Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for RailTel Under Siege: ...

 Firewall Daily

RailTel Corporation of India Ltd., a prominent public sector enterprise providing broadband and VPN services, is allegedly facing a significant security threat. The announcement of the RailTel data breach was made by a dark web user on a popular dark web forum.  The threat actor post suggests that unauthorized access   show more ...

to RailTel’s network and VPN is being offered for sale by a dark web user known as DBLand. RailTel Data Breach and Sale on Dark Web Source: Twitter A post by DBLand on Monday, January 22, 2024, at 05:17 AM, claims to provide RailTel VPN and network access. RailTel Corporation of India Ltd., established in September 2000, aims to create a nationwide broadband, telecom, and multimedia network while modernizing the train control operation and safety system of Indian Railways. RailTel’s extensive network spans around 5,000 stations across the country, covering major commercial centers. The Cyber Express has reached out to RailTel for clarification on this potential data breach. However, as of now, no official statement or response has been received, leaving the claims for the RailTel data breach unverified. Analysis and Potential Impacts While RailTel’s website appears operational without immediate signs of a cyberattack, it’s crucial to note that the dark web user may have targeted the organization’s database rather than the website’s front end. This tactic aligns with the preferred methods of hackers and ransomware groups. RailTel Corporation of India has been proactive in exploring opportunities in the cybersecurity sector. Sanjay Kumar, CMD of the company, highlighted RailTel’s emergence as a reliable system integrator and service provider in the cybersecurity domain. In an interview with CNBC-TV18, Kumar mentioned the company’s focus on cybersecurity as a new opportunity. RailTel’s current initiatives include providing Wi-Fi at 6,000 railway stations across the country. The company has signed a 5-year Wi-Fi monetization contract with a consortium led by 3i Infotech, committing to an annual payment of Rs 14 crore or 40 percent of revenue earned to RailTel. The alleged data breach and unauthorized access on the dark web pose a potential threat to RailTel’s cybersecurity integrity. The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the RailTel data breach or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Alleged Colombian Go ...

 Firewall Daily

There are claims of unauthorized VPN access to a Colombian government ministry being offered for sale at $1000. The alleged threat actor, going by the name “dawnofdevil,” posted about the Colombian government ministry data breach and sale offer on Friday, January 19, 2024.  According to the Colombian   show more ...

government ministry data breach post, the SSL VPN access being sold pertains to the Ministry of Colombia, and it specifies that the access type is network access (VPN) using Fortinet technology. The organization in question is identified as a government entity based in Colombia. Colombian Government Ministry Data Breach and Sale on Dark Web Source: Twitter The Cyber Express has attempted to reach out to the Ministry of Colombia to gather more information regarding this purported data breach. However, as of the time of writing, no official statement or response has been received, leaving the claims of the Ministry of Colombia data breach unverified. Surprisingly, the website associated with the alleged Ministry of Colombia appears to be operational, showing no visible signs of a data breach. It raises the possibility that the hackers may have targeted the back-end of the website rather than the front end. It’s important to note that these claims come in the wake of previous cyber-related incidents in Colombia. In a separate case, a judge in Bogotá sentenced Andres Felipe Cardoso Alvarez, known as Orgon and allegedly part of the Anonymous Colombia group, to over 3 years and 5 months in prison, reported ImmuniWeb. The charges included abusive access to a computer system, computer damage, and illegitimate hindering of a computer system. Similar Cases and Government Intervention  Cardoso, who is now obligated to pay a fine of USD 28,000, was found guilty of illicitly entering various private and public websites, including the official site of the Colombian president’s office and several municipal agencies. The CyberNiggers hacker group, mentioned in the recent data breach claims, operates independently, lacking a defined hierarchy within its structure, according to Major Adrian Vega Hernandez, the head of the Police Cyber Center involved in the investigation. As the situation unfolds, concerns about cybersecurity and the integrity of government systems persist. The Ministry of Colombia is urged to address these allegations promptly and transparently to ensure public trust and security. The Cyber Express will be closely monitoring the situation and will update this post once we have more information on the Colombian government ministry data breach and any official confirmation from the ministry.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for 37C3: how ethical ha ...

 Business

Polish hackers from Dragon Sector told the 37th Chaos Communication Congress (37C3) late last year how theyd hacked into digital rights management (DRM) for trains, and, more importantly — why. Why Polish hackers broke into trains Around five years ago, Polands Koleje Dolnoslaskie (KD) rail operator bought 11 Impuls   show more ...

45WE trains from domestic manufacturer Newag. Fast-forward to recent times, and after five years of heavy use it was time for a service and some maintenance: a rather complex and expensive process that a train has to undergo after clocking up a million kilometers. To select a workshop to service the trains, KD arranged a tender. Newag was among the bidders, but they lost to Serwis Pojazdów Szynowych (SPS), which underbid them by a significant margin. However, once SPS was done with servicing the first of the trains, they found that it simply wouldnt start up any more — despite seeming to be fine both mechanically and electrically. All kinds of diagnostic instruments revealed that the train had zero defects in it, and all the mechanics and electricians that worked on it agreed. No matter: the train simply would not start. Shortly after, several other trains serviced by SPS — plus another taken to a different shop — ended up in a similar condition. This is when SPS, after trying repeatedly to unravel the mystery, decided to bring in a (white-hat) hacker team. Inside the drivers cabin of one of the Newag Impuls trains that were investigated. Source Manufacturers malicious implants and backdoors in the train firmware The researchers spent several months reverse-engineering, analyzing, and comparing the firmware from the trains that had been bricked and those still running. As a result, they learned how to start up the mysteriously broken-down trains, while at the same time discovering a number of interesting mechanisms embedded in the code by Newags software developers. For example, they found that one of the trains computer systems contained code that checked GPS coordinates. If the train spent more than 10 days in any one of certain specified areas, it wouldnt start anymore. What were those areas? The coordinates were associated with several third-party repair shops. Newags own workshops were featured in the code too, but the train lock wasnt triggered in those, which means they were probably used for testing. Areas on the map where the trains would be locked. Source Another mechanism in the code immobilized the train after detecting that the serial number of one of the parts had changed (indicating that this part had been replaced). To mobilize the train again, a predefined combination of keys on the onboard computer in the drivers cabin had to be pressed. A further interesting booby trap was found inside one of the trains systems. It reported a compressor malfunction if the current day of the month was the 21st or later, the month was either 11th or later and the year was 2021 or later. It turned out that November 2021, was the scheduled maintenance date for that particular train. The trigger was miraculously avoided because the train left for maintenance earlier than planned and returned for a service only in January 2022, the 1st month, which is obviously before 11th. Another example: one of the trains was found to contain a device marked UDPCAN Converter, which was connected to a GSM modem to receive lock status information from the onboard computer. The most frequently found mechanism — and we should note here that each train had a different set of mechanisms — was designed to lock the train if it remained parked for a certain number of days, which signified maintenance for a train in active service. In total, Dragon Sector investigated 30 Impuls trains operated by KD and other rail carriers. A whopping 24 of them were found to contain malicious implants of some sort. One of the researchers next to the train. Source How to protect your systems from malicious implants This story just goes to show that you can encounter malicious implants in the most unexpected of places and in all kinds of IT systems. So, no matter what kind of project youre working on, if it contains any third-party code — let alone a whole system based on it — it makes sense to at least run an information security audit before going live.

image for Indian Legal Powerho ...

 Firewall Daily

The CL0P ransomware group has claimed responsibility for compromising India-based S&A Law Offices, a leading firm offering litigation services, commercial transactions, and expertise in allied laws and intellectual property rights. The cybercriminals allege to have posted sensitive employee details, including   show more ...

phone numbers, addresses, vehicle numbers, PAN card details, internal mail communications, and other personally identifiable information (PII) as proof of compromise. CL0P Ransomware Group Claim Unverified The Cyber Express Team has reached out to S&A Law Offices for comment, but as of the writing of this report, no official response has been received, leaving the CL0P ransomware group claim unverified. An intriguing aspect is that, despite the alleged S&A Law Offices cyberattack, the official website of the targeted firm remains functional, casting doubts on the veracity of CL0P’s claims. If proven true, the cyberattack on S&A Law Offices could have significant implications, potentially causing reputational damage and eroding client trust. The exposure of sensitive employee information may not only impact individual employees but also compromise the confidentiality of client cases and sensitive legal matters. Broader Context: Cyber Threats Against Indian Organizations This cyberattack on S&A Law Offices follows a series of cyber threats against prominent Indian organizations. Innefu Labs, a cybersecurity firm renowned for its advanced AI and data analytics solutions, recently fell victim to a cyberattack by the group PreciousMadness. The data breach involved unauthorized access to crucial components of Innefu’s infrastructure, with exfiltrated data available for purchase. Such attacks highlight the vulnerability of critical infrastructure and the potential ripple effect across various sectors. In a string of recent cyber incidents, unconfirmed reports suggest a potential breach at the Indian Railways Institute of Mechanical & Electrical Engineering (IRIMEE) and a massive data leak from the System for Pension Administration Raksha (SPARSH) portal, affecting defense personnel’s sensitive information. If these incidents are connected, it points towards a systemic vulnerability in critical national infrastructure, posing a threat to both national security and individual privacy. Escalating Cyber Threat Landscape in India India has witnessed a surge in cyberattacks, with a 15% weekly increase on average in 2023, positioning the country as the second-most targeted nation in the Asia-Pacific region. The alarming rise in cyber threats is reflected in the global landscape, where organizations faced an average of 1,158 weekly cyber attacks in 2023. This increased frequency poses a substantial risk to the overall economic and technological stability of the nation. Another recent cybersecurity report highlights that Indian organizations have successfully fended off only 58% of cyberattacks in the past two years, emphasizing the urgent need for enhanced cybersecurity measures in the country. The potential success of these cyberattacks poses not only financial risks but also jeopardizes national security, intellectual property, and the privacy of individuals on an unprecedented scale. As the frequency and sophistication of cyber threats continue to escalate, businesses and organizations in India are urged to enhance their cybersecurity defenses to protect sensitive data and ensure the privacy and security of individuals and entities. The S&A Law Offices incident serves as a reminder of the interconnectedness of cybersecurity, where a single breach can have far-reaching consequences, impacting not only the targeted organization but also the broader landscape of national security and digital trust. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information

image for Double Eagle Energy ...

 Firewall Daily

The Hunters ransomware group has claimed to have launched a cyberattack on Double Eagle Energy Holdings IV, LLC, a prominent US-based oil and natural gas development and production company. The Hunters ransomware attack occurred on January 23, 2024, when the Hunters group claimed to have successfully compromised   show more ...

Double Eagle Energy Holdings, exfiltrating a substantial 768.2 GB of sensitive data, including corporate structures, internal documents, accounting records, bank account information, scanned tax returns, and passports. The ransomware group substantiated its claims by sharing scanned copies of passports and screenshots revealing corporate structures and bank account information. Notably, the group did not disclose any intentions to release the compromised data, leaving the affected organization and the cybersecurity community on high alert. Hunters Ransomware Attack: Impact on Double Eagle Energy Holdings Source: Twitter The impacted organization, Double Eagle Energy Holdings IV LLC, has faced a setback due to the Hunters ransomware cyberattack. As a result, the company’s official website, doubleeagledevelopment.com, is currently inoperative, displaying an SSL error. The Cyber Express has attempted to reach out to the affected organization for further insights into the incident. However, communication was impeded by the absence of a valid SSL certificate on the company’s site, leaving the claims of the cyberattack unverified. Hunters International, a Ransomware-as-a-Service (RaaS) brand, surfaced in Q3 of 2023, drawing attention due to similarities in its source code with the notorious Hive ransomware strain. Initial malware analysis revealed a significant overlap of approximately 60% with samples of Hive ransomware version 61. While the technical analysis suggested a potential connection to the disrupted Hive cartel, Hunters International has vehemently denied any affiliation with the Hive operation. Modus Operandi of Hunters International Group Intelligence indicates that Hunters International ransomware operates with a primary objective of exfiltrating target data and subsequently extorting victims through ransom demands. The attack chain involves encrypting files and appending the “.LOCKED” extension. Notably, the threat actors often leave files with the naming convention “Contact Us.txt” in directories, containing instructions for victims to initiate negotiations on the dark web. The incident involving Double Eagle Energy Holdings IV LLC highlights the importance of robust cybersecurity measures and prompt response strategies to mitigate potential damages. The industry awaits further developments and responses from both the affected organization and the cybersecurity community in the wake of this unsettling Hunters ransomware attack. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for A Covert Cyberattack ...

 Dark Web News

Cyble Research and Intelligence Labs (CRIL) has identified an ongoing campaign targeting individuals seeking asylum in the United States through the use of MetaStealer malware. This sophisticated attack involves the distribution of a malicious ZIP archive file, disguising itself as a PDF document, to potentially   show more ...

launch a cyberattack on US asylum seekers.  On January 11th, CRIL stumbled upon a ZIP archive file named “case2.09-cv-03795.zip” and traced it back to a suspicious URL (hxxps://courtnation[.]shop/case2.09-cv-03795[.]zip). The investigation raised concerns that this link might be disseminated through spam emails, adding an element of social engineering to the attack. MetaStealer Malware and Cyberattack on US Asylum Seekers Source: Cyble Once the victim opens the ZIP file, a seemingly innocent PDF file named “case2.09-cv-03795.pdf” is revealed. However, this PDF is, in fact, a cleverly disguised shortcut LNK file, concealing the true nature of the threat. Upon opening the deceptive PDF, the LNK file executes a series of actions that lead to the deployment of the MetaStealer malware. Source: Cyble According to CRIL, the execution flow of the attack involves the initiation of a VPN application using DLL sideloading, effectively loading a concealed malicious DLL from within the ZIP archive. This DLL, in turn, drops an MSI installer that downloads a deceptive PDF lure, creating a façade of normalcy for the victim. Source: Cyble Simultaneously, a CAB file is dropped, housing the MetaStealer malware, which establishes a connection with the Command-and-Control (C&C) server for data exfiltration. MetaStealer, categorized as an info-stealer malware, is unveiled as a potent threat capable of extracting sensitive information from compromised systems. This upgraded version, previously distributed through malvertising campaigns, exhibits continuous development, signaling potential future threats. Technical Insights and Command-and-Control Communication Source: Cyble The technical intricacies of the attack involve PowerShell commands, DLL sideloading, and a series of file drops leading to the installation of MetaStealer. The malware employs various evasion techniques, including Defender Bypass, to manipulate Windows Defender settings and avoid detection. Source: Cyble After successful infiltration, MetaStealer establishes a connection with its C&C server at “ykqmwgsuummieaug[.]xyz” on port 443. The communication involves encryption of data over HTTP, employing the ‘cpp-httplib’ library. The malware communicates with the C&C server through GET and POST requests, receiving tasks for execution and providing status updates on completed tasks. Source: Cyble The cyberattack strategically leverages social engineering tactics by presenting victims with a deceptive lure—an “I-589, Application for Asylum and Withholding of Removal” PDF document. This choice of content plays on the urgency and sensitivity of asylum-related matters, increasing the likelihood of individuals opening the malicious file without suspicion. MetaStealer Features and Capabilities MetaStealer, upon execution, employs the Defender Bypass technique, manipulating Windows Defender settings to evade detection. The malware gathers information about the compromised system, utilizing tools like “winver.exe” and “systeminfo.exe” to retrieve details such as the Windows version and system specifications. Once MetaStealer completes its initial information gathering, it shifts its focus to the installed browser applications. The malware steals sensitive information, including autofill data, cookies, login data, and other pertinent details, exploiting potential vulnerabilities in the victim’s online security. The interaction between MetaStealer and its C&C server is a critical aspect of the attack. The malware encrypts the data during communication, ensuring a secure exchange with the server. The use of HTTP and the ‘cpp-httplib’ library allows for discreet communication, minimizing the chances of detection. The C&C server assigns tasks to the compromised system, ranging from collecting system information to executing commands. Despite encountering an HTTP 400 error code during the analysis, indicating potential disruptions, the attackers persist in their attempts to maintain control over the infected system. Conclusion The cyberattack targeting US asylum seekers utilizing the MetaStealer malware highlights the new and persistent tactics employed by threat actors. By leveraging deceptive tactics and exploiting the urgency and sensitivity of asylum-related content, attackers aim to compromise the security of individuals with a interest in immigrating to the United States. This report emphasizes the importance of heightened cybersecurity measures to thwart such sophisticated threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Time to Secure Cloud ...

 Feed

While the challenges and risks associated with securing cloud-native environments are significant, with the right security measures and a focus on cybersecurity basics, organizations can effectively secure their cloud-native systems and development pipelines.

 Breaches and Incidents

Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra said in an advisory released on January 22, 2024.

 Malware and Vulnerabilities

Deserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.

 Malware and Vulnerabilities

The ransomware uses targeted phishing techniques for initial access, as well as to gather credentials from one of the employees of its target company. It then uses RATs to gain privileged access and move laterally within its target network.

 Malware and Vulnerabilities

At the time of writing, no official patch has been made available. However, Ivanti has published recovery steps for customers to mitigate their systems in the interim. It’s strongly recommended that you apply this mitigation ASAP.

 Trends, Reports, Analysis

While most organizations consider cyber resiliency a foundational aspect of their broader business continuity or disaster recovery (BC/DR) strategy, BC/DR preparedness is not yet “passing” most service-level agreement (SLA) expectations.

 Breaches and Incidents

What’s worse, the exposed server also laid bare the personal records of customers and affiliates, containing highly sensitive Personally Identifiable Information (PII) and Know Your Customer (KYC) data.

 Breaches and Incidents

The company has discovered a limited number of individuals whose personal information may have been impacted during the breach and is working with a third-party forensics firm to assess the extent of the attack's impact on its operations and systems.

 Feed

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged   show more ...

the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

 Feed

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token   show more ...

cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.

 Feed

Gentoo Linux Security Advisory 202401-29 - A vulnerability has been discovered in sudo which can lead to execution manipulation through rowhammer-style memory manipulation. Versions less than 1.9.15_p2 are affected.

 Feed

Debian Linux Security Advisory 5604-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.

 Feed

Ubuntu Security Notice 6596-1 - It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive information.

 Feed

Red Hat Security Advisory 2024-0378-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0376-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2024-0288-03 - Red Hat OpenShift Container Platform release 4.13.30 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Debian Linux Security Advisory 5603-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.

 Feed

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra&

 Feed

In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that - shortens the time to deliver our applications. But, as

 Feed

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable

 Feed

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In

 Feed

In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only solution to address

 Feed

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend

 Guest blog

The US Securities & Exchange Comission (SEC) has confirmed that hackers managed to seize control of a phone number associated with its Twitter account, and used it to post an unauthorised message. Read more in my article on the Hot for Security blog.

 After

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: mindea via Shutterstock Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. The bug, assigned as CVE-2024-23222, stems from a type confusion error, which basically is what happens when an   show more ...

application incorrectly assumes the input it receives is of a […] La entrada Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Takatoshi Kurikawa via Alamy Stock Photo A Russian national has been identified and sanctioned by Australia, the United Kingdom, and the United States for his role in the data breach of an Australian health insurance giant. Aleksandr   show more ...

Gennadievich Ermakov, born May 16, 1990, is a former […] La entrada US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Anti-Theft

Source: www.darkreading.com – Author: Dark Reading Staff Source: Seemanta Dutta via Alamy Stock Photo Apple pushed out a security update for iPhone this week featuring a brand-new Stolen Device Protection for iPhone feature. Stolen Device Protection restricts the user’s ability to make critical changes to   show more ...

the device settings when the device is not in a […] La entrada Apple’s Anti-Theft Security Slows Down iPhone Crooks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nathan Eddy, Contributing Writer Source: Nikolay Vinokurov via Alamy Stock Photo Fresh malware targeting Apple users in the US and Germany is infecting Bitcoin and Exodus cryptowallet applications with a Trojan distributed through pirated software, according to Kaspersky   show more ...

researchers. The malware is delivered via cracked applications and can replace Exodus and […] La entrada MacOS Malware Targets Bitcoin, Exodus Cryptowallets – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: graham jepson via Alamy Stock Photo The Subway restaurant chain, creator of the Sweet Onion Teriyaki combo and slinger of sports-themed fast-casual sandwich deals, is investigating claims that the LockBit 3.0   show more ...

ransomware gang was able to toast up its infrastructure. Last week, the […] La entrada Subway Puts a LockBit Investigation on the Menu – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blame

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading 2 Min Read Source: dennizn via Alamy Stock Photo A new statement from the Securities and Exchange Commission (SEC) explained that the regulator’s X account was compromised after a threat actor was able to gain control of the phone   show more ...

number associated with the account, in a […] La entrada SEC Says SIM Swap to Blame for Breached X Account – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Parrot'

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Sergei Simonov via Alamy Stock Photo Threat actors behind a traffic redirect system (TDS) that’s been active since October 2021 have ramped up efforts to elude detection and can potentially reach millions of people   show more ...

with malicious scripts hidden in thousands of compromised websites. Researchers from Unit […] La entrada Millions at Risk As ‘Parrot’ Web Server Compromises Take Flight – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading 1 Min Read On Dec. 30, CISA Director Jen Easterly was the target of a swatting incident in her home, sources have revealed. A 911 call was placed before 9 p.m. with false claims that a shooting occurred in a house on   show more ...

Easterly’s block, targeting […] La entrada CISA Director Jen Easterly Targeted in Swatting Incident – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: Quality Stock via Alamy Stock Photo The Google and Reichman Tech School has launched a cyber-analyst training program, in response to a significant increase in cyberattacks against Israel. Run in collaboration with PwC Next, a subsidiary of PwC   show more ...

Israel, the program provides participants with knowledge and understanding […] La entrada Google-Backed Israeli University Launches Cyber-Analyst Course – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Metamorworks via Shutterstock Retailers in the Middle East and Africa account for a greater number of victims of Web-skimming attacks, but with a small fraction of the total number of consumer victims. In the latest discovery of   show more ...

such an attack, an independent researcher claims to have […] La entrada Magecart Adds Middle East Retailers to Long List of Victims – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Agency

Source: www.govinfosecurity.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development British Lawmakers Call on Government to Boost Protections From AI Scams Akshaya Asokan (asokan_akshaya) • January 23, 2024     The U.K. National Cyber Security   show more ...

Center said cyberthreat actors are not likely to make advanced use of AI before […] La entrada UK Intelligence Agency Warns of Mounting AI Cyberthreat – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Healthcare , Incident & Breach Response , Industry Specific Researcher Reported Configuration Issue to Cloud Vendor After Lab Failed to Respond Marianne Kolbasuk McGee (HealthInfoSec) • January 23, 2024     Image: Getty An unsecured database appearing to   show more ...

belong to a Netherlands-based medical laboratory exposed 1.3 million records on the […] La entrada Medical Lab Database Exposed 1.3M Records, COVID Test Info – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Cybercrime , Fraud Management & Cybercrime Cybercrime Groups Hire VexTrio to Help Route Victims to Their Malicious Content Mathew J. Schwartz (euroinfosec) • January 23, 2024     A fake dating page that leads to malicious content and is tied to the malicious   show more ...

traffic broker VexTrio (Image: Infoblox) As if […] La entrada Malicious Traffic Distribution System Spotted by Researchers – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA's

Source: www.govinfosecurity.com – Author: 1 Cybercrime , Fraud Management & Cybercrime US Cyber Agency Director Is Latest High-Profile Target of Dangerous Swatting Attack Chris Riotta (@chrisriotta) • January 23, 2024     U.S. CISA Director Jen Easterly speaking at a conference in Washington, D.C., on   show more ...

April 29, 2019 (Image: CC BY 2.0 Deed/Karlin Villondo) The […] La entrada CISA’s Jen Easterly Confirms ‘Harrowing’ Swatting Attack – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Australia

Source: www.techrepublic.com – Author: Matthew Sainsbury Organisations in Australia face a significant challenge with data. On the one hand, there is a demand for personalised services. Consumers are willing to share their data if it means better personalisation. On the other hand, there is a real concern about   show more ...

privacy, and while organisations are focused on […] La entrada Australian Organisations Struggling to Resolve Tensions Between Personalisation, Privacy – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CXO

Source: www.techrepublic.com – Author: Megan Crouse Microsoft disclosed on Jan. 19 that a nation-state backed attack occurred beginning in November 2023 in which the Russian state-sponsored threat actor group Midnight Blizzard accessed some Microsoft corporate emails and documents through compromised email   show more ...

accounts. The attackers gained access in November 2023 using a legacy test tenant account. […] La entrada Microsoft Says State-Sponsored Attackers Accessed Senior Leaders’ Emails – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 accused

Source: go.theregister.com – Author: Team Register A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it’s not clear if anyone is taking responsibility. Among the information revealed in the publicly accessible and   show more ...

seemingly insecurely configured database were 118,441 coronavirus test certificates, 506,663 […] La entrada COVID-19 test lab accused of exposing 1.3 million patient records to open internet – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a “realistic   show more ...

possibility” that by 2025, the most sophisticated attackers’ tools will […] La entrada GCHQ’s NCSC warns of ‘realistic possibility’ AI will help state-backed malware evade detection – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home. Easterly described the incident as a “harrowing” experience in an official statement: Swatting —   show more ...

calling in a hoax an emergency report for […] La entrada CISA boss swatted: ‘While my own experience was certainly harrowing, it was unfortunately not unique’ – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 accused

Source: go.theregister.com – Author: Team Register A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. Chouby Charleron is alleged to be behind the online alias   show more ...

of “The Real Jwet King,” and […] La entrada Accused PII seller faces jail for running underground fraud op – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

Source: www.schneier.com – Author: Bruce Schneier Poisoning AI Models New research into poisoning AI models: The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial   show more ...

training. After this, they checked if the AI still had hidden behaviors. They found that […] La entrada Poisoning AI Models – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

Source: www.schneier.com – Author: Bruce Schneier Really interesting research: “Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation.   show more ...

Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common […] La entrada Side Channels Are Common – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 24, 2024The Hacker NewsVulnerability / Software Security In a world where more & more organizations are adopting open-source components as foundational blocks in their application’s infrastructure, it’s difficult to consider traditional SCAs as   show more ...

complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, […] La entrada The Unknown Risks of The Software Supply Chain: A Deep-Dive – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Australia

Source: thehackernews.com – Author: . Jan 24, 2024NewsroomCryptocurrency / Cybercrime Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov   show more ...

(aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach […] La entrada U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 24, 2024NewsroomVulnerability / Endpoint Security A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a   show more ...

CVSS score of 9.8 out of 10. “Authentication bypass in Fortra’s GoAnywhere […] La entrada Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: sleepyfellow via Alamy Stock Photo The United Arab Emirates (UAE) National Program for Coders has announced an initiative to train 100 Emirati women in artificial intelligence (AI) technology, including cybersecurity. Named   show more ...

“AI-Forward,” the initiative is launched with Ureed.com and Meem Foundation and will equip participants with practical […] La entrada AI Learning Initiative Launches for UAE Women – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Marcos Alvarado via Alamy Stock Photo A ransomware group potentially linked to the defunct BlackMatter gang has joined several other adversaries in deploying an emerging type of attack that can terminate antivirus (AV)   show more ...

processes and services for the deployment of ransomware. Actors behind the Kasseika ransomware […] La entrada Kasseika Ransomware Linked to BlackMatter in BYOVD Attack – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: ArtemisDiana via Alamy Stock Photo Prompt Security launched out of stealth today with a solution that uses artificial intelligence (AI) to secure a company’s AI products against prompt injection and jailbreaks — and also keeps employees   show more ...

from accidentally feeding sensitive data to tools like ChatGPT. Organizations are […] La entrada Prompt Security Launches With AI Protection for the Enterprise – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Chip Daniels Source: Christian Horz via Alamy Stock Photo COMMENTARY Our nation is facing some of its greatest challenges ever. Amid rising geopolitical tensions and emerging conflicts, our country’s security community continues to face one of its most sophisticated   show more ...

adversaries: hackers. The increase in nation-state-backed hacking groups means our cyber opponents […] La entrada Filling the Cybersecurity Talent Gap – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Krot Studio via Shutterstock Many of the security problems of large language models (LLMs) boil down to a simple fact: The heart of all LLMs is a black box. The end users of LLMs typically do not have a lot of information on how   show more ...

providers collected […] La entrada Researchers Map AI Threat Landscape, Risks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud-native

Source: www.darkreading.com – Author: George V. Hulme, Contributing Writer 2 Min Read The news headlines are full of breaches and data exposures that are the result of unsecured cloud-native applications and application programming interfaces (APIs) — how, for example, third-party data logging application   show more ...

TeslaMate retrieves information about Tesla cars via the Tesla API, and users […] La entrada Time to Secure Cloud-Native Apps Is Now – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 announces

Source: www.darkreading.com – Author: PRESS RELEASE SANTA CLARA, Calif. – January 22, 2024 – Netskope, a leader in Secure Access Service Edge (SASE), today announced the next addition to its family of single-vendor SASE offerings, focused on midmarket organizations and the Managed Service Providers   show more ...

(MSP) that serve them. The ongoing expansion of Netskope’s industry-leading SASE portfolio enables Netskope and its partners […] La entrada Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Wednesday, January 24
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch