Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cross Switch Suffers ...

 Firewall Daily

Cross Switch, a leading company in online payment gateway management, is currently dealing with the repercussions of a significant data breach. The Cross Switch data breach, reportedly carried out by a threat actor identified as IntelBroker, has allegedly compromised the personal information of 3.6 million users. This   show more ...

includes sensitive details such as full names, emails, phone numbers, messages, physical locations, banking information, bearer tokens, dates of birth, and usernames. As compromised data includes a wealth of personal information, this incident particularly concerning for the affected users. IntelBroker has posted a message on breach-related forums, announcing the exposure of Cross Switch.com’s database. The post, timestamped on Tuesday, January 2, 2024, at 01:21 AM, reads, “Cross Switch.com Database, Leaked Download!” The threat actor, identified by the alias IntelBroker, presented a grim assessment of the situation without revealing the motivation behind the Cross Switch data leak. Dark Web User Alleges Cross Switch Data Breach  Source: Twitter In response to the Cross Switch data leak, The Cyber Express sought further insights and clarification from the organization but, as of the time of writing, no official statement or communication has been issued by the company regarding the alleged data leak. The potential repercussions of such a substantial data leak extend beyond individual privacy concerns, raising broader questions about cybersecurity and the measures in place to protect user information on online payment platforms. What’s Next for Cross Switch Data Leak Incident? It is imperative for Cross Switch to promptly address and investigate the alleged breach, providing affected users with clear communication and guidance on potential security measures they can take. As online security threats continue to evolve, companies handling sensitive user information must remain vigilant in safeguarding their databases and implementing robust security measures to prevent unauthorized access. Cross Switch stands as a prominent software house, specializing in a comprehensive range of financial technology solutions. They prioritize meeting the dynamic needs of contemporary businesses through the expertise of seasoned and innovative professionals. With an extensive network of support and distribution partners spanning across Africa, the company ensures adaptability and flexibility. Their user-friendly products are effortlessly deployable on various devices, including smartphones, tablets, desktops, Macs, iPhones, and iPads, contributing to a seamless user experience for their clientele. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BlackBasta Ransomwar ...

 Firewall Daily

The BlackBasta ransomware group has expanded its dark web portfolio by adding three new victims to its list of cyberattacks. The announcement of this alleged BlackBasta ransomware attack was listed on the dark web forum where the threat actors have claimed similar attacks in the past. The affected entities include   show more ...

Graebener Bipolar Plate Technologies in Germany, NALS Apartment Homes, and Leonard’s Express in the United States. BlackBasta Ransomware Attack: Three Alleged Victims Added Source: Twitter Graebener Bipolar Plate Technologies, a pioneer in the development of manufacturing technologies for bipolar plates, finds itself at the center of the BlackBasta threat actor’s attention. NALS Apartment Homes, a real estate investment firm managing over 15,000 apartment homes across 15 markets, and Leonard’s Express, a family-owned transportation provider with a nationwide footprint, are also grappling with the aftermath of the alleged BlackBasta ransomware attack. Source: Twitter The threat actor’s message, ominously titled “GO GRAEBENER,” sheds light on the critical nature of the targeted organizations’ operations. Graebener Bipolar Plate Technologies, for instance, plays a crucial role in the clean energy sector, focusing on fuel cells and electrolyzers. Source: Twitter Despite the gravity of the situation, organizations affected by the BlackBasta ransomware attack, including Graebener Bipolar Plate Technologies, NALS Apartment Homes, and Leonard’s Express, have not released official statements or responses at the time of writing. This silence leaves the claims of the cyber threat actors unverified and raises questions about the extent of the damage caused. The BlackBasta Ransomware Group Attack Spree To gain further insights into these BlackBasta ransomware attacks, The Cyber Express attempted to reach out to the affected organizations. However, as of now, no official communication has been received, leaving the situation surrounding the BlackBasta ransomware attack shrouded in uncertainty. Recent research from Corvus Insurance and blockchain analytics vendor Elliptic sheds light on the alarming scale of BlackBasta’s criminal activities. Over the past year and a half, the ransomware group has reportedly amassed more than $107 million in ransom payments from over 90 victims. BlackBasta is identified as the “fourth-most active strain of ransomware by the number of victims in 2022-2023”, reported Elliptic. The group’s notoriety became evident in 2022 when it targeted more than 329 victims, including well-known entities like Capita, ABB, and Dish Network. Dish Network reportedly paid the ransom demand following a large outage. According to the report, at least 35% of the known BlackBasta victims paid a ransom, aligning with the broader trend of increasing ransom payments observed in 2022. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Alleged Crunchbase D ...

 Firewall Daily

An unknown hacker recently disclosed a massive scrape conducted on Crunchbase in 2024, resulting in a substantial leak of company and user data. The leaked information from this alleged Crunchbase data breach encompasses details from nearly every company and user profile present on the platform, involving a staggering   show more ...

3.1 million companies and 1.2 million users. While the scraped data may have been publicly accessible, the sheer volume of aggregated information raises concerns about the potential misuse of the data — especially when the data consists of contacts, social media accounts, locations, and hierarchical data about the organizations.  Alleged Crunchbase Data Breach and Possible Ramifications Source: Twitter This database could become a valuable resource for malicious actors, enabling them to execute large-scale spear phishing attacks and enhancing their capabilities in social engineering. As a platform offering comprehensive information about businesses, including investment details, leadership profiles, and corporate news, this Crunchbase data leak could potentially expose sensitive and public information related to employees, company funding, and other organizational data.  Threat researcher Alon Gal highlighted the severity of the situation, stating that the dark web hacker performed a “massive scrape” on Crunchbase. The hacker’s post on the dark web included a downloadable CSV file containing company and user details, emphasizing the extent of the data breach.  Verification Required to Substantiate Crunchbase Data Leak The Cyber Express attempted to verify the alleged Crunchbase data breach by reaching out to the organization for an official statement or response. However, as of the time of writing, no confirmation or denial from Crunchbase has been received, leaving the claims of the data leak unconfirmed from the company’s side. Data scraping practices, especially when conducted without a legal basis or the knowledge of affected individuals, raise serious data protection concerns. Such activities may violate data protection rules, including regulations like the General Data Protection Regulation (GDPR), leading to unlawful processing of personal data and potential risks such as unsolicited direct marketing, identity theft, profiling, monitoring, and personal data breaches. This is an ongoing story and The Cyber Express is closely monitoring the situation. We’ll update this post once we have more data on the alleged Crunchbase data leak or any official confirmation from the organization. If the claims for the Crunchbase data breach turn out to be true then it can go both ways since a lot of the data is already publicly available but the mere volume of data raises security concerns within the corporate domain.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Coop Admits to Cyber ...

 Firewall Daily

Imagine your local supermarket turning into a digital horror scene. Well, that’s what’s happening in Värmland county, where Coop, a big supermarket chain in Sweden, is facing a nasty cyberattack. The magnitude of the Coop cyberattack is so severe that the supermarket giant’s payment checkouts have   show more ...

been rendered useless, throwing the entire store into a state of disarray. Coop shared that a company they work with got hit by a digital attack, making their checkout systems stop working. Coop Cyberattack Details Coop Sweden, covering about 20% of the grocery market, said sorry for the situation and promised to fix things quickly. Coop runs lots of grocery stores owned by the people in Sweden, and Coop Värmland is owned by around 300,000 folks in that county, running 44 big supermarkets and 15 smaller ones. Adding to the mystery, in December, a group known as Cactus claimed responsibility for the ransomware attack on Coop. Despite this revelation, the Cactus group has not disclosed the extent of the data they accessed or the amount of money they are demanding. Notably, this cybercriminal group has a history of targeting significant entities, including a major real estate company named Americold. Meanwhile, Coop Sweden has chosen to remain silent regarding the hacker’s identity and the details of the hacking method employed. The shroud of secrecy surrounding these aspects deepens the intrigue surrounding the cyberattack on Coop. The cyberattack started on December 22, 2023, as per the Local news, and it made it impossible for Coop Värmland stores to accept card payments. Even with this problem, the stores stayed open, and Coop tried to comfort customers through a temporary website page. The Coop Värmland website still has a temporary page, telling everyone about the cyberattack but assuring them that their stores are open. Coop is asking customers to contact their nearby store through Facebook if they have any questions or need help. The webpage also gives other ways to reach them for specific orders or questions about their rewards program. “We have been exposed to a cyberattack, which means, among other things, limited accessibility via e-mail and phone to us in Coop Värmland and our 44 Coop stores, 15 Pekås and two MaxiMat, but you can still get in touch with us,” reads Coop Website. Coop shared that they got experts involved as soon as they found out about the cyberattack, working hard to fix the problems. History Repeats: Coop’s Ransomware Woes This isn’t the first time Coop has dealt with ransomware. In 2021, they had to close almost 800 stores all over the country because of a big ransomware attack on a company called Kaseya. As Coop fights to regain control and restore confidence, the shadows of cyber threats loom large, serving as a  reminder of the vulnerability that even industry titans face in the evolving landscape of digital warfare. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit Ransomware S ...

 Firewall Daily

The notorious LockBit ransomware group has targeted Groupe IDEA, an industrial logistics service provider specializing in the design of supply chains for exceptional, special, and sensitive products. The hacker group announced the Groupe IDEA data breach on their platform, setting a chilling deadline to meet their   show more ...

demands by January 22, 2024, at 20:13:20 UTC. Groupe IDEA Data Breach: Key Details Groupe IDEA manages a spectrum of logistics services, offering both general and customized support for the transportation of various goods. The hacker group’s announcement, however, lacked crucial details about the extent of the Groupe IDEA data breach, the compromised data, or the motive behind the attack. The Cyber Express Team took swift action, reaching out to Groupe IDEA officials to verify the authenticity of the Groupe IDEA data breach claim. As of the time of writing this report, no official response has been received from the company. Interestingly, despite the alleged breach, the official website of Groupe IDEA remains fully functional, raising doubts about the credibility of the hacker group’s claims. LockBit’s Similar Attacks This incident follows LockBit’s recent cyber onslaught in December 2023 when they targeted LivaNova PLC, a prominent US-based healthcare device manufacturer specializing in neuromodulation devices and cardiopulmonary products. The cyberattack on LivaNova, detected on December 9, 2023, saw LockBit claiming responsibility for compromising a massive 2.2 terabytes of sensitive data. The cybercriminals also targeted Dawsongroup, a B2B asset hiring and funding company, in the same month. The LockBit ransomware group has become a well-known threat actor in dark web forums, leaving a trail of compromised organizations in its wake. The cybersecurity landscape continues to face escalating challenges from such malicious entities. As the situation with Groupe IDEA unfolds, The Cyber Express remains committed to providing updates on any official statements or confirmations from the organization regarding the alleged Groupe IDEA data breach. The urgency of such cyber threats highlights the critical need for organizations to enhance their cybersecurity measures in the face of evolving and sophisticated cyberattacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Dark Web Havoc: PLAY ...

 Firewall Daily

PLAY ransomware group has reportedly struck again, adding three more victims to their dark web portal. The PLAY ransomware attack targeted organizations including Madison Capital, WPM Real Estate Management, and The Time Group, all of which boast significant expertise and a long-standing presence in their respective   show more ...

industries. Targets of Sophisticated Cybercriminals Madison Capital, with over 40 years of experience in commercial equipment financing and leasing, serves as a direct funding source for a wide range of equipment and vehicles. WPM Real Estate Management, recognized as an Accredited Management Organization (AMO), oversees the management of more than 19,000 homes and caters to a population of 36,000 in the Baltimore/Washington Metropolitan area and Southern Pennsylvania. The Time Group, founded in 1958, upholds a legacy guided by the vision and integrity of its late founder, Caswell J. Caplan. Nature of the PLAY ransomware attack The severity of this alleged PLAY ransomware attack is compounded by the nature of the targeted companies, suggesting a deliberate focus on entities with substantial financial and operational significance. The attack claims to have accessed private and confidential data, including client documents, budgets, IDs, payroll information, insurance details, taxes, and financial records. Despite efforts by The Cyber Express Team to verify these claims, officials from the affected organizations have not responded, leaving the situation unconfirmed. Meanwhile, the websites of Madison Capital, WPM Real Estate Management, and The Time Group remain functional, providing little external indication of the potential security breach. Implications of Ransomware Attacks Ransomware attacks, such as those orchestrated by PLAY, not only pose immediate threats to data integrity but also result in severe reputational damage for the victimized companies. Loss of customer trust, erosion of market credibility, and potential legal consequences further compound the challenges faced by organizations grappling with the aftermath of a cyberattack. To mitigate the risk of falling victim to ransomware attacks, experts recommend implementing robust security measures, including content filters and virus scanners on mail servers. These tools help prevent the infiltration of harmful attachments or compromised links through spam emails. This incident follows PLAY’s recent expansion of its victim list, which included 17 additional companies based in the US, UK, Netherlands, and Canada. The PLAY Ransomware group published the names of these victims on its dark web portal, highlighting the urgent need for enhanced cybersecurity measures across industries. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Incident Response, Learnings

NewYork-Presbyterian Hospital has been fined $300,000 by state regulators for privacy violations related to its use of tracking tools on its websites and patient portal. It violated HIPAA rules by sharing patient information with third parties.

 Computer, Internet Security

The end of support for these older Windows versions is due to the reliance on an embedded version of Google Chrome that no longer functions on them, as well as the need for Windows feature and security updates only available on Windows 10 and above.

 Trends, Reports, Analysis

Despite increased cybersecurity budgets, there is a need for a further rise in spending to effectively mitigate security risks. Economic volatility, a growing distributed workforce, and supply chain issues are key factors influencing spending.

 Laws, Policy, Regulations

The European Central Bank will conduct cyber stress tests on 109 banks in Europe to assess their resilience against cyberattacks. The tests will simulate disruptive cyberattacks and evaluate how the banks respond and recover.

 Malware and Vulnerabilities

Qualcomm has announced a critical vulnerability that could lead to remote attacks on devices using their chipsets. The flaw, tracked as CVE-2023-33025, involves a buffer overflow during VoLTE calls, allowing attackers to execute code remotely.

 Breaches and Incidents

Belarusian hacktivist group, the Cyber-Partisans, launched a cyberattack on the country's leading state-owned media outlet, wiping the main website servers and backups, as a retaliatory measure against President Lukashenko's propaganda campaign.

 Trends, Reports, Analysis

A surge of fake or stolen Twitter Gold (now X Gold) accounts has been flooding both the surface web and the dark web over the past year, according to cybersecurity firm CloudSEK.

 Feed

Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Ubuntu Security Notice 6564-1 - Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CarpetFuzz, Dawei Wang discovered that   show more ...

Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-0030-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0029-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0028-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0024-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0023-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0022-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0017-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-0016-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

 Firewall Daily

SAED International, a prominent Saudi Closed Joint Stock Company specializing in manpower services, has become the latest target of the notorious BlackCat ransomware group. The cybercriminals, known for their audacious attacks, claimed a cyberattack on SAED International, leaving the global business community on high   show more ...

alert. The cyberattack on SAED International was posted by the threat actor on their dark web channels where they’ve claimed similar data breaches in the past. The ransomware group have a history of claiming data breaches via this method and it seems SAED International is one of the alleged victim of their cyber assault. Decoding the Cyberattack on SAED International SAED International, founded in 2014 with a capital of SAR 100 million, operates as a comprehensive B2B and B2C solution for domestic labor needs across diverse economic sectors. The extent of the breach, data compromise, and the motive behind the cyberattack on SAED International remain undisclosed, shrouded in mystery as the hacker group keeps their cards close to the chest. The Cyber Express Team sought to verify the claims by reaching out to SAED’s official representatives. However, as of the writing of this report, no official response has been received, leaving the authenticity of the cyberattack on SAED International in question. Surprisingly, the official website of SAED remains fully functional, casting doubt on the legitimacy of the ransomware group’s SAED International cyberattack claim. Global Cyber Battlefield: BlackCat’s Notorious History This SAED International cyberattack marks a concerning pattern for the BlackCat ransomware group, who previously made headlines in December 2023 for targeting Ho Chi Minh City Energy Company in Vietnam. Despite the gravity of their threats, the affected organizations’ websites, including SAED’s, continue to operate without immediate signs of compromise. The BlackCat ransomware group’s nefarious activities are not new to the cybersecurity world. In December, the U.S. Department of Justice celebrated a significant breakthrough in disrupting the group, revealing their involvement in over 1,000 cyberattacks globally. The FBI played a pivotal role in developing a decryption tool, distributed to more than 500 victims, as part of the operation. However, the celebration was short-lived, as the BlackCat group quickly reestablished control of their operations, sending a chilling message directed at the FBI. The recent SAED International cyberattack highlights the resilience of this cyber threat, leaving the cybersecurity community on edge and prompting questions about the true extent of the disruption caused by the DOJ’s initial intervention. As the global business landscape grapples with the ongoing cybersecurity challenges posed by groups like BlackCat, the urgency for enhanced digital defenses and international collaboration becomes more apparent than ever. The cybersecurity community awaits official statements from SAED International to unravel the motives behind this latest attack and assess the potential risks posed by the BlackCat ransomware group. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

CISA has added two additional vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024. The two additions have been made following evidence of active ongoing exploitation. The vulnerabilities are identified as Google Chromium WebRTC Heap Buffer Overflow Vulnerability (CVE-2023-7024) and   show more ...

Spreadsheet::ParseExcel Remote Code Execution Vulnerability (CVE-2023-7101). In December 2023 Google also released an urgent update to fix the vulnerability known as CVE-2023-7024, which has been actively exploited in the wild. This is the eighth zero-day vulnerability for the Chromium-based web browsers in 2023. CVE-2023-7024: Google Chromium WebRTC Heap Buffer Overflow Google Chromium WebRTC Heap Buffer Overflow or CVE-2023-7024 is a heap-based buffer overflow vulnerability in the open-source WebRTC framework. It’s a high-severity vulnerability that allows remote code execution within the browser’s WebRTC. WebRTC is an open-source project with strong backing from the top browser manufacturers that allows real-time communication over APIs. Google reported that the vulnerability, known as CVE-2023-7024, is a serious heap buffer overflow bug in the WebRTC module of Chrome that permits remote code execution (RCE). The vulnerability was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on December 19, 2023. According to the researchers, the vulnerability was exploited in the wild before patches were released. By exploiting the vulnerability, the threat actor can gain control of a user’s computer through malicious websites or via methods of phishing. Furthermore, obtaining RCE throughout the rendering process poses a danger of exploitation. This implies that, outside of the JavaScript sandbox, a threat actor can execute any binary code on the user’s computer. To be genuinely hazardous, the flaw must be used in conjunction with a sandbox escape vulnerability in either Chrome or the operating system. Actual damage, however, depends on utilizing the defect as the initial step in an attack chain. Because of Chrome’s multiprocess architecture, this code is still sandboxed, thus even with this vulnerability, an attacker cannot access the user’s files or begin distributing malware, and when the affected tab is closed, their access to the computer is lost. With a few minor exceptions, Chrome’s Site Isolation feature will generally protect data from other websites, preventing an attacker from accessing the victim’s financial information. User consent is not required for access to WebRTC itself, but it is for access to the microphone or camera. Due to this, the threat becomes destructive because it’s likely that any website might exploit this vulnerability without requiring any input from the user other than accessing the infected page. CVE-2023-7101: Spreadsheet::ParseExcel Remote Code Execution Spreadsheet::ParseExcel version 0.65, a Perl module designed for parsing Excel files, contains a vulnerability that can lead to arbitrary code execution (ACE). This vulnerability arises from the unchecked incorporation of input from a file into a string-type “eval.” The specific issue lies in the evaluation of Number format strings, distinct from printf-style format strings, within the Excel parsing logic. The vulnerability is categorized as “Improper Neutralization of Directives in Dynamically Evaluated Code” (Eval Injection) according to the Common Weakness Enumeration (CWE). CWE offers a framework for identifying and classifying weaknesses, providing detailed information on preventive measures during the development phase. As of the latest update, there is no available patch or update to address CVE-2023-7101 in the open-source library. Organizations incorporating Spreadsheet::ParseExcel in their products or services are advised to assess CVE-2023-7101 and promptly implement necessary remediation measures until a patch becomes available. The status of CVE-2023-7101 being employed in ransomware campaigns remains uncertain, as there is currently no definitive information available regarding its utilization in such malicious activities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

The field of cybersecurity is evolving at a great pace. The need for rugged cybersecurity solutions has increased with the emergence of new cybersecurity threats. This trend of increasing cybersecurity requirements is going to create a chance for massive growth in the cybersecurity sector. Speaking with The Cyber   show more ...

Express at the World CyberCon 2023, Milin Shah, Assistant Vice President for Information Security at SitusAMC, offered insights on contemporary cybersecurity trends and training. Acknowledged for his exceptional speaking skills and leadership in cybersecurity consulting, Shah plays a vital role in helping organizations develop effective cybersecurity strategies aligned with their business objectives. Shah provided valuable insights into the emerging trends and predictions for cybersecurity. He also highlighted what challenges is the technology sector going through currently and how those challenges could be converted into opportunities. Shah further explained how proactive and reactive cybersecurity approaches are beneficial in today’s evolving cybersecurity dynamics. Emerging Trends and Cybersecurity Predictions During the discussion Shah, spoke about the emerging trends in the field of technology, encompassing supply chain, AI and ML, automation, zero trust architectures, and cybersecurity. Shah anticipates significant growth in the cybersecurity sector over the next five years due to escalating threats. He observes that while Western countries have well-established and stringent data privacy laws, India is still in the process of strengthening its regulations in this area. He further suggested that if the existing trends of growing cyber threats are to continue, the world will have to come up with better ways to fight against evil cyber adversaries. Threat actors are refining their methods with pace, and cybersecurity professionals need to move ahead of them to keep cyber threats at bay. Challenges, Opportunities, and Benefits of Constant Training Lack of adequately skilled resources is also a major challenge in various industries, including the cybersecurity sector. Across various sectors, experts see the lack of skills as a major challenge. Candidates are nowadays more focused on certifications, rather than skills and knowledge. According to Shah, when companies look out for hiring talent, they find very limited skilled talent. Skills and certifications should go hand-in-hand, it shouldn’t be based on only one thing. Nowadays, conferences like the World CyberCon are a great opportunity for professionals to learn more and keep themselves updated. Such conferences also help in networking and learning new technologies. Apart from this, there are multiple forums and content available online for learning. These days companies also provide training, which can help people stay updated, Shah told The Cyber Express. Talking about the benefits of constant training to fill the skill gap, Shah stated that constant training not only keeps candidates updated but also motivates them to do better and make progress in their respective fields. Training helps professionals stay motivated in the industry, doesn’t matter if it is paid or free. The more you train yourself, the more self-motivated you are to learn new things. The moment you complete one training, it motivates you to go for more. Training should also be organized within the organizations. The cybersecurity team can train internal employees like finance, HR, etc. Similarly, cross-company training can also be done. These can be mutually agreed upon between companies, Shah added. Proactive vs Reactive Approach in the Cybersecurity Sector Concluding the discussion by talking about the benefits of proactive and reactive approaches in the field of cybersecurity, Shah cited the merits of both. The proactive approach to cybersecurity is as good as the reactive approach. It helps to discover the active threats within the organization, all that is known and unknown, and the external threats. Once a company experiences a cyber breach, the emphasis swiftly shifts from proactive to reactive strategies. The effectiveness of post-breach management significantly influences the organization’s recovery and resilience. The proactive approach helps in keeping malicious actors out of the organization, but for some reason, if they are in, then the reactive approach comes to your help. A balance between both is very important, Shah concluded. The insightful discussion with Milin Shah gave a comprehensive understanding of the cybersecurity domain across multiple industries and other challenges like the shortage of skilled resources. He explained how the evolution of cyber threats is going to be the boosting cause behind the growth of the cybersecurity industry. Highlighting the benefits of proactive and reactive approaches to cybersecurity, Shah explained how and when each of them comes into the picture and helps organizations fight against a multitude of cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,

 Feed

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an

 Feed

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised

 Feed

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks," Timo Longin, a senior security

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Anucha Cheechang via Shutterstock Cybercriminals collectively leaked some 50 million records containing sensitive personal information in the days leading up to Christmas. Many of the leaks, on the Dark Web, carried the tag   show more ...

“Free Leaksmas” suggesting that the threat actors behind them were sharing their data […] La entrada Cybercriminals Share Millions of Stolen Records During Holiday Break – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Tim Walton via Alamy Stock Photo Google is settling a class-action lawsuit over how it tracks data from individuals using browsers in “private” or “incognito” mode. The plaintiffs in Brown et al v. Google LLC   show more ...

alleged that Google violated US federal laws regarding wiretapping and invasion […] La entrada Google Settles Lawsuit Over Tracking ‘Incognito Mode’ Chrome Users – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: Alekesey Zotov via Alamy Stock Photo Last week, a group of hackers targeted Radioactive Waste Management (RWM), a UK government-owned company behind the country’s multibllion-dollar Geological Disposal Facility (GDF) nuclear waste-storage   show more ...

project, using social engineering and LinkedIn. RWM merged last year with two other companies to create […] La entrada Cyberattackers Target Nuclear Waste Company via LinkedIn – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Battles

Source: www.darkreading.com – Author: Dan Raywood, Senior Editor, Dark Reading Source: Birgit Korber via Alamy Stock Photo For Israel, 2023 will be remembered as the beginning of the war in Gaza after the devastating Hamas terror attacks on Oct. 7. The conflict spread to the cyber realm, with hacktivists on   show more ...

both sides declaring their intentions […] La entrada Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Joan Goodchild, Contributing Writer Source: Robert Hyrons via Alamy Stock Photo Just about every CISO knows how this scenario goes: Called in to brief the board, they are asked, “So what are we doing about (insert latest threat, issue or technology here)?” This   show more ...

year, it is almost always going to be […] La entrada CISO Planning for 2024 May Struggle When It Comes to AI – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Artemis Diana via Alamy Stock Photo Companies should expect to face a trio of trends in 2024 that make data security, protection, and compliance more critical to operations and risk reduction. Increasingly, governments worldwide are   show more ...

creating laws that govern the handling of data within their borders, […] La entrada Localization Mandates, AI Regs to Pose Major Data Challenges in 2024 – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 abuse

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: imageBROKER via Alamy Stock Photo Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor   show more ...

called “Prisma” has uncovered the critical exploit, which “allows the generation of persistent […] La entrada Attackers Abuse Google OAuth Endpoint to Hijack User Sessions – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Paul Shomo Source: Andrii Yalanskyi via Alamy Stock Photo COMMENTARY At the start of 2003, nobody knew the industry would be handed an imminent deadline to secure artificial intelligence (AI). Then ChatGPT changed everything. It also elevated startups working on machine   show more ...

learning security operations (MLSecOps), AppSec remediation, and adding privacy to […] La entrada Startups Scramble to Build Immediate AI Security – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 After

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: PhotoEdit via Alamy Stock Photo In September 2016, Yahoo copped to a breach of 500 million user records. Even today it’s one of the top five biggest data breaches in history by sheer volume, yet it’s only Yahoo’s   show more ...

second biggest. Andrew Komarov already knew by September […] La entrada 10 Years After Yahoo Breach, What’s Changed? (Not Much) – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Security researchers say info-stealing malware can still access victims’ compromised Google accounts even after passwords have been changed. A zero-day exploit of Google account security was first teased by a cybercriminal known as “PRISMA” in   show more ...

October 2023, boasting that the technique could be used to log back into a […] La entrada Google password resets not enough to stop these info-stealing malware strains – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Court

Source: go.theregister.com – Author: Team Register The court system of Victoria, Australia, was subject to a suspected ransomware attack in which audiovisual recordings of court hearings may have been accessed. Louise Anderson, CEO at Court Services Victoria (CSV), confirmed this week that a   show more ...

“cybersecurity incident” was detected on December 21 targeting CSV’s audiovisual network. The […] La entrada Court hearings become ransomware concern after justice system breach – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bankman-Fried

Source: go.theregister.com – Author: Team Register US prosecutors do not plan to proceed with a second trial of convicted and imprisoned crypto-villain Sam Bankman-Fried (SBF), according to a Southern District of New York court letter filed on December 29. The prosecutors reasoned that much of the evidence that   show more ...

would be submitted had already been considered […] La entrada Crypto-crook Sam Bankman-Fried spared a second trial – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Governance & Risk Management , Healthcare , HIPAA/HITECH NewYork-Presbyterian Disabled Website, Patient Portal Trackers in 2022 Marianne Kolbasuk McGee (HealthInfoSec) • January 2, 2024     Image: Getty State regulators have fined a large New York academic   show more ...

medical center $300,000 to settle privacy violations related to the organization’s prior use […] La entrada State AG Hits Hospital With $300K Fine for Web Tracker Use – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Central

Source: www.govinfosecurity.com – Author: 1 Finance & Banking , Governance & Risk Management , Industry Specific 109 Banks to Participate in Simulated Cyberattacks to Assess Cyber Resiliency Akshaya Asokan (asokan_akshaya) • January 2, 2024     Image: Shutterstock The European Central Bank   show more ...

beginning this month will conduct cyber stress tests on banks to determine their […] La entrada European Central Bank to Put Banks Through Cyber Stress Test – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management Holiday Leaks Could Result in More Digital Identity Theft and Fraud, Report Warns Prajeet Nair (@prajeetspeaks) • January 2, 2024     Image: Shutterstock Hackers celebrated the   show more ...

year-end holidays with a malicious “Free Leaksmas” posting on the dark web, […] La entrada Merry ‘Leaksmas’! Hackers Give Away 50 Million Pieces of PII – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 claims

Source: www.govinfosecurity.com – Author: 1 Breach Notification , Fraud Management & Cybercrime , Ransomware Eagers Says It Doesn’t Know Full Extent of Hack But Has Started Contacting Victims Jayant Chakravarti (@JayJay_Tech) • January 2, 2024     An Eagers Mazda dealership in Brisbane, Australia   show more ...

(Image: Shutterstock) Brisbane, Australia-based retail group Eagers Automotive is investigating a […] La entrada LockBit 3.0 Claims Attack on Australian Auto Dealer Eagers – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Associated Press The hacking of a municipal water plant is prompting new warnings from U.S. security officials at a time when governments are wrestling with how to harden water utilities against cyberattacks. The post States and Congress Wrestle With Cybersecurity After   show more ...

Iran Attacks Small Town Water Utilities appeared first on SecurityWeek. […] La entrada States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.securityweek.com – Author: Etay Maor Security appliances are amongst the most riskiest enterprise devices and are a often method for threat actors to infiltrate a business. The post Are Security Appliances fit for Purpose in a Decentralized Workplace? appeared first on SecurityWeek. Original Post   show more ...

URL: https://www.securityweek.com/are-security-appliances-fit-for-purpose-in-a-decentralized-workplace/ Category & Tags: Cloud Security,Network Security,SASE – Cloud […] La entrada Are Security Appliances fit for Purpose in a Decentralized Workplace? – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire A vulnerability in Black Basta ransomware’s encryption algorithm allows researchers to create a free decryptor. The post Free Decryptor Released for Black Basta Ransomware appeared first on SecurityWeek. Original Post URL: https://www.securityweek.   show more ...

com/free-decryptor-released-for-black-basta-ransomware/ Category & Tags: Ransomware,decryptor,ransomware – Ransomware,decryptor,ransomware La entrada Free Decryptor Released for Black Basta Ransomware – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the   show more ...

risk of identity-based threats, and according to […] La entrada 5 Ways to Reduce SaaS Security Risks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Attackers

Source: thehackernews.com – Author: . Jan 03, 2024NewsroomCyber Threat / Email Security A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. “Threat   show more ...

actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary […] La entrada SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 03, 2024NewsroomVoIP Service / Regulatory Compliance The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in   show more ...

contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting […] La entrada DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Mike Burch, Director of Application Security, Security Journey Despite the hype, generative AI is unlikely to transform the world. But there are sectors where it could significantly disrupt the status quo. One of these is software development. Yet the   show more ...

time savings and productivity benefits of using tools like […] La entrada Why Continuous Training Must Come Before The AI-driven SDLC – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Norman Comstock, Managing Director, and Luke Nelson, Managing Director, Cybersecurity Solutions, UHY Consulting With $54 trillion in payments flowing through the world’s leading transaction avenues, the payments space is truly exploding. Moreover,   show more ...

seemingly all stakeholders are buying into the space big time. For example, traditional banks are moving […] La entrada As Digital Payments Explode in Popularity, Cybercriminals are Taking Notice – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Uri Dorot, Senior Security Solutions Lead at Radware Whether it’s hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive   show more ...

distributed denial of service (DDoS) attack – the Web DDoS Tsunami – is wreaking havoc around the […] La entrada Understanding the Escalating Threat of Web DDoS Tsunami Attacks – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Wednesday, January 03
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch