Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Jaypee University Cy ...

 Firewall Daily

A threat actor on Telegram has claimed to target Jaypee University of Engineering and Technology, a prominent private engineering institution in India. Following the alleged Jaypee University cyberattack, the university’s database has been compromised, with leaked information reportedly containing sensitive   show more ...

details such as names, emails, and contact numbers. Jaypee University of Engineering and Technology (JUET), accredited by the UGC under the UGC Act, 1956, stands as one of India’s oldest universities. It boasts an “A+” grade accreditation from NAAC and is acclaimed as one of the country’s premier private universities. The Anonymity of Jaypee University Cyberattack Source: ThreatMon on X A post by the threat actor on Telegram claimed responsibility for a Jaypee University cyberattack, stating that they had obtained student details and other information as part of their retaliation against Indian Aggression along the Border. The type of border, locations, and the hacker’s origin are still unknown, which further deviates from the threat actor’s intent and motivations. The Cyber Express has also reached out to the university to learn more about this cyberattack on Jaypee University of Engineering and Technology.  However, at the time of writing this, no official statement or response has been received, leaving the claims for the Jaypee University cyberattack unconfirmed. Despite the claims of a cyberattack, the university’s website appeared to be operational without immediate signs of a cyberattack. This incident, characterized by a leak rather than a defacement, coincided with the threat actor’s announcement on Telegram. Cyberattack on Educational Institutions: A Concerning Trend The identity of the threat actor behind the Jaypee University cyberattack remained undisclosed. Concerningly, this incident was not isolated, aligning with a broader trend of cyberattacks on educational institutions. According to a study, the education sector had become the most targeted industry for cyberattacks, with over 7 lakh detected threats in April-June 2023. This vulnerability highlights the increasing risks faced by educational institutions worldwide, reported The Economic Times. Among notable global incidents, cyberattacks had targeted institutions such as the University of Hertfordshire, Howard University, University of California, Broward County Public Schools, Illuminate Education, Michigan State University, and the University of California, San Francisco. These incidents varied in nature, from ransomware attacks to data breaches, highlighting the diverse tactics employed by cybercriminals against educational entities. As for the cyberattack on Jaypee University, The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged cyberattack or any official confirmation from the university.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Spain Trade Union Co ...

 Dark Web News

A database containing 21,988 complete credentials, encompassing login details and passwords, allegedly tied to Comisiones Obreras (CC. OO.), has been exposed on a hacking forum. Comisiones Obreras, recognized as the Confederación Sindical de Comisiones Obreras, serves as an autonomous trade union within Spain,   show more ...

operating independently of economic authorities, the State, and political parties. The individual behind the Comisiones Obreras data breach, using the alias “fpa,” claimed to have defaced the union’s pages previously and is now disclosing the credentials obtained from their server. While passwords are hashed, initial analysis suggests that some may be susceptible to decryption, prompting users affiliated with Comisiones Obreras to consider changing their login information proactively. Comisiones Obreras Data Breach Source: HackManac on X The Cyber Express has reached out to the organization to learn more about this alleged Comisiones Obreras data breach incident. However, at the time of writing this, neither confirmation nor denial of these claims has been officially issued by Comisiones Obreras.  According to HackManac, the individual behind the leak posted details on a hacking forum, stating their motivation and the nature of the compromised data, which includes full names, ID documents, and phone numbers. However, they expressed an intention to retain only the credentials, advocating for the deletion of additional personal information. The threat actor message reads, “CCOO (Comisiones Obreras, Workers’ Commissions) is a Spanish labor union whose function is to lick the boots of the government and employers, and whose bureaucrats spend their days at seafood banquets. Some time ago, we defaced all their pages, and now we are publishing the credentials we were able to steal from their server.” Despite the reported Comisiones Obreras data leak, the Comisiones Obreras website appears to be functioning normally without immediate signs of a cyberattack. Nevertheless, this incident adds to a growing trend of unions becoming targets for malicious cyber activities. Cyberattacks on Unions: A Growing Trend In a similar vein, recent history shows a notable cyberattack on credit unions in the United States. In December 2023, approximately 60 credit unions faced disruptions due to a ransomware attack targeting an IT provider they utilized. The attack, executed through a third-party vendor, affected a unit of Trellance, a cloud computing firm commonly used by credit unions, reported CNN. The Comisiones Obreras data breach incident and other data breaches highlights the pervasive threat posed by ransomware attacks, which have disrupted critical infrastructure across various sectors globally. From hospitals to fuel pipelines and schools, such attacks have prompted the governments to address ransomware as a pressing national security concern. This is an ongoing story and The Cyber Express will be closely monitoring any developments. We’ll update this post once we have more information on the Comisiones Obreras data leak or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for KeyTrap attack can t ...

 Business

A group of researchers representing several German universities and institutes have discovered a vulnerability in DNSSEC, a set of extensions to the DNS protocol designed to improve its security, and primarily to counter DNS spoofing. An attack they dubbed KeyTrap, which exploits the vulnerability, can disable a DNS   show more ...

server by sending it a single malicious data packet. Read on to find out more about this attack. How KeyTrap works and what makes it dangerous The DNSSEC vulnerability has only recently become public knowledge, but it was discovered back in December 2023 and registered as CVE-2023-50387. It was assigned a CVSS 3.1 score of 7.5, and a severity rating of High. Complete information about the vulnerability and the attack associated with it is yet to be published. Heres how KeyTrap works. The malicious actor sets up a nameserver that responds to requests from caching DNS servers – that is, those which serve client requests directly – with a malicious packet. Next, the attacker has the caching-server request a DNS record from their malicious nameserver. The record sent in response is a cryptographically-signed malicious one. The way the signature is crafted causes the attacked DNS server trying to verify it to run at full CPU capacity for a long period of time. According to the researchers, a single such malicious packet can freeze the DNS server for anywhere from 170 seconds to 16 hours – depending on the software it runs on. The KeyTrap attack can not only deny access to web content to all clients using the targeted DNS server, but also disrupt various infrastructural services such as spam protection, digital certificate management (PKI), and secure cross-domain routing (RPKI). The researchers refer to KeyTrap as the worst attack on DNS ever discovered. Interestingly enough, the flaws in the signature validation logic making KeyTrap possible were discovered in one of the earliest versions of the DNSSEC specification, published as far back as… 1999. In other words, the vulnerability is about to turn 25! The origins of KeyTrap can be traced back to RFC-2035, the DNSSEC specification published in 1999 Fending off KeyTrap The researchers have alerted all DNS server software developers and major public DNS providers. Updates and security advisories to fix CVE-2023-50387 are now available for PowerDNS, NLnet Labs Unbound, and Internet Systems Consortium BIND9. If you are an administrator of a DNS server, its high time to install the updates. Bear in mind, though, that the DNSSEC logic issues that have made KeyTrap possible are fundamental in nature and not easily fixed. Patches released by DNS software developers can only go some way toward solving the problem, as the vulnerability is part of standard, rather than specific implementations. If we launch [KeyTrap] against a patched resolver, we still get 100 percent CPU usage but it can still respond, said one of the researchers. Practical exploitation of the flaw remains a possibility, with the potential result being unpredictable resolver failures. In case this happens, corporate network administrators would do well to prepare a list of backup DNS servers in advance so they can switch as needed to keep the network functioning normally and let users browse the web resources they need unimpeded.

image for Massive Data Leak Ex ...

 Dark Web News

A massive data breach originating from a private industry contractor of the Chinese Ministry of Public Security (MPS), known as iSoon (also referred to as Anxun), has surfaced on GitHub. The Ministry of Public Security breach included a substantial amount of sensitive information, potentially impacting various facets   show more ...

of espionage operations. The leaked data in the alleged MPS data leak encompassed a range of mixed contents, including but not limited to spyware, details on espionage operations, and even references to a purported “Twitter Monitoring Platform”. This MPS data breach mirrored the magnitude of the NTC Vulkan leak, indicating the severity and potential consequences of the incident. Analyzing the Chinese Ministry of Public Security Breach Source: GitHub The leaked documents, purportedly internal Chinese government files, surfaced on GitHub, raising concerns about the security protocols within the MPS ecosystem. However, the authenticity of these documents remains unverified. Source: GitHub The Cyber Express has reached the Chinese Ministry of Public Security to learn more about this MPS data breach. However, at the time of writing this, no formal acknowledgment or clarification had been provided, leaving the claims surrounding the Ministry of Public Security breach unconfirmed. The leaked messages revealed exchanges between various entities, shedding light on potentially sensitive conversations and operational details. While the specifics of these exchanges remained under scrutiny, they hinted at the complexity and extent of the breach. Some of the exchanges and chats between the users are given below. The messages are blurred for confidential reasons. Source: GitHub The Cyber Express team investigated the leak and found that the vast amounts of the data included 66 links on a GitHub repository named I-S00N. The user behind this massive leak says that “上海安洵信息内幕. 上海安洵信息不靠谱, 坑国家政府机关. 安洵背后的真相. 安洵忽悠国家安全机关”, which translates to “Shanghai Anxun Information Insider. Shanghai Anxun’s information is unreliable and is a trap for national government agencies. The truth behind An Xun.” Source: GitHub Moreover, the data unfolded into a multitude of conversations, reports, official government plans, articles, phone numbers, names, contact information, spreading across thousands of folders within the logs. Information Listed in the MPS Data Leak The actor responsible for the compiled leak has organized the data into distinct sections. Data from links 0-1 discusses how “An Xun deceived the national security agency.” The subsequent set of data, spanning links 2-10, comprises complaints from employees. Links 11-13 contain information regarding An Xun’s financial issues. Link 14 is dedicated to chat records between An Xun’s top boss Wu Haibo and his second boss Chen Cheng. Links 15-20 focus on “Anxun low-quality products,” while links 21-28 reveal information about An Xun’s products. From links 39 to 60, there is discussion about an Xun’s infiltration into overseas government departments, including those of India, Thailand, Vietnam, South Korea, NATO, and others. Source: GitHub Finally, the last dump of the links from 61 to 65 contain data related to An Xun employee information. The data in these logs also included the exchange of data, cooperation with different departments or entities, assessments of projects, coordination for events like competitions or training sessions, and negotiations regarding the sale or sharing of information. Source: GitHub The conversation also touched on challenges such as resource allocation, concerns about pricing and quality, and communication difficulties with certain contacts. Moreover, another interesting fact about the conversations in this MPS data breach is that the logs dates back to 2018 and covers a large amount of sensitive information with multiple vendors from China and other nations.  APT Cyberattacks on China In 2023, 360 Security Group’s annual cybersecurity report revealed over 1,200 APT attacks on China by 13 foreign organizations, primarily from North America and Asia. These attacks spanned 16 industries, with education being the most targeted. APT organizations, often state-backed, posed threats beyond espionage, potentially paralyzing a nation’s infrastructure. The US-led attacks were noted for their sophistication and global reach, affecting internet and IoT assets worldwide. A total of 731 APT reports, exposing 135 organizations, were released globally, with 54 identified by 360. Notably, China’s education and scientific research sectors were heavily targeted, with government agencies also under persistent attack. Geographically, attacks were concentrated in China’s southeastern coastal and high-tech regions. US policies, particularly against China’s tech sector, fueled increased attacks, notably on-chip, and 5G industries. These attacks aligned with political agendas to stifle China’s high-tech advancement. Furthermore, APT groups targeted China’s geological surveying fields, posing conventional espionage threats. An attack on the Wuhan Earthquake Monitoring Center highlighted the potential national security risks. Experts advocated for meticulous incident tracking and AI-driven defense systems, urging collaborative efforts to counter cyber threats effectively. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Reserve Bank of Indi ...

 Dark Web News

The Reserve Bank of India has allegedly been targeted in a cyberattack, linked to threat actor ZALCYBER. Although the RBI data breach reportedly occurred in 2023, it has gained renewed attention due to claims made by the hacker collective on BreachForums. The Reserve Bank of India (RBI), India’s central bank and   show more ...

regulatory authority overseeing the country’s banking system, operates under the ownership of the Ministry of Finance, Government of India. It holds responsibility for the regulation, issuance, and management of the Indian rupee. If confirmed, the reported RBI data breach could carry significant implications for both individuals and financial entities. Addressing the RBI Data Breach Source: Dark Web According to assertions made by ZALCYBER, two PDF files containing purportedly extensive data linked to the RBI were posted on BreachForums. One of these files includes applicant information, while the other encompasses administrative data.  Source: Dark Web The applicant data file comprised over 2000 records containing various personal identifiers, while the RBI admin file supposedly contained 48 records detailing stages, applications, and service descriptions. While preliminary investigations tentatively suggest a potential association with individuals applying to the RBI’s enterprise incubation program, the authenticity of the leaked data remains uncertain.  Source: Dark Web The Cyber Express has reached out to the bank to learn more about the RBI data breach and the reliability of the data. However, at the time of writing this, no official statement or response has been received, leaving the claims for the data breach unverified.  Who is ZALCYBER? Source: Dark Web ZALCYBER, a member of BreachForums since February 4, 2024, displays minimal activity with only 1 hour and 39 minutes spent online. Contributing to six threads and posts, they are still establishing their presence on the platform. Despite their recent engagement, ZALCYBER is yet to earn any reputation points or awards, indicating their status as a newcomer within the community. With the potential for further involvement in discussions and activities, their profile suggests that ZALCYBER might be a new hacker group/individual within the forum.  However, the alleged RBI data breach immediately thrusts them into the spotlight, given that the RBI operates 31 branches across India and is responsible for the creation, manufacturing, distribution, and comprehensive administration of the country’s currency. The bank’s mandate also encompasses ensuring an abundant supply of genuine and untainted banknotes nationwide. Financial Institutions Under Siege: A Surge in Cyberattacks The alleged RBI data breach is not an isolated incident. In recent years, cyberattacks on financial institutions have become increasingly common, with hackers targeting banks and their customers with alarming frequency.  One such example is the reported breach affecting Bank of America customers, where the personal information of approximately 57,000 customers was compromised due to a cyberattack on bank service provider Infosys McCamish Systems. Source: Dark Web Furthermore, The Cyber Express previously reported about cyberattacks on major Indian banks, including the Federal Bank Limited and Indian Bank. The perpetrators, identified as the “Mysterious Silent Force,” purportedly targeted these institutions to expose vulnerabilities within the banking system. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyberattack on Westw ...

 Firewall Daily

The DragonForce ransomware group has expanded its list of victims, adding two new entities, Westward360 and Compression Leasing Services, to their dark web portal. The DragonForce cyberattack targets two American companies, yet details regarding data compromise and the motive behind the attack remain undisclosed by   show more ...

the hackers. DragonForce Cyberattack: Two New Targets What adds complexity to the situation is the accessibility of the official websites of the targeted companies. Despite the reported DragonForce cyberattack, the websites remain fully operational. This raises suspicions about the attackers’ intentions—whether it’s a strategic move to gain attention or if there’s a deeper motive at play. Clarity on the DragonForce cyberattack can only emerge once official statements are released by the affected organizations. Source: Twitter Source: Twitter The targeting of companies like Westward360 and Compression Leasing Services, which likely hold significant volumes of sensitive data and play crucial roles in their respective sectors, could exacerbate the ramifications of the DragonForce cyberattack. The potential compromise of sensitive financial, operational, or customer data within these organizations could lead to severe disruptions in their operations, financial losses, damage to reputation, and legal repercussions. Moreover, if the DragonForce cyberattack results in data breaches involving personally identifiable information (PII) or confidential business data, it could pose serious privacy and security risks for individuals and businesses associated with the targeted companies, potentially leading to identity theft, fraud, and other malicious activities. Previous DragonForce cyberattack Claims Meanwhile, the Ohio Lottery has recently confirmed a cybersecurity incident that occurred in December, shedding light on the Ohio Lottery data breach. The breach, which occurred on December 24, involved unauthorized access to both customer and retailer data. The Lottery has attributed the attack to a ransomware group, acknowledging significant data theft. Following the cyberattack, the Ohio Lottery faced operational challenges, impacting its mobile cashing app and Super Retailer outlets’ ability to process online prize claims exceeding $599. While prizes up to $599 can still be redeemed at retail outlets, those above $600 require mailing to the Ohio Lottery Central Office for processing—a measure imposed due to the breach’s aftermath. DragonForce, the same ransomware group implicated in the Ohio Lottery attack, claimed responsibility for the breach on December 27, boasting of stealing over 600 GB of data. The stolen data reportedly includes sensitive information such as names, addresses, winnings, dates of birth, and social security numbers, affecting both employees and players alike. In a parallel incident, Yakult Australia has also fallen victim to a cybersecurity breach, further highlighting the pervasive threat of cyberattacks. The breach, which occurred in mid-December, has thrown the Australia and New Zealand divisions of Yakult into disarray during a critical time of the year. DragonForce’s involvement in the Yakult Australia breach was revealed through a threat posted on its onion leak site on December 20. The post outlined the breach, indicating the compromise of 95.19 GB of data, including the company database, contracts, passports, and more. These incidents highlight the escalating threat posed by ransomware groups like DragonForce, targeting organizations worldwide with devastating consequences. As cyber adversaries continue to evolve their tactics, collaboration between governments, organizations, and cybersecurity experts is essential to combatting cyber threats and safeguarding digital infrastructure and sensitive information. Only through collective efforts and heightened vigilance can the global community effectively thwart cybercriminals and ensure a secure digital environment for all. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyberattack on Italy ...

 Firewall Daily

The threat actor group known as NoName has claimed responsibility for targeting multiple websites in Italy. The affected entities in the cyberattack on Italy, include prominent institutions such as Sinfomar, Guardia di Finanza, the National Commission for Companies and the Stock Exchange, Autorita’ Garante   show more ...

della Concorrenza e del Mercato, Torinese Transport Group, CTM SpA, Trentino Transport, and the Marina Militare. Motive Behind Cyberattack on Italy The message disseminated by the threat actor group suggests a political motive behind the Cyberattack on Italy. It references agreements between Italy, the European Bank for Reconstruction and Development, and the Ukrainian government aimed at supporting the energy sector of Ukraine. The threat actor accuses Italy of diverting resources towards supporting “Bandera’s supporters” instead of focusing on its citizens’ welfare. Source: Twitter The message further criticizes the Italian Foreign Ministry’s reported intention to sponsor President Zelensky’s administration, labeling them as “terrorists.” The threat actor group expresses frustration with Italy’s perceived lack of understanding of their intentions and demands, escalating their actions by launching another wave of Distributed Denial of Service (DDoS) attacks against targeted websites. Source: Twitter The tone of the message suggests a significant level of coordination and planning by the threat actor group, with a clear intent to disrupt Italy’s internet infrastructure and cause economic harm. By targeting key governmental and financial institutions, NoName aims to highlight their grievances and potentially exert pressure on Italian authorities. Source: Twitter The reference to “joint attacks” implies potential collaboration with other threat actor groups, raising concerns about the scale and sophistication of the cyber threat landscape facing Italy and potentially other European countries. The message serves as a reminder of the vulnerability of digital infrastructure to malicious actors and the need for enhanced cybersecurity measures to mitigate such risks effectively. The implications of a cyberattack on Italy extend beyond the immediate disruption caused to targeted websites. They highlight broader geopolitical tensions and the evolving nature of cyber warfare, where state-sponsored or politically motivated threat actors leverage digital tools to advance their agendas and exert influence on the global stage. NoName Previous Cyberattack This recent cyberattack on Italian websites follows a pattern of aggressive cyber activities attributed to the NoName group. In January, the group claimed responsibility for a sophisticated cyberattack on multiple high-profile websites in the Netherlands, including OV-chipkaart, the Municipality of Vlaardingen, the Dutch Tax Office (Belastingdienst), and GVB. The sensitive nature of the information held by these entities raised significant concerns about data security and the potential impact on public services. The January cyberattack was not an isolated incident. NoName has been linked to a series of cyberattacks across Ukraine, Finland, and the USA earlier in 2024. The group’s dark web channel specifically named eight organizations as victims, indicating a coordinated and widespread cyber offensive. The organizations targeted in the prior attack included PrivatBank 24, Credit Agricole Bank, MTB BANK, Accordbank, Matek Systems (China), Pixhawk (Switzerland), SpetsInTech, and Kvertus. These cyberattack incidents highlight the global reach and disruptive capabilities of the NoName group, posing significant challenges to cybersecurity efforts worldwide. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Identity Theft, Fraud, Scams

Scammers create multiple fraudulent domains and use scare tactics to pressure victims into making hasty decisions, such as disclosing personal details or making immediate payments.

 Malware and Vulnerabilities

SolarWinds has patched critical vulnerabilities in its Access Rights Manager (ARM) and (Orion) Platform that could allow attackers to execute code, emphasizing the importance of promptly updating to the fixed versions.

 Feed

Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.

 Feed

Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.

 Feed

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be   show more ...

used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

 Feed

Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

 Feed

Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.

 Feed

Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.

 Feed

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

 Feed

Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.

 Feed

Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.

 Feed

Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.

 Firewall Daily

ETISALAT, the state-owned Emirates Telecommunications Group Company PJSC in the UAE, is reportedly grappling with a ransomware assault attributed to the infamous LockBit ransomware faction. The hacker collective has claimed responsibility for the cyberattack on ETISALAT, successfully breaching the company’s   show more ...

systems. They are now demanding $100,000 for the return of the pilfered data, setting a deadline of April 17th. While the situation’s severity is acknowledged, the official confirmation of the cyberattack on ETISALAT is still pending. Additionally, the ETISALAT official website remains accessible, casting doubt on the validity of LockBit’s claims. However, a definitive assessment awaits an official statement from ETISALAT regarding the incident. If validated, the implications of this cyberattack on ETISALAT could be severe, potentially exposing thousands of customers to various forms of exploitation and fraud. Telecommunication Sector on the Radar of Hackers The urgency of the matter is highlighted by the recent surge in cyberattacks targeting mobile operators globally. Just days before the purported ETISALAT cyberattack, Spain-based mobile telephony company Llamaya, a subsidiary of MASMOVIL Group, reported a significant data breach. The threat actor, known as “DNI,” claims to have accessed sensitive customer information, including phone numbers, passwords, and personal details, affecting approximately 16,825 customers. These incidents highlight a growing trend of cyber threats plaguing the telecommunications sector. The recent onslaught of attacks targeting entities like Monobank in Ukraine and a popular mobile banking app with over 10 million users further emphasizes the vulnerability of digital infrastructure to malicious actors. According to the Verizon 2023 Data Breach Investigations Report (DBIR), ransomware attacks accounted for 24% of all breaches, underscoring the pervasive nature of this threat. Moreover, Sophos‘ “The State of Ransomware 2023” report revealed that 66% of organizations were affected by ransomware in 2023 alone, indicating a sharp rise in such incidents. The evolving landscape of ransomware threats is exemplified by the proliferation of more than 130 different ransomware strains since 2020, as reported by VirusTotal’s “Ransomware in a Global Context” study. Unclear Motive Behind Cyberattack on ETISALAT  While the specific motivations behind the cyberattack on ETISALAT remain unclear, the broader trend of ransomware incidents highlights the pressing need for enhanced cybersecurity measures across industries, particularly in critical sectors such as telecommunications. The potential impact of such breaches extends far beyond financial losses, posing significant risks to customer privacy, data integrity, and organizational reputation. In response to these escalating threats, organizations must prioritize proactive cybersecurity strategies, including regular vulnerability assessments, employee training, and the implementation of robust incident response plans. Collaborative efforts between public and private stakeholders are essential to mitigate the risks posed by sophisticated cyber adversaries and safeguard the integrity of digital infrastructure. As the investigation into the purported ETISALAT cyberattack unfolds, stakeholders are urged to remain vigilant and implement stringent cybersecurity protocols to prevent and mitigate the impact of future incidents. The resilience of the telecommunications sector in the face of evolving cyber threats hinges on a collective commitment to proactive defense measures and swift response strategies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat

 Feed

The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a

 Feed

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included

 Feed

Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how it’s become the most effective technology to detect cyber threats?  NDR massively

 Feed

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Al Saurette, CEO, MainTegrity, Most large organizations, including 70% of Fortune 500 companies, rely extensively on mainframes for managing their business and IT infrastructure. However, despite the significant role mainframes play, the conversation   show more ...

of how to best secure mainframes security does gets relatively little attention. Considering today’s cyberthreat […] La entrada It’s Time to End the Myth of Untouchable Mainframe Security. – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. By James Hunt, Subject Matter Expert Payments, Feedzai Businesses across the US are seeking innovative payment methods, with an estimated 75% of   show more ...

retailers looking to embrace cryptocurrency payment options in 2024. However, with cryptocurrency […] La entrada How Businesses Can Manage Cryptocurrency Fraud – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Ian Robinson, Chief Architect of Titania Keeping U.S. commercial critical national infrastructure (CNI) organizations safe is vital to national security, and it’s never been more top of mind as international conflicts and cyberattacks increase and   show more ...

create tensions for businesses, governments, and citizens. These 16 critical sectors – communications, […] La entrada Enhancing PCI DSS Compliance: The Urgent Need for Risk-Based Prioritization – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bounty

Source: go.theregister.com – Author: Team Register infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. The Department of State announced last week that it was offering $10 million for information   show more ...

identifying key leaders in the ALPHV […] La entrada Feds post $15 million bounty for info on ALPHV/Blackcat ransomware crew – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register In time for the long Presidents’ Day weekend in the US there have been multiple warnings about what will undoubtedly be a challenging and potentially dangerous year for voting processes and government workers. State and county officials have been urged to   show more ...

use paper ballots wherever possible over electronic ones, […] La entrada Election security threats in 2024 range from AI to … anthrax? – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud computing

Source: securityboulevard.com – Author: Matt Palmer Cloud security means multiple teams with a shared responsibility. The transition to cloud computing is an evolution that many organisations are still undertaking to improve efficiency, scalability, and flexibility in their operations. Cloud services offer   show more ...

recognised advantages, such as moving IT infrastructure costs to operating expenditure rather than capital […] La entrada Does moving to the cloud mean compromising on security? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Security Bloggers Network  Home » Security Bloggers Network » USENIX Security ’23 – Zhuo Zhang, Zhiqiang Lin, Marcelo Morales, Xiangyu Zhang, Kaiyuan Zhang – Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract by Marc   show more ...

Handelman on February 18, 2024 Many thanks to USENIX for publishing their outstanding USENIX […] La entrada USENIX Security ’23 – Zhuo Zhang, Zhiqiang Lin, Marcelo Morales, Xiangyu Zhang, Kaiyuan Zhang – Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity New terminology and cyber questions about generative artificial intelligence keep popping up. Can AI be governed? How can GenAI be secured? By whom? Using what tools and processes? February 18, 2024 •  Dan Lohrmann Adobe Stock/Yurii Klymko   show more ...

Some call it “shadow AI.” Others call it “new shadow IT for […] La entrada Generative AI Guardrails: How to Address Shadow AI – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Pierre Noujeim The quality of integrations within your SOAR (Security Orchestration, Automation, and Response) system can have a profound impact on your operational effectiveness. Recognizing this, D3 Security is committed to delivering integrations that are robust,   show more ...

reliable and maintained for life by our team of experts. This commitment ensures that your […] La entrada The D3 Integration Development Cycle: A Journey of Precision, Innovation, and Adaptability – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Alexandra Mehat Product Marketing Director, Fortinet Alexandra Mehat is a results-driven Product Marketing Director with extensive experience in translating complex technical features into compelling value propositions and driving customer success through sales and   show more ...

channel enablement. Currently, she is the product marketing director for Fortinet’s SASE solution, as well as the […] La entrada Live Webinar | SASE Outlook 2024: Top 5 Predictions and Trends – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dan Raywood, Senior Editor, Dark Reading Source: philipus via Alamy Stock Photo Cyberattacks on critical infrastructure are steadily increasing, driven by geopolitical conflicts as well as the longtime problem of poorly secured devices that remain exposed and unprotected on   show more ...

the public Internet. But with cyberattacks on water treatment plants rising and […] La entrada Q&A: The Cybersecurity Training Gap in Industrial Networks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Two flights bound for Israel over the past week have suffered attempts to hijack their communications and divert the aircraft, according to local reports. The El Al flights were both travelling from Thailand to Israel’s Ben Gurion international airport and   show more ...

apparently encountered “hostile elements” while flying over the Middle East. […] La entrada Israeli Aircraft Survive “Cyber-Hijacking” Attempts – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 British

Source: www.infosecurity-magazine.com – Author: 1 British parents and teachers have been urged to educate children on the dangers of low-level cybercrime, after a new study revealed that one-in-five 10- to 16-year-olds have committed offenses online. The National Crime Agency (NCA) study claimed that the   show more ...

figure rises to 25% for children that are online gamers. It said […] La entrada Fifth of British Kids Have Broken the Law Online – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ”Operation Cronos.” According to a banner displayed on the gang’s data leak website, LockBit’s   show more ...

dark web leak site is now under the control of the National Crime Agency of the United Kingdom. […] La entrada LockBit ransomware disrupted by global police operation – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas In an advisory today Germany’s federal intelligence agency (BfV) and South Korea’s National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. The   show more ...

attacks aim to steal advanced military technology information and help North Korea modernize conventional arms […] La entrada North Korean hackers linked to defense sector supply-chain attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Monday, February 19
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril