Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Authentication bypas ...

 Business

Researchers have analyzed the CVE-2024-0204 vulnerability in Fortra GoAnywhere MFT software (MFT standing for managed file transfer) and published exploit code that takes advantage of it. We explain the danger, and what organizations that use this software should do about it. Vulnerability CVE-2024-0204 in GoAnywhere   show more ...

MFT Lets start by briefly recounting the story of this vulnerability in GoAnywhere. In fact, Fortra, the company developing this solution, patched this vulnerability back in early December 2023 with the release of GoAnywhere MFT 7.4.1. However, at that time the company chose not to disclose any information about the vulnerability, limiting itself to sending private recommendations to clients. The essence of the vulnerability is as follows. After a user completes initial setup of GoAnywhere, the products internal logic blocks access to the initial account setup page. Then when they attempt to access this page, theyre redirected either to the admin panel (if theyre authenticated as an administrator) or to the authentication page. However, researchers discovered that an alternative path to the InitialAccountSetup.xhtml file can be used, which the redirection logic does not take into account. In this scenario, GoAnywhere MFT allows anyone to access this page and create a new user account with administrator privileges. As proof of the attacks feasibility, the researchers wrote and published a short script that can create admin accounts in vulnerable versions of GoAnywhere MFT. All an attacker needs is to specify a new account name, a password (the only requirement is that it contains at least eight characters, which is interesting in itself), and the path: Part of the exploit code for the CVE-2024-0204 vulnerability. Highlighted in red is the alternative path to the initial account setup page that enables the creation of users with administrator privileges In general, this vulnerability closely resembles that discovered in Atlassian Confluence Data Center and Confluence Server a few months ago; there, too, it was possible to create admin accounts in a few simple steps. Fortra assigned vulnerability CVE-2024-0204 critical status, with a CVSS 3.1 score of 9.8 out of 10. A little context is necessary here. In 2023, the Clop ransomware group already exploited vulnerabilities in Fortra GoAnywhere MFT and also similar products from other developers — Progress MOVEit, Accellion FTA, and SolarWinds Serv-U — to attack hundreds of organizations worldwide. In particular, companies such as Procter & Gamble, Community Health Systems (CHS, one of the largest hospital networks in the U.S.A.), and the municipality of Toronto suffered from the exploitation of the GoAnywhere MFT vulnerability. How to defend against CVE-2024-0204 exploitation The obvious way to protect against exploitation of this vulnerability is to update GoAnywhere MFT to version 7.4.1 immediately, which fixes the logic for denying access to the InitialAccountSetup.xhtml page. If you cant install the update for some reason, you can try one of two simple workarounds: Delete the InitialAccountSetup.xhtml file in the installation folder and restart the service; or Replace InitialAccountSetup.xhtml with a blank file and restart the service. You should also use an EDR (Endpoint Detection and Response) solution to monitor suspicious activity in the corporate network. If your internal cybersecurity team lacks the skills or resources for this, you can use an external service to continuously hunt for threats to your organization and swiftly respond to them.

image for Who is Alleged Medib ...

 Breadcrumbs

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while   show more ...

working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles. Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade. The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The documents released by the Australian government included multiple photos of Mr. Ermakov, and it was clear they wanted to send a message that this was personal. It’s not hard to see why. The attackers who broke into Medibank in October 2022 stole 9.7 million records on current and former Medibank customers. When the company refused to pay a $10 million ransom demand, the hackers selectively leaked highly sensitive health records, including those tied to abortions, HIV and alcohol abuse. The U.S. government says Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed cybercrime gang REvil. “REvil was among the most notorious cybercrime gangs in the world until July 2021 when they disappeared. REvil is a ransomware-as-a-service (RaaS) operation and generally motivated by financial gain,” a statement from the U.S. Department of the Treasury reads. “REvil ransomware has been deployed on approximately 175,000 computers worldwide, with at least $200 million paid in ransom.” The sanctions say Ermakov went by multiple aliases on Russian cybercrime forums, including GustaveDore, JimJones, and Blade Runner. A search on the handle GustaveDore at the cyber intelligence platform Intel 471 shows this user created a ransomware affiliate program in November 2021 called Sugar (a.k.a. Encoded01), which focused on targeting single computers and end-users instead of corporations. An ad for the ransomware-as-a-service program Sugar posted by GustaveDore warns readers against sharing information with security researchers, law enforcement, or “friends of Krebs.” In November 2020, Intel 471 analysts concluded that GustaveDore’s alias JimJones “was using and operating several different ransomware strains, including a private undisclosed strain and one developed by the REvil gang.” In 2020, GustaveDore advertised on several Russian discussion forums that he was part of a Russian technology firm called Shtazi, which could be hired for computer programming, web development, and “reputation management.” Shtazi’s website remains in operation today. A Google-translated version of Shtazi dot ru. Image: Archive.org. The third result when one searches for shtazi[.]ru in Google is an Instagram post from a user named Mikhail Borisovich Shefel, who promotes Shtazi’s services as if it were also his business. If this name sounds familiar, it’s because in December 2023 KrebsOnSecurity identified Mr. Shefel as “Rescator,” the cybercriminal identity tied to tens of millions of payment cards that were stolen in 2013 and 2014 from big box retailers Target and Home Depot, among others. How close was the connection between GustaveDore and Mr. Shefel? The Treasury Department’s sanctions page says Ermakov used the email address ae.ermak@yandex.ru. A search for this email at DomainTools.com shows it was used to register just one domain name: millioner1[.]com. DomainTools further finds that a phone number tied to Mr. Shefel (79856696666) was used to register two domains: millioner[.]pw, and shtazi[.]net. The December 2023 story here that outed Mr. Shefel as Rescator noted that Shefel recently changed his last name to “Lenin,” and had launched a service called Lenin[.]biz that sells physical USSR-era Ruble notes that bear the image of Vladimir Lenin, the founding father of the Soviet Union. The Instagram account for Mr. Shefel includes images of stacked USSR-era Ruble notes, as well as multiple links to Shtazi. The Instagram account of Mikhail Borisovich Shefel, aka MikeMike aka Rescator. In a report published this week, Intel 471 said investigators connected Ermakov to REvil because the stolen Medibank data was published on a blog that had one time been controlled by REvil affiliates who carried out attacks and paid an affiliate fee to the gang. But by the time of the Medibank hack, the REvil group had mostly scattered after a series of high-profile attacks led to the group being disrupted by law enforcement. In November 2021, Europol announced it arrested seven REvil affiliates who collectively made more than $230 million worth of ransom demands since 2019. At the same time, U.S. authorities unsealed two indictments against a pair of accused REvil cybercriminals. “The posting of Medibank’s data on that blog, however, indicated a connection with that group, although the connection wasn’t clear at the time,” Intel 471 wrote. “This makes sense in retrospect, as Ermakov’s group had also been a REvil affiliate.” It is easy to dismiss sanctions like these as ineffective, because as long as Mr. Ermakov remains in Russia he has little to fear of arrest. However, his alleged role as an apparent top member of REvil paints a target on him as someone who likely possesses large sums of cryptocurrency, said Patrick Gray, the Australian co-host and founder of the security news podcast Risky Business. “I’ve seen a few people poo-poohing the sanctions…but the sanctions component is actually less important than the doxing component,” Gray said. “Because this guy’s life just got a lot more complicated. He’s probably going to have to pay some bribes to stay out of trouble. Every single criminal in Russia now knows he is a vulnerable 33 year old with an absolute ton of bitcoin. So this is not a happy time for him.”

image for Celebrating Republic ...

 Features

In an era where cybersecurity has become an integral part of organizations, the role of Chief Information Security Officers (CISOs) has become pivotal to protect organizations against cyberattacks and data breaches. India, a hub of technological innovation, boasts a cadre of exceptional leaders at the forefront of   show more ...

cyber defenses. As India celebrates its Republic Day today, it’s an opportune moment to honor the Top 26 Indian CISOs in cybersecurity, acknowledging their pivotal role in fortifying the nation’s digital infrastructure. Their expertise in safeguarding digital frontiers is crucial for national security and technological progress, reflecting the resilience and innovation that this day symbolizes. From seasoned veterans to visionary leaders shaping the future, this article unveils the diverse expertise and accomplishments of these CISOs, offering insights into their journeys, strategies, and the critical role they play in securing our digital future. Their work exemplifies the spirit of innovation and vigilance, mirroring the values of Republic Day in the context of our digital era. Top 26 Indian CISOs to Watch Out in 2024 At the forefront of the cyber threats, these 26 Indian Chief Information Security Officers (CISOs) stand as visionary leaders, diligently shaping the future of digital defense with their unparalleled expertise and innovative approaches, showcasing an unwavering commitment to safeguarding organizations in an era of dynamic technological challenges. Ashish Khanna, Global CISO and Head IT at Evalueserve Ashish Khanna, Global CISO at Evalueserve, boasts 20 years of diverse experience and global recognition, including “CISO 100 and Top Influencer” in 2022. A strategic leader, he excels in IT operations, security, and compliance, managing initiatives across 32 locations. Recognized for his managerial potential and workplace competencies, Ashish’s awards and committee roles highlight his impact in the industry. Subhajit Deb, CISO & Head at Envoy Global Inc. Subhajit Deb, CISO & Head at Envoy Global Inc., is a cybersecurity leader with over two decades of experience. Specializing in enterprise cybersecurity and regulatory compliance, he has led global teams, creating agile and cost-conscious security programs. With certifications like CISM and CRISC, Subhajit holds US Patents and Trade Secrets. Recognized with industry awards, including Top 100 CISOs, he serves on advisory boards, mentors startups, and is a regular speaker at conferences. Subhajit’s expertise spans CISO leadership, GDPR, Risk Management, Business Continuity, and Six Sigma methodologies, contributing to key cyber risk reduction at Envoy Global Inc. Vikas M, Vice President & CISO at American Red Cross Vikas M is the Vice President & Chief Information Security Officer (CISO) at the American Red Cross, bringing extensive experience as an IT leader and certified security professional. Vikas is adept at integrating innovation, operations, security, and strategy to address business challenges. His proficiency in managing teams and consulting is highlighted by the ability to influence, encourage, and lead towards successful outcomes. An accomplished speaker, presenter, and writer, Vikas specializes in security, identity management, IT strategy & planning, cloud computing, vendor management, and ERP. With a CISSP certification, he is dedicated to ensuring robust information security at the American Red Cross. Vikram Dhanda, CISO at Virtusa Vikram Dhanda, CISO at Virtusa, is a veteran cybersecurity leader with hands-on expertise in IT/ITeS, MRO, and telecom domains. With a track record of transforming IT Shared Services into a profit center, managing real-time telecom applications for a massive subscriber base, and leading large IT operations teams, Vikram excels in delivering business outcomes and maintaining robust security postures. Over two decades, he has demonstrated lateral synthesis, ingenuity, and operational excellence, emphasizing problem elimination and continual process refinement. Rishi Mehta, SVP & CISO at HCLTech Meet Rishi Mehta is the Senior Vice President and Chief Information Security Officer (CISO) at HCLTech. With a philosophy centered around simplicity, Rishi leads the security transformation journey, emphasizing full-stack engineering capabilities and innovation. His approach focuses on balancing cybersecurity with user experience for both internal and external customers. Motivated by continual improvement, openness to change, and meaningful connections, Rishi brings a dynamic perspective to information security leadership. His commitment to simplicity has enabled him and his teams to find practical and user-friendly solutions, making a significant impact on the cybersecurity landscape at HCLTech. Aman Raheja, CISO at Humana Aman Raheja, CISO at Humana, brings over two decades of security and technology expertise. Starting as a software developer and progressing through roles like Level-2 IT support and penetration testing, Aman’s diverse background culminated in leadership positions.  He has successfully led enterprise-scale security strategies, collaborating with business and IT leaders, regulators, and boards to effectively manage security risks. Aman’s journey reflects his commitment to continuous learning and leadership in the dynamic field of cybersecurity. Mathan Babu Kasilingam, CISO at Vodafone Idea Limited Mathan Babu Kasilingam, a cybersecurity veteran with 20+ years, is the Chief Technology Security Officer & Data Privacy Officer at Vi Ltd. Recognized for industry contributions, he’s received awards like the CSO 100 and Security Leader of the Year. From system integration to OEM leadership, Mathan has navigated diverse roles. Known for coining ESSB (now SOAR) and serving as guest faculty at top institutions, his impact spans safeguarding banks, payment systems, and telcos. A dedicated team builder, Mathan ensures security is a critical differentiator. His journey reflects growth, innovation, and a commitment to creating a safer world. Jagdish Asodekar, CISO at WhiteOak Capital Asset Management Ltd. Jagdish Asodekar, VP & CISO at WhiteOak Capital Asset Management Ltd., is a seasoned cybersecurity professional with over a decade of experience. His expertise spans information security, IT risk management, and cybersecurity operations. Jagdish has held prominent roles as CISO at Metropolitan Stock Exchange and Multi Commodity Exchange of India, excelling in regulatory compliance and cybersecurity tools implementation. With a background in managing IT services at Financial Technologies, he brings a wealth of experience to his current role. Jagdish holds certifications, including ITIL Foundation, showcasing his commitment to professional development. Ramesh Kumar, CISO at Biocon Group of Companies Ramesh Kumar is the CISO at Biocon Group of Companies and is a seasoned IT professional with over 20 years of experience. Ramesh has demonstrated expertise in driving initiatives across IT & ICS Security, IT Operation & Business Support, and Enterprise IT Architecture. His focus extends to Information Security Risk Management, Managed Security Services, Information Security Policy & Governance, and DR & Business Continuity planning. In his role, Ramesh is accountable for the integrated IT-OT Cyber Security Posture for utility businesses. He collaborates extensively with Group Cyber Security to implement mature cybersecurity across various business units of Adani Enterprises. Additionally, he plays an active role as a member of the Enterprise Architecture Review Board and Change Advisory Board, contributing to the strategic decisions of the organization. Sunil Seshadri, CISO at Wells Fargo Sunil Seshadri, CISO at Wells Fargo, brings over 20 years of cybersecurity leadership. With a proven track record, he excels in designing and operating large-scale security platforms, particularly in the financial sector. Beyond his operational prowess, Sunil actively engages with the industry as an advisory board member, conference speaker, and contributor. In summary, Sunil Seshadri is a seasoned professional focused on strategy, technology risk management, and cyber defense at Wells Fargo. Ravi Mani, CISO at Quest Diagnostics Ravi Mani, the Chief Information Security Officer (CISO) at Quest Diagnostics, is a distinguished leader in information technology and services. With a strong background in cybersecurity, cloud, AI, and IT strategy, Ravi is recognized globally. He’s not only a key figure at Quest Diagnostics but also serves on advisory boards for various cybersecurity and technology companies.  Ravi’s accolades include the 2022 Top Global CISO’s in the World award from Cyber Defense Magazine and being selected among the TOP 100 CISOs by CISOs Connect in 2023. Mani brings exceptional expertise and recognition to his role at Quest Diagnostics. Gurdeep Kaur, Managing Director & CISO at PSEG Gurdeep Kaur, Managing Director & CISO at PSEG, is a seasoned cybersecurity leader with 20 years of experience. Recognized for enabling innovation while mitigating security risks, Gurdeep excels in strategic planning, industry-standard security architecture, and audit management.  A trusted partner with a clear communication style, she is also the co-founder of StepUpSkill and an active member of the (ISC)2 New Jersey chapter. Gurdeep is driving cybersecurity excellence at PSEG and beyond. Medha Bhalodkar, CISO at Columbia University Medha Bhalodkar is the Chief Information Security Officer at Columbia University, where she leads teams overseeing IT policies, data protection, cybersecurity, and enterprise IT risk management.  With nearly two decades in the financial industry, Medha has received prestigious awards, including the 2020 Wasserman Award and the 2022 Top Global CISO by Cyber Defense Magazine.  At Columbia, she chairs the IT Security Council, co-chairs the IT Leadership Council, and is involved in various governance roles. Holding multiple security certifications, Medha is not only a trailblazer in information security but also actively mentors women in technology.  Priya Sirwani, CISO at Fiera Capital Priya Sirwani, CISO at Fiera Capital, is a seasoned cybersecurity and IT risk executive renowned for transforming global enterprise security programs. Known for her risk-based approach, Priya delivers pragmatic strategies, reducing business risk and fostering a culture of creativity and high engagement within her teams.  With expertise in cybersecurity, information risk management, data privacy, and fraud, she actively contributes to the Toronto CISO community. Priya is a dynamic leader championing security and risk at Fiera Capital, emphasizing continuous learning and high standards of personal integrity and work ethics. Sujeet Bambawale, CISO at 7-Eleven Sujeet Bambawale is the Chief Information Security Officer at 7-Eleven, leading a customer-obsessed Information Security organization. With a rich background at Symantec, NetApp, and Intuit, Sujeet focuses on maturing 7-Eleven’s security posture through strategic execution and cross-organizational relationship building.  Certified as a C|CISO, CISM, and CGEIT, he holds a master’s degree in electronics engineering and has studied organizational leadership at UC Berkeley’s Haas Business School. Outside his role, Sujeet actively supports the security community through non-profit contributions, mentorship, and executive sponsorship for initiatives like Women in Technology and online safety programs for youth. Rajendra Bhalerao, CISO at Scotiabank Rajendra Bhalerao is the Chief Information Security Officer (CISO) at Scotiabank. With a postgraduate degree from Mumbai University and CISM certification, Rajendra brings over two decades of experience in banking, consulting, telecom, ISP, and data center environments. Specializing in BCP/DRP consulting, vulnerability testing, and data center management, he holds certifications in ISO27001, ITILv3, RedhatLinux, and CCNA. Rajendra’s expertise ensures robust information security measures at Scotiabank, making him an invaluable asset to the organization. Niju Mohan Kumbalaparambil, CISO at SBM Bank Niju Mohan Kumbalaparambil is the Chief Information Security Officer at SBM Bank (India), a prominent banking and BFSI company under Sbmgroup.mu. With headquarters in Port Louis, SBM Bank operates with 501 employees and was founded in 1973. In his role as CISO, Niju Mohan Kumbalaparambil plays a crucial role in safeguarding the information security of SBM Bank, contributing to the organization’s continued success and reliability. Ravinder Arora, CISO at Infogain Ravinder Arora is the Vice President and Global Chief Information Security Officer (CISO) at Infogain, with 20 years of expertise in Global Cyber Security Program Management. Renowned for his insightful excellence, Ravinder has successfully implemented and managed SOC, utilizing diverse cybersecurity tools such as DLP, SIEM, WAF, and more.  His certifications include CRISC, CISM, ISO 27001 Lead Auditor, ITIL V.3, and others. At Infogain, Ravinder leads information and cyber security initiatives, ensuring the highest standards of protection and compliance across various domains. Kumar Ravi, CISO at Teleperformance Kumar Ravi, the Chief Information Security Officer (CISO) at Teleperformance, brings over 22 years of leadership, consulting, and implementation experience in Information & Cyber Security, Data Privacy, and Risk & Compliance. In his current role, Kumar leads Teleperformance’s Information Security and Cyber Security strategy, as well as the Business Continuity Management program.  With a diverse background in IT/ITeS, BPM, and insurance organizations, he has a wealth of experience in global enterprise-wide strategy, risk management, and cyber defense. Kumar is a certified CISSP, CISA, CISM, CRISC, CEH, DCPLA, ISO 27001LA, CCNP, CCNA, and MCSE. Ankush Chowdhary, Vice President & CISO at Hewlett Packard Enterprise Ankush Chowdhary is the Vice President & CISO at Hewlett Packard Enterprise, bringing 20+ years of cybersecurity leadership. Leading the cloud security transformation for HPE GreenLake Cloud Platform, Ankush’s expertise spans roles at Google, Microsoft, and AWS, covering engineering, advisory, strategy, and compliance.  Certified as a CISO with credentials from Google, AWS, and Microsoft, Ankush is a recognized author and speaker. His mission is to guide organizations to secure and compliant cloud environments with cutting-edge technologies.  Ratan Jyoti, CISO Ujjivan Small Finance Bank Limited Ratan Jyoti, CISO at Ujjivan Small Finance Bank Limited, brings over 22 years of financial sector experience, overseeing enterprise security for 20+ departments and 16000+ employees. Known for developing robust security frameworks and leveraging next-gen technologies, Ratan is a tech influencer, cybercrime investigator, and published author. His mission is to drive digital innovation and security, delivering value to stakeholders and enhancing the information security workforce. Parimala Rao, Deputy CISO at GSA Parimala Rao, Deputy CISO at GSA, is an award-winning cybersecurity professional with Stanford and MIT certifications. With a focus on driving cybersecurity and technology efforts, she excels in large-scale applications, vendor management, and big data analytics. Parimala specializes in protecting core systems and confidential data. As a dynamic leader, she contributes significantly to GSA’s success. Satish K. Dwibhashi, CISO at KreditBee Satish K. Dwibhashi is the CISO at KreditBee, bringing over 30 years of expertise in IT & Information Security. A proven leader and subject matter expert in Cyber Security, GRC, and BCM, Satish has a comprehensive understanding of Information Security Standards/Frameworks.  He has worked across various industry verticals, including IT/ITES, BFSI/FinTech, AdTech, Retail, Manufacturing, and Health Care. As a PLATINUM member of ISACA and Past President, Satish is also an Accredited Trainer for CISA, CISM, CRISC, and CGEIT at the ISACA Bangalore Chapter. He is a regular speaker at industry forums, showcasing his passion for teaching, coaching, and mentoring.  Varun Singla, SVP & CISO at Airtel Varun Singla, SVP & CISO at Airtel, is a customer-focused business executive and CISO. With a deep expertise in building effective security organizations, he collaborates with business, IT, and engineering teams to address enterprise risks. Varun has a track record of managing client partnerships, driving business growth, and mentoring global teams across the U.S., Europe, and India. His passion lies in creating a culture of innovation and empowering future leaders for continued success. Anuprita Daga, Group CISO at Angel One Anuprita Daga, Group CISO at Angel One, boasts 25 years of leadership experience in data privacy, security, and risk quantification. With a background in spearheading security transformation and ensuring compliance with regulatory standards, she is committed to enhancing information security, cybersecurity, and data privacy frameworks. Anuprita focuses on developing and enforcing robust security policies to safeguard sensitive information across the organization. Kanupriya Vazandar, CISO at DIAGEO India Kanupriya Vazandar, CISO at DIAGEO India, brings over 14 years of expertise in IT and Information Security Management. Leading the IT Governance Controls, Cybersecurity, PMO, Data Privacy, and Compliance domains, she has spearheaded diverse projects encompassing risk management, cybersecurity, digital innovation, SOX/CCAR/IFCR, governance, and strategy execution for technology and business controls. Conclusion On India’s Republic Day, we take a moment to applaud the exceptional work of the top 26 Indian CISOs, who have not just fortified their own organizations but have also helped raise India’s profile on the world’s cybersecurity stage. Their dedication to innovating and strategically managing digital risks embodies the essence of Republic Day, showcasing India’s commitment to growth and safety in our increasingly digital world. These CISOs’ impressive journeys and achievements are a beacon of leadership and dedication, perfectly mirroring the strength and resilience that we celebrate on this important day. In conclusion, the inspiring journeys of these 26 Indian CISOs serve as a testament to their dedication, leadership, and invaluable contributions to the field of cybersecurity.

 Govt., Critical Infrastructure

The U.K. government is considering implementing voluntary rules for software vendors to disclose vulnerabilities in their systems. This initiative follows successful hacks targeting the country's infrastructure.

 Trends, Reports, Analysis

The number of data compromises in the U.S. reached a record high in 2023, impacting over 353 million victims, with a 78% increase from the previous year, according to the Identity Theft Resource Center’s annual data breach report.

 Identity Theft, Fraud, Scams

The National Investor in Abu Dhabi has issued a warning about fraudulent investment schemes misusing its name, logo, and employees' identities to solicit personal and financial information.

 Feed

CloudLinux CageFS versions 7.1.1-1 and below pass the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

 Feed

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

 Feed

Ubuntu Security Notice 6609-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS   show more ...

network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6608-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated   show more ...

on, could cause a denial of service or possibly expose sensitive information. Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.   show more ...

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6606-1 - It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system   show more ...

implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6605-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS   show more ...

network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele   show more ...

Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.

 Feed

Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated   show more ...

on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6602-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a   show more ...

race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6600-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

 Feed

Ubuntu Security Notice 6599-1 - Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Jinja incorrectly handled certain HTML   show more ...

passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS.

 Firewall Daily

Ahead of the Republic Day long weekend, one hallmark of this time of year is the highly anticipated Sale Week. In the age of digital transformation, the trend of seasonal sales on e-commerce platforms has become incredibly popular, thanks to enticing deals on premium products. To ensure a safe and hassle-free shopping   show more ...

experience during this Republic Day sale, here are some tips from Sophos for navigating the virtual marketplaces for great deals. Tips for Secure Republic Day Sale Shopping Use an ad blocker – Advertisements are not only tracking your every movement and collecting enough information on your habits, but they are also a major source of malicious links and deceptive content on the internet. Not only is your browsing safer, but also faster and uses less bandwidth. Two of our favorites are Ad Block and Ghostery. Avoid using one account on multiple services – When logging into an e-commerce site it is often tempting to use the “Sign in with Facebook” or “Sign in with Google” button. While it takes a few more minutes to create a new login, it will provide more privacy as you are not sharing all of the sites you shop at with these tech giants. Use guest login when available – In addition to letting you use an account from other websites, many have the option to use a guest login rather than creating a new account. This is a great option if you don’t expect to need technical support or to do business repeatedly. Fewer passwords, fewer personal details, fewer problems if they get hacked. Don’t save card details – Many e-commerce sites will default to storing your credit card information in your profile for your “convenience” (or their hope you’ll shop there again). They can’t lose what they don’t have, so tell them not to store your credit card unless it is necessary. Use credit, not debit – All of us need to be wary of overspending during the season, but it is best to leave the debit card at home. Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute. You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash. Beware of direct messages via social media/chat apps – With modern generative AI technology, it is almost trivial to create an entirely fake online store and lure people to share their personal information and payment data with you. It’s safest to shop at established sites or those personally recommended to you by friends and family. Many unsolicited messages lead to data collection or theft. Don’t click deals in emails that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious websites. Online shopping during this Republic Day Sale Week can be a safe and convenient experience when approached with careful planning and awareness. By following these tips, you can ensure a smooth virtual shopping journey, allowing you to enjoy this seasonal sale week with joy and confidence. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

 Feed

Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew

 Feed

40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "

 Feed

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a

 Feed

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a

 Feed

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security

 Cyber Security News

Source: thehackernews.com – Author: . Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing   show more ...

the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” […] La entrada SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . Jan 25, 2024NewsroomVulnerability / Software Security The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully   show more ...

exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described […] La entrada Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP! – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 25, 2024NewsroomFileless Malware / Endpoint Security Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that’s distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber &   show more ...

Intelligence, which said the malware “has been updated with new features, as well as changes to the […] La entrada LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Fraud Management & Cybercrime , Ransomware Vladimir Dunaev Acknowledged Acting ‘Recklessly’ in Working for Cybercriminal Group Chris Riotta (@chrisriotta) • January 25, 2024     A U.S. federal judge sentenced Russian hacker Vladimir Dunaev to five   show more ...

years and four months in U.S. prison. (Image: Shutterstock) A U.S. federal judge sentenced […] La entrada Russian Hacker Sentenced to Over 5 Years in US Prison – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Breach Notification , Security Operations ‘The Security of Our Customers’ Data Is Our Top Priority’ – Really? Mathew J. Schwartz (euroinfosec) • January 25, 2024     Data breaches beget weasel words. (Image: Shutterstock) Does a day ever go   show more ...

by without a fresh set of data breach notifications? Some organizations’ […] La entrada Weasel Words Rule Too Many Data Breach Notifications – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Security leaders focus on protection and detection, but the new priority is resilience. Resilience is about buying time to deal with “low and slow” attacks, being able to disrupt such attacks, and putting a premium on your capability to respond to threats   show more ...

that got past your detection capabilities, according to […] La entrada Resilience: The New Priority for Your Security Model – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 3rd Party Risk Management , Application Security , Governance & Risk Management HHS: Compromise at Large Pharma Software and Services Firm Puts Entities at Risk Marianne Kolbasuk McGee (HealthInfoSec) • January 25, 2024     Federal authorities warn that a   show more ...

self-hosted version of remote access product ScreenConnect from ConnectWise was […] La entrada Feds Warn Healthcare Sector of ScreenConnect Threats – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Boyu Wang Principal Data Scientist, Snowflake Boyu Wang is a Principal Data Scientist at Snowflake where he designs, architects, as well as implements next generation machine learning systems for corporate I.T. automation, anomaly detection for security, user and   show more ...

entity behavior analytics, risk management, etc. Prior to joining Snowflake, Boyu held […] La entrada Use ML and Streamlit for User and Entity Behavior Analytics – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now. Learn the fundamentals of developing a risk management   show more ...

program from the man who wrote the book on the topic: Ron […] La entrada OnDemand Panel | Mitigating Risks in Pharmacy Environments: Effective Tactics Unveiled – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Chair Lina Khan Says Probe Will Look for Potential ‘Undue Influence’ Chris Riotta (@chrisriotta) • January 25, 2024     The sculpture Man   show more ...

Controlling Trade outside the Federal Trade Commission in Washington, D.C. (Image: Library of Congress) The U.S. […] La entrada US FTC Launches Investigation Into Tech Giants’ AI Influence – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Etay Maor If organizations understand the benefits SASE offers over MPLS and traditional SD-WAN, they will realize that SASE is poised to replace aging MPLS in due time. The post In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS   show more ...

appeared first on SecurityWeek. Original Post URL: https://www.securityweek.com/in-the-context-of-cloud-security-and-mobility-its-time-organizations-ditch-legacy-mpls/ […] La entrada In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cryptocurrency

Source: www.securityweek.com – Author: Eduard Kovacs $1.7 billion were stolen last year as a result of 231 cryptocurrency platform hacks, according to a report from Chainalysis.  The post $1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/1-7-billion-stolen-in-cryptocurrency-hacks-in-2023-report/ Category & Tags: Cybercrime,cryptocurrency – Cybercrime,cryptocurrency La entrada $1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Kevin Townsend Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. The post New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security appeared first on SecurityWeek. Original Post URL: https://www.   show more ...

securityweek.com/new-offerings-from-protect-ai-venafi-tackle-software-supply-chain-security/ Category & Tags: Supply Chain Security,Vulnerabilities,open source – Supply […] La entrada New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 26, 2024NewsroomMalvertising / Phishing-as-a-service Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. “The threat actor is abusing Google advertiser   show more ...

accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote […] La entrada Malicious Ads on Google Target Chinese Users with Fake Messaging Apps – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 26, 2024NewsroomThreat Intelligence / Cyber Attack Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it’s currently   show more ...

beginning to notify them. The development comes a day after Hewlett Packard Enterprise […] La entrada Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 26, 2024NewsroomCyber Crime / Malware 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development   show more ...

comes nearly two months after Dunaev pleaded guilty to […] La entrada Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cisco

Source: thehackernews.com – Author: . Jan 26, 2024NewsroomNetwork Security / Vulnerability Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code   show more ...

on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper […] La entrada Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Friday, January 26
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch