Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Israeli Ports Hit in ...

 Firewall Daily

Anonymous Sudan hacker group has claimed responsibility for cyberattack on Israeli ports. Details about this Anonymous Sudan cyberattack emerged on a dark web portal. The reported targets of this attack include the Israel Ports Development & Assets Company and Haifa Port Company. According to the posted message by   show more ...

the threat actor, they targeted key elements of the Israeli ports’ digital infrastructure, including network devices, network administration devices, routers, SNMP & email servers, VPN, internal servers, and critical client-side endpoints. The alleged damage extends to the overall digital health of the Israel Ports Development & Assets Company Ltd. and Haifa Port Company Ltd., as well as any collateral or other related services damage. Decoding the Anonymous Sudan Cyberattack on Israeli Ports The Cyber Express reached out to the affected organizations for more insights into this Anonymous Sudan cyberattack on Israeli ports. As of now, no official statements or responses have been received, leaving the claims surrounding the cyberattack unverified. Notably, among the two organizations mentioned, Israel Ports Development & Assets Company appears to be inaccessible, displaying a “This site can’t be reached israports.co.il took too long to respond” error code on its website. Source: Twitter This incident follows a similar event in November 2023 when Anonymous Sudan targeted Israel’s critical infrastructure. The group, which has affiliations with Russian interests, pledged solidarity with Hamas amid the ongoing conflict in Israel and Palestine.  Previous Instances of Anonymous Sudan Cyberattacks  Their focus has been on disrupting Israel’s Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, presenting a considerable cybersecurity threat. Anonymous Sudan, originally a Russian-speaking Telegram channel that emerged in January 2023, has no direct evidence linking it to the Anonymous hacktivist group or the nation of Sudan. Despite exhibiting anti-Western and pro-Islamic tendencies, the group maintains a strong allegiance to Russian interests and has ties with the Russian hacktivist group, Killnet, known for Distributed Denial-of-Service (DDoS) attacks. Utilizing DDoS attacks, Anonymous Sudan overwhelms its targets with waves of UDP and SYN floods, rendering their services useless or sluggish. The group employs public cloud servers and free and open proxy infrastructures to conceal the source of their attacks. Previous targets include Sweden, Denmark, France, the United States, and Israel. Motivated by multifaceted reasons, Anonymous Sudan’s focus on Israel is rooted in geopolitical agendas and retaliation against Western support for Ukraine during the Russian invasion. As the situation unfolds, concerns rise regarding the security of Israel’s critical infrastructure and the potential impact of these cyber attacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Indian Entities on A ...

 Dark Web News

The hacker group known as “dawnofdevil” has emerged as a threat actor, actively targeting Indian organizations, including government entities. Operating prominently on BreachForums, this group has recently expanded its activities to compromise the security of the Income Tax Department of India and breach   show more ...

the data of millions of users from the popular ISP, Hathway. Under the pseudonym ‘dawnofdevil,’ an unidentified individual claims to have infiltrated the security of the Income Tax Department of India. The hacker alleges to have gained access to an email account hosted on the incometax.gov.in domain, opening avenues for unauthorized registrations on various Indian government-affiliated websites. Dawnofdevil Hacker Group Targets Multiple Victims While the implications of this security breach are potentially vast, concerns about the confidentiality and integrity of sensitive information within the Income Tax Department have yet to be confirmed. Source: Twitter The hacker has attached a price tag of US$500 to the compromised email access, actively seeking potential buyers through private channels. Source: Twitter On December 22, 2023, dawnofdevil announced the successful hacking of Hathway, a major broadband internet service and cable TV provider in India. The hacker claims to have acquired the personal data of 41.5 million customers, including sensitive information such as names, addresses, phone numbers, email addresses, and even password hashes. Source: Twitter The data, available for sale at US$10,000, includes not only user details but also access to MySQL and Oracle databases, totaling over 400 GB of data and more than 800 tables with production data. Additionally, the hacker boasts possession of 4 million+ KYC documents, containing full names, Aadhar numbers, PAN cards, and other national ID details. Sample Data and Dark Web Portal Dawnofdevil has further shared samples of the compromised data, demonstrating the extent of the information at risk, including full names, physical addresses, phone numbers, email addresses, user IDs, account IDs, password hashes, IP addresses, and more. To facilitate the sale and potentially enable targeted searches, the threat actor has set up a Tor site where individuals can search for data entries using mobile numbers and email addresses. The dawnofdevil hacker group poses a serious threat to the security and privacy of Indian organizations and individuals. As the alleged organizations investigate the breach, and with the data of millions of Hathway users at stake, the importance of robust cybersecurity measures cannot be overstated.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Republic Shipping Ta ...

 Firewall Daily

Republic Shipping Consolidators, a prominent logistics company, finds itself entangled in the web of a cyberattack orchestrated by the notorious BianLian ransomware group. The group has claimed the Republic Shipping Consolidators cyberattack on its dark web channel and brazenly added it to its data leak site, exposing   show more ...

a staggering 117 GB of sensitive information. The compromised data spans a wide spectrum, including accounting records, budget details, financial data, email and message archives, files extracted from employee PCs, operational and business-related documents, personal information, and technical data. The severity of this Republic Shipping Consolidators data breach raises concerns not only for the company but also for the individuals and entities associated with the compromised data. Republic Shipping Consolidators Cyberattack Decoded The group’s message on the data leak site outlines the extent of their infiltration, emphasizing the financial details with a reported revenue of US$5 million. The Cyber Express sought a response from Republic Shipping Consolidators regarding this alleged cyberattack, but as of now, no official statement has been issued, leaving the Republic Shipping Consolidators data breach claims unverified. Source: Twitter Interestingly, despite the reported cyberattack, the website for Republic Shipping Consolidators remains operational without immediate signs of compromise. This suggests that the hackers might have targeted the backend of the website, potentially gaining unauthorized access to databases, rather than attacking the front end. BianLian ransomware group, known for its malicious activities since June 2022, operates as a developer, deployer, and data extortion cybercriminal group. Their targets extend beyond U.S. critical infrastructure sectors to include Australian critical infrastructure, professional services, and property development. The BianLian Ransomware Group Modus Operandi The modus operandi of the BianLian group involves gaining access to victim systems through valid Remote Desktop Protocol (RDP) credentials. They employ open-source tools and command-line scripting for discovery and credential harvesting, followed by the exfiltration of victim data through various means, such as File Transfer Protocol (FTP), Rclone, or Mega. Notably, the group shifted from a double-extortion model to primarily exfiltration-based extortion around January 2023. In the event of a victim refusing to pay the ransom, the BianLian ransomware group resorts to threatening the release of exfiltrated data on a Tor network-based leak site. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) jointly encourage critical infrastructure organizations and small- to medium-sized enterprises to implement recommended mitigations to reduce the likelihood and impact of BianLian and other ransomware incidents. BianLian group’s tactics include issuing a unique Tox ID for each victim organization and pressuring victims through various means, such as printing ransom notes to compromised network printers and making threatening telephone calls to employees associated with victim companies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Can TVs, smartphones ...

 Threats

Rumors of eavesdropping smart devices have been circulating for many years. Doubtless, youve heard a tale or two about how someone was discussing, say, the new coffee machine at work, and then got bombarded with online ads for, yes, coffee machines. Weve already tested this hypothesis, and concluded that advertisers   show more ...

arent eavesdropping — they have many other less dramatic but far more effective ways of targeting ads. But perhaps the times are changing? News broke recently (here and here) about two marketing firms allegedly bragging about offering targeted ads based on just such eavesdropping. Granted, both companies later retracted their words and removed the relevant statements from their websites. Nevertheless, we decided to take a fresh look at the situation. What the firms claimed In calls with clients, podcasts, and blogs, CMG and Mindshift told much the same story — albeit devoid of any technical detail: smartphones and smart TVs allegedly help them recognize predetermined keywords in peoples conversations, which are then used to create custom audiences. These audiences, in the form of lists of phone numbers, email addresses, and anonymous advertising IDs, can be uploaded to various platforms (from YouTube and Facebook to Google AdWords and Microsoft Advertising) and leveraged to target ads at users. If the second part about uploading custom audiences sounds quite plausible, the first is more than hazy. Its not clear at all from the companies statements which apps and which technologies they use to collect information. But in the long (now deleted) blog post, the following non-technical passage stood out most of all: We know what youre thinking. Is this even legal? It is legal for phones and devices to listen to you. When a new app download or update prompts consumers with a multi-page term of use agreement somewhere in the fine print, Active Listening is often included. After being pestered by journalists, CMG removed the post from its blog and issued an apology/clarification, adding that theres no eavesdropping involved, and the targeting data is sourced by social media and other applications. The second company, Mindshift, just quietly erased all marketing messages about this form of advertising from its website. When did they lie? Clearly, the marketers misspoke either to their clients in promising voice-activated ads, or to the media Most likely it was the former; heres why: Modern operating systems indicate clearly when the microphone is in use by a legitimate app. And if, say, some weather app is constantly listening to the microphone, waiting for, say, the words coffee machine to come from your lips, the microphone icon will light up in the notification panel of all the most popular operating systems. On smartphones and other mobile devices, continuous eavesdropping will drain the battery and eat up data. This will get noticed and cause a wave of hate. Constantly analyzing audio streams from millions of users would require massive computing power and be financial folly — since advertising profits could never cover the costs of such a targeting operation. Contrary to popular belief, the annual revenue of advertising platforms per user is quite small: less than $4 in Africa, around $10 on average worldwide, and up to $60 in the U.S. Given that these figures refer to income, not profit, theres simply no money left for eavesdropping. Doubters are invited to study, for example, Google Clouds speech recognition pricing: even at the most discounted wholesale rate (two million+ minutes of audio recordings per month), converting speech to text costs 0.3 cents per minute. Assuming a minimum of three hours of speech recognition per day, the client would have to spend around $200 per year on each individual user — too much even for U.S. advertising firms. What about voice assistants? That said, the above reasoning may not hold true for devices that already listen to voice commands by nature of their primary purpose. First and foremost are smart speakers, as well as smartphones with voice assistants permanently on. Less obvious devices include smart TVs that also respond to voice commands. According to Amazon, Alexa is always listening out for the wake word, but only records and sends voice data to the cloud upon hearing it, and stops as soon as interaction with the user is over. The company doesnt deny that Alexa data is used for ad targeting, and independent studies confirm it. Some users consider such a practice to be illegal, but the lawsuit they filed against Amazon is still ongoing. Meanwhile, another action brought against Amazon by the U.S. Federal Communications Commission resulted in a modest $30 million settlement. The e-commerce giant was ordered to pay out for failing to delete childrens data collected by Alexa, in direct violation the U.S. Childrens Online Privacy Protection Act (COPPA). The company is also barred from using this illegally harvested data for business needs — in particular training algorithms. And its long been an open secret that other voice assistant vendors also collect user interaction data: heres the lowdown on Apple and Google. Now and then, these recordings are listened to by living people — to solve technical issues, train new algorithms, and so on. But are they used to target ads? Some studies confirm such practices on the part of Google and Amazon, although its more a case of using voice search or purchase history rather than constant eavesdropping. As for Apple, there was no link between ads and Siri in any study. We did not find a study devoted to smart TV voice commands, but it has long been known that smart TVs collect detailed information about what users watch — including video data from external sources (Blue-ray Disc player, computer, and so on). It cant be ruled out that voice interactions with the built-in assistant are also used more extensively than one might like. Special case: spyware True smartphone eavesdropping also occurs, of course, but here its not about mass surveillance for advertising purposes but targeted spying on a specific victim. There are many documented cases of such surveillance — the perpetrators of which can be jealous spouses, business competitors, and even bona fide intelligence agencies. But such eavesdropping requires malware to be installed on the victims smartphone — and often, thanks to vulnerabilities, this can happen without any action whatsoever on the part of the target. Once a smartphone is infected, the attackers options are virtually limitless. We have a string of posts dedicated to such cases: read about stalkerware, infected messenger mods, and, of course, the epic saga of our discovery of Triangulation, perhaps the most sophisticated Trojan for Apple devices there has ever been. In the face of such threats, caution alone wont suffice — targeted measures are needed to keep your smartphone safe, which include installing a reliable protection solution. How to guard against eavesdropping Disable microphone permission on smartphones and tablets for all apps that dont need it. In modern versions of mobile operating systems, in the same place under permissions and privacy management, you can see which apps used your phones microphone (and other sensors) and when. Make sure theres nothing suspicious or unexpected in this list. Control which apps have access to the microphone on your computer — the permission settings in the latest versions of Windows and macOS are much the same as on smartphones. And install reliable protection on your computer to prevent snooping through malware. Consider turning off the voice assistant. Although it doesnt listen in continuously, some unwanted snippets may end up in the recordings of your conversations with it. If youre worried that the voices of your friends, family, or coworkers might get onto the servers of global corporations, use keyboards, mice, and touchscreens instead. Turn off voice control on your TV. To make it easier to input names, connect a compact wireless keyboard to your smart TV. Kiss smart speakers goodbye. For those who like to play music through speakers while checking recipes and chopping vegetables, this is the hardest tip to follow. But a smart speaker is pretty much the only gadget capable of eavesdropping on you that really does it all the time. So, you either have to live with that fact — or power them up only when youre chopping vegetables.

image for Sodexo Hit by Cybera ...

 Firewall Daily

The hacktivist group ‘R00TK1T ISC CYBER TEAM’ has claimed responsibility for a cyberattack on Sodexo S.A., specifically targeting its South African branch. The Sodexo cyberattack unfolded on January 15, 2024, on the dark web portal operated by the threat actor, revealing a disturbing breach that puts   show more ...

Sodexo’s digital assets, source code repositories, and employee information allegedly at risk. R00TK1T ISC CYBER TEAM Alleges Cyberattack on Sodexo The R00TK1T ISC CYBER TEAM hacker group, known for its relentless cyber activities, shared compelling evidence of their intrusion, including screenshots displaying access to Sodexo’s internal dashboards. These visuals showcased a hoard of sensitive information, urging concerns about the potential fallout. Additionally, the group has announced its intention to leak source code repositories belonging to Sodexo, raising the stakes for the French company. Source: Twitter In a message posted by the threat actor, R00TK1T ISC CYBER TEAM declared their resurgence and hinted at an impending storm. The group emphasized their dedication to chaos, disruption, and mayhem, with France becoming the focal point of their wrath. Sodexo, unwittingly caught in the crossfire, now faces the alleged consequences of aligning with R00TK1T. The threat actor’s warning resonates: no system is safe, no government is untouchable, and the power of R00TK1T knows no bounds. The R00TK1T ISC CYBER TEAM Mayhem The primary victim of this cyber onslaught is Sodexo S.A., a prominent French company specializing in food services and facilities management. The impact of the attack reverberated across France, affecting not only Sodexo but also causing ripples throughout Europe and the UK. The Cyber Express sought clarification from Sodexo regarding the cyberattack claims. However, as of the time of writing, no official statement or response has been received from the French organization. Despite the seriousness of the allegations, Sodexo’s website appears to be operational, showing no visible signs of the reported cyberattack. The claims made by R00TK1T ISC CYBER TEAM remain unverified, leaving room for uncertainty about the extent of the Sodexo data breach. The potential leakage of source code repositories poses a significant risk, not only to Sodexo but also to the broader cybersecurity ecosystem. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the Sodexo data breach, including any official communication from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BianLian Ransomware ...

 Firewall Daily

The BianLian ransomware group has added Northeast Spine and Sports Medicine to its list of victims. However, the hacking group has not disclosed any additional details regarding the cyberattack on Northeast Spine and Sports Medicine like the motive behind the attack or the extent of the potential data breach.   show more ...

Northeast Spine and Sports Medicine is a prominent multi-specialty medical group based in New Jersey, specializing in a wide range of healthcare services, including orthopedic surgery, neurosurgery, pain management, sports medicine, chiropractic, physical and occupational therapy, acupuncture, and massage. Cyberattack on Northeast Spine and Sports Medicine: In Detail The cyberattack on Northeast Spine and Sports Medicine occurred on January 15, 2024, at 08:47 UTC +3 as per the ThreatMon Advanced Ransomware Monitoring forum. Intriguingly, upon accessing the medical group’s official website, it was found to be fully functional, raising doubts about the authenticity of the ransomware group’s claims. To verify the legitimacy of the cyberattack on Northeast Spine and Sports Medicine, The Cyber Express has reached out to Northeast Spine and Sports Medicine officials for clarification and additional information. As of the time of writing this report, no official statement or response has been received from the targeted medical group. Source: Twitter If the ransomware group’s claim of cyberattack on Northeast Spine and Sports Medicine is proven true, the implications could be far-reaching, considering the sensitive nature of healthcare data and the potential compromise of patient information. Healthcare Sector in the Crosshairs The healthcare sector has increasingly become a favored target for hackers, with incidents of ransomware attacks on medical institutions becoming alarmingly common. In notable cases from 2023, Norton Healthcare, a nonprofit healthcare institution based in Kentucky, fell victim to a ransomware attack that exposed the personal information of millions of patients and staff members. Norton Healthcare reported that during the ransomware assault in May, hackers gained access to the private information of approximately 2.5 million patients, as well as staff and their dependents. Similarly, McLaren Health Care Corporation, based in Grand Blanc, Michigan, acknowledged falling victim to a ransomware attack in the same year. As a fully integrated healthcare delivery system with a total value of US$6.6 billion, McLaren Health Care Corporation operates more than 13 healthcare centers across the Michigan region. CISA Steps In In response to the increasing cybersecurity threats faced by the healthcare sector, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a 25-page mitigation guide specifically tailored for the healthcare and public health (HPH) sector. The guide aims to address and tackle widespread cyber threats within the industry. It aligns CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) with the 405(d) Health Industry Cybersecurity Practices (HCIP): Managing Threats and Protecting Patients guidance, jointly published by the Department of Health and Human Services (HHS) and the Health Sector Coordinating Council (HSCC). A Call for Vigilance The healthcare industry remains vulnerable to cyber threats, and these recent incidents highlight the urgent need for enhanced cybersecurity measures to safeguard patient data and ensure the uninterrupted delivery of medical services. As investigations continue into the Northeast Spine and Sports Medicine cyberattack, the broader healthcare community must remain vigilant in the face of evolving cyber threats. The Cyber Express will continue to monitor developments in this situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LulzSec France and M ...

 Dark Web News

In an alarming announcement, the notorious hacking groups LulzSec France and Moroccan Black Cyber Army have declared a collaborative effort targeted at Denmark. The revelation about LulzSec and Moroccan Black Cyber Army surfaced when an image bearing the logos of both groups alongside their respective national flags   show more ...

and a handshake emoji was posted on the X platform. The ominous message, “LulzSec X Moroccan Black Cyber Army against Denmark,” accompanied the shared image, signaling a concerning alliance between the two cyber threats. Source: DailyDarkWeb Days before this announcement, LulzSec took to their X handle with a warning: “Denmark, get ready, LulzSec France is coming…” Source: Twitter Who is LulzSec France? LulzSec France, a Twitter account established in January 2024, boasts a bio that humorously states, “Laughing at your security since 2011.” The group gained notoriety in 2011 for a series of high-profile cyber-attacks on government agencies and major corporations. The name “LulzSec” is derived from “lulz” (laughs) and “security.” The group employed various attack types, including denial-of-service attacks, SQL injections, cross-site scripting (XSS), and remote file inclusion (RFI) attacks. In 2011, LulzSec infiltrated government and private networks, exposing terabytes of confidential data and temporarily shutting down the CIA website. Although several LulzSec members were arrested and charged in 2013, their impact lingered for eight months before the group publicly disbanded, citing boredom as the reason. LulzSec and Moroccan Black Cyber Army: Why Target Denmark? The motive behind targeting Denmark remains unclear at this point. LulzSec France and the Moroccan Black Cyber Army have not provided specific reasons for their collaboration against the Scandinavian nation. Denmark, known for its technological advancements and cybersecurity measures, might be seen as a high-profile target by these hacking groups. Collaborative announcements among hacker groups are not unprecedented. Recently, Beregini, a shadowy hacking group, officially integrated Killmilk, the former leader of the pro-Russian cybercrime group Killnet, into its ranks. This announcement was accompanied by a flashy video featuring cyberattack maps and a focus on Killmilk’s story. The video suggests a complex narrative, portraying Killmilk on the brink of arrest, only to be allegedly saved by Beregini. This twist raises questions about Beregini’s potential association with Russian intelligence or its role in facilitating Killmilk’s relocation to Ukraine. Alternatively, the entire scenario may be a dramatization for unknown reasons. Source: Twitter Regardless, this collaboration strengthens Killmilk’s credibility under the banner of Beregini, positioning him as part of a seemingly more advanced entity than Killnet. As cyber threats evolve, the intricate dynamics between hacking groups continue to unfold, posing challenges for cybersecurity experts and organizations worldwide. To Wrap Up The collaboration between LulzSec and the Moroccan Black Cyber Army against Denmark raises serious concerns in the cybersecurity landscape. As history has shown, such alliances can lead to significant cyber threats with far-reaching consequences. The international community, security agencies, and organizations must remain vigilant and reinforce cybersecurity measures to counter these evolving and sophisticated cyber threats. The Cyber Express will continue monitoring this situation for further developments. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit Ransomware S ...

 Firewall Daily

LockBit ransomware group has marked its presence on the dark web portal by adding two new victims to its roster – Maisons de l’Avenir in France and Shinwa Co in Japan. The threat actors have issued a stern deadline for their demands, set for February 4, 2024. While the ransomware group remains tight-lipped   show more ...

about the motive behind the attacks or the extent of the data breach, a growing concern arises due to the disparate geographical locations of the targeted companies. Maisons de l’Avenir, a reputable house builder with over 60 years of experience in Brittany and Loire-Atlantique, and Shinwa Co Ltd, a Japan-based manufacturing company specializing in production equipment and materials, find themselves under the ominous shadow of the LockBit ransomware. In Detail: Maisons de l’Avenir cyberattack and Shinwa Co cyberattack A looming threat accompanies the Maisons de l’Avenir and Shinwa Co cyberattacks as LockBit ransomware has set a deadline of February 4, 2024, adding a sense of urgency to the situation. Despite the bold ransomware attack claims on the dark web, both Maisons de l’Avenir and Shinwa Co’s websites were found to be fully functional upon inspection. This discrepancy raises doubts about the authenticity of the LockBit ransomware assertions. If the Maisons de l’Avenir cyberattack and Shinwa Co cyberattack claims are validated, the implications of this could extend far beyond the immediate disruption. Source: Twitter Source: Twitter LockBit Ransomware: Echoes of Past Attacks The ransomware group is notorious for its double extortion tactics, involving the encryption of victim data and threats to leak sensitive information unless exorbitant ransom demands are met. The modus operandi of this group has been consistent, causing concern among cybersecurity experts globally. The Cyber Express has initiated contact with officials for clarification and additional information regarding the alleged data breach. As of now, there has been no official statement or response from the targeted companies, leaving the situation shrouded in uncertainty. This recent cyberattack follows LockBit’s alleged involvement in cyberattacks against prominent entities in December 2023. The Taiwan-based MIRLE Group, specializing in intelligent automation solutions, and the US-based healthcare device manufacturer, LivaNova PLC, were purportedly targeted by the ransomware group. Both incidents were accompanied by threats to expose sensitive data; however, the claims remained unverified at the time. As the cybersecurity landscape continues to evolve, these incidents highlight the urgent need for organizations to enhance their defenses and collaborate on a global scale to thwart the ever-growing threats posed by cybercriminals. The international community remains vigilant, awaiting further developments in this latest chapter of cyber warfare. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Breaches and Incidents

The LockBit ransomware group has targeted two new victims, Maisons de l’Avenir in France and Shinwa Co in Japan, with a deadline set for February 4, 2024, raising concerns due to the disparate geographical locations of the targeted companies.

 Trends, Reports, Analysis

The surge in activity was attributed to the use of cheap or free cloud and hosting servers by attackers to create botnet launch pads. These new botnets focused on scanning global internet ports and showed signs of potential email server exploits.

 Breaches and Incidents

The threat actor 'wangfei19860902055' advertised the sale of a database related to Government Employees Insurance Company (GEICO) on the dark web, containing 552,900 records with personal information. GEICO has not officially confirmed the breach.

 Incident Response, Learnings

The U.S. Secret Service executed a seizure warrant to recover $34,000 stolen through a fake Norton antivirus renewal email scam. The scam tricked victims into granting remote access to their computers, and then transferring money from their accounts.

 Expert Blogs and Opinion

OAuth attacks are on the rise, and organizations must implement strong access controls, fortify identity security for user accounts, and monitor third-party app activity to prevent unauthorized access to SaaS resources.

 Incident Response, Learnings

A cloud services firm returned patient data stolen in a ransomware attack by the LockBit gang to a New York hospital alliance. The hospitals had sued LockBit as a legal maneuver to force the storage firm to return the data.

 Expert Blogs and Opinion

The evolution of phishing techniques, including the use of advanced AI-driven tools, has led to a surge in highly personalized and convincing phishing attacks, posing a significant challenge to traditional email security solutions.

 Feed

Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.

 Feed

Gentoo Linux Security Advisory 202401-19 - Multiple vulnerabilities have been found in Opera, the worst of which can lead to remote code execution. Versions greater than or equal to 73.0.3856.284 are affected.

 Feed

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

 Feed

Ubuntu Security Notice 6579-2 - USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing   show more ...

external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 6583-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.44 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information:

 Feed

Ubuntu Security Notice 6585-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and   show more ...

features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

 Feed

Ubuntu Security Notice 6584-1 - Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.   show more ...

It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

 Feed

Ubuntu Security Notice 6581-1 - It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered   show more ...

that GNU binutils incorrectly handled memory management operations in several of its functions, which could lead to excessive memory consumption due to memory leaks. An attacker could possibly use these issues to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-0255-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0252-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and cross site request forgery vulnerabilities.

 Feed

Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

 Feed

Ubuntu Security Notice 6580-1 - It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

 Firewall Daily

At the World CyberCon event in Mumbai, The Cyber Express had the privilege of sitting down with advocate Puneet Bhasin, a distinguished figure in the field of cyber laws and data protection. Founder of Cyberjure Legal Consulting, advocate Bhasin is a pioneer in cyber laws in India, recognized as the Best Cyber Lawyer   show more ...

in the country, and a recipient of numerous national awards for her contributions in the realm of cyber laws. In the candid interview, Advocate Bhasin shared her insights into the cybersecurity domain and the necessary legal framework. Cybersecurity Landscape and Legal Evolution Reflecting on the dynamic nature of technology, she acknowledged the challenge of keeping laws up-to-date. Advocate Bhasin mentioned the ongoing discussions about the Digital India Act, anticipating deliberations post-elections. She emphasized the importance of understanding and adhering to existing laws, particularly the Data Protection Act. “It is quite difficult for a law to remain 100% up to date, especially in a technological era where everything is constantly changing,” quoted Bhasin. Puneet Bhasin Predicting Cybersecurity Trends for 2024 Advocate Bhasin delved into her predictions for cybersecurity trends in the upcoming year, pointing towards the rise of AI-based frauds. She expressed concerns about the increasing use of AI in cybercrimes, making them more convincing and challenging to combat. For organizations, the persistent targeting of Indian entities, especially in the financial sector, was highlighted as a continuing trend. “I predict there will be more AI-based frauds. So, whether it would be with respect to voice or morphing of photos, AI tends to make them more convincing,” added Bhasin. Addressing Data Breaches and Legal Remedies Discussing recent data breaches in India, including the Aadhaar card and Taj Hotels incidents, Bhasin emphasized the importance of the existing legal framework. She outlined the remedies available under the Data Protection Act for unauthorized access, compensation, and legal action against organizations failing to protect data. The three-pronged approach provides individuals with ample recourse for justice. “The law in India is already there. Now, organizations need to take all the requisite steps, and there are penal schemes in place for prosecution,” explained Bhasin. Role of Awareness in Cybersecurity Advocate Puneet Bhasin shed light on the role of awareness in cybersecurity, acknowledging that most organizations are aware of the implications of a data breach. However, she stressed the need for increased budget allocations towards the implementation of cybersecurity measures. Bhasin highlighted that penalties, as outlined in the Data Protection Act, would likely drive organizations to prioritize cybersecurity investments. According to Bhasin, “The only time when actual steps will start is when the penalization starts. When there are penalties to the tune of 150 crores, 50 crores, is when automatically that awareness and compliance will rise.” Future of Cyber Laws Looking ahead to 2024, advocate Puneet Bhasin envisioned a significant shift in organizational practices towards privacy. With the enactment of the Data Protection Act, compliance and prosecution will become active, requiring organizations to align their business practices with privacy considerations. She emphasized the adoption of multiple cybersecurity tools and a proactive approach to data security. “It will become privacy by design for organizations, hopefully by the year 2024,” emphazied Bhasin. Training Employees on Cyber Laws In addressing the importance of training employees on cyber laws, advocate Bhasin emphasized the need for simplified modules that educate individuals not only on cyber hygiene but also on the legal implications of their actions. She highlighted the significance of understanding the legal regime in straightforward terms to ensure employees take it seriously.  “There should be small modules where employees are taught about cyber hygiene and the implications of their acts,” concluded Bhasin. Advocate Puneet Bhasin’s extensive expertise and foresight provide valuable insights into the current state and future trajectory of cybersecurity laws. As technology continues to advance, her guidance serves as a beacon for organizations navigating the complex intersection of technology, law, and privacy.

 Feed

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also

 Feed

The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions,”

 Feed

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security

 Feed

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here. As a child,

 Feed

The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the

 Cyber Security News

Source: thehackernews.com – Author: . The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases. Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a   show more ...

teaser—2023 roared back with […] La entrada 3 Ransomware Group Newcomers to Watch in 2024 – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 15, 2024NewsroomVulnerability / Browser Security Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code   show more ...

execution vulnerability has been codenamed MyFlaw by the Guardio Labs […] La entrada Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

The Evolving World of Software Development In the dynamic realm of software development, integrating security into the development process has become a paramount concern. This introductory section sets the stage for the journey through the DevSecOps Maturity Model, a framework that blends development, security, and   show more ...

operations into a cohesive and efficient workflow. The paragraph emphasizes […] La entrada Devsecops Security Model se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

La entrada DevSecOps Scenarios se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

In the fast-paced world of software development, ensuring the security and reliability of applications is a top priority. DevSecOps, an extension of the DevOps philosophy, integrates security practices into the software development lifecycle. This approach brings development, security, and operations teams together,   show more ...

ensuring that security is not an afterthought but an integral part of the […] La entrada DevSecOps Pipelines se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - Da

CHALLENGEIn our data-driven world, organizations must prioritize cybersecurity as part of their business risk management strategy. Specifically, data security remains a challenge as attacks against an organization’s data can compromise emails, employee records, financial records, and customer information thereby   show more ...

impacting business operations, revenue, and reputation. In the event of a data breach, data confidentiality can […] La entrada Identifying and Protecting Assets Against Data Breaches se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 blackmail

Source: www.bitdefender.com – Author: Graham Cluley Hundreds of pet owners across the UK have reported that they have received blackmail threats from scammers who claim to have found their lost pooches and missing moggies. As BBC News reports, fraudsters are combing online forums where desperate owners post   show more ...

messages about their lost pets, and then demand […] La entrada Heartless scammers prey on hundreds of lost pet owners, demanding ransoms or else… – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.tripwire.com – Author: Graham Cluley A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for   show more ...

attackers to reset the plugin’s authentication API […] La entrada Critical flaw found in WordPress plugin used on over 300,000 websites – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber breach

Source: www.cybertalk.org – Author: slandau By Rupal Hollenbeck, President, Check Point With cyber attacks rising and trust in institutions declining, having a cyber security resilience plan is essential for business Consolidating fragmented cyber security systems is the key preventative strategy Strong   show more ...

communications with customers is equally important in the aftermath to re-establish trust The last […] La entrada How to rebuild trust after a cyber security breach – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices   show more ...

are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656, that could potentially lead to remote code […] La entrada Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Phemedrone info stealer campaign exploits Windows smartScreen bypass Threat actors exploit a recent Windows SmartScreen bypass flaw CVE-2023-36025 to deliver the Phemedrone info stealer. Trend Micro researchers uncovered a malware campaign exploiting the   show more ...

vulnerability CVE-2023-36025 (CVSS score 8.8) to deploy a previously unknown strain of the malware dubbed Phemedrone Stealer. The […] La entrada Phemedrone info stealer campaign exploits Windows smartScreen bypass – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Balada injector

Source: securityaffairs.com – Author: Pierluigi Paganini Balada Injector continues to infect thousands of WordPress sites Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. In September, Sucuri researchers reported that more than 17,000   show more ...

WordPress websites had been compromised in September with the Balada Injector. The researchers noticed […] La entrada Balada Injector continues to infect thousands of WordPress sites – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apache Hadoop

Source: securityaffairs.com – Author: Pierluigi Paganini Attackers target Apache Hadoop and Flink to deliver cryptominers Researchers devised a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners. Cybersecurity researchers from cyber security firm Aqua have   show more ...

uncovered a new attack targeting Apache Hadoop and Flink applications. The attacks exploit misconfigurations in […] La entrada Attackers target Apache Hadoop and Flink to deliver cryptominers – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - SOC Op

In the dynamic landscape of cybersecurity, the pivotal role of Security Operations Center (SOC) Analysts stands out as a fundamental pillar for safeguarding organizations against the escalating cyber threats. This document focuses on the key fundamentals that every SOC analyst should grasp in the realm of networks.   show more ...

An organization’s network infrastructure serves as the central […] La entrada SOC ANALYST SERIES se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Threat

The National Cyber Security Strategy 2016-2021 details the UK government’s investment in cyber security, with the vision for 2021 that the UK will be secure and resilient to cyber threats while prosperous and confident in the digital world. To achieve this, government departments are currently investing in   show more ...

improvements to their own cyber security to meet […] La entrada Detecting the Unknown: A Guide to Threat Hunting se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Threat

Proactive methods for dealing with cyber threats are growing along with the complexity of malware. Malware has an infrastructure that supports its operation. This infrastructure includes servers, domains, IP addresses, and other components that allow malware to communicate and carry out malicious activities. Malware   show more ...

infrastructure analysis is key to understanding and combating these threats. Malware […] La entrada THREAT HUNTING MALWARE INFRASTRUCTURE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

Source: www.darkreading.com – Author: Joshua Goldfarb Source: winter via Alamy Stock Photo As the saying goes, “little kids, little problems; big kids, big problems.” Indeed, as children grow, the complexity of the problems and challenges they encounter grows significantly, as does the seriousness   show more ...

of the advice and solutions they need. I’d like to examine how […] La entrada As Enterprise Cloud Grows, So Do Challenges – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Capital

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: PeachShutterStock via Shutterstock Consolidation in the cloud security market is off to a strong start in 2024. On Jan. 9, privileged access management firm Delinea announced that it had acquired Authomize, a maker of tools to   show more ...

detect and respond to identity-based threats in the cloud. The […] La entrada Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt Geez it’s nice to be back in Oslo! This city has such a special place in my heart for so many reasons, not least of which by virtue of being Charlotte’s home town we have so many friends and family here. Add in NDC Security this week with so […] La   show more ...

entrada Weekly Update 382 – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cookie

Source: thehackernews.com – Author: . Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex,   show more ...

mistakes can happen, and non-compliance fines can be just […] La entrada Case Study: The Cookie Privacy Monster in Big Global Retail – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 16, 2024NewsroomCryptocurrency / Cyber Threat The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing pages to lure   show more ...

unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that […] La entrada Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 16, 2024NewsroomCryptocurrency / Windows Security Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data   show more ...

from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter […] La entrada Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple iOS

Source: securelist.com – Author: Maher Yamout Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden   show more ...

mechanisms of iOS malware previously shrouded in […] La entrada A lightweight method to detect potential iOS malware – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.govinfosecurity.com – Author: 1 Endpoint Security , Internet of Things Security Bitdefender Finds Vulnerability in Popular IoT Device Prajeet Nair (@prajeetspeaks) , David Perera (@daveperera) • January 15, 2024     Bosch sent an over-the-air firmware update for smart thermostats in October   show more ...

after Bitdefender found a critical flaw. (Image: Shutterstock) Thermostats sold across the […] La entrada Researchers Spot Critical Security Flaw in Bosch Thermostats – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 3rd Party Risk Management , Governance & Risk Management , Government Pentagon Warns Failure to Modernize Defense Industrial Base Will Hinder US Globally Chris Riotta (@chrisriotta) • January 15, 2024     The U.S. Department of Defense wants improved supply   show more ...

chain cybersecurity. (Image: Shutterstock) The Pentagon says a failure to […] La entrada DOD Unveils First-Ever National Defense Industrial Strategy – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Christina Hausman Product Marketing Manager Security Christina Hausman has over 20 years of expertise in product management, marketing, sales & partner enablement for Cisco’s security portfolio, including Workload Security, Cloud and Data center security,   show more ...

Network and endpoint security, Network management, DLP, NAC, SIEM, Compliance,. She has an MBA from Boston […] La entrada Webinar | Empower Agile Government Transformation with Cloud-Native Cybersecurity – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Fraud Management & Cybercrime , Healthcare , Industry Specific Report to State Regulators Indicates Big Jump in Number of Patients Affected Marianne Kolbasuk McGee (HealthInfoSec) • January 15, 2024     Singing River Health System was hit by a ransomware   show more ...

attack last August that has compromised the information of nearly […] La entrada Mississippi Health System Ransomware Attack Affects 253,000 – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

Source: www.govinfosecurity.com – Author: 1 Fraud Management & Cybercrime , Governance & Risk Management , Healthcare Alliance Had Sued LockBit Gang to Force Cloud Firm to Release Affected Patient Data Marianne Kolbasuk McGee (HealthInfoSec) • January 15, 2024     Carthage Area Hospital,   show more ...

Claxton-Hepburn Medical Center and North Country Orthopaedic Group sued LockBit as a […] La entrada Exclusive: Cloud Vendor Returns Stolen Hospital Data – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Cybersecurity experts have uncovered the active exploitation of CVE-2023-36025, which also led to the dissemination of a new strain of malware called Phemedrone Stealer.  This malware explicitly targets web browsers and collects data from cryptocurrency wallets   show more ...

and messaging applications like Telegram, Steam and Discord.  Additionally, Phemedrone gathers system information, including […] La entrada Phemedrone Stealer Targets Windows Defender Flaw Despite Patch – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Kaspersky’s Global Research and Analysis Team (GReAT) has unveiled a new, lightweight method to detect sophisticated iOS spyware, including notorious threats like Pegasus, Reign and Predator. Writing in an advisory published today, the researchers said they   show more ...

focused on analyzing the previously overlooked forensic artifact, Shutdown.log, which is stored within the […] La entrada New Tool Identifies Pegasus and Other iOS Spyware – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Tuesday, January 16
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch