Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Alleged MIT Data Bre ...

 Firewall Daily

A potential data breach targeting the prestigious Massachusetts Institute of Technology (MIT) has surfaced on the dark web. The MIT data breach, claimed by a dark web actor, has allegedly unveiled a large cache of sensitive data openly accessible on the forum.  The threat actor has disclosed 27,961 lines of data,   show more ...

comprising names, email addresses, and department affiliations from MIT. The leaked information, accessible on the dark web, presents a potential threat to faculty, staff, and potentially students linked to the institution. MIT Data Breach on Dark Web Forums Source: Daily Dark Web on X The leaked data, provided in CSV format, appeared to encompass a broad range of individuals within the MIT community, spanning from faculty members to students across various fields of study. Each entry in the database included details such as the department or faculty name, surname, student name, and email address. Furthermore, certain entries featured a “No Student” designation, hinting at potential affiliations with graduate programs or former students. Although the motive behind the purported breach remains ambiguous, the extensive volume of compromised information raises apprehensions about possible phishing attempts and other fraudulent activities targeting individuals affiliated with MIT. Furthermore, considering that the number of entries surpassed the current student population, it’s plausible that the dataset contains duplicates or includes data from previous academic years. Established in 1861, the Massachusetts Institute of Technology (MIT) has maintained its position among the world’s leading universities due to its pioneering research, innovative teaching approaches, and influential alumni network. If confirmed, the data leak claim could significantly impact the security of individuals associated with the institution. The Cyber Express, seeking further insight into the Massachusetts Institute of Technology leak, has reached out to the educational institution. However, as of the time of writing, no response has been received, leaving the claims unsubstantiated. Cyberattacks on Educational Institutions In light of this breach, it became imperative for MIT and its community members to remain vigilant against potential cybersecurity threats. However, this isn’t the first time that a threat actor has targeted a prestigious educational institution.  According to UpGuard’s report, universities’ large domain networks, created to cater to diverse educational needs, present numerous high-risk internet-facing assets vulnerable to cyber attacks, especially unmaintained websites running outdated software. Shockingly, 45% of universities had assets running end-of-life PHP, with top universities averaging 30 domains using such outdated software. Additionally, the report revealed disparities in vendor security, with those not using HECVAT exhibiting lower cybersecurity ratings. This suggests heightened risks for universities relying on their services.  As for the MIT data breach, this is an ongoing story and TCE will be closely monitoring the situation. We’ll update this post once we have more information on the Massachusetts Institute of Technology leak or any official confirmation from the university. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Secure AI usage both ...

 Tips

Last years explosive growth in AI applications, services, and plug-ins looks set to only accelerate. From office applications and image editors to integrated development environments (IDEs) such as Visual Studio — AI is being added to familiar and long-used tools. Plenty of developers are creating thousands of new   show more ...

apps that tap the largest AI models. However, no one in this race has yet been able to solve the inherent security issues, first and foremost the minimizing of confidential data leaks, and also the level of account/device hacking through various AI tools — let alone create proper safeguards against a futuristic evil AI. Until someone comes up with an off-the-shelf solution for protecting the users of AI assistants, youll have to pick up a few skills and help yourself. So, how do you use AI without regretting it later? Filter important data The privacy policy of OpenAI, the developer of ChatGPT, unequivocally states that any dialogs with the chatbot are saved and can be used for a number of purposes. First, these are solving technical issues and preventing terms-of-service violations: in case someone gets an idea to generate inappropriate content. Who would have thought it, right? In that case, chats may even be reviewed by a human. Second, the data may be used for training new GPT versions and making other product improvements. Most other popular language models — be it Googles Bard, Anthropics Claude, or Microsofts Bing and Copilot — have similar policies: they can all save dialogs in their entirety. That said, inadvertent chat leaks have already occurred due to software bugs, with users seeing other peoples conversations instead of their own. The use of this data for training could also lead to a data leak from a pre-trained model: the AI assistant might give your information to someone if it believes it to be relevant for the response. Information security experts have even designed multiple attacks (one, two, three) aimed at stealing dialogs, and theyre unlikely to stop there. So, remember: anything you write to a chatbot can be used against you. We recommend taking precautions when talking to AI. Dont send any personal data to a chatbot. No passwords, passport or bank card numbers, addresses, telephone numbers, names, or other personal data that belongs to you, your company, or your customers must end up in chats with an AI. You can replace these with asterisks or REDACTED in your request. Dont upload any documents. Numerous plug-ins and add-ons let you use chatbots for document processing. There might be a strong temptation to upload a work document to, say, get an executive summary. However, by carelessly uploading of a multi-page document, you risk leaking confidential data, intellectual property, or a commercial secret such as the release date of a new product or the entire teams payroll. Or, worse than that, when processing documents received from external sources, you might be targeted with an attack that counts on the document being scanned by a language model. Use privacy settings. Carefully review your large-language-model (LLM) vendors privacy policy and available settings: these can normally be leveraged to minimize tracking. For example, OpenAI products let you disable saving of chat history. In that case, data will be removed after 30 days and never used for training. Those who use API, third-party apps, or services to access OpenAI solutions have that setting enabled by default. Sending code? Clean up any confidential data. This tip goes out to those software engineers who use AI assistants for reviewing and improving their code: remove any API keys, server addresses, or any other information that could give away the structure of the application or the server configuration. Limit the use of third-party applications and plug-ins Follow the above tips every time — no matter what popular AI assistant youre using. However, even this may not be sufficient to ensure privacy. The use of ChatGPT plug-ins, Bard extensions, or separate add-on applications gives rise to new types of threats. First, your chat history may now be stored not only on Google or OpenAI servers but also on servers belonging to the third party that supports the plug-in or add-on, as well as in unlikely corners of your computer or smartphone. Second, most plug-ins draw information from external sources: web searches, your Gmail inbox, or personal notes from services such as Notion, Jupyter, or Evernote. As a result, any of your data from those services may also end up on the servers where the plug-in or the language model itself is running. An integration like that may carry significant risks: for example, consider this attack that creates new GitHub repositories on behalf of the user. Third, the publication and verification of plug-ins for AI assistants are currently a much less orderly process than, say, app-screening in the App Store or Google Play. Therefore, your chances of encountering a poorly working, badly written, buggy, or even plain malicious plug-in are fairly high — all the more so because it seems no one really checks the creators or their contacts. How do you mitigate these risks? Our key tip here is to give it some time. The plug-in ecosystem is too young, the publication and support processes arent smooth enough, and the creators themselves dont always take care to design plug-ins properly or comply with information security requirements. This whole ecosystem needs more time to mature and become securer and more reliable. Besides, the value that many plug-ins and add-ons add to the stock ChatGPT version is minimal: minor UI tweaks and system prompt templates that customize the assistant for a specific task (Act as a high-school physics teacher). These wrappers certainly arent worth trusting with your data, as you can accomplish the task just fine without them. If you do need certain plug-in features right here and now, try to take maximum precautions available before using them. Choose extensions and add-ons that have been around for at least several months and are being updated regularly. Consider only plug-ins that have lots of downloads, and carefully read the reviews for any issues. If the plug-in comes with a privacy policy, read it carefully before you start using the extension. Opt for open-source tools. If you possess even rudimentary coding skills — or coder friends — skim the code to make sure that it only sends data to declared servers and, ideally, AI model servers only. Execution plug-ins call for special monitoring So far, weve been discussing risks relating to data leaks; but this isnt the only potential issue when using AI. Many plug-ins are capable of performing specific actions at the users command — such as ordering airline tickets. These tools provide malicious actors with a new attack vector: the victim is presented with a document, web page, video, or even an image that contains concealed instructions for the language model in addition to the main content. If the victim feeds the document or link to a chatbot, the latter will execute the malicious instructions — for example, by buying tickets with the victims money. This type of attack is referred to as prompt injection, and although the developers of various LLMs are trying to develop a safeguard against this threat, no one has managed it — and perhaps never will. Luckily, most significant actions — especially those involving payment transactions such as purchasing tickets — require a double confirmation. However, interactions between language models and plug-ins create an attack surface so large that its difficult to guarantee consistent results from these measures. Therefore, you need to be really thorough when selecting AI tools, and also make sure that they only receive trusted data for processing.

image for U.S. Internet Leaked ...

 A Little Sunshine

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a   show more ...

decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser. Headquartered in Minnetonka, Minn., U.S. Internet is a regional ISP that provides fiber and wireless Internet service. The ISP’s Securence division bills itself “a leading provider of email filtering and management software that includes email protection and security services for small business, enterprise, educational and government institutions worldwide.” U.S. Internet/Securence says your email is secure. Nothing could be further from the truth. Roughly a week ago, KrebsOnSecurity was contacted by Hold Security, a Milwaukee-based cybersecurity firm. Hold Security founder Alex Holden said his researchers had unearthed a public link to a U.S. Internet email server listing more than 6,500 domain names, each with its own clickable link. A tiny portion of the more than 6,500 customers who trusted U.S. Internet with their email. Drilling down into those individual domain links revealed inboxes for each employee or user of these exposed websites. Some of the exposed emails dated back to 2008; others were as recent as the present day. Securence counts among its customers dozens of state and local governments, including: nc.gov — the official website of North Carolina; stillwatermn.gov, the website for the city of Stillwater, Minn.; and cityoffrederickmd.gov, the website for the government of Frederick, Md. Incredibly, included in this giant index of U.S. Internet customer emails were the internal messages for every current and former employee of U.S. Internet and its subsidiary USI Wireless. Since that index also included the messages of U.S. Internet’s CEO Travis Carter, KrebsOnSecurity forwarded one of Mr. Carter’s own recent emails to him, along with a request to understand how exactly the company managed to screw things up so spectacularly. Individual inboxes of U.S. Wireless employees were published in clear text on the Internet.  Within minutes of that notification, U.S. Internet pulled all of the published inboxes offline. Mr. Carter responded and said his team was investigating how it happened. In the same breath, the CEO asked if KrebsOnSecurity does security consulting for hire (I do not). [Author’s note: Perhaps Mr. Carter was frantically casting about for any expertise he could find in a tough moment. But I found the request personally offensive, because I couldn’t shake the notion that maybe the company was hoping it could buy my silence.] Earlier this week, Mr. Carter replied with a highly technical explanation that ultimately did little to explain why or how so many internal and customer inboxes were published in plain text on the Internet. “The feedback from my team was a issue with the Ansible playbook that controls the Nginx configuration for our IMAP servers,” Carter said, noting that this incorrect configuration was put in place by a former employee and never caught. U.S. Internet has not shared how long these messages were exposed. “The rest of the platform and other backend services are being audited to verify the Ansible playbooks are correct,” Carter said. Holden said he also discovered that hackers have been abusing a Securence link scrubbing and anti-spam service called Url-Shield to create links that look benign but instead redirect visitors to hacked and malicious websites. “The bad guys modify the malicious link reporting into redirects to their own malicious sites,” Holden said. “That’s how the bad guys drive traffic to their sites and increase search engine rankings.” For example, clicking the Securence link shown in the screenshot directly above leads one to a website that tries to trick visitors into allowing site notifications by couching the request as a CAPTCHA request designed to separate humans from bots. After approving the deceptive CAPTCHA/notification request, the link forwards the visitor to a Russian internationalized domain name (рпроаг[.]рф). The link to this malicious and deceptive website was created using Securence’s link-scrubbing service. Notification pop-ups were blocked when this site tried to disguise a prompt for accepting notifications as a form of CAPTCHA. U.S. Internet has not responded to questions about how long it has been exposing all of its internal and customer emails, or when the errant configuration changes were made. The company also still has not disclosed the incident on its website. The last press release on the site dates back to March 2020. KrebsOnSecurity has been writing about data breaches for nearly two decades, but this one easily takes the cake in terms of the level of incompetence needed to make such a huge mistake unnoticed. I’m not sure what the proper response from authorities or regulators should be to this incident, but it’s clear that U.S. Internet should not be allowed to manage anyone’s email unless and until it can demonstrate more transparency, and prove that it has radically revamped its security.

image for Google’s Gemini AI ...

 Features

Imagine finding your personal data and search queries showing up on Google search results. This unsettling reality hit home for many users who discovered that their prompts and queries were leaking into the search engine’s public domain following a suspected Google Gemini AI data leak. On February 8, 2024,   show more ...

Google unveiled Gemini, a new smartphone application designed to function as both a conversational chatbot and a voice-activated digital assistant. Capable of responding to voice and text commands, Gemini offers a wide range of functionalities including answering questions, generating images, drafting emails, analyzing personal photos, and more. Soon after the transition from Google Bard to Gemini AI, concerns arose among users who suspected that their prompts and queries were leaking into Google search results. By the early hours of Tuesday, February 13, the presence of Google Gemini chats in search results began to diminish, with only three visible outcomes. As the afternoon progressed, this number dwindled further, leaving just a single search result containing leaked Gemini chats. Shortly thereafter, the American multinational company provided clarification, addressing the phenomenon of the inadvertent data leak originating from Google’s data retention systems. The Google Gemini AI Data Leak Controversy What unfolded was the emergence of reports on social media platforms, indicating that chat pages linked to Gemini AI had been leaked online. This revelation sparked immediate concerns regarding data privacy and security. Source: GoogleHowever, upon closer examination, it became apparent that the incident stemmed from the indexing practices of search engines like Bing. Despite Google’s efforts to safeguard user data through measures like the robots.txt file, some pages from the gemini.google.com subdomain found their way into search engine indexes. This inadvertent exposure raised security concerns and prompted Google to address the issue, assuring users of remedial actions. The Google Gemini AI Data Retention Gap With Google having addressed and rectified the leak, conversations have emerged regarding the underlying mechanisms of Gemini AI and its implications for user privacy. Concerns were raised regarding Gemini AI’s retention of personal data, with reports indicating that conversations could potentially be stored for a duration of up to three years. When discussing the Google Gemini AI data leak, netizens expressed heightened concerns about the security of their data. Chamil R. Tennekoon, a user on X tweeted, “Google’s AI Keeps Conversations For Years. Google’s Gemini AI assistant is reportedly keeping personal information for up to three years, even if individuals opt to have their data deleted.” Source: X In light of the security incident that raised concerns among users, Google issued an official statement aimed at addressing and clarifying the matter. Through this statement, along with efforts to provide users with enhanced control over data retention, Google sought to alleviate concerns regarding the Google Gemini AI retention mechanism. “Google collects your Gemini Apps conversations, related product usage information, info about your location, and your feedback. Google uses this data, consistent with our Privacy Policy, to provide, improve, and develop Google products and services and machine learning technologies, including Google’s enterprise products such as Google Cloud”, read the official press release.  AI Chatbots Under Persistent Cyber Threats In the recent past, AI Chatbots have increasingly become targets for cyberattacks, drawing attention to the vulnerabilities inherent in such widely-used platforms. Notably, OpenAI’s ChatGPT, a formidable competitor to Gemini AI, experienced rapid growth since its launch in November 2022, amassing millions of users within days and securing its position as one of the fastest-growing consumer apps in history. However, this popularity also made it a target for cyber threats. In May of the following year, a hacktivist group claimed responsibility for an attack on OpenAI’s website, hinting at potential future breaches. In response to security incidents, OpenAI temporarily took some products offline to mitigate damage. Subsequently, in June 2023, a cybersecurity firm uncovered over 100,000 devices infected with malware housing compromised ChatGPT credentials, leading to concerns about data security. Despite reports of credential leaks, OpenAI attributed the issue to existing malware on users’ devices. In November 2023, OpenAI allegedly faced another cyberattack, with users encountering difficulties accessing their ChatGPT portals. However, the authenticity of these claims remains unverified by official sources, highlighting the ongoing challenges in safeguarding AI Chatbots against cyber threats. Gemini AI’s Advantages and Security Challenges Among the widely available AI-powered chatbots, Gemini AI stands out for its speed, accuracy, and versatility. While comparisons with other chatbots like ChatGPT and Microsoft Copilot around, Gemini AI’s unique features and capabilities set it apart. Source: Google Nevertheless, privacy and security concerns remain a prominent topic of discussion, particularly considering the substantial amount of user data continuously provided to chatbots daily. For chatbots, critical vulnerabilities may include a lack of encryption during customer-bot interactions, inadequate employee training leading to data exposure, and vulnerabilities within hosting platforms. When exploited by malicious actors, these vulnerabilities can pose significant risks to users and businesses alike, highlighting the importance of updated cybersecurity measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CISA Adds 2 Critical ...

 Firewall Daily

CISA has added two new actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified as CVE-2024-21412 and CVE-2024-21351, have squarely set their sights on Microsoft Windows systems, injecting a sense of urgency into the vulnerability domain. CISA, the   show more ...

Cybersecurity, and Infrastructure Security Agency, serves as the frontline defense against cyber threats, continuously monitoring and addressing emerging vulnerabilities that pose risks to digital infrastructures. The two Critical Windows vulnerabilities, stemming from Windows Internet Shortcut Files and Windows SmartScreen Security target federal enterprises globally.  CVE-2024-21412: Internet Shortcut Files Security Feature Bypass  Source: Microsoft CVE-2024-21412 exploits a security flaw in Microsoft Windows Internet Shortcut Files, allowing attackers to bypass security features. Typically, when users attempt to open Internet Shortcut files from unknown sources, they receive a warning about potential harm.  However, this vulnerability enables attackers to circumvent this warning, potentially leading to the execution of malicious code. While the severity of this vulnerability is notable, its criticality is somewhat mitigated by the requirement for user interaction, as confirmed by both CVSS and Microsoft’s proprietary ranking system. CVE-2024-21351: Windows SmartScreen Security Feature Bypass  Source: Microsoft On the other hand, CVE-2024-21351 targets Windows SmartScreen, another integral security feature. This vulnerability enables attackers to bypass SmartScreen, facilitating the injection of malicious code and potentially leading to remote code execution.  Notably, recent critical SmartScreen bypass vulnerabilities have focused solely on bypassing security features, whereas CVE-2024-21351 introduces the possibility of code injection into SmartScreen itself, as reported by Microsoft’s researchers. In both cases, successful exploitation requires user interaction, meaning that attackers must persuade users to open malicious files. Additionally, the CVSS metric indicates that the privileges required for exploitation are low, further highlighting the importance of user awareness and caution. Understanding Mark of the Web Regarding CVE-2024-21351, the relationship between the Mark of the Web and Windows SmartScreen is important. Mark of the Web is an NTFS stream added by Windows to files downloaded from the internet. SmartScreen uses this information to conduct reputation checks on downloaded files, enhancing security by identifying potentially harmful content. Considering the potential impact of these vulnerabilities, successful exploitation could result in a range of consequences, including loss of confidentiality, compromised integrity, and reduced system availability. By injecting code into SmartScreen, attackers could execute arbitrary commands, leading to data exposure and system instability. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Trans-Northern Pipel ...

 Firewall Daily

In a wave of cyber intrusions reverberating across international borders, several prominent institutions, including Trans-Northern Pipelines, SouthState Bank, a French hospital, and a Spanish electric and gas utility cooperative, have reportedly fallen victim to sophisticated cyberattacks. According to Dominic   show more ...

Alvieri, cybersecurity analyst and security researcher, allegedly cyberattacks on prominent institutions orchestrated by various threat actors, have raised concerns about cybersecurity preparedness on a global scale. Cyberattacks on Prominent Institutions: Who Are Targeted? Among the cyberattacks on prominent institutions, Trans-Northern Pipelines stands out as a critical infrastructure provider allegedly breached by the notorious ALPHV BlackCat and SerCide. The latter, known for its services to 600 municipalities in Spain through 190 companies, highlights the magnitude of the cyberattack on Trans-Northern Pipelines and the potential ramifications for essential services. The Association of Electrical Energy Distributors, serviced by SerCide, now finds itself grappling with the aftermath of this cyberattack, heightening anxieties over the security of vital utilities. Source: Dominic Alvieri Similarly, SouthState Bank has fallen prey to an unidentified cyberattack, leaving critical questions unanswered regarding the extent of data compromised, the motive behind the attack, and the methodology employed. The lack of transparency surrounding these cyberattacks on prominent institutions further compounds the uncertainty and highlights the urgency for enhanced cybersecurity measures across financial institutions. While the impact of these cyberattacks on prominent institutions reverberates globally, the authenticity of the claims has come under scrutiny, particularly as discrepancies arise in the accessibility of affected companies’ websites. While some websites remain fully operational, others display errors or are entirely inaccessible, prompting speculation about the veracity of the reported breaches. As investigations unfold, stakeholders await official statements to ascertain the true nature and scope of the cyberattacks on prominent institutions, raising concerns about the potential motives behind these disruptions. Cyberattacks Extends Beyond Corporate Entities Amidst these alarming developments, the fallout from recent cyberattacks extends beyond corporate entities to encompass essential public services. Yesterday, The Cyber Express reported that the Office of the Colorado State Public Defender, entrusted with safeguarding legal rights for marginalized communities, found itself ensnared in the aftermath of a cyberattack. With critical resources compromised, including access to calendars, emails, court filing systems, and police reports, the institution’s ability to provide effective legal representation hangs in the balance, casting a shadow over the pursuit of justice for vulnerable populations. Furthermore, the healthcare sector faces its cybersecurity challenges, with Viamedis and Almerys, key players in managing third-party payments for supplementary health insurance in France, succumbing to a devastating data breach. The compromise of personal data belonging to approximately 33 million individuals has ignited concerns about privacy and security, underscoring the urgent need for robust cybersecurity measures to protect sensitive healthcare information. Need of the Hour As the global community grapples with the escalating threat of cyber warfare, the need for collaborative efforts to enhance cybersecurity resilience has never been more pressing. With institutions ranging from critical infrastructure providers to financial institutions and public service agencies falling victim to relentless cyberattacks, the imperative for proactive cybersecurity strategies is abundantly clear. Only through concerted action, enhanced information sharing, and investment in cybersecurity infrastructure can societies fortify themselves against the ever-evolving landscape of cyber threats and safeguard against potentially catastrophic disruptions to essential services and infrastructure. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

Check Point Research revealed a concerning trend in the tactics of the notorious malware, Raspberry Robin, indicating a transition towards purchasing exploits for swifter cyber assaults. Previously, the malware operators integrated exploits for year-old vulnerabilities but now prioritize exploits less than a month old, emphasizing speed for increased attack success rates.

 Breaches and Incidents

The breach involved sensitive details such as full names, dates of birth, contact information, and Social Security Numbers. The threat actor demanded a ransom and threatened to sell the stolen data if their demands were not met.

 Breaches and Incidents

PlayDapp offered a $1 million reward to the hacker for returning the stolen contracts and assets, but the hackers continued to mint more tokens, leading to the suspension of PLA trading and efforts to freeze the hacker's wallets on exchanges.

 Trends, Reports, Analysis

According to Resecurity, malicious cyber-activity has increased by 100% between 2023 and early 2024, with threat actors aiming to acquire and exploit voter data for potential propaganda campaigns and electoral interference.

 Breaches and Incidents

The Government Accountability Office (GAO) suffered a data breach affecting thousands of current and former employees, which was carried out through a vulnerability in the Atlassian Confluence workforce collaboration tool.

 Malware and Vulnerabilities

Security researchers have lately observed new builds and incremental changes to the malware, indicating that someone with access to its source code is experimenting with it.

 Malware and Vulnerabilities

One of the zero-days, CVE-2024-21412, allows attackers to bypass security features and deploy malware. The other zero-day, CVE-2024-21351, enables attackers to bypass SmartScreen protections and potentially gain remote code execution capabilities.

 Feed

Debian Linux Security Advisory 5620-1 - Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service.

 Feed

Ubuntu Security Notice 6608-2 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated   show more ...

on, could cause a denial of service or possibly expose sensitive information. Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6626-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the   show more ...

Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6629-2 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program,   show more ...

resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

 Feed

Ubuntu Security Notice 6629-1 - It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An   show more ...

attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

 Feed

Red Hat Security Advisory 2024-0804-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0801-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0800-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0799-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0798-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0741-03 - Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0740-03 - Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0735-03 - Red Hat OpenShift Container Platform release 4.14.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Ubuntu Security Notice 6634-1 - Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly use this issue to cause a denial of service. Bahaa Naamneh discovered that .NET with OpenSSL support did not properly parse X509 certificates. An attacker could possibly use this issue to cause a denial of service.

 Firewall Daily

The BlackBasta ransomware group strikes again, targeting Leonard’s Syrups, a cherished family-owned beverage company in Michigan renowned for its rich tradition. The alleged cyberattack on Leonard’s Syrups was announced on a dark web forum by cybercriminals. Founded and operated in the heart of Detroit,   show more ...

Leonard’s Syrups has long been synonymous with quality and authenticity. Specializing in a diverse range of beverages, this esteemed establishment has earned a loyal following over the years, making it a cornerstone of the local community. Details About Cyberattack on Leonard’s Syrups Details surrounding the purported BlackBasta ransomware attack remain shrouded in mystery, with the cybercriminal withholding crucial information regarding the scope of the breach, compromised data, and motives behind the incursion. In a bid to verify the authenticity of the ransomware group’s claims, The Cyber Express team has diligently reached out to Leonard’s Syrups for an official statement. Despite their efforts, no response has been forthcoming, leaving the validity of the cyberattack on Leonard’s Syrups unconfirmed. If the cyberattack on Leonard’s Syrups claim is substantiated, the implications of this could be profound, extending well beyond immediate financial losses. The potential compromise of sensitive data, including proprietary recipes, customer information, and operational details, threatens to undermine the integrity and reputation of Leonard’s Syrups. Moreover, the disruption of critical business operations could deal a severe blow to the company’s bottom line and erode consumer trust. Previous BlackBasta Ransomware Attacks This latest BlackBasta ransomware attack incident comes on the heels of a string of cyberattacks orchestrated by the group, highlighting the escalating threat posed by cybercriminals. Previously, the group added Graebener Bipolar Plate Technologies, NALS Apartment Homes, and Leonard’s Express to its dark web portfolio, further highlighting the indiscriminate nature of their attacks. In yet another move, the BlackBasta ransomware group claimed Southern Water and Asahi Glass Co. as their latest victims, amplifying concerns about the group’s audacity and capabilities. Despite the absence of detailed disclosures regarding the BlackBasta ransomware attack, the relentless expansion of their dark web portfolio indicates the urgent need for enhanced cybersecurity measures and vigilance among organizations worldwide. As The Cyber Express closely monitors developments surrounding this alleged cyberattack on Leonard’s Syrups, however, stakeholders are urged to remain vigilant and proactive in safeguarding their digital assets. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

The nefarious LockBit 3.0 ransomware group has struck once again, targeting unsuspecting victims in their latest wave of attacks. The most recent victims to fall prey to the LockBit 3.0 ransomware attack are MMI Culinary Services and Caribbean Radiation Oncology Centre. The authenticity of the LockBit group’s   show more ...

claims regarding the cyberattack on MMI Culinary Services and Caribbean Radiation Oncology Centre remains shrouded in uncertainty. What We Know About this LockBit 3.0 Cyberattack? Despite assertions of successful infiltration and data compromise, the official websites of the targeted companies appear to be fully operational, casting doubt on the veracity of the cybercriminals’ boasts. The Cyber Express Team has tried to substantiate LockBit 3.0 ransomware attack claims by reaching out to company officials for clarification. However, as of the time of this report, no response has been forthcoming, leaving the LockBit 3.0 ransomware attack claim unverified. MMI Culinary Services, based in Louisiana and established in 1986, has evolved from a modest catering business specializing in Cajun-style seafood boils to a leading manufacturing company renowned for its “kettle-cooked” foods. On the other hand, the Caribbean Radiation Oncology Centre, located in Guaynabo, Puerto Rico, has been providing cutting-edge cancer diagnosis and treatment services since its inception in 2007, earning a reputation as one of the region’s premier medical facilities for advanced oncological radiation technology. Repercussions of Cyberattack on Targeted Firms The repercussions of the cyberattack on MMI Culinary Services and Caribbean Radiation Oncology Center, if proven true, could extend far beyond immediate financial losses. These attacks have the potential to compromise highly sensitive data, ranging from proprietary recipes and manufacturing processes to patients’ medical records and treatment protocols. For MMI Culinary Services, a breach could not only result in the loss of valuable intellectual property but also undermine customer trust and confidence in the safety and quality of their products. Similarly, for Caribbean Radiation Oncology Center, the exposure of patient data could have profound implications for medical privacy and confidentiality, eroding patient trust and jeopardizing the integrity of clinical operations. Moreover, the disruption of critical services, such as food production and cancer treatment, could have ripple effects across supply chains and healthcare systems, exacerbating existing vulnerabilities and straining resources. Previous LockBit 3.0 Ransomware Attack  This recent spate of LockBit 3.0 ransomware attacks follows a disconcerting pattern of cyber threats orchestrated by the group. Earlier reports indicated that Manchester Fertility, a renowned fertility clinic offering a range of treatments including IUI, ICSI, and IVF, was purportedly under threat from the same nefarious group. The clinic’s inclusion on the LockBit 3.0 ransomware group’s data leak site raised alarms, with a ransom deadline looming on February 12, 2024. The potential breach, as indicated by the threat actor’s post, underscores the gravity of the situation, with critical data security hanging in the balance. Furthermore, LockBit ransomware group’s activities have extended beyond borders, with additional victims identified in recent attacks. Talon International Inc and Baldessari & Coster LLP found themselves ensnared in the cybercriminals’ web, their sensitive information allegedly compromised and held for ransom. In another development, the LockBit ransomware group proudly announced the addition of three new victims to their roster of compromised entities on their dark web portal. TV Jahn Rheine in Germany, Home Waremmien in Belgium, and Marxan S.L. have all been targeted in the latest wave of cyberattacks. The extent of the data accessed by the hackers remains unclear, heightening concerns about the vulnerability of organizations to sophisticated cyber threats. As organizations grapple with the escalating threat landscape, the imperative to enhance cybersecurity measures has never been more pressing. The specter of ransomware looms large, indicating the urgent need for proactive defense strategies and incident response protocols. Only through collaborative efforts and steadfast vigilance can businesses hope to mitigate the risks posed by cyber adversaries and safeguard the integrity of their operations in an increasingly digital world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet

 Feed

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed

 Feed

Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its

 Feed

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the

 Feed

The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more

 Feed

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. This leading global financial services Fortune 500 company   show more ...

manages roughly $1.4 trillion in assets, and it provides insurance, retirement planning, as well as […] La entrada Prudential Financial breached in data theft cyberattack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: socprime.com – Author: Veronika Telychko The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware   show more ...

is capable of stealing user data, network-related data, system information, and other […] La entrada Troll Stealer Detection: Novel Malware Actively Leveraged by North Korean Kimsuky APT – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Daniren via Alamy Stock Photo Cyber threat actors linked with Hamas have seemingly ceased activity ever since the terrorist attack in Israel on Oct. 7, confounding experts. Combination warfare is old hat in 2024. As Mandiant said in   show more ...

a newly published report, cyber operations have become […] La entrada Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Attackers

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: CC Photo Labs via Shutterstock Microsoft’s scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its   show more ...

products. In all, five of the vulnerabilities for which Microsoft issued a February […] La entrada Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE Tampa, Fla. – February 8, 2024 – OPSWAT, a global leader in perimeter defense cybersecurity solutions for critical environments, announced today that it is launching a $10 million scholarship program to offer essential CIP training courses. This   show more ...

initiative is designed to address the increasing demand for certified cybersecurity professionals, particularly […] La entrada OPSWAT Invests $10M in Scholarship Learning Program to Help Close Cybersecurity Skills Gap – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE WATERLOO, ON, Feb. 13, 2024 /PRNewswire/ — OpenText™ (NASDAQ: OTEX), (TSX: OTEX), has been named a member of the U.S. Government public-private cybersecurity initiative, Joint Cyber Defense Collaborative (JCDC). This collaborative effort,   show more ...

established by the Cybersecurity and Infrastructure Security Agency (CISA), is dedicated to elevating the cybersecurity posture of the U.S. government and its strategic […] La entrada OpenText Joins the Joint Cyber Defense Collaborative to Enhance US Government Cybersecurity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BlackBerry

Source: www.darkreading.com – Author: PRESS RELEASE WATERLOO, Ontario, Feb. 12, 2024 /PRNewswire/ — BlackBerry Limited (NYSE: BB; TSX: BB) today provided an update on the previously announced process to separate its IoT and Cybersecurity businesses as standalone divisions, and drive the Company   show more ...

towards profitability and positive cash flow. Progress on Path to Profitability As previously outlined, in the prior quarter […] La entrada BlackBerry Provides Update on Progress in Separation of Divisions and Path to Profitability – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 botnet

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Tetra Images via Alamy Stock Photo The widespread, multitooled Glupteba malware has adopted a Unified Extensible Firmware Interface (UEFI) bootkit, allowing it to stealthily persist inside of Windows systems despite reboots, by   show more ...

manipulating the process by which the operating system is loaded. Glupteba is a malware […] La entrada Glupteba Botnet Adds UEFI Bootkit to Cyberattack Toolbox – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE San Francisco, CA – Feb 13, 2024 About 77% of organizations have adopted or are exploring AI in some capacity, pushing for a more efficient and automated workflow. With the increasing reliance on GenAI models and Language Learning Models (LLMs) like ChatGPT,   show more ...

the need for robust security measures have […] La entrada Akto Launches Proactive GenAI Security Testing Solution – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE ALEXANDRIA, Va., Feb. 13, 2024 /PRNewswire/ — ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – announced a partnership with IBM (NYSE: IBM) to launch the IBM and ISC2 Cybersecurity Specialist   show more ...

Professional Certificate. The new entry-level program, available exclusively via the Coursera platform, is designed to prepare prospective cybersecurity professionals for a […] La entrada ISC2 Collaborates With IBM to Launch Entry-Level Cybersecurity Certificate – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Wednesday, February 14
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril