Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cyberattack Hits Mal ...

 Firewall Daily

Over the weekend, the Maldives faced a cyberattack, resulting in the temporary unavailability of the official websites of the President’s office, Foreign Ministry, and Tourism Ministry. Users attempting to access these sites encountered disruptions for several hours on Saturday night. The cyberattack on Maldives   show more ...

government websites has been rumored to be related to a recent event where three Maldives ministers- Mariyam Shiuna, Malsha, and Hassan Zihan made derogatory remarks about India’s Prime Minister Narendra Modi.  Source: Twitter Acknowledging the cyberattack on Maldives websites, the President’s office released a statement on social media, attributing the downtime to “technical issues.” The National Centre for Information Technology (NCIT) and other relevant entities worked diligently to restore the functionality of the government websites. Following their efforts, the websites are now back online and functioning as usual. Decoding the Cyberattack on Maldives Government Websites Source: Twitter The tweet from the President’s office read, “Please note that the President’s Office website is currently facing an unexpected technical disruption. NCIT and other relevant entities are actively working on resolving this promptly. We apologize for any inconvenience caused. Thank you for your understanding and patience.” The Maldives cyberattack incident occurred amidst a broader context of diplomatic tensions, as three Maldivian ministers were reportedly suspended for their remarks on Prime Minister Narendra Modi. The Maldives government, in response, issued a strong statement emphasizing the need for a democratic and responsible exercise of freedom of expression. Former Maldives President Mohamed Nasheed condemned the derogatory remarks and urged the government to distance itself from such comments, emphasizing the importance of maintaining positive relations with international partners, reported Deccan Herald. Speculations of Cyberattack on Maldives Government Websites While the cyberattack on Maldives government websites took place, speculation arose on various online platforms regarding its motives. Some users speculated that Chinese hackers may have targeted the Maldives websites to discredit India, suggesting a connection to the diplomatic tensions. However, it’s crucial to note that such claims lack concrete evidence. This is an ongoing story and The Cyber Express is closely monitoring the situation. We’ll update this post once we have more information on these cyberattacks on Maldives Government websites and the group/individuals responsible for them. As investigations into the attack continue, the Maldives government is expected to take steps to strengthen its cybersecurity infrastructure to prevent future incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Meet Ika & Sal: The ...

 A Little Sunshine

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold   show more ...

backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a Spamit), an invite-only community for Russian-speaking people in the businesses of sending spam and building botnets of infected computers to relay said spam. The Spamdot admins went by the nicknames Icamis (a.k.a. Ika), and Salomon (a.k.a. Sal). Spamdot forum administrator “Ika” a.k.a. “Icamis” responds to a message from “Tarelka,” the botmaster behind the Rustock botnet. Dmsell said: “I’m actually very glad that I switched to legal spam mailing,” prompting Tarelka and Ika to scoff. As detailed in my 2014 book, Spam Nation, Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock, Cutwail, Mega-D, Festi, Waledac, and Grum. Icamis and Sal were in daily communications with these botmasters, via the Spamdot forum and private messages. Collectively in control over millions of spam-spewing zombies, those botmasters also continuously harvested passwords and other data from infected machines. As we’ll see in a moment, Salomon is now behind bars, in part because he helped to rob dozens of small businesses in the United States using some of those same harvested passwords. He is currently housed in a federal prison in Michigan, serving the final stretch of a 60-month sentence. But the identity and whereabouts of Icamis have remained a mystery to this author until recently. For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities. And there were many good reasons to support this conclusion. For example, in 2010 Spamdot and its spam affiliate program Spamit were hacked, and its user database shows Sal and Icamis often accessed the forum from the same Internet address — usually from Cherepovets, an industrial town situated approximately 230 miles north of Moscow. Also, it was common for Icamis to reply when Spamdot members communicated a request or complaint to Sal, and vice versa. Image: maps.google.com Still, other clues suggested Icamis and Sal were two separate individuals. For starters, they frequently changed the status on their instant messenger clients at different times. Also, they each privately discussed with others having attended different universities. KrebsOnSecurity began researching Icamis’s real-life identity in 2012, but failed to revisit any of that research until recently. In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target. That story mentioned Rescator’s real-life identity was exposed by Icamis in April 2013, as part of a lengthy farewell letter Ika wrote to Spamdot members wherein Ika said he was closing the forum and quitting the cybercrime business entirely. To no one’s shock, Icamis didn’t quit the business: He simply became more quiet and circumspect about his work, which increasingly was focused on helping crime groups siphon funds from U.S. bank accounts. But the Rescator story was a reminder that 10 years worth of research on who Ika/Icamis is in real life had been completely set aside. This post is an attempt to remedy that omission. The farewell post from Ika (aka Icamis), the administrator of both the BlackSEO forum and Pustota, the successor forum to Spamit/Spamdot. GENTLEMEN SCAMMERS Icamis and Sal offered a comprehensive package of goods and services that any aspiring or accomplished spammer would need on a day-to-day basis: Virtually unlimited bulletproof domain registration and hosting services, as well as services that helped botmasters evade spam block lists generated by anti-spam groups like Spamhaus.org. Here’s snippet of Icamis’s ad on Spamdot from Aug. 2008, wherein he addresses forum members with the salutation, “Hello Gentlemen Scammers.” We are glad to present you our services! Many are already aware (and are our clients), but publicity is never superfluous. Domains. – all major gtlds (com, net, org, info, biz) – many interesting and uninteresting cctlds – options for any topic – processing of any quantities – guarantees – exceptionally low prices for domains for white and gray schemes (including any SEO and affiliate spam ) – control panel with balances and auto-registration – all services under the Ikamis brand, proven over the years;) Servers. – long-term partnerships with several [data centers] in several parts of the world for any topic – your own data center (no longer in Russia ;)) for gray and white topics – any configuration and any hardware – your own IP networks (PI, not PA) and full legal support – realtime backups to neutral sites – guarantees and full responsibility for the services provided – non-standard equipment on request – our own admins to resolve any technical issues (services are free for clients) – hosting (shared and vps) is also possible Non-standard and related services. – ssl certificates signed by geotrust and thawte – old domains (any year, any quantity) – beautiful domains (keyword, short, etc.) – domains with indicators (any, for SEO, etc.) – making unstable gtld domains stable – interception and hijacking of custom domains (expensive) – full domain posting via web.archive.org with restoration of native content (preliminary applications) – any updates to our panels to suit your needs upon request (our own coders) All orders for the “Domains” sections and “Servers” are carried out during the day (depending on our workload). For non-standard and related services, a preliminary application is required 30 days in advance (except for ssl certificates – within 24 hours). Icamis and Sal frequently claimed that their service kept Spamhaus and other anti-spam groups several steps behind their operations. But it’s clear that those anti-spam operations had a real and painful impact on spam revenues, and Salomon was obsessed with striking back at anti-spam groups, particularly Spamhaus. In 2007, Salomon collected more than $3,000 from botmasters affiliated with competing spam affiliate programs that wanted to see Spamhaus suffer, and the money was used to fund a week-long distributed denial-of-service (DDoS) attack against Spamhaus and its online infrastructure. But rather than divert their spam botnets from their normal activity and thereby decrease sales, the botmasters voted to create a new DDoS botnet by purchasing installations of DDoS malware on thousands of already-hacked PCs (at a rate of $25 per 1,000 installs). SALOMON As an affiliate of Spamdot, Salomon used the email address ad1@safe-mail.net, and the password 19871987gr. The breach tracking service Constella Intelligence found the password 19871987gr was used by the email address grichishkin@gmail.com. Multiple accounts are registered to that email address under the name Alexander Valerievich Grichishkin, from Cherepovets. In 2020, Grichishkin was arrested outside of Russia on a warrant for providing bulletproof hosting services to cybercriminal gangs. The U.S. government said Grichishkin and three others set up the infrastructure used by cybercriminals between 2009 to 2015 to distribute malware and attack financial institutions and victims throughout the United States. Those clients included crooks using malware like Zeus, SpyEye, Citadel and the Blackhole exploit kit to build botnets and steal banking credentials. “The Organization and its members helped their clients to access computers without authorization, steal financial information (including banking credentials), and initiate unauthorized wire transfers from victims’ financial accounts,” the government’s complaint stated. Grichishkin pleaded guilty to conspiracy charges and was sentenced to four years in prison. He is 36 years old, has a wife and kids in Thailand, and is slated for release on February 8, 2024. ICAMIS, THE PHANTOM GRADUATE The identity of Icamis came into view when KrebsOnSecurity began focusing on clues that might connect Icamis to Cherepovets (Ika’s apparent hometown based on the Internet addresses he regularly used to access Spamdot). Historic domain ownership records from DomainTools.com reveal that many of the email addresses and domains connected to Icamis invoke the name “Andrew Artz,” including icamis[.]ws, icamis[.]ru, and icamis[.]biz. Icamis promoted his services in 2003 — such as bulk-domains[.]info — using the email address icamis@4host.info. From one of his ads in 2005: Domains For Projects Advertised By Spam I can register bulletproof domains for sites and projects advertised by spam(of course they must be legal). I can not provide DNS for u, only domains. The price will be: 65$ for domain[if u will buy less than 5 domains] 50$ for domain[more than 5 domains] 45$ for domain[more than 10 domains] These prices are for domains in the .net & .com zones. If u want to order domains write me to: icamis@4host.info In 2009, an “Andrew Artz” registered at the hosting service FirstVDS.com using the email address icamis@4host.info, with a notation saying the company name attached to the account was “WMPay.” Likewise, the bulletproof domain service icamis[.]ws was registered to an Andrew Artz. The domain wmpay.ru is registered to the phonetically similar name “Andrew Hertz,” at andrew@wmpay.ru. A search on “icamis.ru” in Google brings up a 2003 post by him on a discussion forum designed by and for students of Amtek, a secondary school in Cherepovets (Icamis was commenting from an Internet address in Cherepovets). The website amtek-foreva-narod.ru is still online, and it links to several yearbooks for Amtek graduates. It states that the yearbook for the Amtek class of 2004 is hosted at 41.wmpay[.]com. The yearbook photos for the Amtek class of 2004 are not indexed in the Wayback Machine at archive.org, but the names and nicknames of 16 students remain. However, it appears that the entry for one student — the Wmpay[.]com site administrator — was removed at some point. In 2004, the administrator of the Amtek discussion forum — a 2003 graduate who used the handle “Grand” — observed that there were three people named Andrey who graduated from Amtek in 2004, but one of them was conspicuously absent from the yearbook at wmpay[.]ru: Andrey Skvortsov. To bring this full circle, Icamis was Andrey Skvortsov, the other Russian man charged alongside Grichiskin (the two others who pleaded guilty to conspiracy charges were from Estonia and Lithuania). All of the defendants in that case pleaded guilty to conspiracy to engage in a Racketeer Influenced Corrupt Organization (RICO). [Author’s note: No doubt government prosecutors had their own reasons for omitting the nicknames of the defendants in their press releases, but that information sure would have saved me a lot of time and effort]. SKVORTSOV AND THE JABBERZEUS CREW Skvortsov was sentenced to time served, and presumably deported. His current whereabouts are unknown and he was not reachable for comment via his known contact addresses. The government says Ika and Sal’s bulletproof hosting empire provided extensive support for a highly damaging cybercrime group known as the JabberZeus Crew, which worked closely with the author of the Zeus Trojan — Evgeniy Mikhailovich Bogachev — to develop a then-advanced strain of the Zeus malware that was designed to defeat one-time codes for authentication. Bogachev is a top Russian cybercriminal with a standing $3 million bounty on his head from the FBI. The JabberZeus Crew stole money by constantly recruiting money mules, people in the United States and in Europe who could be enticed or tricked into forwarding money stolen from cybercrime victims. Interestingly, Icamis’s various email addresses are connected to websites for a vast network of phony technology companies that claimed they needed people with bank accounts to help pay their overseas employees. Icamis used the email address tech@safe-mail.net on Spamdot, and this email address is tied to the registration records for multiple phony technology companies that were set up to recruit money mules. One such site — sun-technology[.]net — advertised itself as a Hong Kong-based electronics firm that was looking for “honest, responsible and motivated people in UK, USA, AU and NZ to be Sales Representatives in your particular region and receive payments from our clients. Agent commission is 5 percent of total amount received to the personal bank account. You may use your existing bank account or open a new one for these purposes.” In January 2010, KrebsOnSecurity broke the news that the JabberZeus crew had just used money mules to steal $500,000 from tiny Duanesburg Central School District in upstate New York. As part of his sentence, Skvortsov was ordered to pay $497,200 in restitution to the Duanesburg Central School District. The JabberZeus Crew operated mainly out of the eastern Ukraine city of Donetsk, which was always pro-Russia and is now occupied by Russian forces. But when Russia invaded Ukraine in February 2022, the alleged leader of the notorious cybercrime gang — Vyacheslav Igoravich Andreev (a.ka. Penchukov) — fled his mandatory military service orders and was arrested in Geneva, Switzerland. He is currently in federal custody awaiting trial, and is slated to be arraigned in U.S. federal court tomorrow (Jan. 9, 2024). A copy of the indictment against Andreev is here (PDF). Andreev, aka “Tank,” seen here performing as a DJ in Ukraine in an undated photo from social media.

image for TCE Exclusive: Massi ...

 Data Breach News

In a significant security breach, the System for Pension Administration Raksha (SPARSH) portal, India’s central web-based system for automating pension processes for defense personnel, including Army, Navy, Air Force, and civilian defense staff, has suffered a massive data leak. Thousands of defense   show more ...

personnel’s sensitive information has been exposed in the SPARSH portal data leak, raising serious concerns about the privacy and security of those who have served in the nation’s defense forces. The SPARSH portal, instrumental in managing pension-related procedures for Indian defense personnel, was developed by Tata Consultancy Services (TCS). TCS, known for its significant market capitalization, is recognized as one of India’s top IT companies and a globally esteemed IT service brand. The SPARSH Portal data leak includes sensitive particulars such as usernames, passwords, URLs, and Pension Numbers, posing a grave threat to the privacy and financial security of the affected pensioners. Notably, credentials granting access to this sensitive information have surfaced on Telegram, creating the potential for misuse and manipulation of crucial pension-related processes. The information belonging to the SPARSH data leak is also reportedly being sold on a Russian marketplace, raising apprehensions about the possible involvement of Russian hacker groups. The leaked data, sized at 0.41Mb and priced at $9.00, is attributed to the malware ‘lumma’. (Source: Dark Web) The exposed confidential details from the portal are primarily of personnel in Kerala. This adds an international dimension to the data breach, intensifying worries about the broader implications and potential misuse of the exposed data. Following the SPARSH portal data leak, The Cyber Express team managed to access the exposed data and was able to log into the portal using the compromised credentials and gain unrestricted access to personal information. Implications of the SPARSH Portal Data Leak The SPARSH portal, an essential component of the Centralized Pension Disbursement System (CPDS), provides a range of features for defense pensioners. The SPARSH portal data leak poses severe implications for these key functionalities: Pensioner Profile Management: The leaked data exposes the profiles of thousands of pensioners, including personal details and information about their dependents. Pensioner Data Verification (PDV): The compromised data could undermine the accuracy of pensioner data, giving unauthorized individuals control over information sent to the Pension Sanction Authority. Application Tracking: Pensioners’ ability to track their pension applications and receive real-time status updates is jeopardized, impacting the transparency of the pension disbursement process. Pension Disbursement: The compromised data puts the direct transfer of pensions to the linked bank accounts of pensioners at risk, potentially affecting the financial stability of retirees. Life Certificate Submission: Pensioners’ ability to submit life certificates through the portal for authentication, a crucial step for initiating pension requests, may be compromised. The SPARSH portal, intended to simplify pension-related activities for defense pensioners, now faces scrutiny over its security measures. The Cyber Express has sought official statements and clarification from the Ministry of Defence and Tata Consultancy Services regarding the SPARSH portal security lapse. This incident highlights critical vulnerabilities in the system responsible for handling the pensions of India’s defense community. India’s Cybersecurity Struggles This incident is part of a concerning trend involving cyber threats targeting Indian government portals. In 2023, an unidentified individual operating under the ominous pseudonym ‘dawnofdevil’ claimed responsibility for compromising the security of the Income Tax Department of India. However, as of now, the claims of a data breach at the Income Tax Department by the threat actor are yet to be officially confirmed. In a separate incident, the Phoenix hacker group, affiliated with the pro-Russia hacker group Killnet, asserted that they had conducted multiple cyberattacks on the Ministry of Health in India. The group also claimed to possess access to sensitive data concerning hospitals, staff, and chief physicians. As per a post shared on their Telegram channel, the hacker collective asserted having gained unauthorized access to the systems of India’s Ministry of Health. Additionally, Indian taxpayers are facing risks, as reports of a data leak from an organization providing tax assistance have surfaced in the media. According to threat intelligence received by The Cyber Express, a hacker forum user known by the username ‘Hacking’ publicly released Indian taxpayer data on September 27, 2023. In light of these incidents, all SPARSH portal users are advised to promptly change their passwords as a precautionary measure and remain vigilant for any suspicious activities related to their pension accounts. Furthermore, authorities must conduct a thorough investigation, enhance the portal’s security measures, and take swift action against those responsible for the SPARSH portal data leak. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for NoName on Rampage! C ...

 Firewall Daily

NoName ransomware group has allegedly targeted multiple Ukrainian government websites. The latest victims of the alleged NoName ransomware attack on Ukraine include Accordbank, Zaporizhzhya Titanium-Magnesium Plant, State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration,   show more ...

and the Main Directorate of the State Tax Service in Kyiv. The Cyber Express tried to verify the claims made by the threat actor and found the website of Zaporizhzhya Titanium-Magnesium Plant operational at the moment. The latter websites listed by the NoName ransomware group faced disruptions and connectivity issues displaying “403 forbidden” and other error messages. NoName Ransomware Attack on Ukraine The NoName ransomware group has posted a list of their latest DDoS attack victims on their dark web leak portal. Screenshots of the dark web post were shared on Twitter. The message on the screenshot taken from the dark web reads, “We continue to nightmare Ukrainian sites (evil emoji)”. The websites for Ukraine’s State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service, displayed bad gateway and error messages on each of the websites. The websites of the Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service are linked to the main website of Ukraine’s State Tax Service. Hence, it seems that the NoName ransomware attack on Ukraine’s State Tax Service has also impacted the other linked websites. The website of Ukraine’s Accordbank displayed a “403 Forbidden” error message. Here is a screenshot of the same. The website of the Ukrainian State Tax Service displayed a message, “This site can’t be reached. tax.gov.ua took too long to respond”. A screenshot of the same is attached below. The websites of the Central Interregional Tax Administration, and the Main Directorate of the State Tax Service in Kyiv also displayed the same error message as the Ukrainian State Tax Service website. Incidents Similar to NoName Ransomware Attack on Ukraine Since the war between Russia and Ukraine broke out, several hacktivist groups from both sides have been found targeting each other. These hacker groups are either backed by government agencies or commit cybercrimes as an act of patriotism towards their nation. Prior to the NoName ransomware attack on Ukraine, the hacker collective has also launched cyberattacks on multiple Finnish government websites. The group wrote on the dark web, “Finland continues to receive our New Year’s gifts (evil smile emoji)”. From what we could understand, it was an attempt to disrupt the critical infrastructure of Finland and cause havoc for the Finnish citizens. All the victims of NoName DDoS attacks on Finland were government organizations related to transport facilities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Data Breach Hits US ...

 Firewall Daily

A threat actor known as IntelBroker has claimed responsibility for a major data breach targeting the United States Department of Transportation (DOT). The federal executive department, entrusted with the planning, coordination, and implementation of federal transportation projects and policies, is now grappling with   show more ...

the fallout of a substantial compromise to its aviation department. DOT Data Breach Data Details The threat actor’s post on Breachforums, stated that the exfiltration of data occurred on January 7, 2024. The Dot data breach leaked database, purportedly containing sensitive information, encompasses 5.8 million flight logs from the year 2015. The compromised data fields include crucial details such as date, day of the week, airline, flight number, tail number, origin airport, destination airport, scheduled departure, departure time, departure delay, taxi out, wheels off, scheduled time, elapsed time, air time, distance, wheels on, taxi in, diverted, and canceled. The Cyber Express Team, upon learning of the data breach, promptly reached out to DOT officials for verification. As of now, no response has been received, leaving the claim unverified. Adding to the mystery, the official DOT website appears fully functional, raising doubts about the authenticity of the breach. Whether the claim is a ploy to attract attention or if there is a hidden motive behind it remains uncertain until an official statement is released. If the claim proves to be true, the implications of this data breach could be severe. The compromise of aviation records poses significant risks, including potential threats to national security and the safety of air travel. Cyberattacks on Government Agencies This incident is not isolated, as the U.S. government has faced a series of cyberattacks in recent years. In 2023, the United States Department of Commerce (DOC) fell victim to a cyberattack, resulting in the takedown of its website. Additionally, the National Institute of Standards and Technology (NIST) was targeted by the Anonymous Sudan hacktivist group in a separate incident. The targeting of government entities extends beyond just departments; cybersecurity service providers are also in the crosshairs. In a previous attack, Telos, a well-known cybersecurity firm based in Virginia, allegedly fell victim to the notorious CL0P ransomware group. Similarly, the Idaho National Laboratory, a crucial component of the United States Department of Energy, reportedly suffered a cyberattack claimed by the notorious SiegedSec hackers group. What Can Be the Motive Behind Attacks? The recurring nature of these attacks raises concerns about the cybersecurity measures in place across government agencies and affiliated organizations. The motive behind these cyberattacks remains unclear, but the trend indicates a concerted effort by threat actors to exploit vulnerabilities within these institutions. The impact of this latest DOT data breach extends beyond the United States, affecting North America as a whole. As the investigation unfolds, the cybersecurity community anxiously awaits official statements from the U.S. Department of Transportation and related authorities to ascertain the full extent of the DOT Data breach and the measures being taken to mitigate its consequences. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for National Automobile ...

 Firewall Daily

The notorious IntelBroker hacker group has set its sights on the National Automobile Dealers Association (NADA), a prominent American trade organization representing franchised new car and truck dealerships. The alleged National Automobile Dealers Association cyberattack, first reported on January 7, 2024, was   show more ...

published on a popular dark web form where the threat actors have claimed substantial amounts of data related to the US-based organization.  The threat actor advertises databases containing sensitive customer information on the Breachforums platform. The actor, operating under the alias ‘IntelBroker,’ posted on the hacker forum, revealing the compromise of five distinct databases related to NADA.  The National Automobile Dealers Association (NADA), founded in 1917 and headquartered in Tysons Corner, Virginia, is a notable American trade organization. It represents approximately 16,500 franchised dealers of new cars and trucks, including both domestic and international brands. The National Automobile Dealers Association Cyberattack Source: Twitter The databases contained in this National Automobile Dealers Association cyberattack, include specific customer information, including Customer Phone (300K lines), Customer Payments (58K lines), Customer Invoices (81K lines), Customer Emails (108K lines), and Customer Cards (518K lines).  Furthermore, the threat actors have not shared any ransom demands for the databases, adding more mystery to their claims and the intention behind the cyberattack on NADA. Moreover, the primary victim of this cyberattack is the National Automobile Dealers Association, a critical entity in the American automotive sector. The repercussions extend to the United States, particularly in the North American region. The Cyber Express reached out to the National Automobile Dealers Association for more information and clarification. However, as of the time of writing, no official statement or response has been issued by the organization. This lack of confirmation leaves the claims regarding the National Automobile Dealers Association cyberattack unverified. Who is the IntelBroker hacker group? The cyber assailant, known as IntelBroker, has gained notoriety on Breachforums. The hacker group has boldly advertised the compromised databases in this cyberattack on NADA, showcasing their capabilities and demonstrating the urgency of addressing cybersecurity vulnerabilities. Last year, in a similar incident, General Electric found itself under potential threat as IntelBroker, linked to the CyberNiggers group, asserted unauthorized access to confidential military projects and information pertaining to the US government’s defense R&D agency, DARPA.  This revelation comes as IntelBroker attempted to sell network access on a hacker forum for $500. The compromised data for sale includes SQL database files, military documents, aviation system technical details, and maintenance reports. This incident mirrors a previous one from last year when General Electric initiated an investigation into data breach claims made by IntelBroker.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Capital Health Hit b ...

 Data Breach News

Capital Health, a prominent healthcare organization based in New Jersey, recently faced a significant cybersecurity incident resulting in network outages towards the end of November 2023. Visitors to the organization’s website were immediately greeted with a ticker acknowledging the cyberattack on Capital   show more ...

Health, stating, “Capital Health recently experienced network outages due to a cybersecurity incident.” Cyberattack on Capital Health: Swift Response and Ongoing Investigation In response to the cyberattack on Capital Health, the firm’s Information Technology team acted promptly, initiating an assessment of the situation, implementing data safeguards, and working tirelessly to restore system functionality. Law enforcement and third-party forensic and information technology experts were promptly engaged to aid in the investigation, and additional security measures were implemented to protect systems. The official statement released by Capital Health acknowledged the broader trend, mentioning, “Capital Health experienced network outages towards the end of last month due to a cybersecurity incident; something we know is also being experienced at other healthcare organizations across the country. As of now, all services at Capital Health’s facilities are fully operational, with systems fully restored, and normal operations have resumed. The organization has reassured the public that they are working diligently with a forensic investigation firm to assess the risk to patient and employee data. More information will be provided as it becomes available. Allegations of LockBit Involvement However, cybersecurity analyst Dominic Alvieri, in a LinkedIn post, alleged that Capital Health had fallen victim to the LockBit ransomware attack. According to Alvieri, LockBit chose not to encrypt the hospital network to avoid hindering patient care. However, Capital Health has not officially disclosed the name of the hacker group involved. Source: LinkedIn Post Capital Health, which includes the Regional Medical Center Hospital in Trenton and the Capital Health Medical Center Hospital in Hopewell, is currently under scrutiny for the cyber incident. The Cyber Express Team has reached out to Capital Health for further clarification on the Capital Health cyberattack and the preventative measures the organization is implementing to safeguard against future attacks. The Perennial Target: Why Healthcare Draws Hackers The cyberattack on Capital Health raises questions about the persistent targeting of healthcare organizations by hackers. Cybersecurity experts argue that the sensitive nature of patient data and the critical infrastructure within healthcare systems make them lucrative targets for cybercriminals. As investigations unfold, it remains crucial for organizations like Capital Health to fortify their cybersecurity measures to protect sensitive information and ensure the uninterrupted delivery of healthcare services. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Expert Blogs and Opinion

A complete ban on ransomware payments is not a viable solution to combat ransomware attacks, according to some experts. While eliminating extortion as a source of criminal income may reduce attacks, there are several reasons why a ban would not work.

 Trends, Reports, Analysis

Cybercriminals are exploiting Twitter ads to promote cryptocurrency scams. These scams include links to Telegram channels promoting pump and dumps, phishing pages, and sites hosting malicious scripts that steal assets from connected wallets.

 Breaches and Incidents

The NoName group has reportedly targeted several Ukrainian government websites, including Accordbank, Zaporizhzhya Titanium-Magnesium Plant, and the State Tax Service. The group posted a list of their latest DDoS attack victims on the dark web.

 Breaches and Incidents

Over the weekend, the Maldives government websites experienced a cyberattack, resulting in temporary unavailability of the President's office, Foreign Ministry, and Tourism Ministry websites.

 Feed

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

 Feed

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

 Feed

Ubuntu Security Notice 6499-2 - USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.

 Feed

Gentoo Linux Security Advisory 202401-8 - Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure. Versions greater than or equal to 2.37.4 are affected.

 Feed

Red Hat Security Advisory 2024-0072-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0071-03 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

 Firewall Daily

The cybersecurity sector is one of the booming industries right now, with a growth of US$83.32 billion in 2016 to around US$166 billion in 2023. The industry has gone through a massive transformation, opening doors to new opportunities for young talent. However, along with the benefits, there is a specific set of   show more ...

threats associated with the growth. The demand for effective cybersecurity solutions has only increased in recent years. In an insightful interview, at the World CyberCon 2023, Pooja Shimpi, cybersecurity expert and the founder/CEO of Sybernow, shared valuable insights with The Cyber Express. She discussed the cybersecurity trends in 2024, challenges, and predictions in the field of cybersecurity. Talking about the industry and its growth, Shimpi explored trends, challenges, and predictions with TCE. With her expertise in the cybersecurity domain, she envisioned a roadmap for navigating cybersecurity intricacies, stressing continual adaptation, education, and a strategic blend of proactive and reactive measures.  Upcoming Cybersecurity Trends in 2024 Shimpi highlighted the escalating use of artificial intelligence (AI) across organizations and individuals. Anticipating a continued surge in this trend, she also cautioned about the associated threats in the coming year. Additionally, she drew attention to the emergence of quantum computing, a development poised to break existing encryptions, presenting a new set of challenges for the cybersecurity community. “The use of artificial intelligence has been growing in organizations as well as by individuals, we will witness a continued rise in this trend as well as associated threats in 2024. Quantum computing is in talks and this is going to help in breaking existing encryptions. Also, a lot of ransomware attacks are predicted in the upcoming year.”, said Shimpi. In tandem with the growing integration of artificial intelligence (AI) into the fabric of organizations and personal spheres, cybersecurity experts are sounding alarms about the imminent surge in associated threats. The geography is further complicated by the looming advent of quantum computing, a technological leap capable of dismantling existing encryption methods. This impending breakthrough presents a profound challenge for the cybersecurity community, requiring innovative strategies to safeguard sensitive data and digital assets. Cybersecurity Challenges in 2024 Ransomware Threats and General Cyber Awareness The cybersecurity expert expressed concern about the increasing prevalence of ransomware attacks among cybersecurity trends in 2024. Shimpi underscored the need for enhanced preparedness, questioning whether organizations possess the necessary resources and skill sets to effectively combat these evolving threats. Amid the escalating concerns voiced by cybersecurity experts, the spotlight is on the rising specter of ransomware attacks projected for the coming year. Emphasizing the gravity of the situation, there is a pressing call for fortified preparedness within organizations. With the increase in cyber threats, organizations are urged to reevaluate their cybersecurity strategies, ensuring they possess not only the requisite tools but also the expertise to navigate the intricate challenges posed by the relentless evolution of ransomware tactics. Shimpi pointed out that while the world is embracing artificial intelligence, the cybersecurity community is still figuring out solutions to challenges concerning resource allocation and skill readiness. She emphasized the importance of cybersecurity awareness, especially among the general public, identifying it as a significant challenge that needs immediate attention. Employee Training and Legislation Addressing the critical role of employees as the true firewalls of an organization, Shimpi questioned the adequacy of training provided to them. She stressed the necessity of regular and engaging training sessions, advocating for a departure from the traditional annual October cybersecurity training routine. Tabletop exercises and resiliency planning were highlighted as effective methods to uplift an organization’s cybersecurity posture. “Organizations are investing a lot to uplift their existing technologies. But are we doing enough to provide the right amount of training to our employees, as they are the real firewalls of an organization. Simply being aware is not enough, mindfulness to deal with cybersecurity situations is important”, added Shimpi. There are concerns about whether the current training methods sufficiently equip them to navigate the evolving cybersecurity trends in 2024. The emphasis on regular and engaging training sessions becomes paramount, challenging the conventional wisdom of an annual October cybersecurity training routine. Tabletop exercises and resiliency planning emerge as effective methodologies to bolster an organization’s cybersecurity posture, emphasizing the importance of hands-on experiences and strategic preparedness in the face of an ever-changing cyber threat scenario. Drawing on her experience in Singapore, Shimpi commended the stringent laws in place to protect the nation against cyber adversaries. Comparatively, she called for robust guidelines and regulations in countries like India, given the extensive presence of banking and financial industries coupled with increasing digitization as one of the cybersecurity trends in 2024. The call is for proactive measures to establish a comprehensive cybersecurity framework that safeguards critical sectors and upholds the integrity of digital ecosystems. This scenario underscores the global imperative for nations to adapt and fortify their regulatory frameworks to address the unique challenges posed by the expanding digital frontier. Staying Updated with Trends: Proactive vs Reactive Approaches Highlighting the dynamic nature of the cybersecurity field, Shimpi recommended staying abreast of trends through cybersecurity news updates, valuable online resources, and social media channels. Following cybersecurity professionals and podcasts, she emphasized, can offer valuable insights into the rapidly evolving dynamics of cybersecurity. Underscoring the dynamic nature of the cybersecurity field, the emphasis is placed on the need for continuous learning and awareness. Staying abreast of cybersecurity trends in 2024 becomes imperative, and this involves leveraging various information sources. Shimpi stressed the importance of maintaining a balance between proactive and reactive approaches. While a proactive stance helps in preparing against potential attacks, a reactive approach focuses on responding effectively when an attack occurs. She advocated for regular tabletop exercises as essential components of cybersecurity strategies, ensuring organizations are well-equipped to handle diverse situations. “It is good to have a balance between proactive and reactive approaches. Proactive approach helps to keep prepared against an attack, it wont shield you completely, but will still reduce the chances of being attacked. Reactive approach is about how you respond when you are attacked. This approach is also crucial because you never know what kind of situation you might face. I suggest that regular table top exercises are a must”, she concluded. The call for a balanced approach between proactivity and reactivity resonates with the cybersecurity trends in 2024. The proactive stance, akin to fortifying the organizations before an impending storm, is crucial for pre-emptive defense against potential cyber adversaries. However, the dynamic nature of cyber threats dictates the necessity of a robust reactive approach, honed to respond swiftly and effectively when a breach occurs. It’s a delicate equilibrium that cybersecurity professionals strive to maintain, acknowledging that no defense is impervious. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

Beirut’s international airport fell victim to a cyberattack that saw information display screens replaced with a message accusing the Hezbollah group of endangering Lebanon with the prospect of an all-out war with Israel. The far-right Christian group, Soldiers of God, initially faced accusations of   show more ...

orchestrating the Beirut International Airport cyberattack, but they vehemently denied any involvement in a video statement titled “No to strife in the Lord’s land.” The altered screens at Rafic Hariri airport prominently displayed anti-Hezbollah content, delivering messages strongly opposing the ongoing conflict in southern Lebanon. This unexpected cyberattack on Beirut International Airport raises not only concerns about the security of critical infrastructure but also highlights the potential exploitation of digital platforms for politically motivated messaging and interference. Unraveling the Cyberattack on Beirut International Airport The accusatory message on the compromised screens issued a warning to Hezbollah leader Hassan Nasrallah, cautioning against involving Lebanon in a conflict with Israel. It accused Nasrallah of jeopardizing Lebanon’s stability and highlights the potential repercussions, warning of diminishing support if he were to instigate such a perilous conflict. Soldiers of God, known for its campaigns against the LGBTQ+ community in Lebanon, has been in the spotlight alongside a group called The One Who Spoke over the past year. The cyberattack occurred following a warning from Nasrallah about potential repercussions for northern Israel if the Gaza war extended to the Israeli-Lebanese border, reported L’Orient Today. Hezbollah’s escalating attacks on northern Israel and Israel’s defense minister seeking a political solution further complicate the regional tension. The backdrop of this cyber incident involves Nasrallah’s pledge of revenge for the killing of deputy Hamas chief Saleh Al-Arouri in an Israeli airstrike on January 2 in Beirut – the first such killing abroad since the war broke out on October 7. What’s Ahead After the Beirut Airport Cyberattack? In an attempt to learn more about this cyberattack on Beirut International Airport, The Cyber Express has reached out to the organization. However, at the time of writing this, no official statement or response has been received, leaving the claims of the Beirut International Airport cyberattack stand unverified.  This Beirut International Airport cyberattack not only poses questions about the security of critical infrastructure but also highlights the complex geopolitical dynamics in the region. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information or official confirmation from the airport.  In the midst of these events, the Beirut International Airport cyberattack, allegedly not the work of the Soldiers of God hacker group, remains a focal point of concern, shedding light on the vulnerabilities and potential consequences of cyber intrusions within international relations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud. In wrapping up its investigation into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium

 Feed

Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022," blockchain analytics firm TRM Labs said last week. "Hacks

 Feed

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner&

 Feed

The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years. “These security and privacy challenges include the potential for adversarial manipulation of training data, adversarial exploitation of model vulnerabilities to

 Feed

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications. “The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said in a report

 Feed

Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues. Talent Retention Challenges: The cybersecurity field is rapidly advancing, requiring a

 Banks and building societies

Source: www.theguardian.com – Author: Miles Brignall Samuel Gibbs, Sandra Haurant, Rupert Jones, Sarah Marsh and Hilary Osborne Don’t get stung on overdraft costs Authorised overdraft costs can vary dramatically. Many banks have overdraft calculators on their websites, so log on and compare what your bank   show more ...

charges versus what you would be charged if you took […] La entrada Slash your overdraft costs and get ‘free’ cash: how to get your bank and savings into shape – Source: www.theguardian.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt It’s another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott’s sharing details of how he and Joe Tiedman registered a domain Capelli   show more ...

Sport let […] La entrada Weekly Update 381 – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman No one specifically Someone on our general security team A dedicated person/team that handles cloud security Cloud architects and developers Original Post URL: https://securityboulevard.   show more ...

com/2024/01/usenix-security-23-oshrat-ayalon-dana-turjeman-elissa-m-redmiles-exploring-privacy-and-incentives-considerations-in-adoption-of-covid-19-contact-tracing-apps/ Category & Tags: Data Security,Network Security,Security Bloggers Network,Information Security,Infosecurity Education,Open Access Research,Privacy,Security Architecture,Security Conferences,Security Research,tracking,USENIX,USENIX Security ’23 – Data Security,Network Security,Security Bloggers Network,Information Security,Infosecurity Education,Open […] La entrada USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M. Redmiles – ‘Exploring Privacy And Incentives Considerations In Adoption Of COVID-19 Contact Tracing Apps’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 articles

Source: securityboulevard.com – Author: Rom Carmel Most resources, such as databases or machines, are running in the cloud today and need privileged access. Yet few teams can effectively manage identities in the cloud at scale, with Gartner estimating that by 2023, 75 percent of cloud security failures will   show more ...

occur due to inadequate management of identities […] La entrada 9 Questions to Ask a Privileged Access Provider – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Compliance

Source: securityboulevard.com – Author: Max Aulakh The Defense Federal Acquisition Regulation Supplement, better known as DFARS, has significance for contractors working with the Department of Defense (DoD). Our intention is to offer a comprehensive perspective on DFARS in the context of cybersecurity, its   show more ...

various clauses, and the intricacies of maintaining compliance as these rules constantly […] La entrada FAQ: What Is DFARS Compliance and How Does It Work? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Commentary

Source: securityboulevard.com – Author: hrbrmstr Three years ago, on January 6, 2021, the U.S. Capitol was stormed by a mob intent on overturning the results of the 2020 Presidential Election. This event — the January 6th insurrection — was a direct attack on the democratic process and the peaceful   show more ...

transition of power, a cornerstone of […] La entrada Three Years After January 6th: The Insurrection’s Impact on U.S. Democracy – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Endpoint Security , Enterprise Mobility Management / BYOD , Governance & Risk Management SQL Injection Flaw Affects All Supported Versions of Ivanti Endpoint Manager Prajeet Nair (@prajeetspeaks) • January 7, 2024     Image: Shutterstock Ivanti issued an   show more ...

urgent alert to users of its endpoint security product to patch a […] La entrada Ivanti Patches Critical Endpoint Security Vulnerability – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Endpoint Security , Enterprise Mobility Management / BYOD , Governance & Risk Management SQL Injection Flaw Affects All Supported Versions of Ivanti Endpoint Manager Prajeet Nair (@prajeetspeaks) • January 7, 2024     Image: Shutterstock Ivanti issued an   show more ...

urgent alert to users of its endpoint security product to patch a […] La entrada Ivanti Patches Critical Endpoint Security Vulnerability – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 08, 2024NewsroomCyber Security / Zero Trust Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the   show more ...

internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access […] La entrada Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 08, 2024NewsroomArtificial Intelligence / Cyber Security The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI)   show more ...

systems in recent years. “These security and privacy challenges include the potential for […] La entrada NIST Warns of Security and Privacy Risks from Rapid AI System Deployment – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Charges

Source: thehackernews.com – Author: . Jan 08, 2024NewsroomFinancial Fraud / Cybercrime The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud. In wrapping up   show more ...

its investigation into the dark web portal, the agency said […] La entrada DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 08, 2024NewsroomCryptocurrency / Financial Crime Threat actors affiliated with the Democratic People’s Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK “was responsible for almost a   show more ...

third of all funds stolen in crypto attacks last year, despite a […] La entrada North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Monday, January 08
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch