights the intricate details of the build process, revealing that the ransomware employs Delphi as its programming language. The Cracked Version of Zeppelin2 Ransomware Builder Tool Source: Twitter The Zeppelin2 ransomware builder tool, promoted by this threat actor, boasts various features including file settings, ransom notes, IP logging, startup commands, task killers, and auto-unlocking busy files. The threat actor emphasizes the ransomware’s ability to encrypt files comprehensively, making data recovery impossible without a unique private key held by the attackers. Source: Twitter Once the ransomware completes its encryption process, victims are confronted with a ransom note declaring the encryption of all their files. The note instructs victims to contact the attackers via email and provides a method for testing the legitimacy of the decryptor by sending a non-valuable file. According to reports, Zeppelin2 ransomware demands ransom payments in Bitcoin, with extortion amounts ranging from several thousand dollars to over a million dollars. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a cybersecurity advisory to address the Zeppelin2 threat. Who is the Zeppelin2 Ransomware Group? Source: Twitter Zeppelin2 has been employed by threat actors since 2019, continuing at least until June 2022. The targets of this ransomware-as-a-service (RaaS) model span diverse sectors, including defense contractors, educational institutions, manufacturers, technology companies, and notably, organizations in the healthcare and medical industries. The ransomware’s modus operandi involves exploiting vulnerabilities such as remote desktop protocol (RDP) exploitation, SonicWall firewall vulnerabilities, and phishing campaigns to gain access to victim networks. Before unleashing the Zeppelin2 ransomware, threat actors meticulously map and enumerate the victim’s network, identifying critical data enclaves, including cloud storage and network backups. As is customary with ransomware groups, Zeppelin2 operators exfiltrate sensitive corporate data, intending to make it accessible to buyers or the public should the victim resist complying with their demands. Notably, the FBI has observed instances where Zeppelin2 actors execute their malware multiple times within a victim’s network, generating different IDs or file extensions for each attack instance, requiring multiple unique decryption keys. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Victoria Courts Conf ...

 Data Breach News

Victoria’s court system fell victim to a ransomware attack allegedly orchestrated by the Qilin ransomware gang. The Victoria court ransomware attack, discovered on December 21, has raised concerns about the potential exposure of highly sensitive information from hundreds of court proceedings. While initial   show more ...

reports hinted at a possible Russian connection, it is crucial to note that the Qilin ransomware gang, if involved, maybe financially motivated rather than acting on behalf of any government. This cyberattack on Victoria court appears to be an opportunistic attack rather than a targeted assault on the Victorian government for state objectives. Decoding Victoria Court Ransomware Attack Source: Twitter Court Services Victoria (CSV) disclosed that the cyber attackers breached the audio-visuals technology network just before December 25 gaining access to video and audio recordings, as well as transcriptions of court proceedings spanning from November 1 to December 21.  The affected areas include Supreme Court hearings, the Court of Appeal’s criminal division, practice court, regional hearings, County Court proceedings, some committals in the Magistrates’ Court, all hearings in the Coroners Court, and one hearing in the Children’s Court. The potential compromise of recordings, including witness testimonies from highly sensitive cases, has sparked fears regarding the confidentiality and integrity of the legal process. CSV Chief Executive, Louise Anderson, acknowledged the unsettling nature of the situation and assured the public that immediate steps were taken to isolate and disable the affected network.  Qilin Ransomware Gang Strikes; Major Precaution Methods According to the company’s notification letter, the breach was identified when staff members were locked out of their computers, and confronted with a screen displaying the ominous message, “YOU HAVE BEEN PWND.” CSV’s swift response involved collaboration with cybersecurity experts to investigate the incident and implement additional security measures. Acting Premier Ben Carroll assured the public that the court’s operations remained unaffected, emphasizing that the cyberattack on Victoria court was well-contained, and all necessary precautions were in place to protect court cases, hearings, and evidence. A dedicated center has been established to assist anyone potentially affected by the breach. As CSV continues to work with cybersecurity experts to address the aftermath of the attack, public confidence in the security of court proceedings remains a top priority. This is an ongoing story and we’ll update this post once we have more information on the Victoria court ransomware attack and the Qilin ransomware gang claims.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Alleged DDoS Rampage ...

 Firewall Daily

The notorious NoName ransomware group, believed to have Russian connections, has reportedly launched a series of cyberattacks targeting several Finnish government organizations in its latest spree. As a consequence of these alleged NoName cyberattacks on Finland-based entities, the websites of multiple victims   show more ...

experienced temporary inaccessibility. Finnish websites, including Traficom, the National Cyber Security Centre Finland (NCSC-FI), The Railways, The Agency for Regulation and Development of Transport and Communications Infrastructure of Finland, and several subdomains of the Finnish Road Agency, fell prey to the recent NoName DDoS attacks targeting Finland. The DDoS campaign has also targeted the Central Chamber of Commerce, the Bank of Finland, the Helsinki Region Chamber of Commerce, and The Finland Arbitration Institute. NoName Cyberattacks on Finland The Cyber Express team checked the websites reportedly attacked under NoName cyberattacks and found them working fine. The team also tried reaching out to the affected organizations for details on the alleged NoName DDoS attacks but got no official response as of writing this report. NoName ransomware group, which is also known as NoName057(16) has posted a message on its dark web portal claiming to have targeted the government and private organizations in Finland. The screenshots of the dark web post have been published on the X (formerly Twitter) handle of a cybersecurity research organization. Credit: FalconFeedsio on X One screenshot taken from the cybercriminal group’s leak portal reads, “Finland continues to receive our New Year’s gifts (evil smile emoji)”. From what we can understand, this is an attempt to disturb the day-to-day activities of the Finnish citizens as most of the victims of NoName DDoS attacks are government organizations related to road and rail transport as well as cybersecurity. The screenshot also contains additional information in the Russian language, purportedly linked to the cyberattack. The second screenshot has listed the alleged victims of the NoName DDoS attacks. Credit: FalconFeedsio on X The third screenshot taken from the dark web portal of NoName contains a message from the ransomware group directed to the Finnish government. The message reads, “While Russia is celebrating the New Year, in Finland it is the Day of Cowardly Closing by Geo after the attack NoName057(16) (evil smile emoji)”. Credit: FalconFeedsio on X DDoS attacks have been on the rise since Russia came to the forefront with the Western powers during the Russia-Ukraine war. Ukraine being backed by the EU and US has irked Russia, which has in turn got multiple EU and US-based organizations being targeted by the Russia-linked hacker groups. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CiphBit Ransomware S ...

 Firewall Daily

The notorious CiphBit ransomware group has claimed another victim, with MPM Medical Supply falling prey to their cyber onslaught. The medical supply company’s website, MPM, has been infiltrated by the malicious group, raising concerns about the safety of sensitive data stored on the platform. As of now, the   show more ...

cybercriminals have not disclosed the motive behind the MPM Medical Supply cyberattack, leaving a cloud of uncertainty regarding the extent of the data breach or the compromised information. Details about MPM Medical Supply Cyberattack The Cyber Express reached out to MPM Medical Supply officials to verify the authenticity of the claim, but a response is still pending. Surprisingly, upon accessing the official website, it appears to be fully accessible, adding a layer of mystery to the MPM Medical Supply cyberattack claim. The healthcare sector, in particular, has become a hotspot for cybercriminal activities. In the first quarter of 2023, the U.S. government’s Office for Civil Rights (OCR) reported a surge in cyberattacks within the healthcare industry. This disconcerting trend highlight the vulnerabilities inherent in healthcare infrastructure and the relentless pursuit of cyber attackers in exploiting these weaknesses. Healthcare Sector’s Vulnerabilities This incident comes on the heels of a recent major data breach affecting Henry Schein Inc., one of the leading distributors of dental supplies with a staggering US$12.6 billion in sales in 2022. The breach impacted core systems, including distribution and ecommerce, forcing the company to temporarily halt online functionality. Although the cyberattack occurred on October 14, the company has only recently regained online capabilities. The aftermath of the attack has caused a delay in filing the third-quarter earnings report, with Henry Schein anticipating filing an insurance claim in 2024, capped at a substantial US$60 million after-tax limit. Despite the challenges faced, the company expressed gratitude for the support received from customers and acknowledged the pervasive nature of cyber issues in the healthcare sector. As the cybersecurity landscape continues to evolve, the healthcare sector finds itself grappling with an increasing threat from cybercriminals, demanding a concerted effort to fortify digital defenses and protect the sensitive data that underpins the very fabric of our society. The unfolding situation at MPM Medical Supply highlights the urgency for organizations to prioritize cybersecurity measures and remain vigilant in the face of relentless cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BianLian Ransomware ...

 Firewall Daily

The notorious BianLian ransomware group has targeted MOOver, claiming to have gained access to a staggering 1.1 terabytes of the organization’s data. The motives behind this MOOver cyberattack remain shrouded in mystery as the hackers have not disclosed any details. MOOver.com is an online platform known for   show more ...

its user-friendly interface and diverse services. Catering to various industries, it offers practical solutions for individuals and businesses. Silence on MOOver Cyberattack Raises Doubts The Cyber Express sought clarification from MOOver officials, but a response is still pending. Curiously, the official website remains fully accessible, casting doubts on the authenticity of the ransomware group’s MOOver cyberattack claims. Whether it’s a mere attention-grabbing tactic or the hackers have a deeper motive will only become clear once an official statement is released. History Repeats: Previous Targets and Operational Websites BianLian ransomware has been a menace since Q4, earning a reputation as one of the fastest in the market. According to a report by BlackBerry, the ransomware exhibits exceptional encryption speed and is coded in the Go programming language (Golang). This isn’t the first time BianLian has struck. In October 2023, the ransomware group added four victims to their dark web portal, including Griffing & Company, P.C. Dow Golub Remels & Gilbreath, International Biomedical, and Jebsen Group. Despite the claims, the websites of these alleged victims are operational, showing no immediate signs of a cyberattack. The Australian Real Estate Group (AREG) also fell prey to BianLian in December 2022, with the cybercriminals demanding a US$5 million ransom. The group shared compressed folders containing sensitive company data. The Cybersecurity and Infrastructure Security Agency (CISA) warns of BianLian’s grim track record, targeting critical infrastructure sectors in the U.S. since June 2022. Infiltration Techniques and Data Exfiltration BianLian doesn’t limit its scope to the U.S.; they have also set its sights on Australian critical infrastructure sectors, professional services, and property development. Their entry into victim systems is facilitated through valid Remote Desktop Protocol (RDP) credentials. Utilizing open-source tools and command-line scripting, the group engages in discovery, and credential harvesting, and ultimately exfiltrates victim data through File Transfer Protocol (FTP), Rclone, or Mega. As organizations brace for the increasing threat posed by BianLian, cybersecurity experts emphasize the need for robust preventive measures to safeguard sensitive data from falling into the hands of these cybercriminals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anonymous Sudan Alle ...

 Firewall Daily

The notorious hacktivist group, Anonymous Sudan, is said to have orchestrated a Distributed Denial of Service (DDoS) attack on the prominent American interactive livestreaming platform, Twitch. Utilizing their formidable Godzilla Botnet, Mèris Botnet, and Skynet, Anonymous Sudan allegedly executed the cyberattck on   show more ...

Twitch. Concerns regarding the cyberattack surfaced as Twitch users reported the inaccessibility of their accounts and issued warnings to fellow users against refreshing the app. This claimed Twitch cyberattack has sparked significant security apprehensions among the platform’s user base and live streamers, prompting a closer examination of Twitch’s overall cybersecurity measures. Alleged Cyberattack on Twitch Credit: FalconFeedsio on X The Cyber Express Team has contacted the Twitch live streaming platform to authenticate the claim. As of the writing of this report, an official response has not been received. Furthermore, upon accessing the Twitch platform, it was found to be completely accessible. This raises questions about the authenticity of the claim. If the claims of a cyberattack on Twitch are true, the consequences could be severe and multifaceted. Users of the live streaming app might encounter service disruptions, rendering the platform inaccessible for watching live streams, engaging in chats, and supporting content creators. The financial impact of the alleged cyberattack on Twitch could be substantial, affecting streamers who rely on Twitch for their income, as subscriptions, donations, and ad revenue may decline during periods of service interruption. Additionally, advertisers and sponsors may face challenges in reaching their target audience. The alleged cyberattack on Twitch could tarnish its reputation, eroding trust among users and content creators who may explore alternative streaming platforms. Anonymous Sudan’s Social Media Cyberattacks This is not the inaugural instance of Anonymous Sudan directing its cyber efforts towards social media platforms. In a previous occurrence in December, the group launched a cyberattack on the image-sharing platform Pinterest, rendering it temporarily inaccessible to users in the US and UK. Prior to this, the Anonymous Sudan Group targeted another image-sharing platform, Flickr, in an alleged cyberattack that exposed its users to the risk of data loss. In a related context, Instagram faced a substantial fined of US$400 Million for its failure to safeguard children’s privacy in Ireland. Analyzing the pattern of Anonymous Sudan’s focus on social media websites, two plausible scenarios emerge. The hacktivist group may be expressing opposition specifically towards the US and other Western nations, targeting entities originating from the West. Alternatively, they might harbor a general animosity towards social media platforms as a whole. Observing this pattern, it becomes imperative for platforms such as Twitch, along with their counterparts, to fortify their cybersecurity measures in order to shield themselves against potential future attacks. The intricacies of the digital landscape highlight the need for ongoing vigilance and the implementation of proactive security strategies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anonymous Collective ...

 Firewall Daily

The notorious hacktivist group, Anonymous Collective, has reportedly targeted the E Visa service of the Bahrain government. The cyberattack on E Visa service of the Bahrain government has raised concerns about the security of sensitive data, but crucial details regarding the extent of the breach, compromised   show more ...

information, and the motive behind the attack remain undisclosed. Cyberattack on E Visa Service of the Bahrain Government The Cyber Express team took immediate action and reached out to the official channels for verification of the cyberattack claim. However, as of now, there has been no response from the government’s end, leaving many questions unanswered. Upon conducting an independent investigation, Cyber Express found that the official website of the Bahrain government’s E Visa service appears to be fully functional. This discovery has cast doubt on the authenticity of Anonymous Collective’s cyberattack claim. Source: Twitter It raises the possibility that the hacktivist group may be using the cyberattack as a tactic to gain attention or there might be a different motive behind the assault. The lack of an official statement has left both citizens and cybersecurity experts in suspense, eagerly awaiting clarification on the situation. Anonymous Collective’s Cyber Assault Trend Continues Anonymous Collective is known for its activism on various socio-political issues, often targeting organizations and governments it deems oppressive or involved in questionable activities. This cyberattack on the Bahrain government follows a similar pattern of cyberattacks orchestrated by Anonymous Collective. In December 2023, the hacktivist group claimed responsibility for targeting the United Arab Emirates government portal, purportedly taking it offline. Yet again, the extent of the cyber assault, including any data compromise, remained undisclosed, leaving the public in the dark. Additionally, in the same month, Anonymous Collective claimed a cyberattack on Cosmote, Greece’s largest mobile network operator. The persistent inaccessibility of Cosmote’s official website has fueled skepticism about the validity of the hacktivist group’s statement. Despite concerns, authorities have not released an official statement to clarify the situation. November 2023 witnessed yet another brazen move by Anonymous Collective when they orchestrated a Distributed Denial of Service (DDoS) attack on Cairo International Airport. The hacktivist group claimed it was in response to Egypt’s perceived support for Israel during the Gaza conflict. The airport’s digital infrastructure, including its website and mobile application, suffered extensive damage, resulting in financial losses totaling millions of dollars. Despite the significant impact, no official statement has been issued by authorities regarding this cyber assault. Without concrete information from the Bahrain government, it is challenging to discern whether this attack aligns with the hacktivist group’s usual motives or if it signals a new direction for their cyber operations. These incidents highlight the pressing need for robust cybersecurity measures to safeguard sensitive government systems and citizens’ data. As the situation develops, the international community will be closely monitoring the Bahrain government’s response to this cyberattack, which could have far-reaching implications on both national security and diplomatic relations. The recurrent lack of official statements raises concerns about the effectiveness of cybersecurity measures and the challenges governments face in safeguarding their digital assets against determined adversaries. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Companies to Watch

The integration of Talon's Enterprise Browser with Prisma SASE will provide enhanced data protection for users across all applications and devices, addressing the security risks posed by web browsing on unmanaged devices.

 Breaches and Incidents

A third-party app called Clash Base Designer Easy Copy, which is used by Clash of Clans players to create custom base layouts, exposed its Firebase database and user-sensitive information. The app has over 100,000 downloads on the Google Play store.

 Breaches and Incidents

The United Kingdom's Radioactive Waste Management (RWM) company recently experienced a cyberattack attempt through LinkedIn. Although the attack was unsuccessful, concerns have been raised about the security of critical nuclear infrastructure.

 Govt., Critical Infrastructure

The Pentagon has provided new cost estimates for implementing its Cybersecurity Maturity Model Certification program, with projected costs totaling around $4 billion for contractors and other non-government entities over a 20-year period.

 Malware and Vulnerabilities

This updated version of Meduza Stealer includes support for more software clients, an upgraded credit card grabber, and improved mechanisms for storing and extracting credentials and tokens.

 Malware and Vulnerabilities

A user on an underground forum is promoting the sale of Zeppelin2 ransomware, offering its source code and a cracked version of its builder tool. Zeppelin2 has been used since 2019, targeting various sectors including healthcare and technology.

 Feed

Ubuntu Security Notice 6563-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions,   show more ...

cross-site tracing, or execute arbitrary code. Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could potentially exploit this issue to spoof an email message.

 Feed

Ubuntu Security Notice 6562-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered   show more ...

that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code.

 Feed

Debian Linux Security Advisory 5593-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

 Feed

Debian Linux Security Advisory 5592-1 - It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed.

 Feed

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

 Feed

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.

 Feed

Red Hat Security Advisory 2024-0021-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0019-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0011-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0005-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0004-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0002-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from.

 Firewall Daily

As 2023 draws to a close, anticipation builds for the transformative changes expected in 2024, especially in the technology and physical security domain. The coming year promises significant advancements, with innovative technologies poised to redefine how security is approached and implemented. This evolution is not   show more ...

just about enhancing security measures but also about integrating smarter, more efficient solutions that can adapt to the dynamic challenges of the modern world. In the midst of a swiftly evolving technological landscape, physical security stands at the forefront of innovation. Genetec Inc., a technology company specializing in unified security solutions, has unveiled its key projections for the industry’s evolution in 2024. These insights illuminate the anticipated trends that will shape operations, enhance security measures, bolster public safety, and drive advancements in business intelligence solutions in the coming year. IT and Physical Security Teams will Become More United In the coming year, organizations will look to optimize collaboration between IT and physical security teams. Bridging these two valuable skill sets will result in more effective risk mitigation and data optimization across the business. Physical security leaders are increasingly integrating IT expertise into their departments. Simultaneously, Security Operations (SecOps) are broadening their function to address physical security risks, leveraging data from both groups. More and more, IT will bring physical security within their group and begin overseeing physical security mandates. The need for unified, cloud-connected physical security solutions will increase as cross-departmental collaboration expands. This unified and connected view will help teams get a complete picture of systems and changing threats while enabling them to use data more effectively. Access Control Modernization Will Top Tech Investments Modernizing access control will remain a top priority in 2024. To ease upgrade complexities, many organizations will shift to a hybrid-cloud model and deploy cloud-ready access control solutions. This will deliver continuous innovation and cybersecurity updates that reinforce security from doors to networks. We’ll also see greater demand for open-access control solutions. Businesses are increasingly looking for the flexibility to add and connect the best technologies available. This will include everything from building management systems and life and safety solutions to mobile credentials. Many organizations will also reach a breaking point in managing separate video and access control systems. Striving for more efficiencies, leaders will take steps towards system unification.  This will simplify system monitoring and maintenance tasks, leading to higher output and cost savings across the enterprise. Hybrid-Cloud Adoption Will Rise Over the next year, the physical security industry will see a large increase in hybrid cloud adoption in medium and large enterprises. Recent research of over 5,500 physical security professionals conducted by Genetec found that 44% of organizations already have over a quarter of their physical security deployment in a cloud or hybrid-cloud environment. And 60% of organizations say they prefer a hybrid cloud as a long-term strategy. As cloud adoption rises, there will be growing interest in new plug-and-play, cloud-ready appliances. They not only streamline access to cloud services but also enhance computing power at the edge. We’ll also see more focus on cloud data usage and associated costs. Users will increasingly use cloud-managed appliances to store heavy data such as video. Organizations will seek the expertise of channel partners to explore use cases beyond security to maximize hybrid-cloud investments. This will create a lucrative opportunity for channel partners to focus their efforts on added-value services to help customers overcome new challenges, all while generating sustainable recurring business. Growth of IIoT Devices and Data Creates Demand for Analytics The market is seeing a surge in the availability of physical security devices and Industrial Internet of Things (IIoT) sensors. Organizations across various industries are eagerly adopting these technologies, not only to increase the diversity of data in their security deployments but also to break down siloes between systems and retrieve valuable information. Organizations that opt for an API-centric, open architecture, along with a unified approach will stand to gain the most over time. This will enable them to combine and analyze multiple data sources to help inform new strategies and maximize returns across all tech investments. As the amount of available data continues to rise, many organizations will also look for ways to digitize and automate their workflows to support their operators. As a result, demand for physical security solutions with embedded analytics, automation tools, and visual dashboards will grow. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

 Feed

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,

 Feed

Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had

 Cyber Security News

Source: thehackernews.com – Author: . Jan 01, 2024NewsroomWindows Security / Vulnerability Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious   show more ...

code on systems running Microsoft Windows 10 and Windows 11. The […] La entrada New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 3rd Party Risk Management , AI-Based Attacks , API Security Expert Panelists Debate Impact of AI, Geopolitics and New Tactics in the Year Ahead Anna Delaney (annamadeline) , Cal Harrison • January 1, 2024     Watch this video on cyber trends to watch in 2024   show more ...

hosted by ISMG’s Anna […] La entrada Cybersecurity Trends to Watch in 2024 – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Commentary

Source: securityboulevard.com – Author: hrbrmstr Hey folks, This is likely our last shot at preserving liberal democracy in the U.S., or at least avoiding 20–40 years of abject horribleness by wannabe bigoted and sociopathic demigods. The year 2024 is also set to be a significant year for global politics,   show more ...

with a large number of critical […] La entrada Welcome To 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Ivan Novikov Grasping the Basics: What is RabbitMQ? Take a step into the realm of software development, where efficient and smooth interaction between various applications is the linchpin. Here, we bring into the mix RabbitMQ. Going down to brass tacks, RabbitMQ serves as   show more ...

a no-cost message broker tool, implementing the Progressive […] La entrada What is RabbitMQ? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Michelle Ofir Geveye The narrative of technology surpassing human intelligence and altering the course of humanity is a recurring theme in science fiction. While this dystopian scenario has not yet unfolded in reality, the recent debut of ChatGPT from OpenAI felt like a   show more ...

trailer for the real thing.  This development has […] La entrada The Benefits of Employing AI in GRC – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA

Source: securityboulevard.com – Author: Rohan Timalsina In an ever-evolving digital landscape, the healthcare and public health (HPH) sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a Risk and Vulnerability Assessment   show more ...

(RVA), delving into the cybersecurity posture of an unnamed HPH organization utilizing on-prem software. This article aims […] La entrada Insights from CISA HPH Sector Risk and Vulnerability Assessment – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: TuxCare Team When you find out your website is hacked, it’s understandable that you’d begin to panic. But it’s much better to plan and take action immediately to get back to your website as soon as possible. In this article, we’ll cover some steps you shouldn’t   show more ...

forget to do while recovering […] La entrada 8 Essential Steps to Recover a Hacked Website – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman No one specifically Someone on our general security team A dedicated person/team that handles cloud security Cloud architects and developers Original Post URL: https://securityboulevard.com/2024/01/happy-new-year-2024/ Category & Tags: Security   show more ...

Bloggers Network,Greatest Photographers,Happy New Year,Marjory Collins – Security Bloggers Network,Greatest Photographers,Happy New Year,Marjory Collins La entrada Happy New Year 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Advanced Keylogger

Source: securityboulevard.com – Author: Wajahat Raja Threat actors with malicious intent have now been exploiting an old MS Excel vulnerability as part of their phishing campaign. The aim of such exploits is to deliver an infostealer malware dubbed Agent Tesla.  As per recent reports, a memory corruption   show more ...

vulnerability is being used as an active part […] La entrada MS Excel Vulnerability Exploited To Distribute Agent Tesla – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 career

Source: securityboulevard.com – Author: Tom Eston In this episode, host Tom Eston shares the three key lessons he’s learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and   show more ...

non-technical audiences, the necessity of continuous learning despite your role, and the […] La entrada The Three Keys to Success in Cybersecurity – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , AI-Based Attacks , API Security Expert Panelists Debate Impact of AI, Geopolitics and New Tactics in the Year Ahead Anna Delaney (annamadeline) , Cal Harrison • January 1, 2024     Watch this video on cyber trends to watch in 2024   show more ...

hosted by ISMG’s Anna […] La entrada Cybersecurity Trends to Watch in 2024 – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.theguardian.com – Author: Australian Associated Press Victoria’s court system has been hit by a cyber-attack, with hackers accessing several weeks of recorded hearings. Court Services Victoria (CSV) was first made aware of the attack on 21 December but it is believed the audio-visual technology   show more ...

network was first compromised on 1 November. Video and audio […] La entrada ‘Unsettling’: hackers break into Victorian court recordings database – Source: www.theguardian.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network,   show more ...

and cloud solutions, it is now clear that […] La entrada The Definitive Enterprise Browser Buyer’s Guide – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 02, 2024NewsroomData Privacy / Online Tracking Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the   show more ...

“incognito” or “private” mode on web browsers. The class-action […] La entrada Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’ – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Yuga Nugraha In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats   show more ...

pose significant challenges to organizations of all sizes and industries. Here are some of the […] La entrada GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Tuesday, January 02
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch