Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Voters in Danger! Cy ...

 Firewall Daily

Venezuela’s electoral system data breach has come to light following a dark web post on a forum. The incident involves a cyberattack on Venezuela, with a threat actor targeting various entities, including Smartmatic, a renowned developer of electronic voting systems. The situation escalated when screenshots   show more ...

purportedly from Smartmatic began circulating on the dark web and social media, indicating a possible Venezuela’s electoral system data breach.  These images, shared by a anonymous group associated with ransomware operations like Medusa and LockBit, raise serious concerns about the security of the electoral infrastructure.  The threat actor previously targeted Digitel, a popular telecommunications company in Venezuelan, posting its data on the Medusa group’s data leak site and demanding a $5 million ransom, reported HackManac on X. Decoding Venezuela’s Electoral System Data Breach Source: HackManac on X In a mocking tone, the threat actor highlighted the irony of the system’s purported anonymity while revealing classified voting information, including references to specific political affiliations such as “VOTO CHAVISTA.” The Cyber Express reached out to Smartmatic for clarification and comment on the Venezuela Electoral System data breach. However, as of the time of writing, no official statement or response has been issued, leaving the claims regarding the Smartmatic data breach unverified. Furthermore, the leak includes information regarding Digitel, a major Venezuelan telecommunications company, suggesting a broader attack targeting critical infrastructure within the country. Political Tensions in Venezuela The alleged data breach has surfaced 1 year prior to the presidential elections in Venezuela. Adding to existing controversies surrounding the electoral process, key opposition candidates have been disqualified, raising serious doubts about the fairness and transparency of the upcoming elections. María Corina Machado, an opposition leader, exemplifies this trend, as she was prohibited from contesting the elections by the Venezuelan government in June 2023, citing alleged political offenses. This move was met with condemnation from international bodies such as the Organization of American States, the European Union, Human Rights Watch, and numerous countries including Colombia, Paraguay, Uruguay, Ecuador, the United States, and the United Kingdom, who view it as a violation of political human rights. As Venezuela confronts these claims, worries escalate regarding the integrity and impartiality of its electoral procedures. The alleged breach in Venezuela’s Electoral System highlights the critical necessity for improved cybersecurity protocols to shield electoral systems and safeguard sensitive voter data from malicious entities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyberthreats to mark ...

 Business

When it comes to attacks on businesses, the focus is usually on four aspects: finance, intellectual property, personal data, and IT infrastructure. However, we mustnt forget that cybercriminals can also target company assets managed by PR and marketing — including e-mailouts, advertising platforms, social media   show more ...

channels, and promotional sites. At first glance, these may seem unattractive to the bad guys (wheres the revenue?), but in practice each can serve cybercriminals in their own marketing activities. Malvertising To the great surprise of many (even InfoSec experts), cybercriminals have been making active use of legitimate paid advertising for a number of years now. In one way or another they pay for banner ads and search placements, and employ corporate promotion tools. There are many examples of this phenomenon, which goes by the name of malvertising (malicious advertising). Usually, cybercriminals advertise fake pages of popular apps, fake promo campaigns of famous brands, and other fraudulent schemes aimed at a wide audience. Sometimes threat actors create an advertising account of their own and pay for advertising, but this method leaves too much of a trail (such as payment details). So a different method is more attractive to them: stealing login credentials and hacking the advertising account of a straight-arrow company, then promoting their sites through it. This has a double payoff for the cybercriminals: they get to spend others money without leaving excess traces. But the victim company, besides a gutted advertising account, gets one problem after another — including potentially being blocked by the advertising platform for distributing malicious content. Downvoted and unfollowed A variation of the above scheme is a takeover of social networks paid advertising accounts. The specifics of social media platforms create additional troubles for the target company. First, access to corporate social media accounts is usually tied to employees personal accounts. Its often enough for attackers to compromise an advertisers personal computer or steal their social network password to gain access not only to likes and cat pics but to the scope of action granted by the company they work for. That includes posting on the companys social network page, sending emails to customers through the built-in communication mechanism, and placing paid advertising. Revoking these functions from a compromised employee is easy as long as they arent the main administrator of the corporate page — in which case, restoring access will be labor-intensive in the extreme. Second, most advertising on social networks takes the form of promoted posts created on behalf of a particular company. If an attacker posts and promotes a fraudulent offer, the audience immediately sees who published it and can voice their complaints directly under the post. In this case, the company will suffer not just financial but visible reputational damage. Third, on social networks many companies save custom audiences — ready-made collections of customers interested in various products and services or who have previously visited the companys website. Although these usually cant be pulled (that is, stolen) from a social network, unfortunately its possible to create malvertising on their basis thats adapted to a specific audience and is thus more effective. Unscheduled circular Another effective way for cybercriminals to get free advertising is to hijack an account on an email service provider. If the attacked company is large enough, it may have millions of subscribers in its mailing list. This access can be exploited in a number of ways: by mailing an irresistible fake offer to email addresses in the subscriber database; by covertly substituting links in planned advertising emails; or by simply downloading the subscriber database in order to send them phishing emails in other ways later on. Again, the damage suffered is financial, reputational, and technical. By technical we mean the blocking of future incoming messages by mail servers. In other words, after the malicious mailouts, the victim company will have to resolve matters not only with the mailing platform but also potentially with specific email providers that have blocked you as a source of fraudulent correspondents. A very nasty side effect of such an attack is the leakage of customers personal data. This is an incident in its own right — capable of inflicting not only reputational damage but also landing you with a fine from data protection regulators. Fifty shades of website A website hack can go unnoticed for a long time — especially for a small company that does business primarily through social networks or offline. From the cybercriminals point of view, the goals of a website hack vary depending on the type of site and the nature of the companys business. Leaving aside cases when website compromise is part of a more sophisticated cyberattack, we can generally delineate the following varieties. First, threat actors can install a web skimmer on an e-commerce site. This is a small, well-disguised piece of JavaScript embedded directly in the website code that steals card details when customers pay for a purchase. The customer doesnt need to download or run anything — they simply pay for goods or services on the site, and the attackers skim off the money. Second, attackers can create hidden subsections on the site and fill them with malicious content of their choosing. Such pages can be used for a wide variety of criminal activity, be it fake giveaways, fake sales, or distributing Trojanized software. Using a legitimate website for these purposes is ideal, just as long as the owners dont notice that they have guests. There is, in fact, a whole industry centered around this practice. Especially popular are unattended sites created for some marketing campaign or one-time event and then forgotten about. The damage to a company from a website hack is broad-ranging, and includes: increased site-related costs due to malicious traffic; a decrease in the number of real visitors due to a drop in the sites SEO ranking; potential wrangles with customers or law enforcement over unexpected charges to customers cards. Hotwired web forms Even without hacking a companys website, threat actors can use it for their own purposes. All they need is a website function that generates a confirmation email: a feedback form, an appointment form, and so on. Cybercriminals use automated systems to exploit such forms for spamming or phishing. The mechanics are straightforward: the targets address is entered into the form as a contact email, while the text of the fraudulent email itself goes in the Name or Subject field, for example, Your money transfer is ready for issue (link). As a result, the victim receives a malicious email that reads something like: Dear XXX, your money transfer is ready for issue (link). Thank you for contacting us. Well be in touch shortly. Naturally, the anti-spam platforms eventually stop letting such emails through, and the victim companys form loses some of its functionality. In addition, all recipients of such mail think less of the company, equating it with a spammer. How to protect PR and marketing assets from cyberattacks Since the described attacks are quite diverse, in-depth protection is called for. Here are the steps to take: Conduct cybersecurity awareness training across the entire marketing department. Repeat it regularly; Make sure that all employees adhere to password best practices: long, unique passwords for each platform and mandatory use of two-factor authentication — especially for social networks, mailing tools, and ad management platforms; Eliminate the practice of using one password for all employees who need access to a corporate social network or other online tool; Instruct employees to access mailing/advertising tools and the website admin panel only from work devices equipped with full protection in line with company standards (EDR or internet security, EMM/UEM, VPN); Urge employees to install comprehensive protection on their personal computers and smartphones; Introduce the practice of mandatory logout from mailing/advertising platforms and other similar accounts when not in use; Remember to revoke access to social networks, mailing/advertising platforms, and website admin immediately after an employee departs the company; Regularly review email lists sent out and ads currently running, together with detailed website traffic analytics so as to spot anomalies in good time; Make sure that all software used on your websites (content management system, its extensions) and on work computers (such as OS, browser, and Office), is regularly and systematically updated to the very latest versions; Work with your website support contractor to implement form validation and sanitization; in particular, to ensure that links cant be inserted into fields that arent intended for such a purpose. Also set a rate limit to prevent the same actor from making hundreds of requests a day, plus a smart captcha to guard against bots.

image for Fat Patch Tuesday, F ...

 Latest Warnings

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412, a “security feature   show more ...

bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Redmond’s advisory for this bug says an attacker would need to convince or trick a user into opening a malicious shortcut file. Researchers at Trend Micro have tied the ongoing exploitation of CVE-2024-21412 to an advanced persistent threat group dubbed “Water Hydra,” which they say has being using the vulnerability to execute a malicious Microsoft Installer File (.msi) that in turn unloads a remote access trojan (RAT) onto infected Windows systems. The other zero-day flaw is CVE-2024-21351, another security feature bypass — this one in the built-in Windows SmartScreen component that tries to screen out potentially malicious files downloaded from the Web. Kevin Breen at Immersive Labs says it’s important to note that this vulnerability alone is not enough for an attacker to compromise a user’s workstation, and instead would likely be used in conjunction with something like a spear phishing attack that delivers a malicious file. Satnam Narang, senior staff research engineer at Tenable, said this is the fifth vulnerability in Windows SmartScreen patched since 2022 and all five have been exploited in the wild as zero-days. They include CVE-2022-44698 in December 2022, CVE-2023-24880 in March 2023, CVE-2023-32049 in July 2023 and CVE-2023-36025 in November 2023. Narang called special attention to CVE-2024-21410, an “elevation of privilege” bug in Microsoft Exchange Server that Microsoft says is likely to be exploited by attackers. Attacks on this flaw would lead to the disclosure of NTLM hashes, which could be leveraged as part of an NTLM relay or “pass the hash” attack, which lets an attacker masquerade as a legitimate user without ever having to log in. “We know that flaws that can disclose sensitive information like NTLM hashes are very valuable to attackers,” Narang said. “A Russian-based threat actor leveraged a similar vulnerability to carry out attacks – CVE-2023-23397 is an Elevation of Privilege vulnerability in Microsoft Outlook patched in March 2023.” Microsoft notes that prior to its Exchange Server 2019 Cumulative Update 14 (CU14), a security feature called Extended Protection for Authentication (EPA), which provides NTLM credential relay protections, was not enabled by default. “Going forward, CU14 enables this by default on Exchange servers, which is why it is important to upgrade,” Narang said. Rapid7’s lead software engineer Adam Barnett highlighted CVE-2024-21413, a critical remote code execution bug in Microsoft Office that could be exploited just by viewing a specially-crafted message in the Outlook Preview pane. “Microsoft Office typically shields users from a variety of attacks by opening files with Mark of the Web in Protected View, which means Office will render the document without fetching potentially malicious external resources,” Barnett said. “CVE-2024-21413 is a critical RCE vulnerability in Office which allows an attacker to cause a file to open in editing mode as though the user had agreed to trust the file.” Barnett stressed that administrators responsible for Office 2016 installations who apply patches outside of Microsoft Update should note the advisory lists no fewer than five separate patches which must be installed to achieve remediation of CVE-2024-21413; individual update knowledge base (KB) articles further note that partially-patched Office installations will be blocked from starting until the correct combination of patches has been installed. It’s a good idea for Windows end-users to stay current with security updates from Microsoft, which can quickly pile up otherwise. That doesn’t mean you have to install them on Patch Tuesday. Indeed, waiting a day or three before updating is a sane response, given that sometimes updates go awry and usually within a few days Microsoft has fixed any issues with its patches. It’s also smart to back up your data and/or image your Windows drive before applying new updates. For a more detailed breakdown of the individual flaws addressed by Microsoft today, check out the SANS Internet Storm Center’s list. For those admins responsible for maintaining larger Windows environments, it often pays to keep an eye on Askwoody.com, which frequently points out when specific Microsoft updates are creating problems for a number of users.

image for CISA Unveils 2024 JC ...

 Firewall Daily

In a bid to fortify the nation’s cyber defense infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) unveiled the 2024 priorities for the Joint Cyber Defense Collaborative (JCDC) on Monday. Despite recent criticisms surrounding its efficacy, the CISA JCDC priorities aim to realign resources   show more ...

and strategic direction to tackle evolving cyber threats with renewed vigor. The three overarching CISA JCDC priorities signal a concerted effort to strengthen defenses against advanced persistent threats (APTs), enhance baseline protections for critical infrastructure, and proactively address emerging technology risks. Source: Twitter Clayton Romans, Associate Director at CISA, emphasized the significance of these priorities, stating, “These priorities will further expand the breadth and depth of our partnership to tackle more challenging, forward-leaning cyber risks that could evolve in the future, not just the immediate risks. To be clear, JCDC in this context is not a specific team or organization; it represents the collective group of industry and government partners drawn together to drive positive change for our nation’s cybersecurity.” CISA JCDC Priorities 2024 The first JCDC priority focuses on defending against APT operations, particularly those orchestrated by entities affiliated with the People’s Republic of China (PRC). Recognizing the evolving threat landscape highlighted in last year’s ODNI Annual Threat Assessment, the JCDC aims to thwart malicious activities targeting vital national functions. Measures include identifying and countering APT attack campaigns and finalizing the National Cyber Incident Response Plan to prepare for major cyber incidents. The second CISA JCDC priority aims to elevate the cybersecurity baseline, emphasizing the prevention of avoidable intrusions through enhanced security practices. Efforts will encompass securing networks and infrastructure for state and local election officials, combating ransomware attacks on critical infrastructure, and advocating for Secure by Design principles to mitigate technology vulnerabilities. Anticipating emerging technology risks constitutes the third priority, acknowledging the dual nature of innovation in cyber defense. While technological advancements offer avenues to enhance security, they also introduce new vulnerabilities. The JCDC will collaborate with the cybersecurity community to mitigate risks associated with artificial intelligence (AI) deployment, aligning with CISA’s Roadmap for Artificial Intelligence. JCDC’s Resolve Amid Critique However, the announcement arrives against a backdrop of persistent concerns regarding the JCDC’s effectiveness. Criticisms center on perceived shortcomings in technical expertise and an overrepresentation of legal perspectives within the collaborative. Despite these challenges, the CISA JCDC priorities remain steadfast in its commitment to fostering collaboration between government and private sector entities to safeguard national cybersecurity interests. With a renewed focus on strategic priorities, the collaborative endeavors to overcome existing obstacles and adapt to emerging cyber threats in an increasingly complex cyber landscape. Looking ahead, the success of the CISA JCDC priorities will hinge on proactive engagement, resource allocation, and ongoing collaboration among stakeholders. As cyber threats continue to evolve, the imperative for cohesive, forward-thinking defense strategies becomes ever more pressing. The unveiling of the 2024 priorities marks a pivotal moment in the JCDC’s evolution, signaling its readiness to confront the challenges of tomorrow’s cyber arena head-on. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Malabar Gold & Diamo ...

 Firewall Daily

Malabar Gold & Diamonds, a prominent jewelry retailer based in India, is currently embroiled in a suspected data breach allegedly orchestrated by the notorious Snatch ransomware group. Reports suggest that the syndicate has claimed responsibility for infiltrating the company’s systems, extracting a   show more ...

significant volume of data totaling 270 GB. Established in 1993 by M. P. Ahammed, Malabar Gold & Diamonds is an Indian jewelry conglomerate headquartered in Kozhikode, Kerala. With over 330 showrooms spanning 11 countries, it stands as one of the globe’s premier chains of jewelry retailers. The Snatch ransomware group, known for its aggressive tactics and targeting high-profile entities, has added Malabar Gold & Diamonds to its data leak site with a long story about its founder and CEO. Malabar Gold & Diamonds Data Breach Claimed by Snatch Ransomware Source: Dark Web According to posts shared by the threat actors, the Malabar Gold & Diamonds data breach allegedly includes sensitive information about key figures within Malabar Gold & Diamonds, including Mr. M. P. Ahammed, the esteemed chairman of the Malabar Group of Companies and founder of Malabar Gold and Diamonds.  The leaked data purportedly contains details about the company’s financial performance, turnover figures, and background information about its leadership. “Let us start with the CEO of Malabar Gold and Diamonds – so meet Mr. Ahammed: M. P. Ahammed (born 1 November 1957) is an Indian businessman and the chair of Malabar Group of Companies. He is also the founder of Malabar Gold and Diamonds, one of the world’s largest retail jewelry groups”, reads the threat actor post.  Mr Ahammed, a prominent Indian businessman renowned for his entrepreneurial acumen, has steered Malabar Gold & Diamonds to remarkable success over the years. However, this alleged Malabar Gold & Diamonds breach targets the legacy of the renowned jewelry retailer.  Malabar Gold & Diamonds Breach Reaches the US Branch Furthermore, the Snatch ransomware group has also disclosed information about Mr. Joseph Eapen, who oversees US operations at Malabar Gold & Diamonds. The leaked data reportedly includes Eapen’s contact details and professional information, raising concerns about the potential exploitation of sensitive personal information. In response to these alarming developments, The Cyber Express reached out to Malabar Gold & Diamonds for official comment or clarification regarding the alleged data breach. However, as of the time of writing, no statement or response has been received from the organization. The lack of an official response leaves the claims surrounding the Malabar Gold & Diamonds data breach unverified. This is an ongoing story and TCE will be closely monitoring the situation. We’ll update this post once we have more information on the Malabar Gold & Diamonds data breach or any official confirmation from the organization.  Snatch Ransomware Group Targeting Global Companies  The Snatch ransomware group, known for attacking global companies, has claimed responsibility for this cyberattack on Malabar Gold & Diamonds. Taking consideration into the recent exploits, Both the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory last year, warning about the group’s ransomware-as-a-service operation. Despite not having a high profile, the advisory highlights the seriousness of the threat posed by Snatch. Targeting various sectors, including defense, agriculture, and IT, Snatch employs double extortion tactics. Originally emerging in 2018 as Team Truniger, the group operates through command-and-control servers in Russia and attempts to bypass antivirus protections by rebooting Windows PCs into safe mode. The group’s recent victims include, Banco Promerica, Tyson Foods, an alleged US President data leak related to Joe Biden, his son Hunter Biden, and First Lady Jill Biden and the infamous Tampa General Hospital data breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hacktivist Groups Ta ...

 DDoS Attacks News

The hacktivist groups Dark Strom Team and Anonymous Sudan have allegedly launched cyberattacks on US airports, citing American support for Israel in the ongoing Gaza conflict as their motivation. On February 10, Anonymous Sudan allegedly initiated a Distributed Denial of Service (DDoS) attack on the San Francisco   show more ...

International Airport, followed by the Dark Strom Team’s claiming to target the Los Angeles International Airport. Both groups have explicitly stated their grievances against US policies, particularly the financial backing provided to Israel amidst the Gaza conflict. Motivations Behind Cyberattacks on US Airports The message from the Dark Storm Team read, “We are Back, We did DDoS attack on Los Angeles Airport in untied status, We are Dark Storm Team, we don’t forgive, we don’t forget,” highlights their determination to disrupt critical infrastructure. Similarly, Anonymous Sudan’s dark web message stated, “We have launched a huge cyberattack on the critical infrastructure of one of the biggest US airports; San Francisco Airport,” linking their actions directly to US support for Israel and its military actions. They emphasize the intention to cause disruption beyond mere website targeting, aiming to impact the entire infrastructure of the airports to impede operations. To verify the claim, The Cyber Express Team reached out to the targeted airport authorities. However, as of writing this report, no response has been received, leaving the claim unverified. Menacing Ultimatum: Threats Against Global Targets Adding to the concern, on February 12th, The Cyber Express team reported that the Dark Storm Team issued a threatening ultimatum. They warned of cyberattacks against the services and government websites of NATO countries, Israel, and nations aligned with Israeli interests. This alert emphasizes the group’s broader agenda of targeting entities perceived as supporting Israel. Adding to the concern, on February 12, The Cyber Express team had reported the ultimatum by the Dark Storm Team, threatening cyberattacks against the services and government websites of NATO countries, Israel, and nations aligned with Israeli interests. This warning highlights the group’s broader agenda of targeting entities perceived as complicit in supporting Israel. The sophistication and audacity of these cyberattacks on US airports highlight the increasing vulnerability of digital infrastructure to malicious actors. Dark Storm Team, renowned for its advanced cyber warfare tactics and history of breaching high-security systems, poses a significant threat to critical systems and operations. As tensions between Israel and Hamas continue to escalate, the specter of cyber warfare looms large, highlighting the intricate interplay between geopolitics and cybersecurity. The events unfolding in cyberspace serve as a reminder of the evolving nature of conflict in the digital age and the imperative of proactive measures to mitigate cyber risks and protect essential systems and services. In the face of these challenges, vigilance, resilience, and collaboration are essential to safeguarding the integrity and security of our interconnected world. Only through concerted efforts can we effectively confront the multifaceted threats posed by cyber adversaries and uphold the stability and resilience of our digital infrastructure. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for $35 Billion Chinese ...

 Firewall Daily

A hacker, cloaked in anonymity, asserted that they had illicitly obtained Remote Desktop Protocol (RDP) access to a prominent Chinese real estate firm through the cyber black market. The identity of the company remains undisclosed, but it commands a substantial revenue exceeding US$35 billion, rendering it a highly   show more ...

desirable target for cybercriminals. What’s even more alarming is that the starting price for this illicit access is a mere US$10,000. Moreover, the lack of disclosure regarding the company’s identity adds a layer of intrigue, amplifying the gravity of the situation. The sale of unauthorized RDP access highlights the increasingly sophisticated tactics employed by cybercriminals to infiltrate high-value targets. RDP, a proprietary protocol developed by Microsoft, allows users to remotely access computers over a network connection. While it serves as a convenient tool for legitimate remote access, it has also become a prime target for cyberattacks when left unprotected. Source: Daily Dark Web The implications of such a cyberattack extend far beyond financial losses for the company involved. With access to sensitive internal systems and data, malicious actors could wreak havoc on operations, compromise confidential information, and even sabotage critical infrastructure. For a real estate giant of this magnitude, the potential fallout from such a breach could be catastrophic. Cyber Warfare: A Persistent Threat to China This latest incident adds to a series of cybersecurity challenges plaguing the nation. The recent annual report by Chinese cybersecurity firm 360 Security Group, released in January 2024 reveals some shocking numbers. The report reveals a disturbing trend of over 1,200 Advanced Persistent Threat (APT) attacks originating from 13 foreign APT organizations targeting China in 2023 alone. These sophisticated cyber assaults spanned across 16 industries, with education emerging as the primary target, followed closely by government, scientific research, national defense, and transportation sectors. Government Responses and International Ramifications Amidst these mounting cybersecurity concerns, the Chinese government, in February 2024, has taken a firm stance, unequivocally denouncing any form of cyber aggression. Reaffirming its commitment to combatting cyber threats, the Chinese embassy in the Philippines issued a stern warning, asserting that China will not tolerate illicit cyber activities leveraging its infrastructure. This declaration comes in the wake of reports suggesting an attempted cyberattack on Philippine government websites, allegedly orchestrated by hackers utilizing services provided by Chinese state-owned enterprise Unicom. Meanwhile, across the Pacific, the United States grapples with its own cybersecurity challenges, with officials and experts sounding the alarm on alleged attempts by the Chinese military to infiltrate vital infrastructure networks. Reports citing anonymous sources suggest that hackers affiliated with China’s People’s Liberation Army successfully penetrated the computer systems of numerous critical organizations, signaling a potentially grave threat to national security. The recent revelations have thrust China into the spotlight once again, raising concerns about unauthorized access to sensitive data and allegations of state-sponsored cyberattacks. As tensions simmer between the world’s two largest economies, cybersecurity emerges as a focal point of contention, necessitating robust defenses and proactive measures to mitigate risks and safeguard against malicious cyber activities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for China Calls Out U.S. ...

 APT

The Chinese government is taking an aggressive approach to countering stories of Chinese cyber offensive campaigns: promoting tales of US hacks on Chinese organizations, but without the data to back them up. The post China Calls Out U.S. For Hacking. The Proof? TBD! appeared first on The Security Ledger with Paul F.   show more ...

Roberts. Related StoriesBitCoins To Bombs: North Korea Funds Military With Billions In Stolen CryptocurrencyCiting Attacks On Small Utilities, Dragos Launches Community Defense ProgramFBI: Iranian APT Targets Israeli-Made PLCs Used In Critical Industries

 Expert Blogs and Opinion

Combining traditional email security measures with AI-based solutions and empowering cybersecurity personnel with AI skills is crucial for organizations to defend against evolving cyber threats.

 Geopolitical, Terrorism

The campaign involves collaboration between Chinese cybersecurity firms, government agencies, and state media to amplify allegations of hacking operations by the United States.

 Companies to Watch

Bugcrowd, which has already attracted $90 million in prior investments, plans to use the funds to enhance its bug bounty programs, vulnerability disclosure, and crowdsourced penetration testing.

 Security Products & Services

The tool has key features such as an easy-to-understand code structure, reporting/output system in HTML and JSON formats, and the ability to run via Nmap scan results in XML format.

 Trends, Reports, Analysis

Ransomware attacks surged in 2023, with the United States accounting for almost half of all attacks according to Malwarebytes, and cybercriminals evolving their tactics to target a higher volume of victims simultaneously.

 Malware and Vulnerabilities

The Pay-Per-Install (PPI) ecosystem, originally intended for distributing advertisements, has evolved into a profitable platform for spreading spyware and malware, including threats like Glupteba.

 Feed

Ubuntu Security Notice 6633-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas   show more ...

Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

 Feed

Ubuntu Security Notice 6632-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed   show more ...

PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

 Feed

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

 Feed

Red Hat Security Advisory 2024-0797-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0789-03 - An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available. Issues addressed include buffer overflow and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0777-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, information leakage, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0774-03 - An update is now available for Red Hat Certificate System 10.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each   show more ...

vulnerability from the CVE link in the References section. Issues addressed include a memory leak vulnerability.

 Firewall Daily

Garon Products Inc. finds itself ensnared in the web of cybercrime as it becomes the latest target of the ThreeAM ransomware attack. The Garon Products cyberattack was brought to light when it appeared on the dark web portal operated by the threat actors, casting uncertainty over its operations. Garon Products, Inc.   show more ...

is a reputable U.S. manufacturer specializing in high-quality concrete repair and preservation solutions since 1960. The organization offers a diverse range of products utilizing advanced technologies such as hydraulic cement, epoxy, urethane, polyaspartic, and acrylic copolymers. The Garon Products Cyberattack To learn more about this alleged cyberattack on Garon Products, The Cyber Express reached out to the organization. However, as of the time of this writing, no official statement or response has been received from the organization, leaving the claims surrounding the cyberattack on Garon Products hanging unverified at this point. Moreover, the website for Garon Products seems to be operational at the moment and doesn’t show any immediate signs of a cyberattack. In cases like this, ransomware groups usually target the database or the backend of the website instead of launching an offensive attack like defacements or Distributed Denial of Service (DDoS) attack. Understanding the ThreeAM Ransomware Group  The Garon Products cyberattack by the ThreeAM ransomware group highlights the persistent threat posed to small and medium enterprises (SMEs) by cybercriminals seeking financial gain through illicit means. Operating on the modus operandi of encrypting victims’ data and subsequently demanding ransom payments for its release, ThreeAM exemplifies the ever-looming danger to global organizations.  Security analysts at Intrinsic recently decoded the workings of ThreeAM ransomware, shedding light on its active campaigns targeting SMEs. Unlike its more sophisticated counterparts, ThreeAM may seem less refined, yet its impact can be significant. Leveraging X/Twitter bots and Rust language for its operations, ThreeAM emerges as a new entrant in the malware domain, poised to target unsuspecting victims. Modus Operandi of ThreeAM Ransomware Group  The timeline of ThreeAM’s activities reveals a pattern of calculated strikes aimed at a dozen US businesses between September 13 and October 26, 2023. SMEs, characterized by their limited resources, find themselves particularly vulnerable to such assaults.  Symantec’s report linking ThreeAM ransomware to the ex-Conti-Ryuk-TrickBot nexus further highlights the complexity of these ransomware groups. Employing Rust-based technology, ThreeAM represents a fallback option for failed LockBit deployments. ThreeAM’s operations come into focus upon closer examination of its infrastructure. Domains masquerading as US entities and hosting servers bearing a common Apache banner serve as the backdrop for the group’s malicious activities.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

The Office of the Colorado State Public Defender, entrusted with providing legal aid to those unable to afford representation, finds itself ensnared in the aftermath of a cyberattack. As a consequence of the Colorado State Public Defender data breach, access to critical resources such as calendars, emails, court   show more ...

filing systems, and even police reports has been severed, casting a shadow over the institution’s ability to fulfill its essential duties. Colorado State Public Defender Data Breach: What Exactly Happened? Spokesperson James Karbach revealed that their computer network fell victim to insidious malware, encrypting critical data and forcing a drastic shutdown during Colorado State Public Defender. “Our operations will be limited while the network is offline,” Karbach lamented. Karbach refrained from specifying the duration of the public defender’s office closure or the exact timing of the Colorado State Public Defender data breach. However, internal correspondence scrutinized by The Denver Post suggests that the statewide office is currently inactive, with the outage potentially lasting up to a week. A notification was sent by the Colorado Judicial Department’s Information and Technology Service around 11 a.m. Friday confirmed the commencement of the “cybersecurity incident” to judges and judicial staff. Notably, the notice reassured that the Colorado State Public Defender data breach does not endanger the broader court system. Previous Breaches on Courts The specter of cyber assaults looms large, casting a shadow of uncertainty over legal institutions worldwide. Recent incidents, both near and far, highlight the pervasive nature of this digital menace. In February 2024, in Pennsylvania, the judiciary grapples with a denial-of-service attack, hobbling essential web services and sowing chaos in its wake. Chief Justice Debra Todd’s assurance notwithstanding, the breach highlights the vulnerability of vital infrastructures to malicious intent. Additionally, in January 2024, Switzerland’s cyber defenses faltered in the face of a coordinated onslaught, purportedly linked to geopolitical tensions. The shadowy group ‘NoName,’ with alleged ties to Russia, wreaked havoc on Swiss government websites, exploiting a moment of international scrutiny to further their agenda. In the same month, Victoria’s court system fell prey to ransomware, plunging hundreds of legal proceedings into jeopardy. While initial suspicions pointed toward external actors, the true motives behind the attack remain shrouded in uncertainty. As legal institutions grapple with the fallout, questions abound regarding the adequacy of cybersecurity measures and the looming specter of future attacks.  With each breach, the fragile balance between security and accessibility hangs in the balance. In the face of adversity, resilience emerges as the cornerstone of our collective response. The Colorado Public Defender’s Office, alongside its counterparts worldwide, stands undaunted in the face of adversity. As they work tirelessly to restore normalcy, their unwavering commitment to justice serves as a beacon of hope in turbulent times. Yet, the battle against cyber threats is far from over. It demands a concerted effort, uniting governments, corporations, and citizens in a shared resolve to safeguard our digital future. Only through collective vigilance and unwavering determination can we fortify the ramparts of justice against the encroaching tide of cyber warfare. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Data Breach News

Bank of America, one of the largest banking institutions in the United States, recently announced to its customers that a data breach had occurred due to a cyberattack targeting one of its service providers, Infosys McCamish Systems.  The Bank of America data breach, which transpired after the cyberattack on Infosys   show more ...

McCamish Systems LLC (IMS), has raised serious concerns about the security of personal information entrusted to financial institutions. The Bank of America breach, which came to light on February 6, 2024, prompted Bank of America to take swift action, filing a notice of the data breach with the Attorney General of Texas.  The Bank of America Data Breach Links to Infosys McCamish Systems  According to the disclosure, unauthorized access to confidential information was made possible through the third-party breach at Infosys McCamish Systems. The compromised data includes sensitive details such as names, Social Security numbers, financial account information, addresses, and dates of birth of affected consumers. In response to the breach, Bank of America initiated a thorough investigation and promptly began notifying individuals whose information was impacted by the security incident. The affected customers received Bank of America data breach notification letters outlining the extent of the compromise and steps they can take to safeguard their information. While the exact number of affected customers has not been disclosed by Bank of America, Infosys McCamish Systems revealed in a filing with the Attorney General of Maine that over 57,000 individuals had their data exposed in the incident.  The Timeline of the Bank of America Data Breach The timeline leading up to the Bank of America/Infosys McCamish data breach provides some insight into the sequence of events. Infosys became aware of the cyberattack targeting its systems on November 3, 2023, which resulted in certain portions of IMS’s infrastructure becoming inaccessible. Following this discovery, IMS launched an investigation in collaboration with external data forensics specialists. On November 24, 2023, IMS notified Bank of America that data related to certain deferred compensation plans serviced by the bank may have been compromised. It’s important to note that at no point was Bank of America’s internal network compromised during the breach. However, the Bank of America data breach did expose sensitive consumer information, prompting IMS to conduct a thorough review of the compromised files to identify affected individuals. Bank of America’s proactive approach to addressing the breach, including the issuance of data breach notification letters, aims to mitigate the potential impact on affected customers. These letters provide detailed information on the compromised data, empowering individuals to take appropriate steps to protect their personal information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of

 Feed

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to

 Feed

The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos

 Feed

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and

 Threat Lab

In the digital age, the quest for love has moved online, but so have the fraudsters, with romance scams reaching record highs. These scams don’t just harm individuals financially and emotionally; they can also pose significant risks to businesses. Let’s explore how these scams work, their impact, and how   show more ...

both businesses and consumers can protect themselves. Understanding Romance Scams Romance scams involve fraudsters creating fake profiles on dating sites, social media platforms, or apps to establish relationships with victims, gain their trust, and eventually, scam them out of money. In 2022, nearly 70,000 people reported such scams, with losses totaling a staggering $1.3 billion. The median loss per victim was around $4,400, highlighting the severe impact on individuals​​. Key Trends to Watch The reported losses to romance scams were up nearly 80% year over year, showing a rapid increase in both the frequency and effectiveness of these scams​​. This trend underscores the evolving threat landscape and the importance of continuous awareness and education on cybersecurity threats, including those that initially appear to be personal in nature. Rise in Cryptocurrency Payments: Fraudsters are increasingly asking for payments in cryptocurrency, exploiting its semi-anonymous nature. In 2021, losses to romance scams involving cryptocurrency were reported at $139 million​​. Expect this to avenue of fraud to consistently escalate as crypto prices and adoption increase. Social Media as a Starting Point: Around 40% of romance scam victims in 2022 reported that the scam started on social media, a significant increase that highlights the broadening tactics of scammers​​. Increased Use of Gift Cards: Despite the high losses associated with cryptocurrency, gift cards remain a preferred method for scammers, given their ease of use and difficulty in tracing​​. The Business Angle When employees fall victim to these scams, the emotional and financial distress can lead to decreased productivity and increased susceptibility to further scams, including those targeting the workplace. Fraudsters may use personal relationships to extract sensitive information or gain access to company networks. Thus, an employee compromised by a romance scam can inadvertently become a weak link in the company’s cybersecurity defenses. How Romance Scams Affect the Workplace Distraction and Distress: Victims of romance scams often experience significant emotional and financial distress. This state of mind can lead to increased susceptibility to other types of scams or malicious attacks. When employees are distracted or stressed, they’re more likely to make mistakes, such as inadvertently clicking on phishing links or downloading malicious attachments. Credential Compromise: In some cases, romance scammers may directly target individuals to gain access to their professional credentials. A seemingly innocuous request for information from a “trusted” romantic partner could actually be a ploy to infiltrate company networks. First Line of Defense: Employees are often considered the first line of defense against cyber threats. When their judgment is clouded by personal issues, such as those stemming from a romance scam, this line of defense can weaken, exposing the organization to increased risk. Protecting Yourself and Your Business Educate and Train Employees: Awareness is the first step in prevention. Businesses should include the risks of social engineering scams, like romance scams, in their cybersecurity training programs, highlighting how personal security practices impact professional security. Encourage Open Communication: Create an environment where employees can report personal security breaches without fear of judgment. This transparency can be crucial in preventing security risks to the business. Encourage Healthy Skepticism: Teach employees to question unexpected requests for information or money, whether from strangers, online acquaintances, or even romantic partners they have not met in person. Regular Security Assessments: Continuously evaluate and improve security practices to safeguard against evolving threats. This includes ensuring that personal devices used for work purposes are also secure. Monitor Financial Transactions: Look out for unusual financial requests or transactions, especially those involving cryptocurrency or gift cards. Verify and Validate: Encourage employees to verify the identities of individuals they interact with online and to use reverse image searches to check the authenticity of profile pictures. Romance scams are a multifaceted problem with both personal and professional ramifications. By staying informed, fostering open communication, and implementing robust security measures, businesses and consumers alike can better protect themselves from these emotionally and financially devastating schemes. Remember, cybersecurity is not just about technology; it’s about understanding human behavior and the various ways it can be manipulated. For more detailed information on how to protect yourself from romance scams, visit the Federal Trade Commission’s website. The post Navigating the Web of Romance Scams: A Guide for Businesses and Consumers appeared first on Webroot Blog.

 Cyber Security News

Source: www.proofpoint.com – Author: 1 It’s still relatively early in the year, but bad actors are already targeting accounting and finance organizations as well as filers in the United States with tax-related scams. Researchers at cybersecurity company Proofpoint wrote in a report this week that the return   show more ...

of tax season reliably brought the threat group […] La entrada Tax Season is Upon Us, and So Are the Scammers – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Madalina Popovici An insider data breach at Verizon has compromised the personal information of more than 63,000 employees, nearly half of the company’s global workforce. The telecommunications giant disclosed the incident in a Data Breach Notification with the Office of   show more ...

the Maine Attorney General, revealing that the breach occurred around September […] La entrada Insider Data Breach at Verizon Affects Over 63,000 Employees – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: NSFOCUS In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized   show more ...

the development of global cybersecurity regulations and policies in 2023, hoping to provide valuable insights and […] La entrada 2023 Cybersecurity Regulation Recap (Part 4): Tech Development & Governance – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Beth Miller When sensitive information becomes available to outside sources, you have a data leak on your hands. Data leaks are real threats that are easy to ignore. But across all the places your company stores and moves data, it’s only a matter of time until an   show more ...

accidental exposure of information […] La entrada What is a Data Leak? Causes, Examples, and Prevention – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Digital Defense by Fortra What is Fortra IdP?  Fortra Identity Provider (IdP) serves as a centralized solution that allows users to log in and register for connected Fortra offerings using existing credentials from popular external identity providers. By incorporating   show more ...

industry-standard protocols like OAuth 2.0 as well as required MFA, we ensure […] La entrada Single Sign-On with Fortra IdP  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Authors/Presenters: Nissy Sombatruang, Tristan Caulfield, Ingolf Becker, Akira Fujita, Takahiro Kasama, Koji Nakao, Daisuke Inoue Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations   show more ...

strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the […] La entrada USENIX Security ’23 – Internet Service Providers’ And Individuals’ Attitudes, Barriers, And Incentives To Secure IoT – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Digital Defense by Fortra How the justice system deals with cybercrime is still relatively new and finding its footing. How cybercriminals are leveraging the legal system is relatively new, too.  Imagine a world where your organization gets hacked, and then, to add   show more ...

insult to injury, gets reported by the hackers for […] La entrada Cybersecurity and the Law: Taking Proactive Steps Before Needing Legal Action – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CPU

Source: securityboulevard.com – Author: Rick It was only a matter of time before someone did this. Bitlocker is Microsoft’s technique for encrypting a desktop, laptop, or other MS Windows device. We encrypt the device to protect the contents if it is ever stolen. In theory, the only way Windows will start up   show more ...

if it is […] La entrada Breaking Bitlocker – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink *** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://xkcd.com/2892/ Original Post URL:   show more ...

https://securityboulevard.com/2024/02/randall-munroes-xkcd-banana-prices/ Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers […] La entrada Randall Munroe’s XKCD ‘Banana Prices’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Analytics & Intelligence

Source: securityboulevard.com – Author: Tony Bradley Cybersecurity is a dynamic and fast-paced industry. Staying ahead of threats requires constant innovation and a keen understanding of the landscape’s evolving challenges. I recently spoke with Ric Smith, Chief Product and Technology Officer for SentinelOne,   show more ...

about SentinelOne’s efforts to […] The post Simplifying Cybersecurity from Confusion to Clarity […] La entrada Simplifying Cybersecurity from Confusion to Clarity – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: socprime.com – Author: Daryna Olyniychuk State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks   show more ...

being related to such groups as Mustang Panda or APT41. The latest joint alert by […] La entrada Volt Typhoon Attacks: Chinese Nation-Backed Actors Focus Malicious Efforts at the US Critical Infrastructure – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko Cybersecurity researchers recently unveiled a new variant of a stealthy info-stealing malware known as Mispadu Stealer. Adversaries behind the latest attacks against Mexican users leveraging Mispadu banking Trojan have been observed exploiting a recently fixed   show more ...

Windows SmartScreen vulnerability tracked as CVE-2023-36025. Detect Mispadu Stealer  With dozens of new malware […] La entrada Mispadu Stealer Detection: A New Banking Trojan Variant Targets Mexico While Exploiting CVE-2023-36025 – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Ransomfeed – Third Quarter Report 2023 is out! Pierluigi Paganini February 13, 2024 Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. A comprehensive report delving   show more ...

into the intricate landscape of ransomware threats during the last four months of 2023 […] La entrada Ransomfeed – Third Quarter Report 2023 is out! – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityaffairs.com – Author: Pierluigi Paganini Global Malicious Activity Targeting Elections is Skyrocketing Pierluigi Paganini February 13, 2024 Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally With more voters than ever in history heading   show more ...

to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign […] La entrada Global Malicious Activity Targeting Elections is Skyrocketing – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Researchers released a free decryption tool for the Rhysida Ransomware Pierluigi Paganini February 12, 2024 Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity   show more ...

researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an […] La entrada Researchers released a free decryption tool for the Rhysida Ransomware – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Residential Proxies vs. Datacenter Proxies: Choosing the Right Option Pierluigi Paganini February 12, 2024 Residential Proxies vs. Datacenter Proxies: this blog post examines the contours of each type and provides info on how to choose the perfect proxy   show more ...

option In the robust landscape of the digital era, our need […] La entrada Residential Proxies vs. Datacenter Proxies: Choosing the Right Option – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 12, 2024 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube Webmail Persistent Cross-Site Scripting (XSS)   show more ...

Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube […] La entrada CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Canada Gov plans to ban the Flipper Zero to curb car thefts Pierluigi Paganini February 12, 2024 The Canadian government is going to ban the tool Flipper Zero because it is abused by crooks to steal vehicles in the country. The Canadian government   show more ...

announced that it plans to ban […] La entrada Canada Gov plans to ban the Flipper Zero to curb car thefts – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini ExpressVPN leaked DNS requests due to a bug in the split tunneling feature Pierluigi Paganini February 12, 2024 A bug in the split tunneling feature implemented in ExpressVPN exposed the domains visited by the users. ExpressVPN addressed a bug in the   show more ...

split tunneling feature that exposed the domains visited […] La entrada ExpressVPN leaked DNS requests due to a bug in the split tunneling feature – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data Pierluigi Paganini February 12, 2024 Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used   show more ...

public Wi-Fi: it’s convenient, saves our data, and speeds up […] La entrada 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Hacker's Mind

Source: www.schneier.com – Author: Bruce Schneier HomeBlog A Hacker’s Mind is Out in Paperback The paperback version of A Hacker’s Mind has just been published. It’s the same book, only a cheaper format. But—and this is the real reason I am posting this—Amazon has significantly discounted the   show more ...

hardcover to $15 to get rid of its […] La entrada A Hacker’s Mind is Out in Paperback – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blockchain

Source: www.schneier.com – Author: Bruce Schneier Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative   show more ...

service at any kind of scale. The closest he ever comes is when […] La entrada Molly White Reviews Blockchain Book – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Matt • February 12, 2024 12:39 PM Nice article, but no mention of account recovery in case you lose your passkey. What I’ve seen typically is the same “recovery codes” approach since MFA started being a thing. Those are effectively a   show more ...

bunch of single-use passwords, and managing […] La entrada On Passkey Usability – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Anonymous • February 9, 2024 8:39 PM “Philadelphia sheriff caught posting over 30 fake news stories generated by ChatGPT to her website” httpx: fortune.com/2024/02/06/philadelphia-sheriff-fake-news-chatgpt-30-articles-removed/ for the   show more ...

lulz • February 9, 2024 11:24 PM Raspberry Pi Pico cracks BitLocker in under a minute Windows encryption feature defeated by […] La entrada Friday Squid Blogging: A Penguin Named “Squid” – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 botnets

Source: www.schneier.com – Author: Bruce Schneier HomeBlog No, Toothbrushes Were Not Used in a Massive DDoS Attack The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it   show more ...

wrong, and […] La entrada No, Toothbrushes Were Not Used in a Massive DDoS Attack – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

Source: www.schneier.com – Author: Bruce Schneier On Software Liabilities Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” Section 1 of this paper sets the   show more ...

stage by briefly describing the problem to be solved. […] La entrada On Software Liabilities – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 anthropic

Source: www.techrepublic.com – Author: Megan Crouse Image: Adobe/Grandbrothers The National Institute of Standards and Technology established the AI Safety Institute on Feb. 7 to determine guidelines and standards for AI measurement and policy. U.S. AI companies and companies that do business in the U.S. will   show more ...

be affected by those guidelines and standards and may have […] La entrada NIST Establishes AI Safety Consortium – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.techrepublic.com – Author: Megan Crouse As senior director and global head of the office of the chief information security officer (CISO) at Google Cloud, Nick Godfrey oversees educating employees on cybersecurity as well as handling threat detection and mitigation. We conducted an interview with   show more ...

Godfrey via video call about how CISOs and other tech-focused […] La entrada Google Cloud’s Nick Godfrey Talks Security, Budget and AI for CISOs – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 atlas vpn

Source: www.techrepublic.com – Author: Franklin Okeke We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Find out the difference between Atlas VPN’s free and premium options   show more ...

and choose the best plan for […] La entrada Atlas VPN Free vs. Premium: Which Plan Is Best For You? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Crooks

Source: go.theregister.com – Author: Team Register The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November. Researchers from Proofpoint listed many C-suite roles   show more ...

as prime targets for the unnamed attackers, as well as other senior […] La entrada Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Tuesday, February 13
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril