Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Canadian Man Stuck i ...

 A Little Sunshine

A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the   show more ...

seller doesn’t actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card. Triangulation fraud. Image: eBay Enterprise. Timothy Barker, 56, was until recently a Band Manager at Duncan’s First Nation, a First Nation in northwestern Alberta, Canada. A Band Manager is responsible for overseeing the delivery of all Band programs, including community health services, education, housing, social assistance, and administration. Barker told KrebsOnSecurity that during the week of March 31, 2023 he and the director of the Band’s daycare program discussed the need to purchase items for the community before the program’s budget expired for the year. “There was a rush to purchase items on the Fiscal Year 2023 timeline as the year ended on March 31,” Barker recalled. Barker said he bought seven “Step2 All Around Playtime Patio with Canopy” sets from a seller on Amazon.ca, using his payment card on file to pay nearly $2,000 for the items. On the morning of April 7, Barker awoke to a series of nasty messages and voice calls on Facebook from an Ontario woman he’d never met. She demanded to know why he’d hacked her Walmart account and used it to buy things that were being shipped to his residence. Barker shared a follow-up message from the woman, who later apologized for losing her temper. One of several messages from the Ontario woman whose Walmart account was used to purchase the goods that Barker ordered from Amazon. “If this is not the person who did this to me, I’m sorry, I’m pissed,” the lady from Ontario said. “This order is being delivered April 14th to the address above. If not you, then someone who has the same name. Now I feel foolish.” On April 12, 2023, before the Amazon purchases had even arrived at his home, Barker received a call from an investigator with the Royal Canadian Mounted Police (RCMP), who said Barker urgently needed to come down to the local RCMP office for an interview related to “an investigation.” Barker said the officer wouldn’t elaborate at the time on the nature of the investigation, and that he told the officer he was in Halifax for several days but could meet after his return home. According to Barker, the investigator visited his home anyway the following day and began questioning his wife, asking about his whereabouts, his work, and when he might return home. On April 14, six boxes arrived to partially fulfill his Amazon order; another box was delayed, and the Amazon.ca seller he’d purchased from said the remaining box was expected to ship the following week. Barker said he was confused because all six boxes came from Walmart instead of Amazon, and the shipping labels had his name and address on them but carried a contact phone number in Mexico. Three days later, the investigator called again, demanding he submit to an interview. “He then asked where my wife was and what her name is,” Barker said. “He wanted to know her itinerary for the day. I am now alarmed and frightened — this doesn’t feel right.” Barker said he inquired with a local attorney about a consultation, but that the RCMP investigator showed up at his house before he could speak to the lawyer. The investigator began taking pictures of the boxes from his Amazon order. “The [investigator] derisively asked why would anyone order so many play sets?” Barker said. “I started to give the very logical answer that we are helping families improve their children’s home life and learning for toddlers when he cut me off and gave the little speech about giving a statement after my arrest. He finally told me that he believes that I used someone’s credit card in Ontario to purchase the Walmart products.” Eager to clear his name, Barker said he shared with the police copies of his credit card bills and purchase history at Amazon. But on April 21, the investigator called again to say he was coming to arrest Barker for theft. “He said that if I was home at five o’clock then he would serve the papers at the house and it would go easy and I wouldn’t have to go to the station,” Barker recalled. “If I wasn’t home, then he would send a search team to locate me and drag me to the station. He said he would kick the door down if I didn’t answer my phone. He said he had every right to break our door down.” Barker said he briefly conferred with an attorney about how to handle the arrest. Later that evening, the RCMP arrived with five squad cars and six officers. “I asked if handcuffs were necessary – there is no danger of violence,” Barker said. “I was going to cooperate. His response was to turn me around and cuff me. He walked me outside and stood me beside the car for a full 4 or 5 minutes in full view of all the neighbors.” Barker believes he and the Ontario woman are both victims of triangulation fraud, and that someone likely hacked the Ontario woman’s Walmart account and added his name and address as a recipient. But he says he has since lost his job as a result of the arrest, and now he can’t find new employment because he has a criminal record. Barker’s former employer — Duncan’s First Nation — did not respond to requests for comment. “In Canada, a criminal record is not a record of conviction, it’s a record of charges and that’s why I can’t work now,” Barker said. “Potential employers never find out what the nature of it is, they just find out that I have a criminal arrest record.” Barker said that right after his arrest, the RCMP called the Ontario woman and told her they’d solved the crime and arrested the perpetrator. “They even told her my employer had put me on administrative leave,” he said. “Surely, they’re not allowed to do that.” Contacted by KrebsOnSecurity, the woman whose Walmart account was used to fraudulently purchase the child play sets said she’s not convinced this was a case of triangulation fraud. She declined to elaborate on why she believed this, other than to say the police told her Barker was a bad guy. “I don’t think triangulation fraud was used in this case,” she said. “My actual Walmart.ca account was hacked and an order was placed on my account, using my credit card. The only thing Mr. Barker did was to order the item to be delivered to his address in Alberta.” Barker shared with this author all of the documentation he gave to the RCMP, including screenshots of his Amazon.ca account showing that the items in dispute were sold by a seller named “Adavio,” and that the merchant behind this name was based in Turkey. That Adavio account belongs to a young computer engineering student and “SEO expert” based in Adana, Turkey who did not respond to requests for comment. Amazon.ca said it conducted an investigation and found that Mr. Barker never filed a complaint about the seller or transaction in question. The company noted that Adavio currently has a feedback rating of 4.5 stars out of 5. “Amazon works hard to provide customers with a great experience and it’s our commitment to go above and beyond to make things right for customers,” Amazon.ca said in a written statement. “If a customer has an issue with an order, they may flag to Amazon through our Customer Service page.” Barker said when he went to file a complaint with Amazon last year he could no longer find the Adavio account on the website, and that the site didn’t have a category for the type of complaint he wanted to file. When he first approached KrebsOnSecurity about his plight last summer, Barker said he didn’t want any media attention to derail the chances of having his day in court, and confronting the RCMP investigator with evidence proving that he was being wrongfully prosecuted and maligned. But a week before his court date arrived at the end of November 2023, prosecutors announced the charges against him would be stayed, meaning they had no immediate plans to prosecute the case further but that the investigation could still be reopened at some point in the future. The RCMP declined to comment for this story, other than to confirm they had issued a stay of proceedings in the case. Barker says the stay has left him in legal limbo — denying him the ability to clear his name, while giving the RCMP a free pass for a botched investigation. He says he has considered suing the investigating officer for defamation, but has been told by his attorney that the bar for success in such cases against the government is extremely high. “I’m a 56-year-old law-abiding citizen, and I haven’t broken any laws,” Barker said, wondering aloud who would be stupid enough to use someone else’s credit card and have the stolen items shipped directly to their home. “Their putting a stay on the proceedings without giving any evidence or explanation allows them to cover up bad police work,” he said. “It’s all so stupid.” Triangulation fraud is hardly a new thing. KrebsOnSecurity first wrote about it from an e-commerce vendor’s perspective in 2015, but the scam predates that story by many years and is now a well-understood problem. The Canadian authorities should either let Mr. Barker have his day in court, or drop the charges altogether.

image for Veon Estimates Nearl ...

 Firewall Daily

Veon, the parent company for Kyivstar, Ukraine’s top mobile operator, recently outlined the financial impact of the Kyivstar cyberattack in December. The breach is anticipated to have caused a substantial revenue shortfall for the 2024 fiscal year, estimated at around 3.6 billion Ukrainian hryvnias, or nearly   show more ...

$95 million. Kyivstar cyberattack resulted in substantial disruptions to Kyivstar’s network, affecting voice and data services, international roaming, and SMS for users in Ukraine and abroad.  The cyber intrusions prompted Kyivstar to collaborate with Ukrainian law enforcement agencies, including the Security Service of Ukraine and government entities, to restore services gradually. The company, acknowledging the loyalty of its customers during the outage, implemented measures such as offering one month of free services on specific contracts. Updates on Kyivstar Cyberattack VEON conducted a financial impact assessment, indicating that the limited downtime of critical services is not expected to materially affect its consolidated results for the fiscal year ending December 31, 2023. However, the company anticipates a revenue impact in 2024, estimated at approximately USD 95 million, attributed to customer loyalty measures taken by Kyivstar to compensate for the disruptions. CEO Oleksandr Komarov expressed optimism about the swift restoration of major services, including mobile internet, voice services, and SMS, within the next few days. Nonetheless, he acknowledged that the full recovery of all additional services might take several weeks, highlighting the meticulous approach required in the process. The intrusion, attributed to the hacker group Solntsepyok and linked to Russian military intelligence by Ukraine’s Security Service (SBU), raised concerns about potential data compromise. Komarov, however, reassured customers that no sensitive data was compromised and dismissed circulated screenshots as fabricated. Remediation Strategies Post the Attack Despite the challenges, Kyivstar’s parent company emphasized its commitment to ongoing remediation efforts. The full extent of financial implications from these efforts remains uncertain and cannot be reasonably estimated at this time, according to VEON’s statement. VEON, a digital operator serving nearly 160 million customers across six countries, operates with a vision to transform lives through technology-driven services. Headquartered in Amsterdam, the company is publicly traded on NASDAQ and Euronext. As the situation unfolds, the parent company expresses gratitude to its customers for their unwavering support post the cyber incident and extends appreciation to industry partners and Ukrainian authorities for their collaborative efforts in the recovery process. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hunters Internationa ...

 Firewall Daily

The Hunters International ransomware group has announced its latest conquest, asserting that Gallup-McKinley County Schools in New Mexico have fallen victim to their cyber onslaught. The Gallup-McKinley County Schools cyberattack claim, however, lacks critical details such as the nature of data compromise, the extent   show more ...

of the breach, or the motives driving the attack, leaving the educational community and cybersecurity experts grappling with uncertainty. Upon investigation, The Cyber Express team accessed the official website of Gallup-McKinley County Schools, finding it fully functional. Cyberattack on Gallup-McKinley County Schools: More Details This development raises skepticism regarding the authenticity of the ransomware group’s assertions, as the lack of disruption to the school’s online presence contradicts the typical aftermath of a successful Gallup-McKinley County Schools cyberattack. Source: Twitter The potential implications of this cyberattack on Gallup-McKinley County Schools are profound, considering the sensitive information held by educational institutions. Teachers, parents, and students alike entrust schools with personal details such as names, contact numbers, ID information, and email addresses. If exposed, this data could have severe consequences beyond financial losses, impacting the privacy and security of those associated with the school. The threat of ransomware and cyberattacks targeting K-12 schools is on the rise, driven in part by increased reliance on technology for teaching, learning, and administrative functions. According to a global survey conducted by cybersecurity company Sophos, 80% of school IT professionals reported ransomware attacks in 2023, a significant increase from the 2022 survey’s 56%. Recent Attacks Highlight Vulnerabilities in Education This alarming trend is exemplified by recent cyberattacks on prominent educational institutions. In the first week of January 2024, the Kershaw County School District in the USA reportedly fell victim to a cyberattack orchestrated by the notorious Black Suit ransomware group. The breach resulted in the unauthorized extraction and subsequent leak of a substantial 17.5 GB of sensitive data. Simultaneously, the Van Buren Public School in Belleville, Michigan, faced an alleged data breach attributed to the Akira ransomware group. The threat actors claimed possession of substantial information about the public school, heightening concerns about the security of educational institutions. Adding to the global scope of the issue, a user claimed to have uploaded the database of Salsabila Islamic School in Bekasi, Indonesia, to a hackers’ forum in 2023. The unverified claims suggest a compromise of sensitive personal information, including parents’ names, email addresses, phone numbers, physical addresses, places of birth, genders, dates of birth, and even birth certificates. As these distressing incidents unfold, the education sector finds itself increasingly targeted by cybercriminals, posing significant challenges to data security and privacy. The cyberattack on Gallup-McKinley County Schools remains an evolving story, and The Cyber Express is committed to keeping its readers informed with further developments as they unfold. Stay tuned for updates on this concerning trend in educational cybersecurity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

The Remcos RAT is being distributed in South Korea through webhards, leveraging adult-themed games as a disguise. In this tactic, users are deceived into opening files posing as adult games. This campaign emphasizes the need for heightened vigilance when downloading files from the internet.

 Trends, Reports, Analysis

Mary Callahan Erdoes, head of the bank’s asset and wealth management division, highlighted a significant rise in cybercrime, with a 65% increase in fraud losses for U.S. financial institutions from 2022 to 2023.

 Trends, Reports, Analysis

A report by SecurityScorecard revealed that wealthier regions have better cybersecurity defenses and lower cyber risk compared to poorer regions. The study found that organizations in regions with lower GDP are more likely to suffer data breaches.

 Malware and Vulnerabilities

The malware employs tactics such as lateral movement via PSEXEC, malicious download and execution, proxy setup, and RDP configuration to exfiltrate data and establish command and control communications.

 Trends, Reports, Analysis

Enterprise employees are increasingly accessing generative AI applications, posing a risk of exposing sensitive data, making it crucial for organizations to implement advanced data security measures.

 Malware and Vulnerabilities

The CISA and the FBI issued a joint warning about the Androxgh0st malware botnet, indicating that threat actors are building a botnet network to extract cloud credentials. Threat actors were also observed using stolen AWS credentials to create new users and user policies on a vulnerable website. The agencies have released IOCs associated with the Androxgh0st malware operation and recommended mitigations.

 Trends, Reports, Analysis

In 2023, the flow of cryptocurrency into illicit addresses decreased by nearly 39% compared to the previous year, with sanctioned entities accounting for the majority of activity, according to Chainalysis.

 Feed

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup keys interpolated by   show more ...

default, as opposed to what it should be, according to the documentation of the StringLookupFactory class. Those keys allow an attacker to execute arbitrary code via lookups primarily using the script key. In order to exploit the vulnerabilities, the following requirements must be met: Run a version of Apache Commons Text from version 1.5 to 1.9, use the StringSubstitutor interpolator, and the target should run JDK versions prior to 15.

 Feed

Ubuntu Security Notice 6589-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information.

 Feed

Red Hat Security Advisory 2024-0298-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.2 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0266-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

 Feed

Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker   show more ...

could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.

 Data Breach News

The renowned parent company of iconic fashion brands such as Vans, Supreme, and The North Face, has acknowledged falling victim to the VF Corp cyberattack, resulting in a compromise of personal data belonging to approximately 35.5 million customers. The VF Corp cyber incident, which transpired in December, has raised   show more ...

concerns about the security of consumer information for the fashion giant.  In a regulatory filing, VF Corp disclosed that hackers orchestrated the breach, but the nature of the pilfered personal data remains unspecified. Notably, the company clarified that its direct-to-consumer practices exclude the collection or retention of sensitive information like social security numbers, bank details, or payment card information. As the investigation unfolds, VF Corp reassured that no evidence has surfaced, thus far, indicating the acquisition of consumer passwords by the threat actors. VF Corp Cyberattack Claimed by BlackCat Ransomware  The cybercriminals, identified as the ransomware group ALPHV (also known as BlackCat ransomware), claimed responsibility for the VF Corp cyberattack. Their tactics involved disrupting VF Corp’s operations by encrypting certain IT systems, leading to a temporary halt in some product orders and other disruptions. Despite the challenges posed by the cyber incident, VF Corp has made significant progress in restoring the impacted IT systems and data, minimizing the operational setbacks. The company emphasized its commitment to addressing the aftermath of the cyber incident and stated, “While the investigation remains ongoing, VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor.” This proactive approach aligns with VF Corp’s dedication to transparency and accountability in managing the fallout from the cyber incident. Detection and Mitigation On December 13, 2023, VF Corp detected unauthorized activities on a segment of its information technology (IT) systems. Promptly responding to the situation, the company has been collaborating with federal law enforcement agencies and relevant regulatory authorities, adhering to legal obligations. This cooperation reflects VF Corp’s responsibility in mitigating the impact of the cyber incident and ensuring the security and privacy of its customers. As the fashion industry grapples with the increasing frequency of cyberattacks, the VF Corp cyberattack reminds fashion giants of the importance of better cybersecurity measures. The company’s proactive response and ongoing cooperation with authorities exemplify a commitment to safeguarding customer trust in the face of cybersecurity challenges. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

Kansas State University (K-State) has officially acknowledged and is actively managing a cybersecurity incident that has caused disruptions in certain network systems, impacting essential services such as VPN, K-State Today emails, and video services on Canvas and Mediasite. The disruption caused by to K-State   show more ...

cyberattack, detected promptly by the university’s IT team, prompted immediate actions to investigate and isolate affected areas. As a result of this K-State cyberattack, certain systems, including VPN, K-State Today emails, videos on Canvas, and MediaSite, have been taken offline. The university has also extended this precaution to select shared drives and printers, along with university listservs. “We can confirm that these disruptions are the result of a recent cybersecurity incident, and as such, we want you to know that these impacted systems were taken offline and will remain offline for the immediate future as the investigation continues,” stated the official release from Kansas State University. Kansas State University Cyberattack: Current Status and Measures Taken To address the K-State cyberattack promptly, the university has engaged third-party IT forensic experts to aid in the ongoing investigation. While select services remain offline, including KSU Wireless, the university encourages users to connect wirelessly using KSU Guest during this period. K-State Today emails have returned in a temporary format, distinct from the regular format, featuring a different header image and a curated selection of articles. This temporary format will persist until all K-State Today functions are fully restored and operational. Acknowledging the significance of maintaining business and academic continuity, the university reassures the community that addressing the issue efficiently is a top priority. The university leadership is actively arranging meetings with departmental contacts to discuss potential impacts on business processes and operations and ensure continuity. The investigation is ongoing, and the university refrains from sharing information that could compromise the integrity of the inquiry. In the meantime, users are urged to remain vigilant and adhere to cybersecurity best practices. Students can reach out to the IT help desk for assistance, while faculty and staff should contact their departmental IT points of contact if they notice anything suspicious. Notable Cybersecurity Incidents in Educational Institutions: This incident at Kansas State University follows a series of cyberattacks targeting educational institutions. In 2023, the University of Wollongong experienced a data breach, affecting both staff and students. Stanford University faced a cybersecurity incident with claims by the Akira ransomware group. Manchester University grappled with threatening emails, illustrating the evolving strategies employed by hackers, including the ominous “triple extortion” tactic. As educational institutions continue to face escalating cyber threats, Kansas State University’s response emphasizes the importance of swift action, transparency, and collaborative efforts to safeguard sensitive information and ensure the resilience of critical systems. Ongoing communications and updates will be posted on the university’s official site to keep the community informed as the investigation progresses. The incident highlights the collective responsibility to address cybersecurity challenges and fortify defenses in the face of evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass

 Feed

A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a "few strange binaries," according to software supply chain security firm Phylum, including a single

 Feed

Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on Chinese pirating websites in order to gain victims," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. "Once detonated, the malware will download and execute multiple payloads

 Feed

In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.  In

 Cyber Security News

Source: thehackernews.com – Author: . Jan 18, 2024NewsroomServer Security / Cryptocurrency Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization   show more ...

strategy. “This is the first documented case of malware deploying the […] La entrada New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 COLDRIVER

Source: thehackernews.com – Author: . The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google’s Threat Analysis Group (TAG), which shared details   show more ...

of the latest activity, said the attack chains leverage PDFs as decoy […] La entrada Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 18, 2024NewsroomSupply Chain Attacks / AI Security Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The   show more ...

misconfigurations could be abused by an attacker to “conduct a supply chain compromise of TensorFlow releases on […] La entrada TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 18, 2024The Hacker NewsAuthentication Security / Passwords In today’s digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations   show more ...

are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to […] La entrada MFA Spamming and Fatigue: When Security Measures Go Wrong – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The Quantum Computing Cryptopocalypse – I’ll Know It When I See It Can quantum computing break cryptography? Can it do it within a person’s lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum computing break cryptography?   show more ...

Sure, it can. Can it do it within a person’s […] La entrada The Quantum Computing Cryptopocalypse – I’ll Know It When I See It – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Kansas State University suffered a serious cybersecurity incident Kansas State University (K-State) suffered a cybersecurity incident that has disrupted part of its network and services. Kansas State University (K-State) suffered a cybersecurity incident   show more ...

that impacted a portion of its network and services. On January, 16, 2023, the University K-State […] La entrada Kansas State University suffered a serious cybersecurity incident – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and   show more ...

Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix […] La entrada CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Google TAG warns that Russian COLDRIVER APT is using a custom backdoor Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star   show more ...

Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, […] La entrada Google TAG warns that Russian COLDRIVER APT is using a custom backdoor – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab   show more ...

researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, […] La entrada PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Amidst the rise of generative AI, business leaders must navigate the delicate balance of adoption, security, and trust. By Apu Pavithran, CEO and Founder, Hexnode At the end of August, OpenAI released ChatGPT for Enterprises. The much-hyped version   show more ...

focuses on “enterprise-grade security,” advanced data analysis capabilities, and customization options. […] La entrada ChatGPT For Enterprises Is Here – But CEOs First Want Data Protections – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: cyberdefensewebinars.com – Author: Nick SIGN UP NOW Most organizations have some kind of processes established for their day-to-day cyber security program, but most are missing the fact that while cyber security is important, information security is the focal point of many areas in which organizations   show more ...

are struggling. How can an organization manage all of […] La entrada Webinar: Managing Without Governing? Why Your Organization Needs a Management System to Govern Your Information Resilience Program – Source: cyberdefensewebinars.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Asaf Karas, CTO for JFrog Security Businesses leverage enterprise applications to build a competitive edge and move quickly. These applications need to be built, secured, deployed, and updated on a daily basis in most cases. This is where the power of   show more ...

DevOps comes in to prioritize swift software […] La entrada DevOps’ Big Challenge: Limiting Risk Without Impacting Velocity – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Madalina Popovici During his initial statements since becoming the National Cyber Director in December, Harry Coker stated that the White House plans to “reduce unnecessary barriers” that federal contractors have while trying to fill cybersecurity positions, such as the   show more ...

need for a bachelor’s degree. At a gathering in the Community College […] La entrada White House Revamps Cybersecurity Hiring Strategy – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023. The attackers used VPNs that lacked multi-factor authentication.   show more ...

They exploited CVE-2023-20269 on Cisco ASA or FTD devices and obtained […] La entrada Akira Ransomware Attacks Surge. Finnish Companies Among Targets – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Businesses

Source: www.darkreading.com – Author: John Leyden, Contributing Writer Source: Pablo Lagarto via Alamy Stock Photo Ransomware-as-a-service looks set to fuel an increase in attack in Nigeria, as a notable agency is named as a victim to the notorious malware. Nigeria’s National Cyber Threat Forecast 2024   show more ...

from the Cyber Security Experts of Nigeria (CSEAN), a nonprofit […] La entrada Nigerian Businesses Face Growing Ransomware-as-a-Service Trade – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: imageBROKER.com GmbH & Co. KG via Alamy Stock Photo The Russia-backed advanced persistent threat (APT) known as ColdRiver has taken a dive into the icy waters of custom malware, rolling out a proprietary backdoor   show more ...

called “Spica.” The use of malware represents a significant […] La entrada Google: Russia’s ColdRiver APT Unleashes Custom ‘Spica’ Malware – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Actors

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: devilmaya via Alamy Stock Photo Last week, two different threat actors teamed up to send thousands of post-holiday-break phishing emails destined for North American organizations. Other than volume, the campaign was fairly standard   show more ...

fare. What’s more interesting, perhaps, is the timing of the campaign — and […] La entrada Threat Actors Team Up for Post-Holiday Phishing Email Surge – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Citrix

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading 2 Min Read Source: Monticello via Shutterstock Two vulnerabilities have been found in NetScaler ADC and NetScaler Gateway, formerly known as Citrix ADC and Citrix Gateway, and are affecting six supported versions. Tracked as   show more ...

CVE-2023-6548, this vulnerability needs access to NSIP, CLIP, or SNIP with […] La entrada Citrix Discovers 2 Vulnerabilities, Both Exploited in the Wild – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading 2 Min Read Source: Bob Sharples via Alamy Stock Photo Container-focused cyberattackers have a brand-new type of payload: a gray-area traffic-generating tool that creates artificial page views for websites, known as the 9hits   show more ...

Traffic Exchange. Members of 9hits can buy what are known as […] La entrada Cybercrooks Target Docker Containers With Novel Pageview Generator – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: Mykhailo Polenok via Alamy Stock Photo Online scammers and fraudsters should be retrained as information technology specialists, a Nigerian cybersecurity expert advised the nation’s Economic and Financial Crimes Commission. Chidiebere   show more ...

Ihediwa, a Nigerian cybersecurity specialist, told the law enforcement agency that redirecting the knowledge and capabilities of […] La entrada Nigerian Law Enforcement Agency Advised to Retrain African Cybercriminals – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 anti-ransomware

Source: www.darkreading.com – Author: Shmuel Gihon Source: Olekcii Mach via Alamy Stock Photo COMMENTARY Ransomware is a pervasive issue affecting businesses of all sizes and industries, and the best way to respond remains hotly debated. While much fanfare coincided with the announcement of a US-led, 40-country   show more ...

coalition to collectively reject the payment of ransoms to […] La entrada Anti-Ransomware Coalition Bound to Fail Without Key Adjustments – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: In 2024, 70 nations, comprised of over 3.7 billion people (nearly half of the world’s population) will hold presidential or legislative elections. The World Economic Forum’s 2024 Global Threats Report, published just ahead of the group’s   show more ...

annual event that takes place this week, highlighted misinformation and disinformation as […] La entrada AI misinformation, world’s biggest short-term threat, says WEF – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 COLDRIVER

Source: www.infosecurity-magazine.com – Author: 1 Russian threat group Coldriver has expanded its targeting of Western officials with the use of malware to steal sensitive data, Google’s Threat Analysis Group (TAG) has revealed. Coldriver, AKA Star Blizzard, is linked to Russia’s intelligence service, the   show more ...

FSB. It is known to focus on credential phishing campaigns targeting high-profile […] La entrada Russian Coldriver Hackers Deploy Malware to Target Western Officials – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Clearer

Source: www.infosecurity-magazine.com – Author: 1 South Africa, known to be ‘the world’s most internet-addicted country,’ finds itself plagued by the internet’s dark underbelly: ransomware. It is the most targeted nation in Africa for these cyber-attacks and places eighth globally,   show more ...

according to the South African Council for Scientific and Industrial Research. Despite its digital dependency, the […] La entrada Experts Urge Clearer Direction in South Africa’s Cyber Strategy – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money transfer   show more ...

and digital payment services. It is popular in Argentina because it […] La entrada Payoneer accounts in Argentina hacked in 2FA bypass attacks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA issued this year’s first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation   show more ...

by multiple threat actors. This is an expected development, given that vulnerable Ivanti appliances are […] La entrada CISA emergency directive: Mitigate Ivanti zero-days immediately – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans’ precise location data. InMarket is a Texas-based data aggregation company   show more ...

specializing in collecting and analyzing people’s location data. The company gathers location information […] La entrada FTC bans one more data broker from selling your location info – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. The flaw was patched in October, with VMware confirming this Wednesday that it’s aware of CVE-2023-34048   show more ...

in-the-wild exploitation, although it didn’t share any other details on the attacks. […] La entrada Chinese hackers exploit VMware bug as zero-day for two years – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. The American global apparel and footwear   show more ...

giant said that the affected customers’ social security numbers, bank account […] La entrada Vans, North Face owner says ransomware breach affects 35 million people – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Friday, January 19
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch