Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for R00TK1T Cyber Ceasef ...

 Dark Web News

The cyber war saga between the notorious R00TK1T hacker group and Malaysia seems to have taken a temporary ceasefire, leaving many to ponder the motives behind this sudden pause in hostilities. The cyberattack on Malaysia seems to have come to a halt as the threat actor has announced a temporary hiatus on the dark web.   show more ...

 The self-proclaimed hacktivist collective has announced a halt via a post to their relentless cyber onslaught on Malaysia. Speculations abound regarding the reasons behind this cessation, with some suggesting backchannel negotiations with the Malaysian government, while others suggesting a scarcity of resources for continuing their cyberattacks on Malaysia.  R00TK1T and Malaysia Cyberattacks: Decoding the Temporary Ceasefire In a dark post shared to their channel, the R00TK1T hacker group shared a warning and strategic considerations for their campaign of cyberattacks on Malaysian government and private entities. The post reads, “Attention, fellows! It is with a mix of satisfaction and anticipation that we, as R00TK1T, announce a temporary cessation of our cyber attacks on the Malaysian government. “ Source: CyberKnow on X The threat actor expresses a mix of satisfaction and anticipation, suggesting a strategic decision rather than a permanent change. “After intense negotiations, agreements have been reached, but fear not, for this is merely a brief respite. During our reign of chaos, we have left a trail of destruction, reminding those in power that no one is safe from our wrath”, added the threat actor.  The “intense negotiations” suggest that the cessation of attacks is not due to a change of heart but rather a result of negotiations, hinting at a possible return to hostilities in the future. The actor boasts about their previous cyber attacks, emphasizing their capability to disrupt and challenge authority. “Stay tuned, followers, for in the days to come, we shall unveil our next target, another unsuspecting country that will bear witness to the chaos we bring. Brace yourselves, for the storm is far from over. Remember, chaos is our creed, and no one is safe from our reach. Until next time, stay wicked, stay wild, and stay tuned for more updates from us!”, concludes the post.  Organizations Affected in this Cyberattack on Malaysia This announcement follows the recent cyberattack on Maxis, one of Malaysia’s leading telecommunications operators. The R00TK1T ISC Cyber Team allegedly breached Maxis’ systems, exfiltrating sensitive data and posting it on the dark web. Source: Twitter Screenshots purportedly from Maxis’ backend systems surfaced on the dark web, along with warnings from the hacker group about the release of customer data. Maxis responded promptly, acknowledging the incident and initiating investigations. While they didn’t identify any breaches within their internal systems, they pointed to a potential compromise of a third-party vendor system, signaling the complexities of modern cybersecurity threats. The modus operandi of R00TK1T involves exploiting vulnerabilities in various systems, as evidenced by their claimed access to Maxis’ employee data and administrative dashboards. Their tactics and unapologetic proclamations have also reached plans to target the global tech giant DELL. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Juniper Support Port ...

 A Little Sunshine

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has   show more ...

since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its products are used in some of the world’s largest organizations. Earlier this week KrebsOnSecurity heard from a reader responsible for managing several Juniper devices, who found he could use Juniper’s customer support portal to find device and support contract information for other Juniper customers. Logan George is a 17-year-old intern working for an organization that uses Juniper products. George said he found the data exposure earlier this week by accident while searching for support information on a particular Juniper product. George discovered that after logging in with a regular customer account, Juniper’s support website allowed him to list detailed information about virtually any Juniper device purchased by other customers. Searching on Amazon.com in the Juniper portal, for example, returned tens of thousands of records. Each record included the device’s model and serial number, the approximate location where it is installed, as well as the device’s status and associated support contract information. Information exposed by the Juniper support portal. Columns not pictured include Serial Number, Software Support Reference number, Product, Warranty Expiration Date and Contract ID. George said the exposed support contract information is potentially sensitive because it shows which Juniper products are most likely to be lacking critical security updates. “If you don’t have a support contract you don’t get updates, it’s as simple as that,” George said. “Using serial numbers, I could see which products aren’t under support contracts. And then I could narrow down where each device was sent through their serial number tracking system, and potentially see all of what was sent to the same location. A lot of companies don’t update their switches very often, and knowing what they use allows someone to know what attack vectors are possible.” In a written statement, Juniper said the data exposure was the result of a recent upgrade to its support portal. “We were made aware of an inadvertent issue that allowed registered users to our system to access serial numbers that were not associated with their account,” the statement reads. “We acted promptly to resolve this issue and have no reason to believe at this time that any identifiable or personal customer data was exposed in any way. We take these matters seriously and always use these experiences to prevent further similar incidents. We are actively working to determine the root cause of this defect and thank the researcher for bringing this to our attention.” The company has not yet responded to requests for information about exactly when those overly permissive user rights were introduced. However, the changes may date back to September 2023, when Juniper announced it had rebuilt its customer support portal. George told KrebsOnSecurity the back-end for Juniper’s support website appears to be supported by Salesforce, and that Juniper likely did not have the proper user permissions established on its Salesforce assets. In April 2023, KrebsOnSecurity published research showing that a shocking number of organizations — including banks, healthcare providers and state and local governments — were leaking private and sensitive data thanks to misconfigured Salesforce installations. Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI) and lecturer at UC Davis, said the complexity layered into modern tech support portals leaves much room for error. “This is a reminder of how hard it is to build these large systems like support portals, where you need to be able to manage gazillions of users with distinct access roles,” Weaver said. “One minor screw up there can produce hilarious results.” Last month, computer maker Hewlett Packard Enterprise announced it would buy Juniper Networks for $14 billion, reportedly to help beef up the 100-year-old technology company’s artificial intelligence offerings. Update, 11:01 a.m. ET: An earlier version of this story quoted George as saying he was able to see support information for the U.S. Department of Defense. George has since clarified that while one block of device records he found was labeled “Department of Defense,” that record appears to belong to a different country.

image for LockBit Ransomware G ...

 Firewall Daily

Original Footwear, a popular American boots maker catering to law enforcement, military, and other professionals, found itself in the spotlight following claims of a cyberattack by the LockBit ransomware group.  This alleged Original Footwear cyberattack claim was posted on the dark web channel operated by the threat   show more ...

actor where it asserted to have added the American boots maker to its victim list.  Original Footwear has built a reputation for crafting boots with uncompromising quality, prioritizing the safety and protection of individuals in demanding professions.  However, the emergence of the cyberattack on Original Footwear directly, though not confirmed yet, tends to target the legacy and public image of the organization.  The Original Footwear Cyberattack Claims The LockBit ransomware group, known for its sophisticated tactics and targeting of high-profile organizations, purportedly posted details of the alleged cyberattack on a dark web channel.  Source: Original Footwear While the specifics of the Original Footwear cyberattack remain unclear, the implications for Original Footwear and its stakeholders could have disastrous consequences, considering the organization serves its clientele in the military and law enforcement sectors.  Despite the claims made by the LockBit ransomware group, Original Footwear’s website appears to be functioning normally at present. However, the absence of immediate signs of the cyberattack does not negate the severity of the threat.  The Cyber Express has reached out to the organization to learn more about this alleged cyberattack on Original Footwear. However, at the time of writing this, no official statement or response has been received, leaving the claims of the Original Footwear cyberattack stand unverified at this moment.  Similar Incidents in the past While Original Footwear has yet to issue an official statement regarding the incident, this alleged cyberattack on Original Footwear is just one of the incidents that targeted a big shoemaker and fast fashion designer.  Recently, a large-scale ransomware operation targeted VF Corporation, the parent company of Vans and North Face, in a cyberattack compromising 35.5 million customers’ data.  The exact nature of the stolen information remains undisclosed, but VF Corp confirmed that sensitive data like social security numbers, bank details, and passwords were not compromised.  Despite the claims of a breach, VF Corp assured minimal disruption to operations, with IT systems substantially restored. While suspicions of ransomware involvement persist, the company has not officially confirmed it.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Indonesia Hit by Maj ...

 Firewall Daily

The threat actors have purportedly put up for sale vast amounts of sensitive data pertaining to Indonesian citizens and institutions. The gravity of the cyberattacks on Indonesia was highlighted by the claim that over 600,000 lines of Indonesian financial data are allegedly up for grabs on the dark web. The data,   show more ...

spanning from 2021 to 2023, reportedly includes personal information such as names, phone numbers, addresses, emails, and National Identity Card (NIK) details. The price tag attached to this trove of information is a staggering US$600, with potential buyers instructed to make contact via the messaging app Telegram. Source: Daily Dark Web Cyberattack on PT Angkasa Pura I In a separate incident, another threat actor has purportedly made available data belonging to Indonesia PT Angkasa Pura I. Source: Daily Dark Web This data breach is said to encompass a vast array of records totaling 68,237,264, containing sensitive information like names, emails, NIKs, phone numbers, addresses, and dates of birth. The asking price for this data haul is set at $5000. The implications of these alleged cyberattacks on Indonesia, if confirmed, are profound. The compromised data could be leveraged for a range of malicious activities, including identity theft, financial fraud, and targeted phishing campaigns. Such data breaches in Indonesia not only undermine individual privacy but also pose significant risks to national security and financial stability. This surge in cyberattacks on Indonesia is not an isolated incident. In recent years, the nation has witnessed a series of attacks, with various hacker groups targeting government websites and regional databases. In 2023, the Garnesia Team, a hacktivist group, identified an Indonesian government website associated with the Ministry of Public Works and Housing as a target. Similarly, the infamous SiegedSec hacker group launched a cyber assault on the Pemalang region, further highlighting Indonesia’s vulnerability to cyber threats. Exploring the Reasons Behind Cyberattacks on Indonesia The recurring nature of these cyberattacks on Indonesia raises concerns about the cybersecurity posture of the country and its ability to safeguard sensitive data and critical infrastructure. Moreover, it begs the question: why has Indonesia become a continuous target for threat actors? One plausible explanation lies in the country’s geopolitical significance, particularly in light of the upcoming presidential election scheduled for February 2024. Indonesia, the third-largest democracy in the world, is poised for a crucial leadership transition that could have far-reaching implications both domestically and internationally. The contest has attracted attention from major global players, including the United States and China, who are vying for influence in the region. The strategic importance of Indonesia was highlighted by a joint statement issued by Presidents Joe Biden and Joko ‘Jokowi’ Widodo, announcing a Comprehensive Strategic Partnership between the two nations. This partnership reflects Washington’s efforts to strengthen ties with Jakarta and assert its influence in Southeast Asia. However, China’s growing presence in the region, as evidenced by its deepening cooperation with Indonesia under the Belt and Road Initiative, adds another layer of complexity to the geopolitical landscape. Cyberattacks on Indonesia: Tools of Influence Against this backdrop, cyberattacks take on added significance, serving as a tool for state and non-state actors to exert influence, disrupt democratic processes, and undermine national security. As Indonesia grapples with these persistent threats, strengthening cybersecurity measures and enhancing international cooperation will be paramount to safeguarding its digital infrastructure and preserving its sovereignty in an increasingly interconnected world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Is Your Crypto Safe? ...

 Dark Web News

A new strain of malware dubbed XPhase Clipper has been stealthily targeting cryptocurrency users. This Clipper malware infiltrates unsuspecting victims’ systems through deceptive websites masquerading as authentic cryptocurrency platforms.  Source: Cyble Cybersecurity experts at Cyble Research and Intelligence   show more ...

Labs (CRIL) have found this concerning trend where a large-scale operation is using cloned YouTube videos to target unsuspecting victims on the internet. This is a churned-down version of the report, shedding light on its modus operandi and the infection chain of XPhase Clipper malware.  Understanding the XPhase Clipper Malware Campaign Source: Cyble Clipper malware poses a serious threat to cryptocurrency users by pilfering sensitive information, particularly cryptocurrency wallet addresses, from the clipboard.  With the increasing popularity of cryptocurrencies like Bitcoin and Ethereum, cybercriminals are increasingly exploiting users to abscond with their funds. XPhase Clipper represents a sophisticated iteration of this malware strain, designed to intercept and manipulate copied cryptocurrency wallet addresses, rerouting funds to the attackers’ accounts.  The threat actors behind the XPhase Clipper malware campaign are exclusively targeting cryptocurrency users worldwide, deploying a series of deceptive tactics to ensnare victims.  Source: Cyble Notably, phishing sites impersonating reputable platforms such as Metamask and Wazirx have emerged as conduits for spreading the XPhase Clipper payload. Source: Cyble These malicious sites lure users into downloading a zip file housing an array of malicious components, including a dropper executable, VB Script, and Batch script files, culminating in the execution of the clipper payload in the form of a DLL file. Source: Cyble XPhase Clipper Malware Targets Indian Crypto Users  Upon closer examination, CRIL found that the infection chain is meticulously orchestrated, with each stage serving to conceal the malicious activities of the XPhase Clipper.  The VB Script plays an important role in facilitating the download and execution of the clipper payload, while the Batch script ensures persistence by adding a registry entry for automatic execution of the malware upon system startup.  Source: Cyble Such obfuscation tactics, coupled with the deployment of deceptive error messages, serve to hide the malware’s operations and evade detection. A closer look at the campaign reveals a discernible pattern in the targeting strategy employed by the threat actors. While the campaign casts a wide net, with cryptocurrency users worldwide falling prey to its machinations, there is a noticeable emphasis on targeting specific demographics, notably Indian cryptocurrency enthusiasts. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Companies to Watch

The acquisition reflects Security Compass's commitment to providing top-tier cybersecurity training solutions and complements its existing offerings, including Application Security Training, SD Elements, and Just-In-Time Training.

 Breaches and Incidents

The criminal organization "Wail Crinal 213" claims to have accessed the bank's server and is allegedly selling sensitive customer data, including emails, usernames, account details, and more.

 Malware and Vulnerabilities

The software company Ivanti has discovered a new vulnerability, CVE-2024-22024, in its products that allows unauthorized access to restricted resources. Although there is no evidence of exploitation, users are urged to promptly patch their systems.

 Breaches and Incidents

ResumeLooters conducted a major cyber operation, compromising over 65 job search and retail websites across the Asia Pacific region and pilfering more than 2 million user records. The discovery of a new campaign serves as a reminder to secure databases and websites—which can be exploited by publicly available tools.

 Breaches and Incidents

Hyundai Motor Europe suffered a Black Basta ransomware attack, resulting in the theft of three terabytes of corporate data, impacting various departments including legal, sales, human resources, accounting, IT, and management.

 Breaches and Incidents

Chinese state actors used a zero-day exploit in a Fortinet VPN to breach Dutch military systems—in early 2023—to deploy the Coathanger backdoor, revealed intelligence agencies. The malware conceals its activities by intercepting system functions that might expose it. Organizations are urged to enhance their cybersecurity measures by applying timely updates and patches.

 Social Media Threats

Banking fraud prevention heads from TSB Bank, Santander, and Revolut testified before a U.K. Parliament committee, highlighting the prevalence of scams on Meta-owned online marketplaces like Facebook Marketplace.

 Feed

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered   show more ...

that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the   show more ...

Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-0760-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

 Feed

Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet   show more ...

AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-0758-03 - An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-0754-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.

 Feed

Ubuntu Security Notice 6627-1 - It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. It was discovered that libde265 did not properly manage memory.   show more ...

If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

 Feed

Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.

 Firewall Daily

In what is being termed one of the biggest cyber incidents in French history, Viamedis and Almerys, two key players responsible for managing third-party payments for supplementary health insurance, have recently fallen victim to a cyberattack.  This Viamedis and Almerys data breach has compromised the personal data   show more ...

of approximately 33 million individuals, stirring concerns about privacy and security across the nation. The Almerys and Viamedis data breach, which came to light at the end of January, has sparked widespread concerns as it involves sensitive information about the French people.  This information includes social security numbers, details about civil status, date of birth, health insurer’s name, and policy coverage for both the insured and their family members. Viamedis and Almerys Data Breach Contrary to initial fears, certain sensitive information such as banking details, medical records, and contact information like postal addresses and phone numbers, are reportedly unaffected by the Viamedis and Almerys data breach, according to statements from both the CNIL (the French data protection authority) and Viamedis. It appears that the cyberattack was executed through the compromise of credentials and passwords belonging to healthcare professionals. Viamedis first detected the breach on February 1st and promptly alerted other third-party payment platforms. Shortly thereafter, Almerys, another major operator in the field, also announced a similar intrusion into its systems. Despite the severity of the breach, other third-party payment platforms have not reported any breaches at this time, suggesting that the cyberattack specifically targeted Viamedis and Almerys. The impact of the Almerys and Viamedis Data Breach The implications of this Almerys and Viamedis data breach are profound, given the vast scale of the affected population and the sensitivity of the compromised data. With 33 million French citizens potentially exposed, authorities are scrambling to understand the extent of the damage and identify the perpetrators behind the attack. Of particular concern is the risk of identity theft and phishing attacks, given the exposure of social security numbers. The CNIL has warned that the stolen data could potentially be combined with information from previous breaches, enabling cybercriminals to impersonate individuals and engage in fraudulent activities such as applying for loans or conducting financial transactions under pretenses. “Given the scale of the violation, the president of the CNIL decided to very quickly carry out investigations in order to determine in particular whether the security measures implemented prior to the incident and in reaction to it were appropriate with regard to the GDPR obligations”, reads the translated notification. As investigations into the cyberattack continue, there are urgent calls for enhanced cybersecurity measures and stricter protocols to safeguard sensitive personal information. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information about the Almerys and Viamedis data breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

Connecticut College has recently revealed a significant data breach incident, prompting swift and proactive measures to address the incident and safeguard the privacy of those affected by this cyber intrusion. According to an official press statement, the college is currently conducting a comprehensive forensic   show more ...

investigation, engaging leading cybersecurity experts to assess and mitigate the Connecticut College data breach impact on the college’s computer systems. Detecting Connecticut College Data Breach The unauthorized access to certain files on the college’s systems was initially detected in March 2023, prompting an immediate containment response from the college. In addition to notifying law enforcement, the College promptly launched a forensic investigation to determine the extent of the Connecticut College data breach and identify the personal information compromised. “Upon detecting the unauthorized activity in March 2023, the College promptly contained the incident, took steps to remediate the issue, notified law enforcement, and commenced a forensic investigation to identify what personal information was involved,” reads the official press statement. As per the official statement, as of now, there is no evidence to suggest that any personal information has been misused as a result of the Connecticut College data breach. However, the college is taking proactive measures to address the situation and ensure the protection of individuals’ information. Affected members of the College community are being notified about the Connecticut College data breach and provided with detailed information on the steps being taken to safeguard their data. Proactive Protection Measures In an effort to further support those impacted by the Connecticut College data breach, the college is offering complimentary credit monitoring services to individuals whose Social Security numbers were involved in the breach. Interim President Les Wong has expressed his apologies to the campus community for the incident and reaffirmed the college’s commitment to maintaining data privacy and implementing enhanced security measures. In light of the Connecticut College data breach, the College is providing guidance and resources to help individuals protect themselves against potential identity theft or fraud. Suggestions include placing fraud alerts on credit files, considering security freezes, and obtaining free credit reports from major credit reporting agencies. Additionally, the college is encouraging individuals to monitor their financial accounts and medical records closely for any suspicious activity. For those who require further assistance or clarification regarding the incident, Connecticut College has established a dedicated toll-free response line. This Connecticut College data breach serves as a reminder of the ongoing cybersecurity challenges faced by institutions and individuals alike. Connecticut College remains steadfast in its commitment to transparency, accountability, and the protection of personal information. By working collaboratively with cybersecurity experts and providing support to those affected, the college aims to mitigate the impact of the breach and strengthen its data security protocols moving forward. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and

 Feed

An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called Zardoor. Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at least March 2021, adding it has identified only one compromised target to date, although it's

 Feed

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially

 Feed

Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system. "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti

 Feed

Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What

 Feed

Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a report published this week. "While the app is

 Feed

Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work

 Feed

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this

 Threat Lab

OpenText is committed to providing you with the latest intelligence and tips to safeguard your digital life, especially during high-risk periods like tax season. Our threat analysts are constantly monitor the ebb and flow of various threats. One trend that has recently caught our attention is the notable spike in   show more ...

malware-infected cracked software, particularly as we enter tax season. This post aims to shed light on the dangers of using cracked software, share best practices for a secure tax season, and highlight our latest intelligence on the surge in cracked tax software threats. The Hidden Cost of Cracked Software Cracked software, often touted as a cost-free way to access games and expensive software, carries a significant risk far beyond legal and ethical concerns. These unauthorized versions are frequently loaded with malware, from trojans and keyloggers to ransomware. The allure of free access blinds users to the dangers, turning their devices into gateways for cybercriminals to steal sensitive information, encrypt files for ransom, or enlist computers into botnets. Tax Season: A Cybercriminal’s Playground Tax season is inherently stressful, with individuals and businesses rushing to meet filing deadlines. It’s also a golden opportunity for cybercriminals to exploit vulnerabilities through phishing scams, identity theft, and malicious software. Our best practices for a secure tax season include: Use Legitimate Tax Software: Always download tax preparation software directly from the official provider or authorized resellers. Enable Multi-Factor Authentication (MFA): Adding an extra layer of security can significantly reduce the risk of unauthorized access. Beware of Phishing Attempts: Be skeptical of emails, messages, or phone calls claiming to be from the IRS or tax preparation services, especially those urging immediate action or asking for personal information. Seriously, the IRS will NOT email/text/call you for money: They will send you a letter to your mailbox. Keep Software Updated: Ensure that your operating system and all applications are up to date with the latest security patches. Secure Your Personal Information: Store sensitive documents securely and only share personal information over encrypted connections. This especially means tax return forms. The Rise of Cracked Tax Software Threats Our threat intelligence team has observed an increase in malware-infected cracked tax software. As tax season approaches, cybercriminals capitalize on the demand for tax preparation solutions, disguising malware as cracked versions of popular tax software. These malicious versions can steal personal and financial information, leaving users vulnerable to identity theft, financial loss, and potential legal consequences. This trend underscores the importance of vigilance during tax season. The risks associated with using cracked software, especially for something as sensitive as tax preparation, cannot be overstated. Not only does this expose individuals to malware, but it also jeopardizes the integrity of personal and financial data. The convergence of cracked software and tax season scams highlights a broader trend in cyber security threats. As cybercriminals become more sophisticated, the importance of adhering to best practices and using legitimate software cannot be overstated. Remember, the cost of using cracked software can far exceed the price of legitimate software, not just in dollars but in the potential for irreversible damage to your digital and financial well-being. Stay informed, stay secure, and let’s navigate the digital landscape safely together. The post Tax Season Alert: Common scams and cracked software appeared first on Webroot Blog.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE WASHINGTON–(BUSINESS WIRE)–The inaugural Billington State and Local CyberSecurity Summit will be held on March 19-20, 2024 at the National Press Club in Washington, DC as well as virtually. The two-day summit will convene the senior-most cyber   show more ...

leaders who will discuss cybersecurity issues and solutions for government entities at the state and […] La entrada Billington CyberSecurity to Host 1st State and Local Cyber Summit in Wake of Serious Cyberattacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE HOLMDEL, N.J., Feb. 8, 2024 /PRNewswire-PRWeb/ — etherFAX is proud to be a co-chair leading the Interoperable Secure Cloud Fax Consensus Body, which defines a proposed American National Standards Institute (ANSI) standard establishing the protocols   show more ...

and mechanisms that will enhance the existing security attributes of facsimile by adding cross-platform and cross-organizational identity assurance, […] La entrada etherFAX Pioneering Interoperable Secure Cloud Fax Standards – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Design Pics Inc via Alamy Stock Photo Researchers have discovered a novel banking Trojan they dubbed “Coyote,” which is hunting for credentials for 61 different online banking applications. “Coyote,” detailed   show more ...

by Kaspersky in an analysis today, is notable both for its broad targeting of banking-sector apps […] La entrada ‘Coyote’ Malware Begins Its Hunt, Preying on 61 Banking Apps – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attacks

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Sasin Paraksa via Shutterstock Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional   show more ...

digital protections around their business leadership. Making matters worse, phishing emails using QR codes (aka “quishing”) can […] La entrada QR Code ‘Quishing’ Attacks on Execs Surge, Evading Email Security – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Grant Gross, Contributing Writer, Dark Reading Source: Cultura Creative RF via Alamy Stock Photo Organizations that are regularly defending against cyberattacks can find it useful to occasionally take a step back and test their defense and response capabilities. One way to   show more ...

do this is through cybersecurity drills, which provide organizations with […] La entrada Why Demand for Tabletop Exercises Is Growing – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jeromey Farmer Source: Alexey Kotelnikov via Alamy Stock Photo COMMENTARY Artificial intelligence (AI): Since the invention of the operating system, we haven’t seen a technology poised to have such far-reaching impact on the way we work and live. And organizations are   show more ...

keen to get in on the action. In fact, according […] La entrada 5 AI Priorities to Stay Competitive – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: SOPA Images Limited via Alamy Stock Photo LastPass is warning its users about a fraudulent app found on the Apple App Store — called “LassPass Password Manager.” LastPass is a password manager application — a tool that allows users   show more ...

to create multiple secure passwords and store them […] La entrada LastPass Warns on Password App Discovered in Apple App Store – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Marcus E Jones via Shutterstock The outcome of this year’s Super Bowl matchup between the Kansas City Chiefs and the San Francisco 49ers on Feb. 11 at the Allegiant Stadium in Las Vegas will likely remain unknown until the last   show more ...

down of the game. But one […] La entrada Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Alexandre Rotenberg via Alamy Stock Photo Iran’s cyber conflict with Israel has reached global proportions, with cyberattacks against businesses and government agencies on other continents causing arguably as much ruckus as   show more ...

those in Israel itself. It’s a classic case of cyber imitating life. While US military […] La entrada Iran-Israel Cyber War Goes Global – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Bits and Splits via Shutterstock A novel stealer malware called “Ov3r_Stealer” is making the rounds on Facebook, spreading through job ads and accounts on the social media platform, and using various execution   show more ...

methods to steal reams of data from unwitting victims. The malware by design exfiltrates […] La entrada ‘Ov3r_Stealer’ Malware Spreads Through Facebook to Steal Crates of Info – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini 26 Cyber Security Stats Every User Should Be Aware Of in 2024 Pierluigi Paganini February 09, 2024 26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technology. Cyber Crime Surge: During   show more ...

COVID-19, cyber crimes shot up […] La entrada 26 Cyber Security Stats Every User Should Be Aware Of in 2024 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber security

Source: securityboulevard.com – Author: Shikha Dhingra According to Transforma Insights, the wide form of Internet of Things (IoT) devices in use globally is expected to nearly double from 15.1 billion to 29 billion in 2030. These gadgets are available in a wide variety of bureaucracies, along with smart cars,   show more ...

smartphones, health video monitors, alarm clocks, […] La entrada IoT Testing: Best Practices And Challenges in 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cybercrime , Fraud Management & Cybercrime Authorities Hacked the End-to-End Encryption Platform in 2020 Akshaya Asokan (asokan_akshaya) • February 8, 2024     France is prosecuting a suspected EncroChat administrator after his extradition from the Dominican   show more ...

Republic. (Image: Shutterstock) The Dominican Republic earlier this month extradited to France a suspected […] La entrada Suspected EncroChat Admin Extradited to France – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Nicole Rennolds Published February 8, 2024 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Trying to decide between LastPass Free and   show more ...

Premium? This comparison guide highlights the […] La entrada LastPass Free vs. Premium: Which Plan Is Right for You? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The US government has placed an extra $5 million bounty on Hive ransomware gang members – its second such reward in a year. And it also comes a little over 11 months since the FBI said it had shut down the criminal organization’s network. On Thursday,   show more ...

the State Department […] La entrada Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși New Chainalysis warns of ransomware payments raised above above $1.1 billion in 2023 and reached a new record. The $983 million previous peak was set in 2021, while in 2022 the ransomware payments dropped to $567. Chainalysis puts the unusual dropping on   show more ...

threat actors changing focus to politically motivated […] La entrada Ransomware Payments New Record Exceeds $905 Million Peak by over 11% – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Feb 06, 2024NewsroomCybersecurity / Vulnerability A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed   show more ...

exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among […] La entrada Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Feb 06, 2024NewsroomSurveillance / Privacy The U.S. State Department said it’s implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. “The misuse of   show more ...

commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and […] La entrada U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Feb 05, 2024NewsroomCryptocurrency / Financial Fraud A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services   show more ...

business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the […] La entrada Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Feb 05, 2024The Hacker NewsData Protection / Threat Intelligence A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority   show more ...

will shout alerts at the […] La entrada Combined Security Practices Changing the Game for Risk Management – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISOs

Source: www.govinfosecurity.com – Author: 1 Leadership & Executive Communication , Training & Security Leadership , Video Joe Sullivan Also Discusses Identity Management, AI, State of Information Sharing Anna Delaney (annamadeline) • February 9, 2024     Clockwise, from top left: Anna Delaney,   show more ...

Mathew Schwartz, Joe Sullivan and Tom Field In the latest weekly update, Joe […] La entrada ISMG Editors: What CISOs Should Prepare for in 2024 – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Governance & Risk Management , Operational Technology (OT) Presented by Fortinet     150 min     As industrial organizations continue to digitize their operations, they are pulling production data from across their operations into IT systems. As more OT   show more ...

systems are connected to enterprise IT networks, this data can […] La entrada Virtual Event I APAC Operational Technology Security Summit – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Cybercrime , Fraud Management & Cybercrime Authorities Hacked the End-to-End Encryption Platform in 2020 Akshaya Asokan (asokan_akshaya) • February 8, 2024     France is prosecuting a suspected EncroChat administrator after his extradition from the Dominican   show more ...

Republic. (Image: Shutterstock) The Dominican Republic earlier this month extradited to France a suspected […] La entrada Suspected EncroChat Admin Extradited to France – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Acquire

Source: www.govinfosecurity.com – Author: 1 Cloud Data Security & Resilience , Security Operations The Combined Company Will Be Worth $7B, Firms Say David Perera (@daveperera) • February 8, 2024     The combination of Cohesity and the Veritas data protection business will be a $7 billion company.   show more ...

(Image: Shutterstock) Data security vendor Cohesity will acquire […] La entrada Cohesity Is Set to Acquire Veritas’ Data Protection Business – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attacks

Source: www.govinfosecurity.com – Author: 1 Critical Infrastructure Security , Governance & Risk Management , Operational Technology (OT) New Report Shows a Surge in OT/IoT Threats and a 123% Increase in Hacking Attempts Prajeet Nair (@prajeetspeaks) • February 8, 2024     Image: Shutterstock Threats   show more ...

to critical infrastructure are on the rise, as threat actors continue […] La entrada Number of Attacks Against Critical Infrastructure Is Growing – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI-powered

Source: www.infosecurity-magazine.com – Author: 1 The US Federal Communications Commission (FCC) has introduced a ban on robocalls that contain voices generated by AI to protect US voters from spamming ahead of the November presidential election. Callers must obtain prior express consent from the called party   show more ...

before making a call that utilizes artificial or pre-recorded voice […] La entrada AI-Powered Robocalls Banned Ahead of US Election – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 February 2024 marks 20 years of Facebook’s existence. Despite the brand being well established worldwide and in our day to day lives, only 6% of people trust it and other social media companies with their personal data. In a survey of 12,000 people across the   show more ...

globe, the Thales 2024 Digital Trust Index found […] La entrada 20 Years of Facebook, but Trust in Social Media Remains Rock Bottom – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: Mykhailo Polenok via Alamy Stock Photo Kenyan officials said more than one billion cyber threats hit the nation in the final quarter of last year. That’s a massive jump from the 123 million cyber threats detected in the previous quarter. The   show more ...

Communications Authority of Kenya attributed the […] La entrada Kenya Detected Over 1B Cyber Threats in Q4 – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Friday, February 09
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril