Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Resolutions for a cy ...

 Tips

The rapid development of AI, international tensions, and the proliferation of smart technologies like the internet of things (IoT) make the upcoming year particularly challenging in terms of cybersecurity. Each of us will face these challenges in one way or another, so, as per tradition, were here to help all our   show more ...

readers make a few New Years resolutions for a more secure 2024. Protect your finances E-commerce and financial technologies continue to expand globally, and successful technologies are being adopted in new regions. Instant electronic payments between individuals have become much more widespread. And, of course, criminals are devising new ways to swindle you out of your money. This involves not only fraud using instant money-transfer systems, but also advanced techniques for stealing payment data on e-commerce sites and online stores. The latest generations of web skimmers installed by hackers on legitimate online shopping sites are almost impossible to perceive, and victims only learn that their data has been stolen when an unauthorized charge appears on their card. What to do? Link your bank cards to Apple Pay, Google Pay, or other similar payment systems available in your country. This is not only convenient, but also reduces the likelihood of data theft when making purchases in stores. Use such systems to make payments on websites whenever possible. Theres no need to enter your bank card details afresh on every new website. Protect your smartphones and computers with a comprehensive security system like Kaspersky Premium. This will help protect your money, for example, from a nasty new attack in which the recipients details are replaced at the moment of making an instant money transfer in a banking app. Use virtual or one-time cards for online payments if your bank supports this option. If a virtual card can be quickly reissued in the app, change it regularly — for example, once a month. Or use special services to mask cards, generating one-time payment details for each payment session. There are many of these for different countries and payment systems. Dont believe everything you see Generative artificial intelligence has dominated the news throughout 2023 and has already significantly affected the job market. Unfortunately, its also been used for malicious purposes. Now, just about anyone can create fake texts, photos, and videos in a matter of minutes — a labor that previously required a lot of time and skill. This has already had a noticeable impact on at least two areas of cybersecurity. First, the appearance of fake images, audio, and video on news channels and social media. In 2023, generated images were used for propaganda purposes during geopolitical conflicts in post-Soviet countries and the Middle East. They were also used successfully by fraudsters for various instances of fake fundraising. Moreover, towards the end of the year, our experts discovered massive investment campaigns in which the use of deepfakes reached a whole new level: now were seeing news reports and articles on popular channels about famous businessmen and heads of state encouraging users to invest in certain projects — all fake, of course. Second, AI has made it much easier to generate phishing emails, social media posts, and fraudulent websites. For many years, such scams could be identified by sloppy language and numerous typos, because the scammers didnt have the time to write and proofread them properly. But now, with WormGPT and other language models optimized for hackers, attackers can create far more convincing and varied bait on an industrial scale. Whats more, experts fear that scammers will start using these same multilingual AI models to create convincing phishing material in languages and regions that have rarely been targeted for such purposes before. What to do? Be highly critical of any emotionally provocative content you encounter on social media — especially from people you dont know personally. Make it a habit to always verify the facts on reputable news channels and expert websites. Dont transfer money to any kind of charity fundraiser or campaign without conducting a thorough background check of the recipient first. Remember, generating heart-breaking stories and images is literally as easy as pushing a button these days. Install phishing and scam protection on all your devices, and enable all options that check links, websites, emails, and attachments. This will reduce the risk of clicking on phishing links or visiting fraudulent websites. Activate banner ad protection — both Kaspersky Plus and Kaspersky Premium have this feature, as do a number of browsers. Malicious advertising is another trend for 2023-2024. Some experts anticipate the emergence of AI-generated content analysis and labeling systems in 2024. However, dont expect them to be implemented quickly or universally, or be completely reliable. Even if such solutions do emerge, always double-check any information with trusted sources. Dont believe everything you hear High-quality AI-based voice deepfakes are already being actively used in fraudulent schemes. Someone claiming to be your boss, family member, colleague, or some other person with a familiar voice might call asking for urgent help — or to help someone else wholl soon reach out to you. Such schemes mainly aim to trick victims into voluntarily sending money to criminals. More complex scenarios are also possible — for example, targeting company employees to obtain passwords for accessing the corporate network. What to do? Verify any unexpected or alarming calls without panic. If someone you supposedly know well calls, ask a question only that person can answer. If a colleague calls but their request seems odd — for example, asking you to send or spell a password, send a payment, or do something else unusual — reach out to other colleagues or superiors to double-check things. Use caller identifier apps to block spam and scam calls. Some of these apps work not only with regular phone calls but also with calls through messengers like WhatsApp. Buy only safe internet-of-things (IoT) smart devices Poorly protected IoT devices create a whole range of problems for their owners: robot vacuum cleaners spy on their owners, smart pet feeders can give your pet an unplanned feast or a severe hunger strike, set-top boxes steal accounts and create rogue proxies on your home network, and baby monitors and home security cameras turn your home into a reality TV show without your knowledge. What could improve in 2024? The emergence of regulatory requirements for IoT device manufacturers. For example, the UK will ban the sale of devices with default logins and passwords like admin/admin, and require manufacturers to disclose in advance how long a particular device will receive firmware updates. In the U.S., a security labeling system is being developed that will make it possible to understand what to expect from a smart device in terms of security even before purchase. What to do? Find out if there are similar initiatives in your country and make the most of them by purchasing only secure IoT devices with a long period of declared support. Its likely that once manufacturers are obliged to ensure the security of smart devices locally, theyll make corresponding changes to products for the global market. Then youll be able to choose a suitable product by checking, for example, the American security label, and buy it — even if youre not in the U.S. Carefully configure all smart devices using our detailed advice on creating a smart home and setting up its security. Take care of your loved ones Scams involving fake texts, images, and voices messages can be highly effective when used on elderly people, children, or those less interested in technology. Think about your family, friends, and colleagues — if any of them may end up a victim of any the schemes described above, take the time to tell them about them or provide a link to our blog. What to do? Dont just give blanket information from our articles; look beyond our blog to find suitable cybersecurity lessons for your loved ones based on their age and temperament. Make sure that all your familys computers and phones are fully protected. With Kaspersky Premium, you can protect as many devices as needed, on any popular platform — Windows, macOS, Android, or iOS. Before we say goodbye and wish you a happy and peaceful 2024, one final little whisper — last years New Years resolutions are still very relevant: the transition to password-less systems is progressing at a swift pace, so going password-free in the New Year might be a good idea, while basic cyber hygiene has become all the more crucial. Oops; nearly forgot: wishing you a happy and peaceful 2024!

image for Alleged Phoenix Grou ...

 Firewall Daily

The hacking group Phoenix has claimed responsibility for a Distributed Denial of Service (DDoS) attack on the website of the US Congress. The hacker group posted a message asserting that the congressional website had been disabled, specifically targeting pages related to lobbying and online reporting in the United   show more ...

States. The threat actor posted their claims on their dark web channel. “The website of the US Congress has been disabled. The page provides information about Lobbying in the United States and online reporting,” reads the hacker message. Phoenix’s DDoS Attack on US Congress Website Surprisingly, upon attempting to access the site, it was found to be fully functional, casting doubt on the authenticity of Phoenix’s DDoS attack claim. Despite efforts to reach out to officials for clarification, The Cyber Express team has not received any response at the time of writing this report. If proven true, the implications of such a US Congress website cyberattack on a critical government institution could be far-reaching. The motive behind targeting US government sites and organizations remains unclear, raising concerns about the potential vulnerabilities in the nation’s cybersecurity infrastructure. Source: Twitter US Government Websites on Target In a related incident, the Snatch ransomware group has asserted a data leak involving the US President. The group claims to have leaked Personally Identifiable Information (PII) and other data related to President Joe Biden, his son Hunter Biden, and First Lady Jill Biden. The authenticity of this data leak is currently in question, as the White House has yet to issue an official statement regarding the alleged cyberattack on the 46th President of the United States. Further complicating the cybersecurity landscape, the US branch of the Industrial and Commercial Bank of China (ICBC), one of the world’s largest banks, has fallen victim to a major ransomware attack. The ICBC cyberattack believed to be orchestrated by the LockBit ransomware gang, poses a significant threat to the stability of international finance. The Securities Industry and Financial Markets Association has alerted its members about the ransomware attack on ICBC Financial Services, forcing clients to alter their trade routes to mitigate potential risks. Adding to the string of cyber threats, the Russian-speaking BlackCat/ALPHV ransomware group has claimed responsibility for a cyberattack on Ultra Intelligence and Communications, a US-based company specializing in intelligence and communication technologies. The ransomware group disclosed its alleged involvement in a dark web post, identifying Ultra Intelligence and Communications as its victim. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for DNA Analysis Firm, 2 ...

 Data Breach News

In a startling turn of events following the 23andMe data leak update released today, the popular DNA analysis is grappling with the aftermath of a massive backlash, resulting in a cascade of over 30 lawsuits from affected users. Contrary to expectations of a swift and responsible response, 23andMe has chosen an   show more ...

unconventional path by deflecting blame onto its own customers. In a letter sent to a group of victims, the company suggests that the breach occurred due to users negligently recycling passwords, downplaying its own role in the data security disaster. The company, known for providing insights into ancestry and genetic predispositions, finds itself under intense scrutiny for its handling of the situation. Breaking Down the 23andMe Data Leak and the Blame Game Source: 23andMe In a bid to distance itself from culpability, 23andMe insists that users failed to update passwords following unrelated security incidents. The company contends that the breach was not a result of its alleged failure to maintain reasonable security measures, sparking criticism for what some consider a misplaced attempt to shift responsibility. The company’s latest update on the 23andMe data breach reads, “In early October, we learned that a threat actor accessed a select number of individual 23andMe.com accounts through a process called credential stuffing. That is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously compromised or otherwise available.” Adding to the 23andMe data leak update, the company said, “We do not have any indication that there was a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks. ”  The 23andMe data breach, which came to light in December, revealed that hackers had stolen genetic and ancestry data from a staggering 6.9 million users, nearly half of 23andMe’s customer base. The company’s recent update sheds light on the incident, indicating that threat actors utilized a technique known as credential stuffing to access select user accounts. 23andMe Faces 30+ Lawsuits Following the Data Breach The initial breach targeted around 14,000 user accounts, exploiting passwords associated with targeted customers. However, the situation escalated as the hackers, having gained access to this subset, were able to scrape personal data from an additional 6.9 million customers who had opted into the 23andMe DNA Relatives feature. The Cyber Express, in an attempt to learn more about the fallout of the 23andMe data breach, reached out to the organization. However, at the time of writing this, no official statement or response has been received. The fallout from the breach has led to more than 30 lawsuits, with users expressing discontent over 23andMe’s handling of the situation. Critics argue that the company should have implemented better safeguards, considering the sensitive nature of the information it stores. As the 23andMe data breach continues to unfold, the company faces not only the technical challenges of securing its platform but also the daunting task of regaining user trust. The blame game initiated by 23andMe has further fueled discontent among users and the broader community, highlighting the need for a more transparent and accountable approach in the face of such cyber incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Orrick, Herrington & ...

 Data Breach News

Orrick, Herrington & Sutcliffe, a popular San Francisco-based international law firm, recently fell victim to a data leak operation that resulted in the Orrick data breach incident. The Orrick, Herrington & Sutcliffe data breach, discovered in March 2023, exposed sensitive health information belonging to more   show more ...

than 637,000 data breach victims. The intrusion into Orrick’s network compromised a file share, revealing personal information and sensitive health data of victims. The affected individuals, numbering 637,620, included 830 residents from Maine. The Orrick data leak, classified as an external system breach caused by hacking, occurred on 02/28/2023, with discovery reported on 03/13/2023. Orrick Data Breach Explained Source: maine.gov The stolen data encompassed a vast array of information, including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers. Additionally, medical treatment details, insurance claims information, healthcare insurance numbers, provider details, online account credentials, and credit/debit card numbers were compromised. According to the official filing, Orrick took prompt action by notifying affected individuals through written notifications on 9/14/2023, 11/16/2023, and 11/17/2023. Identity theft protection services were offered in the form of a two-year Kroll identity monitoring service. The Orrick data leak implicated data related to security incidents at other companies for which Orrick provided legal counsel. Clients affected included individuals with vision plans from EyeMed Vision Care, dental plans from Delta Dental, and data from health insurance company MultiPlan, behavioral health giant Beacon Health Options (now known as Carelon), and the U.S. Small Business Administration. Ongoing Investigations and Legal Implications The Cyber Express has reached out to the law firm to learn more about the nature of the Orrick, Herrington & Sutcliffe data breach and if there were any ransomware groups involved. However, at the time of writing this, no official statement or response has been recorded, leaving room for suspicion about the identity of the hackers who launched the cyberattack on Orrick, Herrington & Sutcliffe.  The law firm is also in the process of settling the class-action lawsuit stemming from the data breach, where clients’ personal information was compromised. The firm, admitting to the inconvenience caused, reached an initial agreement in principle to settle four consolidated lawsuits involving hundreds of thousands of alleged victims.  Although settlement details remain undisclosed, Orrick aims to finalize terms within 15 days. The proposed resolution, pending approval from U.S. District Judge Susan Illston, seeks to address all claims related to the breach, which exposed sensitive information of thousands of  individuals, including names, addresses, dates of birth, and Social Security numbers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hunters Internationa ...

 Firewall Daily

The Hunters International ransomware group has claimed four new victims, expanding its reach across industries and countries. The targeted organizations include Gunning & LaFazia in the United States, Thermosash Commercial Limited in New Zealand, PROJECT M.O.R.E. in the U.S., and Bradford Health Care, a healthcare   show more ...

institution. The Targets: Diverse Industries and Geographic Locations The announcement of cyberattack was made through the group’s dark web portal, showcasing their continued audacity in breaching security systems. The implications of these Hunters International ransomware attacks could be far-reaching, given the diverse industries and geographic locations of the victims. Source: Twitter Source: Twitter The USA and New Zealand have found themselves at the forefront of this latest cyber onslaught. Source: Twitter To verify the legitimacy of the Hunters International ransomware attack claim, The Cyber Express Team reached out to the targeted organizations. Unfortunately, as of the writing of this report, no responses have been received, leaving the claims unverified. Interestingly, the official websites of the targeted organizations were found to be fully functional, raising questions about the authenticity of the Hunters International ransomware group’s assertions. Hunters International ransomware has become synonymous with a repetitive attack pattern, drawing parallels to their previous operations. A significant revelation from October exposed code overlaps between the ransomware used by Hunters International and the once-dominant Hive ransomware. Bitdefender, a cybersecurity vendor, confirmed this finding, suggesting a strategic decision by the Hive group to transfer its operations and assets to Hunters International. Repetitive Tactics: Hunters International Ransomware Attack Pattern This recent cyberattack on multiple organizations echoes a similar pattern observed in 2023 when the L’Azienda USL di Modena Regional Health Service in Italy fell victim to a cyber breach attributed to Hunters International. Before these incidents, the ransomware group targeted InstantWhip, a major player with a revenue of US$300 million. InstantWhip has yet to release any official statements regarding the alleged cyberattack, resembling an earlier incident where Hunters International seized control of the Hive ransomware. On November 22, the Hunters International ransomware group shifted its focus to the Crystal Lake Health Center, a healthcare facility in the USA. Claiming access to a substantial 137.6 gigabytes of sensitive data, the hacking group continues its brazen attacks on organizations across sectors, highlighting the urgency for enhanced cybersecurity measures globally. As organizations grapple with the evolving threat landscape, the question remains – who will be the next target of Hunters International ransomware? Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Monti Ransomware Gro ...

 Firewall Daily

The Monti ransomware group has recently claimed responsibility for a cyberattack on Diablo Valley Oncology, adding the healthcare provider to their growing list of victims. The ransomware group, known for its audacious tactics, has not disclosed details regarding the extent of the data breach, potential data   show more ...

compromise, or the motive behind the Diablo Valley Oncology cyberattack. Diablo Valley Oncology Cyberattack: More Details Diablo Valley Oncology, a provider of comprehensive cancer care, integrates medical oncology, chemotherapy, radiation therapy, PET/CT and diagnostic imaging, research, and supportive care in one convenient location. If the Diablo Valley Oncology cyberattack claim made by the ransomware group is accurate, the implications of this data breach could be far-reaching, potentially jeopardizing sensitive patient information. The Cyber Express Team, in an effort to verify the ransomware group’s claim, reached out to Diablo Valley Oncology officials. However, the lack of a response has left the claim of a cyberattack on Diablo Valley Oncology unverified, leading to uncertainties regarding the attack’s authenticity. The official website of Diablo Valley Oncology appears to be fully functional, adding a layer of uncertainty to the situation. Source: Twitter Not the First Time for Monti Ransomware Group This is not the first time the Monti ransomware group has targeted a prominent institution. In 2023, they allegedly breached the Auckland University of Technology (AUT), proudly claiming responsibility on their dark web channel and adding AUT to their “Wall of Shame. The motive behind the attack on the university remains unclear, but the group suggested exploiting perceived lax security measures. The Monti ransomware group initially gained attention in 2022 by mimicking the tactics of the Conti ransomware, even using its leaked source code. However, their latest cyberattack on Diablo Valley Oncology showcases a departure from their traditional motives of financial gain. Instead, the group Diablo Valley Oncology cyberattack claim to view their activities as a form of ethical hacking, exposing vulnerabilities in corporate networks. With the situation unfolding, the cybersecurity community remains vigilant, awaiting further details on the Diablo Valley Oncology cyberattack. The healthcare sector continues to be a prime target for cybercriminals, highlighting the urgent need for enhanced cybersecurity measures to safeguard sensitive patient data. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

Mozilla's latest release of Firefox 121 addresses critical vulnerabilities, including a heap buffer overflow bug and a vulnerability in rendering Network Security Services (NSS) NIST curves.

 Identity Theft, Fraud, Scams

Bill Lou, co-founder of Nest Wallet, a cryptocurrency wallet startup, lost $125,000 to a crypto scam. He fell victim to a phishing attack after visiting a fraudulent website that appeared to be a legitimate crypto airdrop platform.

 Incident Response, Learnings

The company claims that users negligently recycled and failed to update their passwords, allowing attackers to launch a credential stuffing campaign. Nearly 7 million customers' information was accessed, including genealogy data.

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening   show more ...

the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.

 Feed

Ubuntu Security Notice 6549-4 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that   show more ...

the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.

 Feed

Debian Linux Security Advisory 5597-1 - It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered.

 Feed

Debian Linux Security Advisory 5595-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Data Breach News

HealthEC LLC, a prominent population health technology company, has issued a notice regarding a cybersecurity event. This event of a data breach may impact the security of specific data received from HealthEC’s business partners. The HealthEC data breach notice outlines details of the incident, the   show more ...

company’s response, and resources available to individuals to safeguard their information. A comprehensive review of these files concluded on October 24, 2023, identifying information related to some of HealthEC’s clients. The Cyber Express has reached out to HealthEC for a quote on the cybersecurity incident, but an official response was not available at the time of writing this report. HealthEC Data Breach HealthEC became aware of suspicious activity in its network and initiated an immediate investigation. The inquiry revealed that certain systems were accessed by an unknown entity between July 14, 2023, and July 23, 2023, during which specific files were copied The information exposed varies by individual but includes sensitive details such as names, addresses, dates of birth, Social Security numbers, taxpayer identification numbers, medical records, health insurance information, and billing details. Business partners affected by the HealthEC Data Breach include Corewell Health, HonorHealth, University Medical Center of Princeton Physicians’ Organization, and several others listed in the official statement. HealthEC stated in a release that it is treating this event with the utmost seriousness. Upon detecting the suspicious activity, the company initiated a thorough investigation, confirmed network security, reviewed relevant files, notified impacted partners/customers, and alerted federal law enforcement. As part of the ongoing privacy commitment, HealthEC is also reviewing existing policies and procedures. To mitigate the risks of the HealthEC data breach, individuals are advised to remain vigilant against identity theft and fraud. Monitoring account statements, reviewing benefits statements, and obtaining free credit reports are recommended. Suspicious activities should be promptly reported to relevant parties, including insurance companies and financial institutions. Protecting Personal Information HealthEC recommends monitoring accounts regularly. Consumers are entitled to one free credit report annually from each major credit reporting bureau. Placing a fraud alert or credit freeze is also advised, with details provided in the official statement. For specific questions, individuals can write to HEC at 343 Thornall St # 630, Edison, NJ 08837, or call the dedicated assistance line at 1-833-466-9216 between 8:00 am to 8:00 pm Eastern time, Monday through Friday, excluding holidays. Starting December 22, 2023, HealthEC, along with its business partners, initiated notification letters to individuals affected by the HealthEC data breach. The letters advise recipients to stay vigilant against potential identity theft and fraud attacks, review their account and benefits statements, and regularly monitor free credit reports for any signs of suspicious activity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

The Cybersecurity and Infrastructure Security Agency (CISA) has published three advisories addressing security issues, vulnerabilities, and potential exploits in Industrial Control Systems (ICS). These advisories offer timely information to enhance awareness and preparedness in the ICS domain. CISA has recommended   show more ...

users and administrators to thoroughly examine the recently issued CISA ICS advisory to gain insight into technical details and effective mitigation strategies. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation CISA ICS advisory regarding critical vulnerabilities in Rockwell Automation’s FactoryTalk Activation Manager has a CVSS v3 score of 9.8, are remotely exploitable with low attack complexity. These stem from out-of-bounds write issues, posing a significant threat to the affected systems. Successful exploitation of these vulnerabilities could lead to a buffer overflow, granting unauthorized access to the entire system. The severity of these risks underscores the importance of prompt mitigation efforts. Vulnerability Overview The affected Wibu-Systems’ products, utilized by Rockwell Automation, are vulnerable to a buffer overflow attack through a SOCKS5 proxy configuration. This could be exploited by a malicious proxy, resulting in a CVSS v3.1 base score of 9.8. The Wibu CodeMeter Runtime network service in the same products contains a heap buffer overflow vulnerability, allowing a remote attacker to achieve Remote Code Execution (RCE) and gain full access. This vulnerability has a CVSS v3.1 base score of 7.5. Mitigations According to CISA ICS Advisory Users are urged to implement the following mitigations: Upgrade to FactoryTalk Activation Manager 5.01, which includes patches. Follow Rockwell Automation’s suggested security best practices. CISA recommends defensive measures such as minimizing network exposure, isolating control system networks, and using secure remote access methods like Virtual Private Networks (VPNs). In conclusion, organizations are strongly advised to prioritize the implementation of recommended cybersecurity strategies to proactively defend Industrial Control Systems (ICS) assets against potential exploits. CISA ICS Advisory emphasizes the importance of vigilance against social engineering attacks and encourages reporting any suspicious activity for further analysis and correlation. As of the initial publication, no public exploits targeting these vulnerabilities have been reported. ICSA-24-004-02 Mitsubishi Electric Factory Automation Products Mitsubishi Electric has identified critical vulnerabilities in multiple Factory Automation Products, prompting the release of advisories by CISA. With a CVSS v3 score of 7.5, these vulnerabilities are remotely exploitable with low attack complexity. The affected products, including GT SoftGOT2000, OPC UA Data Collector, MX OPC Server UA, and FX5-OPC, exhibit Observable Timing Discrepancy, Double Free, and Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerabilities. The successful exploitation of these vulnerabilities could lead to the disclosure of sensitive information within the product or result in a denial-of-service (DoS) condition. Vulnerability Overview Observable Timing Discrepancy CWE-208: An observable timing discrepancy vulnerability in RSA decryption allows attackers to decrypt ciphertext by exploiting a Bleichenbacher style attack. CVE-2022-4304 has been assigned with a CVSS v3.1 base score of 5.9. Double Free CWE-415: The products contain a double-free vulnerability when reading a PEM file, potentially leading to a DoS condition. CVE-2022-4450 has been assigned with a CVSS v3.1 base score of 7.5. Access of Resource Using Incompatible Type (‘Type Confusion’) CWE-843: A type confusion vulnerability in X.400 address processing allows an attacker to disclose sensitive information or cause DoS by loading a specially crafted certificate revocation list (CRL). CVE-2023-0286 has been assigned with a CVSS v3.1 base score of 7.4. Mitigation According to CISA ICS Advisory Mitsubishi Electric recommends users update their products to specified versions and provides detailed mitigation measures for each affected product. Mitigations include applying recommended updates, avoiding loading untrusted certificate revocation lists, and implementing network security measures. In conclusion, organizations are urged to follow recommended cybersecurity strategies and implement mitigations to safeguard their Industrial Control Systems (ICS) assets against potential exploits. The CISA ICS Advisory emphasizes the importance of proactive defense, proper impact analysis, and risk assessment. As of the initial publication, no known public exploitation specifically targeting these vulnerabilities has been reported to CISA. ICSA-23-348-15 Unitronics Vision and Samba Series (Update A) Unitronics faces a critical security challenge with a CVSS v3 score of 9.8, as described by the CISA ICS Advisory. This vulnerability, categorized as the Initialization of a Resource with an Insecure Default, is characterized by its remote exploitability, low attack complexity, and the existence of known public exploits. The impacted equipment includes Unitronics’ Vision Series and Samba Series, posing a potential threat to administrative control due to the use of default administrative passwords. The exploitation of this vulnerability could empower an unauthenticated attacker to seize administrative control over Unitronics Vision and Samba series systems, utilizing default administrative passwords. Vulnerability Overview Initialization of a Resource with an Insecure Default CWE-1188: The Vision Series PLCs and HMIs from Unitronics employ default administrative passwords, enabling unauthorized individuals with network access to gain administrative control. CVE-2023-6448 has been assigned to this vulnerability, with a CVSS v3.1 base score of 9.8. Mitigations According to CISA ICS Advisory Unitronics has addressed this vulnerability in VisiLogic version 9.9.00, urging users to promptly update to the latest version. For those unable to do so, organizations are advised to change all default passwords, set passwords on PCOM-enabled sockets, control remote-enabled PCOM operations using SDW10 roles, and disconnect the PLC from the open internet. Implementing firewalls, VPNs, and utilizing secure cellular-based longhaul transport devices are recommended. CISA ICS Advisory emphasizes the importance of using an allowlist of IPs for access, backing up logic and configurations for quick recovery, considering alternate TCP ports, and ensuring devices are updated with the latest versions. Collaboration with third-party vendors and the adoption of recommended countermeasures are also encouraged. In response to this critical vulnerability, water utilities are directed to CISA’s tools and resources for enhanced cybersecurity, with specific guidance available from EPA, WaterISAC, and the American Water Works Association. Known public exploitations targeting this vulnerability have been reported to CISA, warranting heightened vigilance and the prompt implementation of defensive measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

The DCBOE is under intense scrutiny regarding the October 2023 DC Election data breach. The two House Republicans, Representatives Bryan Steil (R-Wis.) and Laurel Lee (R-Fla.), have written a resolute letter demanding answers following the DC Election data breach. Unveiled just last week, the breach, which unfolded in   show more ...

October, exposed the personal information of some 400,000 voters. Steil and Lee, echoing a chorus of ‘deep concern,’ expressed their dismay in a missive that questioned not only the breach but also the tardy realization of its full impact—two weeks post-incident. DC Election Data Breach Update The lawmakers underscored the importance of securing voter databases and protection of voter information. They posited these measures as linchpins for nurturing and preserving public trust in the labyrinth of the electoral process, asserting, “For Americans to have confidence in our elections, they must have reason to believe that voter databases and voter information are safe, secure, and not susceptible to malicious access or manipulation.” Steil and Lee went beyond mere reproach, cautioning that the ramifications of the hack could extend to imperiling the sanctity of the 2024 election cycle and fostering distrust among the District’s voters in their electoral systems. The missive from the Republican duo did not merely castigate but also sought clarity. The letter contained pointed queries, delving into the status of investigations, remediation steps, and potential strategies to resurrect voter confidence in the electoral apparatus. The DataNet Systems Angle Pointing fingers at the culprit, the Elections board attributed the DC Election data breach to contractor DataNet Systems, the custodian of the compromised server. A two-month-long investigation by DataNet led to the belated public revelation last week. The board defended the timing, clarifying that the communication timeline was at the discretion of DataNet, following meticulous reviews involving both governmental and non-governmental entities. DataNet revealed that the information from the DC Election data breach could encompass names, physical and email addresses, dates of birth, phone numbers, voter registration details, partial Social Security numbers, and driver’s license numbers of the affected individuals. On November 20, the company identified those potentially impacted by the incident and is currently dispatching individual messages to individuals with known contact information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive. “

 Feed

Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the

 Feed

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic. "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the

 Feed

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an

 Feed

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services

 Feed

Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [

 Cyber Security News

Source: thehackernews.com – Author: . Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal   show more ...

agencies, you have to pay attention […] La entrada Three Ways To Supercharge Your Software Supply Chain Security – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.schneier.com – Author: Bruce Schneier Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone   show more ...

zero-days. The most intriguing new detail is the targeting of the […] La entrada New iPhone Exploit Uses Four Zero-Days – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer 3 Min Read Source: ozrimoz via Shutterstock A threat actor known for repeatedly targeting organizations in Ukraine with the RemcosRAT remote surveillance and control tool is back at it again, this time with a new tactic for transferring data   show more ...

without triggering endpoint detection and response systems. The […] La entrada Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: PRESS RELEASE DELRAY BEACH, Fla., Jan. 4, 2024 /PRNewswire-PRWeb/ — C3 Complete, an award-winning provider of technology, telecom, and information security services, today announced that it has acquired the Cyber Security business unit of Compliance Solutions Inc.   show more ...

In addition to growing its existing Virtual Chief Information Security Officer (“vCISO”), penetration testing, and vulnerability assessment […] La entrada C3 Complete Acquires Information Security Business Unit of Compliance Solutions Inc. – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Healthcare , HIPAA/HITECH , Industry Specific Settlement Is HHS OCR’s 46th Enforcement Action Based on Health Record Complaints Marianne Kolbasuk McGee (HealthInfoSec) • January 4, 2024     Image: HHS OCR It’s a new year, but federal regulators are   show more ...

beating an old HIPAA drum: The Department of Health and Human […] La entrada Practice Fined $160K for 6 ‘Right of Access’ Complaints – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Accenture

Source: www.govinfosecurity.com – Author: 1 Cloud Security , Electronic Healthcare Records , Governance & Risk Management UK Tech Firm Specializes in Cloud, Data and Cybersecurity Solutions Akshaya Asokan (asokan_akshaya) • January 4, 2024     Image: Getty Accenture has finalized its acquisition of U.K.   show more ...

tech consultancy firm 6point6, which specializes in cybersecurity, cloud and digital […] La entrada Accenture Buys 6point6 to Expand Cyber Portfolio in UK – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.govinfosecurity.com – Author: 1 Breach Notification , Cybercrime , Fraud Management & Cybercrime Also: Mandiant X Account Hijacked in Cryptocurrency Scam Prajeet Nair (@prajeetspeaks) • January 4, 2024     Image: Shutterstock Every week, Information Security Media Group rounds up   show more ...

cybersecurity incidents worldwide. This week, hackers took over Mandiant’s X account, authorities charged a […] La entrada Breach Roundup: DOJ Fines XCast $10M for Illegal Robocalls – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Cybercrime , Fraud Management & Cybercrime , Healthcare NY Hospital Group Claims Cybercriminals Kept Data on Boston-Based Firm’s Servers Marianne Kolbasuk McGee (HealthInfoSec) • January 4, 2024     Carthage Area Hospital, Claxton-Hepburn Medical Center   show more ...

and North Country Orthopaedic Group are trying to subpoena a cloud-based tech firm to return […] La entrada Hospitals Sue LockBit, Ask Cloud Firm to Return Stolen Data – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Awareness Training

Source: www.securityweek.com – Author: Ryan Naraine Elevate Security raised $18.3 million in venture capital financing and scored investments from the likes of Cisco and CrowdStrike. The post Mimecast Acquires User Education Startup Elevate Security  appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/mimecast-acquires-user-education-startup-elevate-security/ Category & Tags: Email Security,Funding/M&A,awareness training,Elevate Security,Mimecast,user education – Email Security,Funding/M&A,awareness training,Elevate Security,Mimecast,user […] La entrada Mimecast Acquires User Education Startup Elevate Security  – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chrome

Source: www.securityweek.com – Author: Ionut Arghire Google has released a Chrome 120 update to resolve six vulnerabilities, including four reported by external researchers. The post Google Patches Six Vulnerabilities With First Chrome Update of 2024 appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/google-patches-six-vulnerabilities-with-first-chrome-update-of-2024/ Category & Tags: Vulnerabilities,Chrome – Vulnerabilities,Chrome La entrada Google Patches Six Vulnerabilities With First Chrome Update of 2024 – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Airbus

Source: www.securityweek.com – Author: Eduard Kovacs French aerospace giant Airbus could acquire Atos’ cybersecurity unit for up to $2 billion, but discussions are at a preliminary stage. The post Airbus Offering to Buy Atos Cybersecurity Unit for Up to $2 Billion appeared first on SecurityWeek. Original Post   show more ...

URL: https://www.securityweek.com/airbus-offering-to-buy-atos-cybersecurity-unit-for-up-to-2-billion/ Category & Tags: Funding/M&A,Airbus,Atos – Funding/M&A,Airbus,Atos La entrada Airbus Offering to Buy Atos Cybersecurity Unit for Up to $2 Billion – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Picture this: you stumble upon a concealed secret within your company’s source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged   show more ...

reputation. Understanding the secret is just […] La entrada Exposed Secrets are Everywhere. Here’s How to Tackle Them – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 05, 2024NewsroomNetwork Security / Malware Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway   show more ...

protocol (BGP) traffic. “The Orange account in the IP network coordination […] La entrada Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Alert

Source: thehackernews.com – Author: . Jan 05, 2024NewsroomVulnerability / Network Security Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers.   show more ...

Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the […] La entrada Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 05, 2024NewsroomCyber Attack / Data Breach Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar’s systems at least since May 2023. The development was first   show more ...

reported by Reuters. The incident, described as a “powerful hacker attack,” first came to […] La entrada Russian Hackers Had Covert Access to Ukraine’s Telecom Giant for Months – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bandook

Source: thehackernews.com – Author: . Jan 05, 2024NewsroomMalware / Cyber Espionage A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet   show more ...

FortiGuard Labs, which identified the activity in October 2023, said the malware […] La entrada New Bandook RAT Variant Resurfaces, Targeting Windows Machines – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Friday, January 05
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch