Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Israel’s Largest O ...

 Firewall Daily

The notorious hacking group, Anonymous Sudan, has taken credit for a “huge” cyberattack on Bazan Group, formerly known as Oil Refineries Ltd, Israel’s leading oil refining and petrochemicals company. The Bazan Group cyberattack, aimed at the digital infrastructure of Bazan Group, has raised concerns about   show more ...

the potential implications for Israel’s economic powerhouse. Anonymous Sudan announced their cyber offensive with a message: “We have conducted a huge cyber attack on the digital infrastructure of one of the biggest oil refining and petrochemical companies in Israel – BAZAN Group, formerly Oil Refineries Ltd.” The cyberattack specifically targeted the largest oil refinery in Israel, located in Haifa Bay, operated by Bazan Group. The Bazan Group Cyberattack Source: Twitter The Cyber Express reached out to Bazan Group for further details regarding the cyberattack and the threat actors behind it. In a conversation with TCE, a spokesperson for Bazan Group confirmed a temporary hiatus to the operation, stating, “We are aware of this sort of reports. Yesterday we have experienced a temporary and minor slowdown in connectivity. No damage to the business nor to operational processes has been done. We keep maintaining the highest standards of security and continue to safeguard our company’s infrastructure and assets.” Surprisingly, Bazan Group’s website appears to be operational, showing no immediate signs of the reported cyberattack. This has led to speculation about the nature and extent of the attack. It is possible that the hackers focused on the backend infrastructure rather than the front end of the website, possibly targeting the organization’s database. Source: NetBlocks on Twitter Moreover, NetBlocks, a reputable source on cyber disruptions, confirmed the cyberattack on Bazan Group, stating, “Live metrics show a major disruption to the network of Bazan Group / Oil Refineries Ltd petrochemical company in Israel; prolific hacktivist group Anonymous Sudan has claimed a cyberattack on the company, which operates the country’s largest oil refinery.” Cyberattack on Bazan Group and Anonymous Sudan Attacks on Israel Despite these confirmations, Israel’s oil refinery has yet to release an official press release on the cyberattack. Social media discussions suggest that the Bazan Group cyberattack may have endured for over 12 hours, although this information remains unconfirmed. Adding a layer of complexity to the situation, Anonymous Sudan has a history of claiming similar cyberattacks in the past. The group’s targets are not limited to Israel, as evidenced by their previous hacking attempts on diverse entities, including the video game Rocket League operated by the U.S. company Epic Games. In a broader context, Anonymous Sudan has been persistent in its cyber campaign against Israel and its supporters. Last year, the group set its sights on ChatGPT, an artificial intelligence language model developed by OpenAI. In this instance, the hacking group expressed political motivations, protesting against what they claim is genocide support. The attacks coincide with the ongoing conflict between Israel and Hamas. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ulsan HD FC Data Bre ...

 Firewall Daily

Ulsan HD FC, formerly known as Ulsan Hyundai FC, a prominent South Korean professional football club based in Ulsan, is currently under scrutiny as reports suggest that its database is allegedly on sale in the cyber underworld. The threat actor, identified as Donald Bucks, posted a message on January 14, 2024,   show more ...

claiming the Ulsan HD FC data breach with a full database dump of the football club available for purchase at the price of $6000. Ulsan HD FC, competing in the top tier of South Korean football, the K League 1, was founded in 1983 as Hyundai Horang-i and joined the K League in 1984. The club’s home ground is the Ulsan Munsu Football Stadium, and it is owned by HD Hyundai Heavy Industries. Potential Ulsan HD FC Data Breach Source: Twitter The Cyber Express has reached out to the football club for more information regarding the Ulsan HD FC data breach. However, at the time of writing, no official statement or response has been received, leaving the claim of the Ulsan HD FC database being on sale on the dark web unconfirmed. While cyberattacks on the sports industries are relatively uncommon, the vulnerability of the industry to such threats is not a new phenomenon. A recent report by security consultancy NCC Group, in collaboration with the University of Oxford and Phoenix Sport and Media Group (PSMG), reveals a critical lack of cyber resilience in UK football clubs, including those in the Premier League. Cyberattacks on the Sports Industry Matt Lewis, the global head of threat research at NCC Group, emphasized the surge in cyberattacks on the sports industry. The report highlighted the increasing attractiveness of the sports industry as a target for cybersecurity attacks. According to the report, the sports industry is in urgent need of IT and security teams to receive adequate resources to mitigate potential threats. According to Lewis, “There’s a disconnect between the perception and reality of how at-risk the industry currently is. By implementing relevant strategies and resources outlined in the report, cyber risks can be reduced to preserve brand reputation, the confidentiality of information, and the integrity of industry players and organizations.” Apart from this rise in cyberattacks on the sports industry, the allegation of the Ulsan HD FC data breach is still a matter of concern. These rare incidents coupled with the rise of cyberattacks on the sports industry highlight the broader issue of cybersecurity within the athletic business, emphasizing the need for proactive measures to safeguard sensitive data and prevent potential cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Why using Google OAu ...

 Business

Organizations sometimes rely on Google OAuth to authenticate users. They tend to assume that Google is all-powerful and wise, so its verdict on whether to grant access to a user is taken as read. Alas, such blind faith is dangerous: the Sign in with Google option is seriously flawed. In December 2023, researcher Dylan   show more ...

Ayrey at Truffle Security discovered a rather nasty vulnerability in Google OAuth that allows employees to retain access to corporate resources after parting company with their employer. There are also ways for a total stranger to exploit this bug and gain access. Whats wrong with Google OAuth sign-in The vulnerability exists due to a number of factors. First: Google allows users to create Google accounts using any email — not just Gmail. To sign in to a companys Google Workspace, email addresses with the domain name of the company are commonly used. For instance, an employee of the hypothetical company Example Inc. might have the email address alanna@example.com. Google OAuth is used by various work platforms in many organizations. For example, heres the Sign In with Google button on slack.slack.com Second: Google (along with a number of other online services) supports what is known as sub-addressing. This lets you create alias addresses by appending a plus sign (+) to an existing mail address, followed by whatever you like. One use for this could be for managing email flows. For example, when registering an account with an online bank, one could specify the address alanna+bank@example.com; when registering with a communication service provider — alanna+telco@example.com. Formally, these are different addresses, but emails will arrive in the same mailbox — alanna@example.com. And because the contents of the To: field differ, incoming messages can be handled differently with the use of certain rules. Example of signing in to Slack with Google using an alias email address with a plus sign Third: in many work platforms such as Zoom and Slack, authorization through the Sign In with Google button uses the domain of the email address specified when registering the Google account. So, in our example, to connect to Example Inc.s workspace example.slack.com, you need an @example.com address. Finally, fourth: its possible to edit the email address in a Google account. Here, sub-addressing can be employed by changing, say, alanna@example.com to alanna+whatever@example.com. That done, a new Google account can be registered with the address alanna@example.com. This results in two different Google accounts that can be used to sign in to Example Inc.s work platforms (like Slack and Zoom) through Google OAuth. The problem is that the second address remains invisible to the corporate Google Workspace administrator, so theyre unable to delete or disable this account. Thus, a laid-off employee could still have access to corporate resources. Exploiting the Google OAuth vulnerability and gaining entry without initial access How feasible is all this in practice? Entirely. Ayrey tested the possibility of exploiting the vulnerability in Google OAuth in his own companys Slack and Zoom, and found that it is indeed possible to create such phantom accounts. Non-expert, regular users could take advantage of it too: no special knowhow or skills are needed. An example of exploiting the vulnerability in Google OAuth to grant Slack access to an account registered to an email sub-address. Source Note that, besides Slack and Zoom, this vulnerability affects dozens of lesser-known corporate tools that use Google OAuth authentication. In some cases, attackers can gain access to an organizations cloud tools even if they didnt initially have access to the corporate email of the target company. The Zendesk ticketing system, for example, can be used for this purpose. The idea is that the service allows submitting requests via email. An email address with the company domain is created for the request, and the request creator (that is, anyone) is able to view the contents of all correspondence related to this request. It turns out that its possible for a user to register a Google account with this address and, through the request, get an email with a confirmation link. They can then successfully exploit the vulnerability in Google OAuth to sign in to the target companys Zoom and Slack without having initial access to its resources. How to protect against the Google OAuth vulnerability The researcher notified Google about the vulnerability several months ago through its bug bounty program; the company recognized it as an issue (albeit of low priority and severity) and even paid out a reward (of $1337). Ayrey additionally reported the problem to some online services, including Slack. However, no one is rushing to fix the vulnerability, so protection against it seems to be on the shoulders of company employees who administer work platforms. Fortunately, in most cases, this poses no particular problem: it suffices to disable the Sign In with Google option. And, naturally, its a good idea to guard against possible penetration deeper into the organizations information infrastructure through platforms like Slack, which means monitoring whats going on in said infrastructure. If your companys information security department lacks the resources or expertise for this, deploy an external service such as Kaspersky Managed Detection and Response.

image for Transatlantic Cable ...

 News

Episode 330 of the Transatlantic Cable podcast kicks things off with talk around the potential for A.I poisoning, which could allow malicious actors to turn AI chatbots into sleeper agents. From there the team talk about eBay and a truly bizarre story involving spiders, cockroaches and death threats, as well as Chinas   show more ...

crackdown on casinos, which has led to an underground boom in crypto-casinos. If you like what you heard, please consider subscribing. AI poisoning could turn open models into destructive sleeper agents Defending reality: Truth in an age of synthetic media eBay pays $3m fine in blogger harassment case Chinas gambling crackdown spawned wave of illegal online casinos

image for Alleged Trello Data ...

 Firewall Daily

A threat actor has emerged, asserting the sale of Trello data comprising 15,115,516 unique lines of information. The alleged Trello data breach has compromised individuals’ emails, usernames, full names, and other account details. Trello, known for its visual project management capabilities, is widely used by   show more ...

teams for efficient workflow and task tracking. Upon investigating the matter, our team found the official Trello website fully functional, casting doubt on the authenticity of the threat actor’s claim. Trello Data Breach: Official Response Awaited To ascertain the veracity of the alleged Trello data breach, The Cyber Express Team reached out to officials for a statement. However, as of the time of this report, no official response has been received, leaving the data breach claim shrouded in uncertainty. The potential consequences of a Trello data breach are far-reaching, considering the sensitive nature of the information at stake. If the claim holds true, it could pose a significant threat to the privacy and security of millions of users. Source: DailyDarkWeb This incident is not the first time Trello has faced security concerns. In 2020, reports emerged of a similar nature when Craig Jones, the Cybersecurity Operations Director at Sophos, uncovered personally identifiable information (PII) data exposed through public Trello boards. Jones found that the default configuration of Trello boards is set to “private,” but many users unknowingly or intentionally switch these settings to “public.” Once made public, the contents of a user’s Trello board become accessible to anyone, including search engines like Google, which index public Trello boards, making the information easily discoverable. Given the recurrent nature of Trello-related security issues, it raises questions about the platform’s ability to safeguard user data effectively. Users and organizations must remain vigilant and take proactive measures to enhance their data security posture. What Should Be Done to Prevent Data Breaches? In light of this alleged breach, it becomes imperative to address the broader issue of data security. Organizations and individuals alike should be vigilant and take proactive measures to safeguard their sensitive information. Here are some recommended steps to prevent and mitigate the impact of such data breaches: Regular Security Audits: Conduct routine security audits to identify vulnerabilities in systems and networks. This proactive approach helps in detecting potential threats before they can be exploited. Encryption of Sensitive Data: Employ robust encryption mechanisms to protect sensitive information both in transit and at rest. This ensures that even if data is compromised, it remains unreadable and unusable for unauthorized parties. Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security beyond just passwords. This additional step makes it more challenging for unauthorized users to gain access to accounts and systems. Employee Training: Educate employees about cybersecurity best practices, emphasizing the importance of strong passwords, recognizing phishing attempts, and reporting any suspicious activities promptly. Prompt Software Updates: Keep all software, including security software, up-to-date to patch any vulnerabilities. Regular updates ensure that systems are fortified against known threats. Incident Response Plan: Develop and regularly update an incident response plan to effectively handle and mitigate the impact of a data breach. This includes clear communication protocols and swift action to contain and resolve security incidents. As this remains an ongoing situation, The Cyber Express Team is committed to keeping its readers informed of any developments related to the alleged Trello data breach. Stay tuned for updates on the Trello cyberattack as we continue to monitor the situation closely. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Akira Ransomware Str ...

 Firewall Daily

The Akira ransomware group has recently targeted DENHAM the Jeanmaker, a renowned denim brand established in Amsterdam in 2008. The brand, founded by English jeanmaker Jason Denham, is known for its high-quality denim and offers a wide range of collections for both men and women, marking its prominence in the premium   show more ...

denim sector. Despite the alleged DENHAM the Jeanmaker data breach, the firm’s official website remains fully functional, raising questions about the authenticity of the attack claim. DENHAM the Jeanmaker Data Breach: Lack of Details The Akira ransomware group, notorious for its double-extortion tactics involving both data theft and ransomware encryption, has not disclosed specific details regarding the extent of the DENHAM the Jeanmaker data breach, potential compromise, or the motive behind the attack. The absence of detailed information from the threat actor adds layer of uncertainty, leaving the scale and nature of the leaked data shrouded in mystery. Efforts to verify the Akira ransomware group’s claim were made by The Cyber Express Team, reaching out to DENHAM the Jeanmaker’s officials. However, as of the writing of this report, no response has been received, leaving the claim of DENHAM the Jeanmaker data breach unverified. Source: Twitter Parallel Threats This incident follows a recent cybersecurity threat targeting the Infiniti Mall, a prominent chain of shopping malls in India. A threat actor claims to have exposed 280,000 rows of data in a cyberattack on the Infiniti Mall. Similarly, the claim remains unverified as officials have not responded to inquiries made by The Cyber Express Team. Prior to this, the threat actor Sanggiero claimed responsibility for a data leak allegedly involving over 1 million rows of information from Halara. The Halara data breach compromised sensitive details, underscoring the growing sophistication and audacity of cybercriminals targeting personal information. The timeline of cyber threats appears to be escalating, with instances like ‘Nobody’ declaring possession of confidential data from renowned organizations in 2023, highlighting vulnerabilities in data security across sectors. A concerning development is the rising trend of double-extortion attacks by threat actors like Akira. Their tactics involve data theft followed by ransomware encryption, utilizing methods such as phishing emails, malicious websites, drive-by download attacks, and Trojans to infiltrate their targets. It is noteworthy that researchers have identified similarities between Akira and the disbanded Conti ransomware group, including code overlap, the use of ChaCha 2008 encryption, and key generation methods resembling those used by Conti. Additionally, Akira shares commonalities with Conti in terms of directory exclusions during encryption and the use of cryptocurrency wallets for transactions. Despite the severity of cyber threats in the industry, notable incidents like the cyberattack on the renowned Italian clothing company Benetton Group showcase the effectiveness of strong security measures in minimizing the impact on daily operations. The ongoing cyberattack on DENHAM the Jeanmaker continues to unfold, and The Cyber Express remains committed to keeping its readers informed of any developments in this evolving story. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Expert Blogs and Opinion

Attribute-based encryption (ABE) offers fine-grained access to data, revolutionizing data protection and access control. ABE has diverse real-world applications, from privacy protection in surveillance videos to securing electronic medical records.

 Malware and Vulnerabilities

The malware tools used by Bigpanzi, including 'pandoraspear' and 'pcdn,' enable the cybercriminals to hijack DNS settings, establish C2 communication, build a peer-to-peer CDN, and execute DDoS attacks on infected devices.

 Trends, Reports, Analysis

Cyberattacks are the leading cause of technology outages for 40% of organizations, emphasizing the need for comprehensive disaster preparation beyond just cybersecurity measures, according to Veeam.

 Trends, Reports, Analysis

OpenAI is taking steps to prevent the use of ChatGPT in spreading election misinformation, including restricting its use for political campaigning and lobbying, and creating tools to empower voters to assess the authenticity of images.

 Trends, Reports, Analysis

The cybersecurity industry is facing increasing legal oversight and consequences, making it riskier to work in this field. Companies are now required to disclose "material" security incidents within four working days to the SEC.

 Threat Actors

The new campaign by TA866 involved a large volume of emails with attached PDFs containing OneDrive URLs that initiated a multi-step infection chain leading to malware payload.

 Feed

This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit   show more ...

makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.

 Feed

This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).

 Feed

Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.

 Feed

Ubuntu Security Notice 6588-1 - Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.

 Feed

mqXSS is a client to communicate with XSS hooked browsers over MQTT. Similar to xsshunter or beef, mqxss allows interaction with remote browsers that have been injected with a XSS payload. However, instead of having the victim connect back to your server they connect through a Secure Websocket MQTT broker instead.   show more ...

This tool facilitates the JS payload generation and interaction with hooked browsers that communicate over WSS MQTT brokers.

 Feed

Ubuntu Security Notice 6559-1 - It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Damien Diederen discovered that ZooKeeper   show more ...

incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10.

 Feed

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.

 Feed

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

 Feed

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which   show more ...

triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.

 Feed

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.

 Feed

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.

 Feed

Redis raft versions master-1b8bd86 to master-7b46079 were discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.

 Feed

Red Hat Security Advisory 2024-0267-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0265-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0249-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and out of bounds access vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0248-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and out of bounds access vulnerabilities.

 DDoS Attacks News

Swiss government websites were hit by a targeted cyberattack on Wednesday, led by a group known as ‘NoName,’ with ties to Russia. This orchestrated attack, brought to light by Switzerland’s National Cyber Security Centre (NCSC), temporarily disrupted access to several Swiss websites, including those   show more ...

associated with the Swiss Federal Administration. The group claimed their actions were in response to Ukrainian President Volodymyr Zelensky attending the World Economic Forum (WEF) meeting in Davos, adding a geopolitical dimension to the attack. Cyberattack on Swiss government Websites The NCSC quickly identified the DDoS attack, and specialists from the Federal Administration took immediate measures to restore access to the affected websites. Importantly, the cyberattack on Swiss government websites did not compromise or result in the loss of any data. DDoS attacks primarily aim to render websites temporarily unavailable by inundating them with an overwhelming volume of requests. On Wednesday, several federal administration websites, including those associated with federal departments and offices, experienced temporary unavailability due to the DDoS attack. Notably, the Swiss government portal remained operational despite the DDoS attack. This incident marks the second time the ‘NoName’ hacker group has targeted the Swiss Federal Administration, following a similar DDoS attack in June 2023. In both instances, the group cited President Zelensky’s involvement in the WEF Annual Meeting as a catalyst for their cyber operations. In December 2023, the NoName threat group once again asserted responsibility for a cyberattack that targeted various government and official departments. The claimed targets encompassed prominent entities such as the Swiss Federal Department of Justice and Police, the Swiss railway company Südostbahn, and the Federal Department of Home Affairs, among others. Consequently, several departmental websites were rendered inactive during the cyber onslaught. Global Collaboration: NCSC’s Partnerships The NCSC, collaborating with relevant administrative units, actively analyzes the risk associated with such cyber threats and provides support in implementing necessary security measures. Acknowledging the potential for an attack in the lead-up to President Zelensky’s visit, the NCSC issued a warning on January 10, advising operators of critical infrastructures to enhance their security protocols. The Federal Administration heeded this caution, adopting appropriate security arrangements. The NCSC maintains close ties with national and international partners, collaborating closely with critical infrastructure operators to enhance cyber resilience. “Hackers generally use such attacks on website availability as a means of gaining media attention for their cause. They do this by flooding a website with a massive volume of requests so as to overload it and make it unavailable for a period of time.” reads the NCSC statement. Continuing the ongoing investigation, the Swiss government emphasizes the importance of cyber resilience in addressing evolving cybersecurity challenges. Russia’s Involvement and the Ukrainian Conflict The revelation of a Russian-linked hacking group targeting Swiss government websites raises questions about the broader geopolitical landscape. Tensions between Russia and Ukraine have been longstanding, with cyber activities often mirroring the political climate. The cyberattacks’ timing, coinciding with President Zelensky’s participation in the WEF meeting, suggests a potential connection to ongoing geopolitical conflicts. As nations navigate the digital world, the intersection of cyber activities and geopolitical disputes becomes increasingly complex, necessitating a comprehensive and globally cooperative approach to cybersecurity. The Swiss incident serves as a reminder of the interconnected nature of cyber threats and international relations, urging nations to fortify their defenses and promote diplomatic efforts to address the underlying issues contributing to such incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mind Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the

 Feed

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to

 Feed

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow's build agents via

 Feed

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an

 Feed

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are

 Feed

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are

 Data loss

Has the British Prime Minister been caught secretly profiting from a cryptocurrency app? Were 23andMe right to blame their users after a data breach? And Indian men have hard feelings after falling for a money-for-sex scam. All this and much much more is discussed in the latest edition of the "Smashing   show more ...

Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.

 announces

Source: www.darkreading.com – Author: PRESS RELEASE LEXINGTON, Mass., January 16, 2024 – Mimecast Limited (Mimecast), an advanced email and collaboration security company, announced today the appointment of Marc van Zadelhoff as CEO, with Mimecast Co-Founder and current CEO Peter Bauer remaining a   show more ...

key collaborator as a member of the Board. Bauer, a key Mimecast shareholder, will continue to be an […] La entrada Mimecast Announces New CEO – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ — Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt Security API   show more ...

Protection Platform. Salt leapfrogs traditional posture management by providing the industry’s first API posture governance engine delivering operationalized API […] La entrada Salt Security Delivers API Posture Governance Engine – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE BRATISLAVA/SAN DIEGO — January 17, 2024 — ESET, a global leader in cybersecurity, has announced the launch of ESET MDR, an innovative solution aimed at addressing the evolving cybersecurity challenges faced by SMBs. This new offering expands on ESET’s   show more ...

Detection & Response Ultimate service for enterprises, enabling SMBs to immediately […] La entrada ESET Launches New Managed Detection and Response (MDR) Service for Small and Midsize Businesses – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE WILMINGTON, Del.- Intel 471, a premier provider of cyber threat intelligence (CTI) solutions across the globe, announced Sonja Tsiridis as its new chief technology officer (CTO). In this position, Sonja will lead Intel 471’s Global Engineering Organization,   show more ...

including product and platform technology, architecture, cloud operations and corporate IT. “Sonja Tsiridis’ […] La entrada Intel 471 Appoints Technology Veteran, Sonja Tsiridis, Chief Technology Officer – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Crypto

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Peter Horree via Alamy Stock Photo A sophisticated phishing campaign dubbed “Inferno Drainer” has managed to siphon more than $80 million in cryptocurrency from 137,000 unwitting victims over the course of   show more ...

a year, using 100 different cryptocurrency brands in an impersonation gambit. According […] La entrada $80M in Crypto Disappears into Drainer-as-a-Service Malware Hell – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chrome

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Wachiwit via Shutterstock Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. It paves the way for code execution and other cyberattacks on targeted endpoints. The   show more ...

vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google […] La entrada Google Chrome Zero-Day Bug Under Attack, Allows Code Injection – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dan Raywood, Senior Editor, Dark Reading Source: Mohd Izzuan Roslan via Alamy Stock Photo The Dubai Police, from the United Arab Emirates, and the Cyber Security Authority of Ghana have already issued two warnings this year, thanks to a series of unsolicited scam messages   show more ...

being sent to individuals. In addition, malicious […] La entrada Experts Ponder Effectiveness of Official Warnings of Cyber Scams – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: Albert Shakirov via Alamy Stock Photo Punchmade Dev — a rapper, producer, and investor known for his music regarding cybercriminal activities — recently has been promoting his own online shop selling hacked bank account as well as payment   show more ...

cards with established balances.  It’s never been clear if […] La entrada ‘Punchmade Dev’ Cybercrime Rapper Launches Cash-Scamming Web Shop – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Accounts

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: GagoDesign via Shutterstock The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application   show more ...

framework, leveraging known bugs for initial compromise. The end goal of the campaign […] La entrada CISA: AWS, Microsoft 365 Accounts Under Active ‘Androxgh0st’ Attack – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Company

Source: www.darkreading.com – Author: Dan Raywood, Senior Editor, Dark Reading Source: Svyatoslav Lypynskyy via Alamy Stock Photo Professional services firm TAG.Global now requires that all of its employees complete a cybersecurity fluency assessment test as a way to raise awareness on threats and to reinforce   show more ...

responsibility for information security among its users. Tawfiq Talhouni, executive […] La entrada Q&A: How One Company Gauges Its Employees’ Cybersecurity ‘Fluency’ – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: securityaffairs.com – Author: Pierluigi Paganini iShutdown lightweight method allows to discover spyware infections on iPhones Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from   show more ...

Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to […] La entrada iShutdown lightweight method allows to discover spyware infections on iPhones – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Switzerland believes that the   show more ...

cyberattack carried out by pro-Russia group NoName disrupted access to some government websites, […] La entrada Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Github rotated credentials after the discovery of a vulnerability GitHub rotated some credentials after the discovery of a flaw that allowed access to the environment variables of a production container. After GitHub became aware of a vulnerability   show more ...

through its bug bounty program, the Microsoft-owned company rotated some credentials. The […] La entrada Github rotated credentials after the discovery of a vulnerability – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AndroxGh0st

Source: securityaffairs.com – Author: Pierluigi Paganini FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of   show more ...

Investigation (FBI) released a joint Cybersecurity Advisory (CSA) to warn of […] La entrada FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Citrix warns admins to immediately patch NetScaler for actively exploited zero-days Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address   show more ...

two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. […] La entrada Citrix warns admins to immediately patch NetScaler for actively exploited zero-days – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential   show more ...

stuffing lists and data stolen by information-stealing malware. Credential stuffing […] La entrada Have I Been Pwned adds 71 million emails from Naz.API stolen account list – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a   show more ...

subgroup of the notorious APT35 Iranian cyberespionage group (also known as Charming Kitten and Phosphorus) […] La entrada Microsoft: Iranian hackers target researchers with new MediaPl malware – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A previously unknown cybercrime syndicate named ‘Bigpanzi’ has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a   show more ...

large-scale botnet of approximately 170,000 daily active bots. However, the researchers have seen 1.3 […] La entrada Bigpanzi botnet infects 170,000 Android TV boxes with malware – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity   show more ...

agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying […] La entrada CISA pushes federal agencies to patch Citrix RCE within a week – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. Kaspersky released Python   show more ...

scripts to help automate the process of analyzing the Shutdown.log file and recognize potential signs of malware infection […] La entrada iShutdown scripts can help detect iOS spyware on your iPhone – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 18, 2024NewsroomFirmware Security / Vulnerability Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in   show more ...

modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development […] La entrada PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 18, 2024NewsroomCyber Espionage / Threat Intelligence High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage   show more ...

group called Mint Sandstorm since November 2023. The threat actor “used bespoke phishing […] La entrada Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: David is the Senior Vice President for the Oracle SaaS Cloud Security engineering and operations organization. Previously, David was the public Cloud Security Engineering Director in the Google Security and Privacy organization and his preceding 18   show more ...

years were spent with Microsoft in numerous security cloud, product and engineering […] La entrada Oracle cyber maverick dives into cloud security and AI – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido Los Angeles, Calif., Jan. 17, 2024 – Spam calls continue to be a major nuisance in the US, and advice on how to avoid them abound. Incogni’s latest research challenges prevalent assumptions about spam calls, revealing that traditional advice on avoiding   show more ...

specific area codes is largely ineffective. The study, based […] La entrada News alert: Incogni study reveals overwhelming majority of spam calls originate locally – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 “Cyber

Source: www.infosecurity-magazine.com – Author: 1 One of the UK’s leading cybersecurity agencies has announced plans to convene a new group of industry experts who will help it track existing and emerging threats to the nation. The National Cyber Security Centre (NCSC) said its new Cyber League would bring   show more ...

together both its own and third-party experts […] La entrada NCSC Builds New “Cyber League” Threat Tracking Community – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 The heightened utilization of AI tools and potential vulnerabilities in gaming have been identified as crucial cybersecurity concerns for children in 2024, according to a new report by Kaspersky.  The document, published today, also highlights the growth of   show more ...

FinTech for young people, the rising popularity of smart home devices and […] La entrada AI, Gaming, FinTech Named Major Cybersecurity Threats For Kids – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 amd

Source: www.techrepublic.com – Author: Megan Crouse Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability—which the   show more ...

researchers named LeftoverLocals—can access conversations performed with large language models and machine learning […] La entrada Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Amazon

Source: www.techrepublic.com – Author: Cedric Pernet The Federal Bureau of Investigation and Cybersecurity & Infrastructure Security Agency warned in a joint advisory about a threat actor deploying a botnet that makes use of the Androxgh0st malware. This malware is capable of collecting cloud credentials,   show more ...

such as those from AWS or Microsoft Azure and more, abusing […] La entrada Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cell phones

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Canadian Citizen Gets Phone Back from Police After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that   show more ...

Ottawa police have made a formal request to obtain […] La entrada Canadian Citizen Gets Phone Back from Police – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 claims

Source: go.theregister.com – Author: Team Register The largest bank in the United States repels 45 billion – yes, with a B – cyberattack attempts per day, one of its leaders claimed at the World Economic Forum in Davos.  Mary Callahan Erdoes, JPMorgan Chase’s CEO in charge of asset and wealth   show more ...

management, revealed the figure during […] La entrada JPMorgan exec claims bank repels 45 billion cyberattack attempts per day – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 America's

Source: go.theregister.com – Author: Team Register As the US mulls legislation that would see the Cyber Safety Review Board (CSRB) become a permanent fixture in the government’s cyber defense armory, experts are calling for substantial changes in the way it’s organized. Discussions were held at a US   show more ...

Senate hearing on January 17 on how the […] La entrada Future of America’s Cyber Safety Review Board hangs in balance amid calls for rethink – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attacks

Source: go.theregister.com – Author: Team Register Ransomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations. A cybersecurity worker in the financial services industry, for example, pinned the stress   show more ...

of remediating ransomware on their heart attack, which ultimately required surgery to […] La entrada Ransomware attacks hospitalizing security pros, as one admits suicidal feelings – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Thursday, January 18
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch