Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for One-time passwords a ...

 Threats

Over the past few years, weve become accustomed to logging into important websites and apps, such as online banking ones, using a password and another verification method. This could be a one-time password (OTP) sent via a text message, email or push notification, a code from an authenticator app or even a special USB   show more ...

device — a token. This way of logging in is called two-factor authentication (2FA), and it makes hacking much more difficult. Stealing or guessing a password alone is no longer enough to hijack an account. But what should you do if you havent tried to log in anywhere, but suddenly receive a one-time code or a request to enter it? There are three reasons why this situation might occur: A hacking attempt. Hackers have somehow learned, guessed, or stolen your password and are now trying to use it to access your account. You have received a legitimate message from the service they are trying to access. Preparation for a hack. Hackers have either learned your password or are trying to trick you into revealing it, in which case the OTP message is a form of phishing. The message is fake, although it may look very similar to a genuine one. Just a mistake. Sometimes online services are set up to first request a confirmation code from a text message, and then a password, or authenticate with just one code. In this case, another user could make a typo and enter your phone/email instead of theirs — and youll receive the code. As you can see, there may be a malicious intent behind this message. But the good news is that at this stage, there has been no irreparable damage, and by taking the right action you can avoid any trouble. What to do when receiving a code request Most importantly, do not click the confirmation button if the message is in the Yes/No form, do not log in anywhere, and do not share any received codes with anyone. If the code request message contains links, do not follow them. These are the most essential rules to follow. As long as you dont confirm your login, your account is safe. However, its highly likely that your accounts password is known to attackers. Therefore, the next thing to do is to change the password for this account. Go to the relevant service by entering its web address manually, not by following a link. Enter your password, get a new (thats important!) confirmation code, and enter it. Then find the password settings and set a new strong password. If you use the same password for other accounts, youll need to change the password for them, too — but make sure to create a unique password for each account. We understand that its difficult to remember so many passwords, so we highly recommend storing them in a dedicated password manager. This stage — changing your passwords — is not so urgent. Theres no need to do it in a rush, but also dont postpone it for another day. For valuable accounts (like banking), attackers may try to intercept the OTP if it is sent via a text message. This is done through SIM swapping (registering a new SIM card to your number) or attacking via the operators service network, utilizing a flaw in the SS7 communications protocol. Therefore, its important to change the password before they attempt such an attack. In general, one-time codes sent in text messages are less reliable than authenticator apps and USB tokens. We recommend always using the most secure 2FA method available; a review of different two-factor authentication methods can be found here. What to do if youre receiving a lot of OTP requests In an attempt to make you confirm a login, hackers may bombard you with codes. They try to log in to the account again and again, hoping either that youll make a mistake and click Confirm, or go to the service and disable 2FA out of annoyance. Its important to keep cool and do neither. The best thing to do is go to the services site as described above (open the site manually, not through a link) and quickly change the password; but for this, youll need to receive and enter your own, legitimate OTP. Some authentication requests (for example, warnings about logging into Google services) have a separate No, its not me button — usually, this button causes automated systems on the service side to automatically block the attacker and any new 2FA requests. Another option, albeit not the most convenient one, would be to switch the phone to silent or even airplane mode for half an hour or so until the wave of codes subsides. What to do if you accidentally confirm a strangers login This is the worst-case scenario, as you have likely allowed an attacker into your account. Attackers act quickly, changing settings and passwords, so youll have to play catch-up and deal with the consequences of the hack. Weve provided advice for this scenario here. How to protect yourself? The best method of defense in this case is to stay one step ahead of the criminals: si vis pacem, para bellum. This is where our security solution comes in handy. It tracks leaks of your accounts linked to both email addresses and phone numbers, including on the dark web. You can add the phone numbers and email addresses of all your family members, and if any account data becomes public or is discovered in leaked databases, Kaspersky Premium will alert you and give advice on what to do. Included in the subscription, Kaspersky Password Manager will warn you about compromised passwords and help you change them, generating new uncrackable passwords for you. You can also add two-factor authentication tokens to it or easily transfer them from Google Authenticator in a few clicks. Secure storage for your personal documents will safeguard your most important documents and files, such as passport scans or personal photos, in encrypted form so that only you can access them. Moreover, your logins, passwords, authentication codes and saved documents will be available from any of your devices — computer, smartphone or tablet — so even if you somehow lose your phone, you wont lose your data and access, and youll be able to easily restore them on a new device. And to access all your data, you only need to remember one password — the main one — which is not stored anywhere except in your head and is used for banking-standard AES data encryption. With the zero disclosure principle, no one can access your passwords and data — not even Kaspersky employees. The reliability and effectiveness of our security solutions have been confirmed by numerous independent tests, and our home protection solutions received the highest award — Product of the Year 2023 — in tests by the independent European laboratory AV-Comparatives.

image for Akira Ransomware Str ...

 Firewall Daily

The Akira ransomware group has claimed yet another victim. This time, the unfortunate entity ensnared in its digital web is Canada-based TeraGo, a provider of secure cloud services, data recovery, and business-grade internet solutions to businesses across Canada. The ransomware group brazenly posted a chilling message   show more ...

on the Dark Web concerning the alleged TeraGo cyberattack, announcing their infiltration of TeraGo’s systems. The message ominously warns that 45GB of data, including client agreements laden with personal information and files containing financial data, will soon be uploaded for public perusal. “TeraGo provides businesses across Canada with secure cloud services, date recovery, and business grade internet. 45 GB of data will be uploaded soon. You will find there lots of client agreements with personal information. Many files with financial information and everything that a provider can get from its customers,” Akira ransomware group message reads. Source: Twitter TeraGo Cyberattack: Website Fully Functional  Despite the TeraGo cyberattack warning , a visit to the official website reveals business as usual, with full functionality intact. No signs of foul play or cyberattack on TeraGo are immediately apparent. However, if the ransomware group’s claim proves to be true, the implications could be far-reaching and severe. The compromise of sensitive client agreements, personal information, and financial data could not only jeopardize TeraGo’s reputation and trust among its clientele but also lead to significant financial losses and legal ramifications. Additionally, the broader ramifications for cybersecurity practices across industries could prompt heightened scrutiny and the urgent need for enhanced protective measures to mitigate future threats. In the quest to verify the authenticity of the claim, The Cyber Express Team has diligently reached out to TeraGo officials. However, as of the time of writing, no official response has been forthcoming, leaving the cyberattack on TeraGo claim unverified and the extent of the breach uncertain. Past Targets Claims of Akira Ransomware Group  This latest cyberattack on TeraGo by the Akira ransomware group follows a string of high-profile attacks. In January 2024, the denim landscape was shaken as DENHAM the Jeanmaker, a renowned denim brand established in Amsterdam, fell victim to a cyberattack. Although DENHAM confirmed the attack, the involvement of the Akira ransomware group remains neither confirmed nor denied. Similarly, in another incident, the Van Buren Public School in Belleville, Michigan, found itself in the crosshairs of the notorious ransomware group. The threat actor boldly claimed to have accessed sensitive information about the public school and boasted about their ill-gotten gains on the dark web. However, the veracity of this claim awaits official confirmation from authorities. The recent addition of TeraGo to the Akira ransomware group’s victim list serves as a stark reminder of the pervasive threat posed by cybercriminals to businesses and institutions worldwide. While TeraGo’s official website remains operational, the ominous message posted by the ransomware group on the dark web highlights the potential compromise of sensitive data and financial information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for NoName Hacker Group ...

 Firewall Daily

The hacker group known as NoName has launched a cyber offensive targeting several prominent Spanish websites. Among the victims are vital entities in Spain such as Tenerife Interurban Transport, Bilbao City Council, the Municipal Urban Transport Company of Palma, CIMSA Systems Engineering, Spanish Clothing Factory S.A.   show more ...

, Spanish Agency for International Development Cooperation, Urban Transportation of Seville (SAM), Malaga Transport Company S.A.M., Viguesa de Transportes S.L. (Vitrasa), Vectalia Alicante, and Transportes Generales. Diverse Spanish Websites Under Attack These targeted Spanish websites represent a diverse array of industries and services crucial to Spain’s infrastructure and economy. Tenerife Interurban Transport, Bilbao City Council, the Municipal Urban Transport Company of Palma, SAM (Urban Transportation of Seville), Malaga Transport Company S.A.M., Viguesa de Transportes S.L. (Vitrasa), Vectalia Alicante, and Transportes Generales are all involved in providing public transportation services. These entities manage vital systems and data related to public transit routes, schedules, and passenger information, making them prime targets for cyberattacks. CIMSA Systems Engineering is likely involved in providing engineering solutions and services, while Spanish Clothing Factory S.A. could be a major player in the fashion and textile industry. The Spanish Agency for International Development Cooperation is a government agency responsible for managing Spain’s international aid and cooperation efforts, further emphasizing the diversity of the targets. Source: Twitter The nature of these Spanish websites and their operations raises significant security concerns, as any breach could have severe repercussions on public safety, economic stability, and government operations. Cyberattacks targeting transportation systems could disrupt public transit services, leading to chaos and inconvenience for commuters. Breaches affecting government agencies like the Bilbao City Council and the Spanish Agency for International Development Cooperation could compromise sensitive information and undermine trust in governmental institutions. Source: Twitter Moreover, the interconnectedness of these systems within Spain’s digital infrastructure amplifies the potential impact of cyberattacks. A breach in one sector could potentially cascade into other critical systems, exacerbating the severity of the situation and hampering efforts to mitigate the damage. Why NoName is Targeting Spanish Websites? The hacker group’s message, posted alongside the cyberattacks on Spanish websites, indicates a motive tied to ongoing strikes by farmers across Spain. The message states, “We went to Spain again to support the strikes of farmers, who, according to local media reports, blocked dozens of highways throughout the country and demand that the authorities not sponsor Zelensky’s criminal regime, but solve INTERNAL problems. For example, ‘fair prices’ for their products and strengthening.” This statement highlights the NoName group’s purported solidarity with the striking farmers and their demands for fair treatment and economic support from the authorities. The cyberattacks on Spanish websites serve as a demonstration of support for these grievances. Source: Twitter The message further asserts the hacker group’s continued support for the striking Spaniards, signaling their intent to persist in their cyber activities as a symbol of solidarity. Source: Twitter The targeting of multiple Spanish websites is presented as a method of amplifying the farmers’ message and drawing attention to their plight. Prior Cyber Breach Before cyberattacks on Spanish websites, in the first week of February, an unidentified hacker allegedly claimed unauthorized access to Telefónica, one of the world’s largest telecommunications companies based in Spain. The purported breach involved unauthorized access to Fortinet, a critical component of the firm’s network infrastructure. While the extent and implications of this cyber breach remain unclear, it adds to the growing concerns surrounding cybersecurity in Spain. What Do These Series of Cyberattacks Mean? The series of cyberattacks orchestrated by NoName highlights the vulnerability of Spain’s digital infrastructure and the potential consequences of geopolitical tensions spilling over into cyberspace. The targeting of key Spanish websites and organizations highlights the need for enhanced cybersecurity measures and vigilance in safeguarding against malicious cyber threats. In response to these cyberattacks, authorities and affected entities are urged to prioritize cybersecurity measures, including system updates, threat detection protocols, and incident response plans. Collaboration between government agencies, cybersecurity experts, and private sector entities is essential in mitigating the risks posed by cyber threats and ensuring the resilience of Spain’s digital ecosystem. As the situation unfolds, stakeholders are called upon to remain vigilant and proactive in addressing cybersecurity challenges, safeguarding critical infrastructure, and upholding the integrity of Spain’s digital infrastructure. The solidarity expressed by the hacker group with the striking farmers serves as a reminder of the interconnectedness of online activism and real-world socio-economic issues, highlighting the importance of cybersecurity in maintaining stability and security in the digital age. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Emirates Investment ...

 Firewall Daily

A hacker known as ‘JustAnon69’ recently posted on the dark web claiming to have obtained unauthorized access to Emirates Investment Bank. According to the post, the hacker alleges that data from the bank is now for sale, with an asking price of US$10,000. Emirates Investment Bank, a prominent private   show more ...

institution offering banking and investment services, has found itself at the center of a potential data breach. However, critical details related to Emirates Investment Bank such as the extent of the breach, data compromised, or the motives behind the attack remain undisclosed by the purported hacker. Cyberattack on Emirates Investment Bank Upon accessing the official website of the targeted bank it was found to be fully functional, devoid of any suspicious activity. This discovery has prompted speculation regarding the authenticity of the cyberattack on Emirates Investment Bank claim. Now the questions arise as to whether this is a strategic ploy to garner attention or if there are deeper motivations behind the alleged unauthorized access to Emirates Investment Bank. The true nature of this Emirates Investment Bank cyberattack can only be elucidated once Emirates Investment Bank releases an official statement regarding the matter. Source: Daily Dark Web Efforts to verify the claim have been made by The Cyber Express team, reaching out to bank officials for clarification. However, as of the writing of this report, no official response has been received, leaving the cyberattack on Emirates Investment Bank claim unverified and shrouded in uncertainty. If proven true, the implications of this alleged breach could be far-reaching, amplifying concerns amidst a backdrop of escalating cyber warfare. Previous Cyber Threats This recent incident falls within a broader context of cyber aggression targeting entities in the United Arab Emirates (UAE). In February 2024, the notorious cyber group LulzSec Muslims announced their intention to resume cyber offensives, targeting both the UAE and Bahrain. Known for their previous exploits against nations such as Israel and India, the group cited perceived support for Israel by the UAE and Bahrain as the rationale behind their impending cyber onslaught. This announcement follows a reported Distributed Denial of Service (DDoS) attack on Sharjah International Airport, attributed to LulzSec Muslims, highlighting their disruptive capabilities. The UAE has been no stranger to cyber threats in recent years. In 2023, Abu Dhabi Airport reportedly fell victim to a cyberattack allegedly orchestrated by the group Anonymous Arabia, resulting in its alleged shutdown. This incident, coupled with others targeting critical infrastructure and media outlets, points to a concerning trend of cyber aggression with geopolitical underpinnings. Geopolitical Context These cyberattacks have been linked to the broader context of the Israel-Hamas conflict, reflecting a convergence of ideological and geopolitical tensions. The UAE’s stance on the Israel-Hamas war, characterized by its condemnation of Hamas-led atrocities and criticism of actions against Israeli citizens, has made it a target for cyber retaliation. The alleged cyberattack on Emirates Investment Bank further highlights the interconnectedness of cyber warfare with geopolitical conflicts. While the precise motives behind this incident remain unclear, its occurrence within the broader landscape of cyber aggression highlights the vulnerability of financial institutions and critical infrastructure in an increasingly digitized world. As the situation unfolds, stakeholders are urged to remain vigilant and enhance cybersecurity measures to mitigate the risks posed by malicious actors operating in cyberspace. The need for international cooperation and collective action to address cyber threats has never been more apparent, as nations grapple with the complex challenges of cybersecurity in an era defined by rapid technological advancement and geopolitical uncertainty. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Double Trouble: Blac ...

 Firewall Daily

The BlackSuit ransomware group has struck again, adding two new victims to its ever-growing list of targets. This time, the unfortunate entities ensnared in the BlackSuit ransomware attack are Southwest Binding & Laminating and Western Municipal Construction. Southwest Binding & Laminating, an online purveyor   show more ...

of document binding, wires, report covers, index tabs, and laminating products, found itself thrust into the spotlight of cybercrime alongside Western Municipal Construction, a stalwart in the construction industry for the past two decades. Western Municipal has diligently served municipalities and private companies across Montana, Wyoming, Texas, North Dakota, and neighboring states. BlackSuit Ransomware Attack: In Detail Upon scrutiny, it was discovered that while Southwest Binding & Laminating’s website remained operational, Western Municipal Construction’s website was inexplicably non-functional. This anomaly begs the question: Was the technical glitch a mere coincidence, or has Western Municipal fallen victim to the BlackSuit ransomware attack? Only an official statement from the affected parties can dispel the uncertainty shrouding the alleged cyberattack on Western Municipal Construction. Source: Twitter Source: Twitter Efforts to verify the alleged BlackSuit ransomware attacks have been met with silence from the targeted organizations. The Cyber Express Team’s attempts to solicit a response from the officials have thus far yielded no results, leaving the claim unverified and the victims’ plight unresolved. Unraveling the BlackSuit Enigma BlackSuit’s emergence onto the cybercrime scene in May 2023 raised eyebrows and prompted speculation about its origins and affiliations. Some experts posit that BlackSuit may be a rebranding of the Royal and Conti ransomware groups, with strong links to its predecessors. The US Department of Health and Human Services (HHS) has sounded the alarm, highlighting the “striking parallels” between BlackSuit and Royal, labeling BlackSuit as the “direct successor” to the notorious Conti operation. The HHS advisory highlights the looming threat posed by BlackSuit, urging vigilance within the healthcare and public health sectors. While BlackSuit’s attacks bear resemblance to ransomware-as-a-service (RaaS) operations, it currently operates sans affiliates, indicating a deviation from the conventional RaaS model. The absence of known affiliates suggests that the masterminds behind BlackSuit may opt to retain full control over their malicious endeavors and the ensuing profits. Previous Attacks The trail of devastation left in BlackSuit’s wake spans industries and continents. In 2023, ZooTampa fell victim to a purported cyberattack carried out by BlackSuit, signaling the ransomware group’s global reach. The Government of Brazil also found itself in BlackSuit’s crosshairs, as the ransomware group brazenly claimed responsibility for infiltrating Brazil’s government systems. However, the Brazilian government’s official portal remained conspicuously devoid of any acknowledgment of the cyber incident. In 2024, the Kershaw County School District became the latest casualty of BlackSuit’s relentless onslaught. The cybercriminals behind BlackSuit boasted of breaching the school district’s defenses, culminating in the unauthorized extraction and subsequent leakage of a staggering 17.5 GB of sensitive data. The saga of BlackSuit serves as a reminder of the dire consequences wrought by ransomware attacks, highlighting the imperative of enhanced cybersecurity measures and proactive risk mitigation strategies in today’s digital landscape. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Securing Your Safari ...

 Features

Many people use Safari as the pre-installed web browser on devices like Macs, iPhones, and iPads. Yet, the extent of Safari’s features often remains unexplored. Beyond the well-known capabilities such as Private browsing, Reader view, and the ability to download files, Safari offers a range of lesser-known   show more ...

functions. With the introduction of iOS 17 and iPadOS 17, users gained access to innovative features. Some of these enhancements include creating unique profiles, sharing passwords for websites with others, and the convenience of Siri reading webpages aloud. Additionally, you can select an alternative search engine while using Private Browsing mode. Let’s figure out together how to protect digital privacy. These Safari security tips might just save your digital identity and bank account. Cybersecurity Best Practices for Apple’s Web Browser 1. Keep your browser software up-to-date  Keeping your software current is imperative, particularly when it comes to your browser. Developers frequently update these programs to patch security holes. This advice isn’t limited to just browsers, though. To safeguard against vulnerabilities, it’s essential to regularly update your operating system and all other software as well.  2. Change Settings in Browser  Take a moment for some important configurations. To safeguard your privacy and secure your online activities, adjusting your browser’s settings is essential. Diverse options are available in most browsers to shield you from intrusive tracking and to protect your personal information. Here’s a step-by-step guide to personalizing your privacy and security preferences:  To begin, navigate to the Safari menu located in the upper-left corner of your screen.  Proceed to select “Preferences.”  From there, you will find the “Privacy” tab. In this section, numerous choices await your selection.  For protection against cookie tracking and website data acquisition, locate the “Cookies and Website Data” option and adjust as needed.  Concerned about access to your hardware? You can modify permissions for both “Camera” and “Microphone” to better align with your comfort levels.  Remember, these settings are more than just toggles and switches. They’re the guardians of your digital footprint. However, other iPhone privacy settings can improve your privacy, but they lie outside the browser. There is a fairly comprehensive selection of iPhone privacy tips from VeePN. There is no point in retelling them, just follow the link. Customize parameters to create a safer, more controlled online experience tailored just for you. 3. Scan Files Before Downloading  Always prioritize security before initiating a download. Hold off on any downloads if you’re doubting the file’s legitimacy. Should any suspicions arise about its authenticity or possible infection, ensure to conduct an antivirus scan pre-download.  4. Choose HTTPS Connection  Visiting a website involves encountering one of two protocols: HTTP or secure HTTPS. This latter variant encrypts data, safeguarding the link between your browser and the web server.  For everyday internet use, opting for HTTPS by default is wise. In particular, engaging in online purchases necessitates HTTPS to shield your financial information from prying eyes and potential theft.  To verify the presence of HTTPS, peek at the browser’s address bar for the “https://” prefix. Additionally, a locked padlock icon commonly represents a secure connection—this is a feature that many web browsers provide for easy recognition. Should you land on a shopping site lacking HTTPS, it’s safer to take your business elsewhere.  HTTPS is not completely secure, but it is the best approach. For those aiming for the utmost privacy while browsing, incorporating Tor or a free extension VPN into your routine is a step worth considering. In fact, the best solution is to combine Tor and VPN.  5. Learn to Recognize Phishing Attacks  Cybercriminals skillfully concoct emails mimicking reputable sources such as banks, social platforms, e-commerce, or payment gateways, attempting to dupe individuals into surrendering confidential data. This ruse, known as phishing, seduces unwary recipients with links mirroring esteemed websites. Counter this deceitful tactic—discard unexpected correspondences. Bypass treacherous hyperlinks and email attachments; directly inputting URLs is wiser. Avoid the snare of phishing—exercise digital discretion.  6. Don’t Use Same Passwords   Maintaining a unique password for each site is crucial; simplified login credentials can lead to breaches of your private data. Opt for securely storing varied passcodes – think of a safelocated, penned catalog or a self-devised formula that renders passwords guess-proof. Experts suggest a routine alteration of these passwords, preferably every quarter, as an additional safeguard.  7. Don’t Forget to Clear Cache and Cookies in Your Browser  Web browsers utilize cookies to monitor user activities on the internet, gathering details that pertain to your private sphere. It is judicious to periodically eradicate such cookies from your browsing history to safeguard your online privacy and curtail the frequency of exposure to ads tailored specifically to you. Take these steps to purge cookies from your browser:  Begin by accessing the Safari menu located at the upper-left segment of the screen. From there, choose “Preferences.” Within this new window, navigate to the section labeled “Privacy.” Look for the entry indicating “Manage Website Data” and proceed to select it. Finalize the process by clicking on “Remove All.”  Conclusion  To sum up, adhering to these essential safe browsing protocols significantly elevates your digital privacy and acts as a shield against online hazards. It’s crucial to remain vigilant. Adequate software updates and periodic adjustments to your privacy settings are pivotal for supreme defense. Embark on your web exploration journey, enjoying the tranquility of a secure browsing environment! 

 Identity Theft, Fraud, Scams

Cybercriminals are using legitimate services like googleapis.com to fingerprint users and redirect them to specific types of scams based on their analysis of the user's IP address, machine type, and VPN usage.

 Companies to Watch

The funding will be used to accelerate customer success, support, product innovation, and growth, as NinjaOne aims to empower IT teams with visibility, security, and control over endpoints.

 Malware and Vulnerabilities

The HijackLoader sample exhibits complex multi-stage behavior, including process hollowing, transacted section hollowing, and user mode hook bypass using Heaven’s Gate, to inject and execute the final payload while evading detection.

 Companies to Watch

The company specializes in identity and access management for enterprise IoT ecosystems, offering solutions to reduce human error, accelerate incident response, and establish trust in connected environments.

 Feed

REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It will be held June 28th through the 30th, 2024, in Montreal, Canada.

 Feed

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared   show more ...

library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

KiTTY versions 0.76.1.13 and below suffer from buffer overflows related to ANSI escape sequences. Two exploits are included as proof of concepts as well as a full documented breakdown of the issues.

 Feed

KiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue which is quite an interesting vector of attack.

 Feed

Ubuntu Security Notice 6626-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the   show more ...

Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

 Feed

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. Various other issues were discovered and addressed.

 Feed

Ubuntu Security Notice 6625-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet   show more ...

AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

 Feed

Debian Linux Security Advisory 5617-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Ubuntu Security Notice 6624-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet   show more ...

AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-0729-03 - Red Hat Advanced Cluster Management for Kubernetes 2.7.11 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0725-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0724-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0723-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0716-03 - An update for gimp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0660-03 - Red Hat OpenShift Container Platform release 4.13.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Firewall Daily

By Neelesh Kripalani, Chief Technology Officer, Clover Infotech We live in this hyper-connected world, where our lives are intricately woven into the fabric of the internet. Hence, data privacy has become more challenging and crucial than ever. From social media platforms to online transactions, our personal   show more ...

information is at risk of being exposed. However, with thoughtful practices and a proactive approach, individuals can take control of their digital footprint and safeguard their privacy. Tips to Safeguard Data Privacy Understand Your Digital Footprint The basic step in protecting data privacy is to be aware of your digital footprint. This includes the information you share online, such as social media posts, comments, and photos, as well as your online activities like searches and website visits. Also, regularly review your privacy settings on social media platforms. Use Strong and Unique Passwords One of the simplest yet most effective ways to enhance privacy is by using strong and unique passwords. Avoid using easily predictable passwords, instead use a complex mix of letters, numbers and special characters. Consider using a password manager to generate and store complex passwords securely. Enable Two-Factor Authentication (2FA) Add an extra layer of security through two-factor authentication to enhance the security of your accounts. Whether through a text message, authenticator app, or biometric verification, 2FA ensures that even if someone gains access to your password, they still need an additional verification step. Be Cautious with Social Media Social media platforms are hotbeds for privacy breaches. Review and adjust your privacy settings regularly, limit the personal information you share, and be cautious about accepting friend requests from strangers. Regularly Update Software, and Review App Permissions Keep your devices, operating systems, and applications up-to-date with the latest security patches. Also, while updating or installing apps, be mindful of the permissions you give. Some apps may ask for access to more information than necessary for their functionality. Review and adjust app permissions in your device settings to limit the data they can access. Use Virtual Private Networks (VPNs) A VPN adds an extra layer of protection by encrypting your internet connection, making it more challenging for third parties to monitor your online activities. Consider using a reputable VPN service, especially when connecting to public Wi-Fi networks, to safeguard your data from potential eavesdroppers. In conclusion, this hyper-connected digital era requires a proactive and informed approach to safeguard our data privacy. By educating ourselves on our digital footprints, habits, and best security practices, we can significantly reduce the risk of data privacy breaches and securely navigate the digital landscape. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

 Firewall Daily

UN sanctions monitors are delving into a series of suspected cyberattacks by North Korea, allegedly amassing a staggering $3 billion in funds. These illicit gains are believed to have substantially fueled the advancement of the secretive state’s nuclear weapons program, a draft of an unreleased UN report   show more ...

obtained by Reuters reveals. The report scrutinizes a multitude of cyberattacks orchestrated by North Korea, with a particular focus on assaults targeting cryptocurrency-related companies. Cyberattacks by North Korea Fuel Nuclear Ambitions According to the findings, these sophisticated cyber campaigns served as a lucrative revenue stream for the regime, funneling substantial sums into its quest for nuclear armament. In a report delivered to a Security Council committee, a panel of independent sanctions monitors highlighted the Democratic People’s Republic of Korea (DPRK)’s persistent disregard for Security Council sanctions, employing the country’s formal name, as reported by The Guardian. According to the monitors, who submit biannual reports to the 15-member Security Council, they are currently investigating 58 suspected cyberattacks attributed to the DPRK. These attacks targeted cryptocurrency-related companies between 2017 and 2023 and are estimated to have amassed around $3 billion. The funds from these illicit activities are purportedly channeled to support the DPRK’s weapons of mass destruction (WMD) development efforts. North Korea’s Disregard for Security Council Sanctions The 15-member Security Council has long prohibited North Korea from engaging in nuclear tests and ballistic missile launches. Since 2006, the country has been under stringent UN sanctions, continuously bolstered by the Council to sever financial support for its weapons of mass destruction (WMD) development endeavors. The North Korean mission to the UN in New York did not provide an immediate response to a request for comment regarding the report from sanctions monitors. Pyongyang has previously refuted allegations of involvement in hacking or other cyber-attacks. The sanctions monitors highlighted that North Korean hacking groups, operating under the umbrella of Pyongyang’s main foreign intelligence agency, persisted in conducting a significant number of cyber-attacks. Global Concerns Over North Korea’s Alleged Arms Supply to Russia The likelihood of further action against North Korea by the council appears low, given its deadlock on the issue for several years. China and Russia have advocated for easing sanctions to encourage Pyongyang to resume denuclearization talks. In 2023, Moscow and Pyongyang pledged to strengthen military ties. The United States has alleged North Korea’s provision of weapons to Russia for its involvement in the conflict in Ukraine, an accusation both North Korea and Russia have refuted. “The panel is investigating reports from member states about supplies by DPRK of conventional arms and munitions in contravention of sanctions,” the sanctions monitors wrote, as reported by The Guardian. “The 2023 overall recorded trade volume surpassed the total for 2022, accompanied by the reappearance of a large variety of foreign consumer goods, some of which could be classified as luxury items,” the sanctions monitors wrote, the report added. Sanctions Monitor Report Highlights DPRK’s Illicit Financial Operations The Security Council has maintained a longstanding prohibition on the sale or transfer of luxury goods to North Korea. Additionally, under UN sanctions enforced in 2017, all nations were mandated to repatriate North Korean workers employed abroad to prevent them from generating foreign currency for Kim Jong-un’s regime. The sanctions monitors conducted inquiries into numerous reports of DPRK citizens working overseas, earning income in contravention of sanctions. These individuals were reportedly employed across various sectors, including information technology, restaurants, and construction. Furthermore, the monitors observed that North Korea persists in accessing the international financial system and engaging in illicit financial activities, in violation of UN Security Council resolutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an

 Feed

Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts

 Feed

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report. Troll

 Feed

The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon's choice of targets and pattern

 Feed

If you've listened to software vendors in the identity space lately, you will have noticed that “unified” has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits!  However (there is always a however, right?) not every “unified” “identity” “security” “platform” is made equal. Some vendors call the

 Feed

The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe,"

 Business email compromise

Is this the real life? Is this just fantasy? A company in Hong Kong suffers a sophisticated deepfake duping, be one your guard from pig butchers as Valentine's Day approaches, and spare a moment to feel sorry for poor ransomware gangs. All this and much much more is discussed in the latest edition of the   show more ...

"Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.

 Cyber Security News

Source: heimdalsecurity.com – Author: Gabriella Antal An effective cybersecurity incident response plan (IRP) can be the difference between a minor disruption and a major crisis. This article provides you with comprehensive IRP templates in PDF, Word, and Google Docs formats to ensure your organization can   show more ...

quickly and effectively respond to any cyber incident. Why do […] La entrada Free & Downloadable Cybersecurity Incident Response Plan Templates – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Gabriella Antal Securing digital assets has never been more critical. This guide offers direct access to indispensable cybersecurity risk assessment templates in PDF, Word, and Google Docs formats, enabling organizations and individuals to fortify their digital defenses   show more ...

effectively and efficiently. What are cybersecurity risk assessment templates? A cybersecurity risk assessment is […] La entrada Free & Downloadable Cybersecurity Risk Assessment Templates – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 07, 2024 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known   show more ...

Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium […] La entrada CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Fortinet addressed two critical FortiSIEM vulnerabilities Pierluigi Paganini February 07, 2024 Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity   show more ...

vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), […] La entrada Fortinet addressed two critical FortiSIEM vulnerabilities – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Experts warn of a critical bug in JetBrains TeamCity On-Premises Pierluigi Paganini February 07, 2024 A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances. JetBrains addressed a critical   show more ...

security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises […] La entrada Experts warn of a critical bug in JetBrains TeamCity On-Premises – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Critical shim bug impacts every Linux boot loader signed in the past decade Pierluigi Paganini February 07, 2024 The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The   show more ...

maintainers of ‘shim’ addressed six vulnerabilities with the release of version […] La entrada Critical shim bug impacts every Linux boot loader signed in the past decade – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini China-linked APT deployed malware in a network of the Dutch Ministry of Defence Pierluigi Paganini February 07, 2024 China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military   show more ...

Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report […] La entrada China-linked APT deployed malware in a network of the Dutch Ministry of Defence – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG Pierluigi Paganini February 06, 2024 Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023.   show more ...

The latest report published by Google Threat Analysis Group (TAG), titled “Buying Spying, an […] La entrada Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Android

Source: securityaffairs.com – Author: Pierluigi Paganini Google fixed an Android critical remote code execution flaw Pierluigi Paganini February 06, 2024 Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released   show more ...

Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code […] La entrada Google fixed an Android critical remote code execution flaw – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e Pierluigi Paganini February 06, 2024 A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e is facing charges that can lead maximum   show more ...

penalty of 25 years in prison. Aliaksandr Klimenka, […] La entrada A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Slated to take place in Las Vegas on February 11th, excitement around the Super Bowl is building. “…there is incredible energy and anticipation” ahead of the event, says Peter O’Reilly, an National Football League (NFL) Executive Vice   show more ...

President. While many Americans are contemplating which of the competing teams […] La entrada Super Bowl cyber security, a high-stakes game – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.cybertalk.org – Author: slandau Contributed by George Mack, Content Marketing Manager, Check Point Software. In today’s cyber landscape, threats are rapidly growing in volume and sophistication. In turn, organizations now have to purchase and manage an over-complicated mix of tools and solutions   show more ...

to protect network infrastructure. Making matters worse, organizations are contending with a […] La entrada Top cyber security frameworks that improve cyber resiliency in 2024 – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team A Vital Set of Cybersecurity Best Practices By John Funk, Creative Consultant, SevenAtoms A new cybersecurity mandate being rolled out by the Pentagon has implications that reach beyond the military industrial base. Business leaders who adopt   show more ...

Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) have an opportunity to upgrade their […] La entrada Why Cybersecurity Maturity Model Certification (CMMC) Matters for All Businesses, Not Just DoD Contractors – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Harnessing the Digital Scout for Cybersecurity’s Future By Darrin Straff, Senior Staffing Consultant, NinjaJobs Introduction: In the digital age, where cybersecurity threats are ever-evolving, AI’s role in strengthening our defenses has become   show more ...

invaluable. But its potential doesn’t end there; AI is also reshaping how we identify and nurture the […] La entrada AI: The Human Touch in Cybersecurity Recruitment – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Identifying the most common AI-enhanced cyber-attack methods and strategies to mitigate them By Philipp Pointner, Chief of Digital Identity at Jumio While AI-driven automation brings benefits, it also gives hackers advanced tools to develop more   show more ...

sophisticated methods for a wide range of malicious activities like fraud, disinformation and cyberattacks. […] La entrada AI-Enhanced Identity Fraud: A Mounting Threat to Organizations and Users – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: Nick If you’re like me, you are hearing a lot right now about cyber resiliency, the need to protect critical infrastructure across all sectors, and “be resilient” to the constant onslaught of attacks. OK, got it, but like many buzz words, what does it really   show more ...

mean? Many people are accidentally and […] La entrada Prevention Strategies Inevitably Become a Constant Cat-and-Mouse Game – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Stephen Chin, VP of Developer Relations, JFrog What do autonomous driving and software (SW) development have in common? At first glance, not much. But when taking a closer look under the hood you’ll begin to see some similarities, especially in the   show more ...

evolutionary path towards underlying targets. Development teams […] La entrada AI in DevSecOps: Moving from A Co-Pilot to An Autopilot – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Dave Purdy, Regional Vice President of Sales, North America, TXOne Networks Though it’s often treated as a borrowed approach from the information technology (IT) world, cybersecurity for operational technology (OT) is best tackled as its own unique   show more ...

challenge. The pain points, protocols and tradeoffs to be balanced are […] La entrada Addressing the Particular Cybersecurity Challenge of Discrete Manufacturing – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Thursday, February 08
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril