Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Surge in Telecommuni ...

 Firewall Daily

UAE-based satellite service provider Thuraya Telecommunications found itself at the center of an alleged cyberattack orchestrated by the notorious hacking group, Anonymous Sudan. The group claimed responsibility for a cyberattack on Thuraya, the largest international mobile satellite service provider based in the   show more ...

United Arab Emirates. Source: Twitter This incident comes amid a spate of cyberattacks on telecommunications organizations, pointing to a growing trend. In a separate incident, a cyber-espionage group with ties to Iran’s intelligence service targeted telecommunications companies in Egypt, Sudan, and Tanzania. This marks a significant shift for the group known as MuddyWater, which had previously focused its operations primarily in the Middle East.  Cyberattacks on Telecommunications Organizations Source: Twitter Moreover, several hacker groups are targeting Africa and may be linked to geopolitical events, particularly the conflict between Israel and the Palestinian group Hamas. While there is no evidence of data theft in these recent attacks, the motive appears to be centered around espionage or the possibility of disruption attacks. In a bid to understand the scope and impact of the Thuraya Telecommunications cyberattack, The Cyber Express reached out to the telecommunication provider. However, at the time of writing this, no official statement or response has been received, leaving the claims unverified. The wave of cyber threats extends beyond Thuraya, touching various corners of the telecommunications industry globally. Recent incidents include the sale of Celcom’s source code, Malaysia’s oldest mobile telecommunications provider, by a threat actor for $4000.  TRAI to Implement Strict Measures The Spanish unit of Orange, a telecommunications giant, also faced a cyberattack leading to disruptions in internet services in early January. Orange addressed concerns through its official account on Twitter, as users from different networks reported connectivity issues. Source: Twitter The global telecommunications space witnessed another blow with Kyivstar, Ukraine’s largest telecommunications company, falling victim to a cyberattack, resulting in widespread disruptions to phone and internet services. In response to the escalating threats, the Telecom Regulatory Authority of India (TRAI) is considering a significant cybersecurity reformation. The Ministry of Defence has been called upon to collaborate in drafting policies and regulations for the telecommunications space, particularly concerning the use of Artificial Intelligence (AI) for handling big data. This move aims to ensure robust security measures, safeguarding the vast amounts of user data processed by TRAI and preventing catastrophic privacy breaches. As the telecommunications sector grapples with an increasing number of cyber threats, the need for enhanced security measures, global collaboration, and proactive responses becomes imperative.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Australia Reels from ...

 Firewall Daily

In the wake of a coordinated cyberattacks on Australia, Prime Minister Anthony Albanese has labeled the incident a ‘scourge,’ vowing to explore all possible measures to safeguard businesses from such scams. These cyberattacks on Australia, which took place in November last year, affected well-known   show more ...

entities such as Dan Murphy’s, Event Cinemas, and Guzman Y Gomez, resulting in the unauthorized access of over 15,000 customer accounts. Cybercriminals, operating with fraudulent intent, obtained login details from overseas counterparts and proceeded to make unauthorized online purchases, leaving thousands of unsuspecting customers vulnerable. The impacted individuals in these cyberattacks either had their credit card details saved on company websites or possessed gift cards and store credit for online transactions. PM Anthony Albanese Takes Lead on Cyberattacks on Australia Source: Aurora7448781 on X Addressing the severity of the situation, Prime Minister Albanese emphasized the magnitude of cybercrime as a genuine threat to Australia’s economic security, reported Yahoo News. He expressed concern for the numerous individuals who had fallen victim to the attack despite acting in good faith, emphasizing the need for robust protection measures. A spokesperson for Dan Murphy’s reported that less than 100 customer accounts were impacted, attributing the fraudulent transactions to email and password combinations obtained through third-party breaches. The company has taken immediate action, working closely with affected customers while continuing investigations to ensure the ongoing security of their systems and customer information. Event Cinemas and Guzman Y Gomez, both targeted in these cyber attacks on Australia, are yet to provide comments on the incident. Binge, initially named in connection with the attack, clarified that its customers remain unaffected by credit card scams, Kasada founder Sam Crowther told the SMH. The streaming service assured that credit card details are managed off-platform, with comprehensive cybersecurity systems in place to monitor and mitigate potential risks. Australia to Implement New Laws to Fight Cybercrime  The Iconic, a major online retailer, was also impacted by the scheme and has committed to refunding customers whose accounts were exploited for fraudulent orders. To fight the ongoing cyberattacks on Australia, The Australian government revealed its 2023-2030 Cyber Security Strategy on November 22, 2023, to position Australia as a global cybersecurity leader by 2030. Centered on six cyber shields, the strategy prioritizes the security of businesses and citizens, safe technology, world-class threat sharing, protected critical infrastructure, sovereign capabilities, and global resilience.  A commitment of A$586.9 million has been allocated to the strategy, including A$290.8 million for initiatives supporting small and medium businesses, enhancing public awareness, combating cybercrime, disrupting the ransomware business model, and fortifying Australians’ identity security. The accompanying Action Plan outlines key initiatives for the next two years, focusing on strengthening foundational cybersecurity through collaboration between industry and government. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Pastelería Mozart D ...

 Firewall Daily

A threat actor claims to have leaked sensitive data from the renowned Pastelería Mozart, a well-established bakery in Santiago de Chile since 1967. The Pastelería Mozart data breach, allegedly orchestrated by an entity known as Ynnian, has exposed a large amount of information, totaling 10,870,524 lines of data. The   show more ...

leaked details include names, email addresses, phone numbers, passwords, dates of birth, and more. Ynnian, a hacker group, posted on the dark web on Wednesday, January 10, 2024, at 10:41 PM, implying a significant data breach at Pastelería Mozart. This renowned bakery, established in 1967 and employing about 95 staff across two locations, is known for its high-quality bakery products. Pastelería Mozart Data Breach on the Dark Web Source: Twitter According to the post, the leaked data dates back to the year 2023, with a file size of 990MB in SQL format, compressed to 73MB in 7Zip. The compromised information encompasses a range of personal details, posing a potential threat to the privacy and security of Pastelería Mozart’s customers. The leaked data includes critical identifiers such as names, email addresses, phone numbers, passwords, and dates of birth. Pastelería Mozart’s website, https://www.mozart.cl/, is mentioned in the post, raising concerns about the extent of the cyberattack on the bakery’s digital infrastructure. The Cyber Express has reached out to Pastelería Mozart for an official statement regarding the alleged data breach. However, at the time of writing, no response or official communication has been received from the affected organization. The lack of an official statement leaves the claims of the Pastelería Mozart data breach unverified. What’s Next for Pastelería Mozart? Customers and stakeholders are urged to remain vigilant and take necessary precautions in light of this Pastelería Mozart data breach incident. The potential impact of the data breach on individuals associated with Pastelería Mozart highlights the need for heightened cybersecurity measures in an era where cyber threats continue to evolve. As the situation unfolds, Pastelería Mozart needs to address the concerns raised by this alleged cyberattack and take appropriate steps to secure its digital infrastructure. TCE will be closely monitoring the situation and we’ll update this post once we have more information on the alleged attack or any official response from the bakery.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for What cybersecurity t ...

 Special Projects

In the era of modern technology, the age at which children are introduced to the digital world and technology is increasingly lower. This digital experience, however, can be marred by potential risks lurking online. As technology continues to advance, the tactics and strategies used by cybercriminals to target and   show more ...

exploit young internet users are also evolving. Therefore, its crucial for parents to stay informed about the latest cybersecurity threats targeting kids to better protect them from potential harm. In this post, me and my colleague Anna Larkina will explore some of the key cybersecurity trends that parents should be aware of and provide tips on how to safeguard their childrens online activities. Children will increasingly use AI tools that, so far, are not ready to provide the necessary level of cybersecurity and age-appropriate content AI is continuing to revolutionize various industries, and its daily use ranges from chatbots to AI wearables, personalized online shopping recommendations, and other common uses. Of course, such global trends do not bypass the interest and curiosity of children, who can use AI tools to do their homework or simply chat with AI-enabled chatbots. According to a UN study, about 80 percent of youth claimed that they interact with AI multiple times a day. However, AI applications can pose numerous risks to young users involving data privacy loss, cyberthreats, and inappropriate content. With the development of AI, numerous little-known applications have emerged with seemingly harmless features, such as uploading a photo to receive a modified version — whether it be an anime-style image or simple retouching. However, when adults, let alone children, upload their images to such applications, they never know in which databases their photos will ultimately remain and whether they will be used further. Even if your child decides to play with such an application, it is essential to use them extremely cautiously and ensure that there is no personal information that may identify the childs identity — such as names, combined with addresses, or similar sensitive data — in the background of the photo, or consider avoiding such applications altogether. Moreover, AI apps – chatbots in particular – can easily provide age-inappropriate content when prompted. This poses a heightened risk as teenagers might feel more comfortable sharing personal information with the chatbot than with their real-life acquaintances, as evidenced by instances where the chatbot gave advice on masking the smell of alcohol and pot to a user claiming to be 15. On an even more inappropriate level, there are a multitude of AI chatbots that are specifically designed to provide an erotic experience. Although some require a form of age verification, this is a dangerous trend, as some children might opt to lie about their age and the prevention, in cases like this, is insufficient. It is estimated that on Facebook Messenger alone, there are over 300,000 chatbots in operation. However, not all of them are safe and may carry various risks, like the ones mentioned earlier. Therefore, it is extremely important to discuss with children the importance of privacy and the dangers of oversharing, as well as talking to them about their online experiences regularly. It also reiterates the significance of establishing a trusting relationship with the child. This will ensure that the child feels comfortable asking their parents for advice rather than turning to a chatbot for guidance. The growth of malicious actors attacks on young gamers According to statistics, 91 percent of children in UK aged 3-15 play games on any device. The vast gaming world is open to them, also making them vulnerable to cybercriminals attacks. For instance, in 2022, our security solutions detected more than 7 million attacks relating to popular childrens games, resulting in a 57 percent increase in attempted attacks compared to the previous year. The top childrens games by the number of users targeted even included games for the youngest children — Poppy Playtime and Toca Life World, which are designed for children 3-8-years-old. What raises even more concerns is that sometimes children prefer to communicate with strangers on gaming platforms rather than on social media. In some games, unmoderated voice and text chats form a significant part of the experience. As more young people come online, criminals can build trust virtually, in the same way as they would entice someone in person — by offering gifts or promises of friendship. Once they lured the young victim by gaining their trust, cybercriminals obtain their personal information, suggesting they click on a phishing link, download a malicious file onto their device disguised as a game mod for Minecraft or Fortnite, or even groom them for more notorious purposes. This can be seen, in the documentary series hacker:HUNTER, co-produced by Kaspersky, as one of the episodes revealed how cybercriminals identify skilled children through online games and then groom them to carry out hacking tasks. The number of ways to interact within the gaming world is increasing to include voice chats as well as AR and VR games. Both cybersecurity and social-related threats remain particular problems in childrens gaming. Parents must remain vigilant regarding their childrens behavior and maintain open communication to address any potential threats. Identifying a threat involves observing changes, such as sudden shifts in gaming habits that may indicate a cause for concern. To keep your child safe, stopping from downloading malicious files during their gaming experience, we advise installing a trusted security solution on their device. The development of FinTech industry for kids marks the appearance of new threats An increasing number of banks are providing specialized products and services designed for children, including banking cards for kids as young as 12 years old. This gives parents an array of potential advantages, such as the ability to monitor their childs expenditures, establish daily spending limits, or remotely transfer funds for the childs pocket money. Yet, by introducing banking cards for children, the latter can become susceptible to financially motivated threat actors and vulnerable to conventional scams, such as promises of a free PlayStation 5 and other similar valuable devices after entering card details on a phishing site. Using social engineering techniques, cybercriminals might exploit childrens trust by posing as their peers and requesting card details or money transfers to their accounts. As the Fintech industry for children continues to evolve, it is crucial to educate them not only about financial literacy but also the basics of cybersecurity. To achieve this, you can read Kaspersky Cybersecurity Alphabet together with your child. It is specifically designed to explain key online safety rules in a language easily comprehensible for children. To avoid concerns about a child losing their card or sharing banking details, we recommend installing a digital NFC card on their phone instead of giving them a physical plastic card. Establish transaction confirmation with the parent, if the bank allows it. And, of course, the use of any technical solutions must be accompanied by an explanation of how to use them safely. The number of smart home threat cases, with children being potential targets, will increase In our interconnected world, an increasing number of devices, even everyday items like pet feeders, are becoming smart by connecting to the internet. However, as these devices become more sophisticated, they also become more susceptible to cyberattacks. This year, our researchers conducted a vulnerability study on a popular model of smart pet feeder. The findings revealed a number of serious security issues that could allow attackers to gain unauthorized access to the device and steal sensitive information, such as video footage, potentially turning the feeder into a surveillance tool. Despite the increasing number of threats, manufacturers are not rushing to create cyber-immune devices that preemptively prevent potential exploits of vulnerabilities. Meanwhile, the variety of different IoT devices purchased in households continues to grow. These devices are becoming the norm for children, which also means that children can become tools for cybercriminals in an attack. For instance, if a smart device becomes a fully functional surveillance tool and a child is home alone, cybercriminals could contact them through the device and request sensitive information such as their name, address, or even their parents credit card number and times when their parents are not at home. In a scenario such as this one, beyond just hacking the device, there is a risk of financial data loss or even a physical attack. As we cannot restrict children from using smart home devices, our responsibility as parents is to maximize the security of these devices. This includes at least adjusting default security settings, setting new passwords, and explaining basic cybersecurity rules to children who use IoT devices. Children will demand that their personal online space is respected As kids mature, they develop greater self-awareness, encompassing an understanding of their personal space, privacy, and sensitive data, both offline and in their online activities. The increasing accessibility of the Internet means more children are prone to become aware of this. Consequently, when a parent firmly communicates the intent to install a parenting digital app on their childs devices, not all children will take it calmly. This is why parents now require the skill to discuss their childs online experience and the importance of parenting digital apps for online safety while respecting the childs personal space. This involves establishing clear boundaries and expectations, discussing the reasons for using the app with the child. Regular check-ins are also vital, and adjustments to the restrictions should be made as the child matures and develops a sense of responsibility. Learn more in our guide on the First kids gadget, where, together with experienced child psychologist Saliha Afridi, our privacy experts analyze a series of important milestones to understand how to introduce such apps into a childs life properly and establish a meaningful dialogue about cybersecurity online. Children are eager to download apps that are unavailable in their country, but stumble upon malicious copies If some app is unavailable in the region, the user starts looking for an alternative, but this alternative is often only malicious copies. Even if they turn to official app stores like Google Play, they still run the risk of falling prey to cybercriminals. From 2020 to 2022, our researchers have found more than 190 apps infected with Harly Trojan on Google Play, which signed users up for paid services without their knowledge. A conservative estimate of the number of downloads of these apps is 4.8 million, but the actual figure of victims may be even higher. Children are not the only ones following this trend, adults are as well, which was highlighted in our latest Consumer cyberthreats predictions report as a part of the annual Kaspersky Security Bulletin. Thats why its crucial for kids and their parents to understand the fundamentals of cybersecurity. For instance, its important to pay attention to the permissions that an app requests when installing it — a simple calculator, for instance, shouldnt need access to your location or contact list. As we can see, many of the trends that are playing out in society are also affecting children, making them potential targets for attackers. This includes both the development and popularity of AI and smart homes, as well as the expansion of the world of gaming and the FinTech industry. We are convinced that protecting children from cybersecurity threats in 2024 requires proactive measures from parents. By staying informed about the latest threats and actively monitoring their childrens online activities, parents can create a safer online environment for their kids. Its crucial for parents to have open communication with their children about the potential risks they may encounter online and to enforce strict guidelines to ensure their safety. With the right tools such as Kaspersky Safe Kids, parents can effectively safeguard their children against cyber threats in the digital age. To help parents introduce their children to cybersecurity amidst the evolving threat landscape, our experts have developed the Kaspersky Cybersecurity Alphabet with key concepts from the cybersecurity industry. In this book, your kid will get to know new technologies, learn the main cyber hygiene rules, find out how to avoid online threats, and recognize fraudsters tricks. After reading this book together, youll be sure that your kid knows how to distinguish phishing website, how VPN and QR-codes work, and even what honeypots and encryption are and what role they play in modern cybersecurity. You can download the pdf version of the book or the Kaspersky Cybersecurity Alphabet poster for free and go through the basics of cybersecurity with your child, building their cybersafe future.

image for E-Crime Rapper ‘Pu ...

 A Little Sunshine

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable   show more ...

following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. Images from Punchmade Dev’s Twitter/X account show him displaying bags of cash and wearing a functional diamond-crusted payment card skimmer. Punchmade Dev’s most controversial mix — a rap called “Wire Fraud Tutorial” — was taken down by Youtube last summer for violating the site’s rules. Punchmade shared on social media that the video’s removal was prompted by YouTube receiving a legal process request from law enforcement officials. The 24-year-old rapper told reporters he wasn’t instructing people how to conduct wire fraud, but instead informing his fans on how to avoid being victims of wire fraud. However, this is difficult to discern from listening to the song, which sounds very much like a step-by-step tutorial on how to commit wire fraud. “Listen up, I’m finna show y’all how to hit a bank,” Wire Fraud Tutorial begins. “Just pay attention, this is a quick way to jug in any state. First you wanna get a bank log from a trusted site. Do your research because the information must be right.” And even though we’re talking about an individual who regularly appears in videos wearing a half-million dollars worth of custom jewelry draped around his arm and neck (including the functional diamond-encrusted payment card skimming device pictured above), there’s never been much evidence that Punchmade was actually involved in committing cybercrimes himself. Even his most vocal critics acknowledged that the whole persona could just be savvy marketing. That changed recently when Punchmade’s various video and social media accounts began promoting a new web shop that is selling stolen payment cards and identity data, as well as hacked financial accounts and software for producing counterfeit checks. Punchmade Dev’s shop. The official Punchmadedev account on Instagram links to many of the aforementioned rap videos and tutorials on cybercriming, as well as to Punchmadedev’s other profiles and websites. Among them is mainpage[.]me/punchmade, which includes the following information for “Punchmade Empire ®” -212,961 subscribers #1 source on Telegram Contact: @whopunchmade 24/7 shop: https://punchmade[.]atshop[.]io Visiting that @whopunchmade Telegram channel shows this user is promoting punchmade[.]atshop[.]io, which is currently selling hacked bank accounts and payment cards with high balances. Clicking “purchase” on the C@sh App offering, for example, shows that for $80 the buyer will receive logins to Cash App accounts with balances between $3,000 and $5,000. “If you buy this item you’ll get my full support on discord/telegram if there is a problem!,” the site promises. Purchases can be made in cryptocurrencies, and checking out prompts one to continue payment at Coinbase.com. Another item for sale, “Fullz + Linkable CC,” promises “ID Front + Back, SSN with 700+ Credit Score, and Linkable CC” or credit card. That also can be had for $80 in crypto. WHO IS PUNCHMADE DEV? Punchmade has fashioned his public persona around a collection of custom-made, diamond-covered necklaces that are as outlandish and gaudy as they are revelatory. My favorite shot from one of Punchmade’s videos features at least three of these monstrosities: One appears to be a boring old diamond and gold covered bitcoin, but the other two necklaces tell us something about where Punchmade is from: Notice the University of Kentucky logo, and the Lexington, Ky skyline. One of them includes the logo and mascot of the University of Kentucky. The other, an enormous diamond studded skyline, appears to have been designed based on the skyline in Lexington, Ky: The “About” page on Punchmade Dev’s Spotify profile describes him as “an American artist, rapper, musician, producer, director, entrepreneur, actor and investor.” “Punchmade Dev is best known for his creative ways to use technology, video gaming, and social media to build a fan base,” the profile continues. The profile explains that he launched his own record label in 2021 called Punchmade Records, where he produces his own instrumentals and edits his own music videos. A search on companies that include the name “punchmade” at the website of the Kentucky Secretary of State brings up just one record: OBN Group LLC, in Lexington, Ky. This November 2021 record includes a Certificate of Assumed Name, which shows that Punchmade LLC is the assumed name of OBN Group LLC. The president of OBN Group LLC is listed as Devon Turner. A search on the Secretary of State website for other businesses tied to Devon Turner reveals just one other record: A now-defunct entity called DevTakeFlightBeats Inc. The breach tracking service Constella Intelligence finds that Devon Turner from Lexington, Ky. used the email address obndevpayments@gmail.com. A lookup on this email at DomainTools.com shows it was used to register the domain foreverpunchmade[.]com, which is registered to a Devon Turner in Lexington, Ky. A copy of this site at archive.org indicates it once sold Punchmade Dev-branded t-shirts and other merchandise. Mr. Turner did not respond to multiple requests for comment. Searching online for Devon Turner and “Punchmade” brings up a video from @brainjuiceofficial, a YouTube channel that focuses on social media celebrities. @Brainjuiceofficial says Turner was born in October 2000, the oldest child of a single mother of five whose husband was not in the picture. Devon Turner, a.k.a. “Punchmade Dev,” in an undated photo. The video says the six-foot five Turner played basketball, track and football in high school, but that he gradually became obsessed with playing the video game NBA 2K17 and building a following of people watching him play the game competitively online. According to this brief documentary, Turner previously streamed his NBA 2K17 videos on a YouTube channel called DevTakeFlight, although he originally went by the nickname OBN Dev. “Things may eventually catch up to Devon if he isn’t careful,” @Brainjuiceofficial observed, noting that Turner has been shot at before, and also robbed at an ATM while flexing a bunch of cash for a picture and wearing $500k in jewelry. “Although you have a lot of people that are into what you do, there are a lot of people waiting for you to slip up.”

image for Cooper Aerobics: Dat ...

 Data Breach News

Cooper Aerobics, representing Cooper Clinic, P.A., Cooper Medical Imaging, LLP, and Cooper Aerobics Enterprises, Inc., collectively referred to as “Cooper Aerobics,” has revealed a concerning data security incident. On January 5, 2024, the organization notified individuals about where unauthorized access to its   show more ...

network, stemmed from a Cooper Aerobics data breach, potentially exposing personal information. Upon discovering the breach, the firm initiated immediate remediation efforts and launched a thorough investigation with external cybersecurity professionals. Cooper Aerobics data breach: In Detail The Cooper Aerobics data breach investigation revealed that on February 3, 2023, an unauthorized party potentially removed certain files containing personal or protected health information from the organization network. As of now, there is no evidence that the exposed information has been utilized for identity theft or financial fraud. Nonetheless, as a precautionary measure, the organization is notifying affected individuals about the data breach and providing guidance on safeguarding their identities. The compromised data during cyberattack on Cooper Aerobics includes a range of sensitive information, such as names, addresses, phone numbers, email addresses, financial details (credit/debit card numbers, expiration dates, account/routing numbers), tax identification numbers, driver’s license or government identification details, passport numbers, usernames and passwords, Social Security numbers, and health-related data (medical records, patient account numbers, prescription information, medical providers, procedures, health insurance details). Cooper Aerobics is actively sending notification letters regarding Cooper Aerobics data breach to potentially affected individuals with available physical addresses. While there’s no evidence of identity theft or financial fraud, the organization encourages impacted individuals to take precautionary steps, including placing fraud alerts or security freezes on credit files, obtaining free credit reports, and regularly reviewing financial statements and credit reports for any suspicious activities. For those whose Social Security numbers were impacted, Cooper Aerobics is providing complimentary credit monitoring services. The organization emphasizes its unwavering commitment to maintaining the privacy of personal and protected health information, continually evaluating and modifying practices and internal controls to enhance cybersecurity measures. Healthcare Sector Under Siege: A Rising Concern The revelation from Cooper Aerobics adds to the growing concern surrounding cybersecurity in the healthcare sector. Recent statistics from the U.S. government’s Office for Civil Rights (OCR) reveal an alarming trend, with a significant number of cyberattacks targeting the healthcare industry in the first three months of 2023 alone. Cybercriminals are increasingly drawn to the healthcare sector due to the abundance of private patient information stored in hospital databases. This valuable data has become a lucrative commodity in the digital underworld, attracting cybercriminals who exploit vulnerabilities for financial gain. The implementation of GDPR has heightened the urgency for healthcare institutions to enhance their cybersecurity defenses, given the substantial financial penalties for non-compliance and the potential costs associated with retrieving data from ransomware attacks. The incident, Cooper Aerobics data breach highlights the critical need for cybersecurity measures across the healthcare industry. As cyber threats continue to evolve, healthcare organizations must remain vigilant and proactive in safeguarding sensitive patient information to mitigate the potential consequences of data breaches. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Clearview Resources ...

 Data Breach News

Clearview Resources Ltd, a Canadian energy producer, has recently disclosed details surrounding a cyberattack that incurred a financial setback of US$1.5 million for the company. The revelation of the Clearview cyberattack comes after the initial press statement released on December 6, 2023. In this press statement,   show more ...

Clearview indicated its awareness of the cyberattack and its commitment to assessing the impact on company operations. Clearview Cyberattack: Swift Response and System Restoration The Clearview cyberattack unfolded through the compromise of an internal email address, which was exploited by malicious actors to redirect company funds to a third-party account. In an updated press statement released in January 2024, Clearview explained, “An internal email address was compromised and used by fraudulent actors to redirect the transfer of certain Company funds to a third-party account, resulting in the loss of US$1.5 million.” In response to the cyberattack on Clearview, the firm promptly engaged independent security experts to investigate the incident. Immediate measures were taken, including contacting the technology partner and restricting several functions. Fortunately, the company reported “no material impact to operations” once essential business systems were restored. Despite these efforts, Clearview acknowledges the challenges ahead in recovering the lost funds due to the cyberattack on Clearview. The company expressed realism, stating that “due to the nature of the cybersecurity incident, these efforts may not result in the return of all or some of the stolen funds. Clearview commits to an ongoing investigation, collaborating with third-party experts and law enforcement in hopes of identifying the perpetrators and securing restitution. The Growing Threat of Cybercrime This incident sheds light on the escalating threat of cybercrime, which has far-reaching consequences across various industries. Recent reports indicate that 75% of businesses forced to close due to cyberattacks never reopen. Projections for the global economy suggest that cybercrime is poised to cost a staggering US$10.5 trillion by 2025, representing a 15% year-on-year increase. The vulnerability of businesses to cyber threats is highlighted by examples such as the MGM Resorts International cyberattack in September, attributed to the Scattered Spider group and ALPHV ransomware. This cyberattack resulted in an estimated US$80 million loss in revenue over five days. Additionally, the widespread hack of the file transfer tool MOVEit impacted 2,120 organizations and 62,054,613 individuals by September 2023, including several federal agencies and educational institutions. As the fallout from cyberattacks continues to unfold, notable breaches have been confirmed at companies like Shell, Siemens Energy, Schneider Electric, First Merchants Bank, and City National Bank. The escalating frequency and sophistication of these incidents highlight the imperative for businesses to fortify their cybersecurity defenses to mitigate the potentially devastating financial and operational consequences. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Innefu Labs Data Bre ...

 Cybersecurity News

Innefu Labs, an Indian cybersecurity firm known for its advanced AI and data analytics solutions, has reportedly fallen victim to a sophisticated cyberattack. This narrative unfolds in the backdrop of similar incidents targeting Indian cybersecurity firms setting a foreboding tone for the story. The Innefu Labs breach   show more ...

is not just a blow to the company, with its annual revenue exceeding $25 million, but also to its wide array of clients, including corporate and government sectors. On January 10, 2024, a threat actor identified as ‘PreciousMadness’ announced on the RAMP forum their possession of unauthorized access to Innefu’s systems. Founded in 2012 by Tarun Wig and Abhishek Sharma, Innefu Labs offers products for identity authentication, predictive intelligence, and data protection to various corporate and government clients. The Innefu Labs data breach has caused quite a stir in the cybersecurity sector, drawing attention to the vulnerabilities even within the firms specializing in digital security. The Cyber Express team has contacted Innefu Labs for an official statement to verify the details of the reported data breach. However, the firm has failed to respond to our queries. Innefu Labs Data Breach: What We Know So Far? PreciousMadness’s offering includes unauthorized access to crucial components of Innefu’s infrastructure, such as Fortinet VPN and Microsoft 365 Services, priced at USD 1,300. Moreover, the Innefu data breach involves 54 GB of exfiltrated data, available for an additional cost. The threat actor has encouraged potential buyers to contact privately for proofs and more details, a standard practice in such underground forums. Adding to the gravity of the situation, the threat actor has also advertised the same unauthorized access on other platforms like XSS and Exploit Forums. This suggests a deliberate and widespread attempt to capitalize on the compromised security of Innefu Labs, highlighting the seriousness of the breach. (Source: Dark Web) The Innefu cyberattack not only impacts India but has broader implications for the Asia and Pacific (APAC) region. It raises stark concerns about the state of cybersecurity and the resilience of even the most adept firms against sophisticated cyber threats. Innefu Labs, now faces the challenge of addressing this breach and reinforcing its defenses against future threats, a task that is increasingly becoming vital for all players in the space. An investigation done by The Cyber Express with the help of multiple independent researchers, has revealed that the data breach at Innefu Labs has led to the exposure of sensitive information belonging to various Indian and overseas entities. This includes individuals, major conglomerates, politicians, and even agencies of the Indian government. This breach has potential and significant national security implications, as it exposes sensitive information that could potentially be exploited. Moreover, Innefu Lab data breach’s impact is not confined to India alone; it has broader implications for the entire Asia & Pacific (APAC) region. To gain a comprehensive understanding of the situation, The Cyber Express engaged with various researchers and contacted Cyble Research and Intelligence Labs (CRIL) for their perspective on the security breach. CRIL acknowledged the gravity of the situation but chose not to disclose further information, citing the sensitive and confidential nature of the data involved. “CRIL is aware of the seriousness of the recent security breach. However, due to the sensitivity of the entities involved, the extent of the nature of the information, and the significant scale of the data, we are unable to provide further details or comment at this time,” it said. Surveillance and Privacy Concerns Innefu Labs’ involvement in surveillance technologies has been a subject of public debate, particularly following an RTI request by Anushka Jain of IFF. This request raised important questions about the use of Automated Facial Recognition System (AFRS) technology by Delhi Police, which was sourced from Innefu Labs. The response from the Delhi Police, invoking the RTI Act, to withhold information under the pretext of “commercial confidence, trade secrets, or intellectual property,” had sparked concerns about transparency and accountability in the use of surveillance technologies. News18 reached out to Tarun Wig of Innefu Labs to address the concern of “commercial confidence, trade secrets or intellectual property”. In response, Wig had stated, “The technology, its servers and applications are entirely within their (Delhi Police’s) premises, and our role is only limited to occasional server maintenance, as per their requirements.” Talking about upon Innefu’s contractual agreement of service with the Delhi Police, Wig said, “If the Delhi Police have such a thought process (of treating AFRS as a trade secret), that would be their internal decision. They may wish to refrain from revealing the technical details behind such technologies in order to prevent other private entities from using it. Personally, I am not aware of any clause or contract that binds them to it.” Innefu’s Role in Global Cybersecurity and Surveillance The story of Innefu Labs intertwines with another shadowy figure in the cyber world – the Donot Team, also known as APT-C-35 and SectorE02. An investigation by Amnesty International had revealed potential connections between the Indian cybersecurity company, and spyware attacks targeting a notable human rights advocate in Togo. This Togolese individual in question was the focus of cyberattacks involving spyware, previously associated with the Donot Team, during the politically turbulent period of late 2019 and early 2020. The attempts to infiltrate the activist’s Android and Windows devices using this spyware were, however, unsuccessful. The Donot Team, a name coined by researchers to describe the cyber threat actors initially identified in South Asia through a 2018 Netscout research, has been linked to various attacks across Asia, particularly in northern India, Pakistan, and Kashmir. While Amnesty International’s report does not directly accuse Innefu Labs of being involved in the attacks on the Togolese activist, it does highlight digital forensic evidence, including IP addresses, that suggest a connection between the company and the spyware tools used. The report states, “The technical evidence suggests that Innefu Labs is involved in the development or deployment of some Donot Team spyware tools.” In response to these allegations, Innefu Labs categorically denied any involvement. In a statement dated October 1, 2021, included in the report, the company asserted, “We firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo.” This connection paints a complex picture of Innefu Labs, not just as a victim of the Innefu Data Breach but also as a player in the controversial field of surveillance technology. Cyberattacks Targeting Indian Cybersecurity Firms The Innefu Labs data breach, in many ways, mirrors the earlier CloudSEK data breach. In 2022, CloudSEK faced a cyberattack where the compromise of an employee’s Jira password, led to unauthorized access to their Confluence pages. During this breach, the attacker was able to view internal content such as screenshots, bug reports, customer identities, and schema diagrams. Fortunately, the attack did not extend to database or server breaches. In response, the cybersecurity company launched an investigation and kept the public informed through a blog. The trend of cyberattacks against Indian cybersecurity companies, epitomized by these high-profile breaches, signals a concerning shift in the landscape of digital security. These incidents are not isolated events but rather indicative of a broader, more systemic challenge facing the cybersecurity sector in India and globally. Firstly, these attacks underscore the paradox that even those organizations tasked with safeguarding digital assets are not immune to the very threats they combat. The sophistication and success of the Innefu Labs data breach reveal that attackers are becoming increasingly adept, often outpacing the defensive mechanisms in place. This escalation demands a re-evaluation of current security strategies within the cybersecurity industry, emphasizing the need for continuous innovation and adaptation in defense tactics. Moreover, the trend highlights a crucial vulnerability in the cybersecurity infrastructure of a country that is rapidly digitizing. As India continues to embrace digital transformation across various sectors, the security of data and systems becomes paramount. The breaches at Indian cybersecurity companies serve as a stark reminder of the potential consequences of cybersecurity lapses, not just for the companies involved but for the broader ecosystem, including government agencies, financial institutions, and private citizens. Innefu Labs data breach also raise important questions about the ethical responsibilities of cybersecurity firms, especially when dealing with sensitive surveillance technologies. The balance between providing advanced security solutions and ensuring the ethical use of such technologies is delicate and complex. The involvement of Indian cybersecurity firms in controversies related to surveillance and data scrapping adds another layer of concern, highlighting the need for robust ethical guidelines and oversight in the industry.

image for Cyber Espionage Stri ...

 Espionage

A sophisticated cyber espionage attack targeting the Indian Air Force has come to light. The cyberattack on the Indian Air Force involves a variant of the notorious Go Stealer, a malicious software designed to stealthily extract sensitive information. The malware, distributed through a cunningly named ZIP file,   show more ...

“SU-30_Aircraft_Procurement,” takes advantage of recent defense procurement announcements, notably the approval of 12 Su-30 MKI fighter jets by the Indian Defense Ministry in September 2023. Cyberattack on the Indian Air Force Source: Cyble According to Cyble Research and Intelligence Labs (CRIL), the modus operandi of this cyber threat unfolds through a series of carefully orchestrated steps. The attackers employ an anonymous file storage platform called Oshi to host the deceptive ZIP file, disguising it as critical defense documentation. The link, “hxxps://oshi[.]at/ougg,” likely circulates through spam emails or other communication channels. The sequence of infection involves the progression from a ZIP file to an ISO file, followed by a .lnk file, culminating in the deployment of the Go Stealer payload. The attackers strategically exploit the mounting tension surrounding defense procurement to lure Indian Air Force professionals into unwittingly triggering the malware. Technical Analysis of the Go Stealer Source: Cyble The identified Go Stealer variant, distinct from its GitHub counterpart, boasts advanced features that elevate its threat level. It is coded in the Go programming language and inherits its base from an open-source Go Stealer available on GitHub. This variant, however, introduces enhancements, including an expanded scope for browser targeting and a novel method of data exfiltration through Slack. Source: Cyble Upon execution, the stealer generates a log file in the victim’s system, utilizing GoLang tools such as GoReSym for in-depth analysis. The malware is meticulously designed to extract login credentials and cookies from specific internet browsers, namely Google Chrome, Edge, and Brave. Source: Cyble The targeted approach signifies a strategic intent to gather precise and sensitive information from Indian Air Force professionals. Source: Cyble Data Exfiltration and Covert Communications Unlike conventional information stealers, this variant displays a heightened sophistication by leveraging the Slack API for covert communications. The choice of Slack as a communication channel aligns with the platform’s widespread use in enterprise networks, enabling malicious activities to seamlessly blend with regular business traffic. Source: Cyble The Go Stealer variant introduces a function named “main_Vulpx” designed explicitly for uploading stolen data to the attacker’s Slack channel. This evolution in tactics allows threat actors to maintain communication and receive pilfered data discreetly. Source: Indian Defence News on X The identified Go Stealer, disseminated through the deceptive ZIP file named “SU-30_Aircraft_Procurement,” poses a large threat to Indian Defense Personnel. The timing of the attack, coinciding with the Indian Government’s announcement of the Su-30 MKI fighter jets procurement, raises concerns about targeted attacks or espionage activities. This variant of Go Stealer showcases a level of sophistication not observed in its GitHub counterpart, featuring expanded browser targeting capabilities and leveraging Slack for data exfiltration. The strategic focus on selectively harvesting login credentials and cookies from browsers highlights the threat actor’s intent to acquire precise and sensitive information from Indian Air Force professionals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

Despite being patched in November 2023, the CVE-2023-36025 Windows SmartScreen bypass vulnerability is still being exploited by malware distributors. The latest threat delivered through this vulnerability is a variant of the Phemedrone Stealer. To mitigate such threats, it's crucial for users and organizations to regularly update their software and educate themselves about safe online practices.

 Trends, Reports, Analysis

Phishing attacks continue to pose a significant threat, with 94% of cyber decision-makers having to deal with such attacks in 2023, marking a 2% increase from the previous year, according to Egress.

 Malware and Vulnerabilities

VMware Aria Automation platform is affected by a critical missing access control vulnerability (CVE-2023-34063) that allows authenticated attackers to gain unauthorized access to remote organizations and workflows.

 Companies to Watch

Snyk's acquisition of Helios marks its second move in developer-led application security posture management, following the previous acquisition of Enso Security, further strengthening its platform with prioritization and remediation capabilities.

 Feed

Gentoo Linux Security Advisory 202401-25 - Multiple vulnerabilities have been discovered in OpenJDK, the worst of which can lead to remote code execution. Versions greater than or equal to 11.0.19_p7:11 are affected.

 Feed

Ubuntu Security Notice 6538-2 - USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue   show more ...

to obtain sensitive information. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.

 Feed

Ubuntu Security Notice 6587-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. Jan-Niklas   show more ...

Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6586-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04   show more ...

LTS and Ubuntu 20.04 LTS. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS.

 Feed

Red Hat Security Advisory 2024-0214-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.

 Feed

This archive contains proof of concepts to trigger the 7 vulnerabilities in Tianocore's EDK II open source implementation of the UEFI specification. Issues include an integer underflow, buffer overflows, infinite loops, and an out of bounds read.

 Feed

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values,

 Feed

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management

 Feed

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file

 Feed

GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an

 Feed

The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for

 Feed

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware

 Feed

In the digital age, the battleground for security professionals is not only evolving, it's expanding at an alarming rate. The upcoming webinar, "The Art of Privilege Escalation - How Hackers Become Admins," offers an unmissable opportunity for IT security experts to stay ahead in this relentless cyber war. Privilege escalation - the term might sound benign, but in the hands of a skilled hacker,

 Alert

Source: thehackernews.com – Author: . Jan 16, 2024NewsroomVulnerability / Network Security Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code   show more ...

execution (RCE). “The two issues are fundamentally the same but exploitable […] La entrada Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 16, 2024NewsroomBotnet / Malware The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used   show more ...

to upload, download, and share files […] La entrada Remcos RAT Spreading Through Adult Games in New Attack Wave – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 401(k) scams

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Many fraudsters know that the real money is in retirement accounts. In response to increased cyber security around other coveted targets (tax returns, credit cards…etc), cyber criminals have turned their attention elsewhere; to 401(k)s. A popular   show more ...

retirement savings plan in the United States, cyber criminals are boldly breaking […] La entrada Scam alert! Watch out for 401(k) scams – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 GitHub has revealed that service disruption in December was due to it rotating credentials after the discovery of a high-severity bug, and warned that some customers may need to take additional action to stay secure. The popular developer platform said it was   show more ...

notified on December 26 via its Bug Bounty […] La entrada GitHub Rotates Credentials and Patches New Bug – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Google fixed the first actively exploited Chrome zero-day of 2024 Google has addressed the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. Google has released security updates to address the first Chrome   show more ...

zero-day vulnerability of the year that is actively being exploited […] La entrada Google fixed the first actively exploited Chrome zero-day of 2024 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 atlassian

Source: securityaffairs.com – Author: Pierluigi Paganini Atlassian fixed critical RCE in older Confluence versions Atlassian warns of a critical remote code execution issue in Confluence Data Center and Confluence Server that impacts older versions. Atlassian warns of a critical remote code execution   show more ...

vulnerability, tracked as CVE-2023-22527 (CVSS score 10.0), in Confluence Data Center and Confluence […] La entrada Atlassian fixed critical RCE in older Confluence versions – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini VMware fixed a critical flaw in Aria Automation. Patch it now! VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform. VMware Aria Automation (formerly vRealize Automation) is a   show more ...

modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud […] La entrada VMware fixed a critical flaw in Aria Automation. Patch it now! – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Last week, software firm Ivanti reported that threat   show more ...

actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure […] La entrada Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bosch BCC100

Source: securityaffairs.com – Author: Pierluigi Paganini Experts warn of a vulnerability affecting Bosch BCC100 Thermostat Researchers warn of high-severity vulnerability affecting Bosch BCC100 thermostats. Researchers from Bitdefender discovered a high-severity vulnerability affecting Bosch BCC100 thermostats.   show more ...

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the […] La entrada Experts warn of a vulnerability affecting Bosch BCC100 Thermostat – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Edge Editors Source: How Enterprises Are Responding to the Incident Response Challenge, Dark Reading Enterprise security teams are increasingly collaborating with members of other internal business functions and with external partners when responding to a security incident,   show more ...

according to a Dark Reading Research report on incident response. Security teams appear to […] La entrada Effective Incident Response Relies on Internal and External Partnerships – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Accenture

Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK; Jan. 16, 2024 – Accenture (NYSE: ACN) and SandboxAQ are partnering to deliver artificial intelligence (AI) and quantum computing solutions to help organizations identify and remediate cybersecurity vulnerabilities. According to recent Accenture   show more ...

research, executives’ top concern for 2024 is the ability to adapt to advancements in technology and innovations such as […] La entrada Accenture and SandboxAQ Collaborate to Help Organizations Protect Data – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 acquires

Source: www.darkreading.com – Author: Source: Aleks P via Adobe Stock Photo Developer-focused security company Snyk said it has acquired Helios, a startup focused on helping developers troubleshoot applications in runtime and production. The acquisition enhances Snyk’s “cloud-to-code risk   show more ...

visibility” by combining Helios’ full-stack runtime data collection and insights with the Snyk Developer Security Platform, Snyk […] La entrada Snyk Acquires Helios for Runtime Visibility – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe reflection vulnerability (tracked as CVE-2024-0200) can allow   show more ...

attackers to gain remote code execution on unpatched servers. It was also patched on Tuesday in GitHub Enterprise Server […] La entrada GitHub rotates keys to mitigate impact of credential-exposing flaw – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three notable   show more ...

malware examples that can evade macOS’s built-in anti-malware system, XProtect. XProtect works in the […] La entrada MacOS info-stealers quickly evolve to evade XProtect detection – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days (tracked as CVE-2023-6548 and CVE-2023-6549) impact the Netscaler   show more ...

management interface and expose unpatched Netscaler instances to remote code execution and denial-of-service attacks, respectively. However, to […] La entrada Citrix warns of new Netscaler zero-days exploited in attacks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. “Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild,” the company said in   show more ...

a security advisory published Tuesday. The company fixed the zero-day for […] La entrada Google fixes first actively exploited Chrome zero-day of 2024 – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services. Calvià is a historic town on the Spanish island of Majorca with a population of 50,000 and is one of Majorca’s major   show more ...

tourism hotspots, estimated to receive 1.6 million […] La entrada Majorca city Calvià extorted for $11M in ransomware attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. This botnet was first spotted by Lacework Labs in   show more ...

2022 and was controlling over 40,000 devices almost one year ago, according to […] La entrada FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A set of nine vulnerabilities, collectively called ‘PixieFail,’ impact the IPv6 network protocol stack of Tianocore’s EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and   show more ...

servers. The flaws are present in the PXE network boot process, which is crucial for provisioning operating […] La entrada PixieFail flaws impact PXE network boot in enterprise systems – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AndroxGh

Source: thehackernews.com – Author: . Jan 17, 2024NewsroomBotnet / Cloud Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for “victim   show more ...

identification and exploitation in target networks.” A Python-based malware, AndroxGh0st was first documented by Lacework […] La entrada Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 17, 2024The Hacker NewsCyber Threat / Live Webinar In the digital age, the battleground for security professionals is not only evolving, it’s expanding at an alarming rate. The upcoming webinar, “The Art of Privilege Escalation – How Hackers   show more ...

Become Admins,” offers an unmissable opportunity for IT security experts to […] La entrada Webinar: The Art of Privilege Escalation – How Hackers Become Admins – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 17, 2024NewsroomSpyware / Forensic Analysis Cybersecurity researchers have identified a “lightweight method” called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group’s Pegasus,   show more ...

QuaDream’s Reign, and Intellexa’s Predator. Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said […] La entrada New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Wednesday, January 17
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch