Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Law Enforcement Stri ...

 Firewall Daily

In a coordinated effort between the FBI and UK authorities, an aggressive blow has been dealt to the infamous LockBit ransomware group. The latest development in the ongoing battle against cybercrime sees LockBit seizure by law enforcement authorities and the taking down of the 22 data leak websites associated with   show more ...

the threat actor. Users attempting to access the LockBit site are now met with a message indicating its takeover by the UK’s National Crime Agency (NCA), working in tandem with the FBI and the international law enforcement task force, Operation Cronos. This joint operation marks a milestone in the fight against cyber threats, particularly those posed by ransomware groups like LockBit. However, the threat actor seems to have taken a sophisticated turn and has released a notification letter about the LockBit takedown, notifying the users about the incident and the next set of steps it is going to take. The LockBit Domain Takedown: Details About the ‘Operation Cronos’ Source: X The LockBit takedown operation, involving law enforcement agencies from 11 different countries, has resulted in the seizure of 11,000 domains associated with LockBit and its affiliates. This move aims to disrupt the group’s infrastructure and dismantle its ransomware deployment system, a critical step in curbing its nefarious activities. Upon accessing the website, instead of the usual data breach content, users can now see the message, “This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’, being displayed on the screen. The LockBit ransomware group is notorious for encrypting files on victims’ computers and demanding payment for their release, a practice that has caused havoc across various sectors globally. Affiliates recruited by LockBit employ the group’s tools and infrastructure to carry out these attacks, with LockBit taking a share of the ransom proceeds. Participating countries in this coordinated action include Canada, France, Japan, Switzerland, Germany, Australia, Sweden, the Netherlands, and Finland, demonstrating the international scale of the effort against cybercrime. The Technical Side of the LockBit Seizure: Multiple Facets Source: vx-underground on X Law enforcement agencies, including EUROPOL, the FBI, the National Crime Agency of the UK, and the Operation Cronos Law Enforcement Task Force, have initiated the LockBit takedown with at least 22 Tor sites associated with Lockbit have been affected in what is termed ‘Operation Cronos.’  Source: vx-underground on X Notifications on the seized websites read, “Hello Law Enforcement has taken control of Lockbit’s platform and obtained all the information held on there. This information relates to the Lockbit group and you, their affiliate.”  The Lockbit ransomware group’s administrative staff confirmed the seizure, with messages disseminated via Tox and other channels, citing the compromise of their servers through a PHP vulnerability (CVE-2023-3824), reported vx-underground on X (previously Twitter) PHP vulnerability associated with the LockBit seizure Affiliates attempting to access the LockBit panel are greeted with notices indicating law enforcement control over the platform, with warnings of extensive data acquisition, including victim details, extortion amounts, stolen data, chats, and more.  The compromise is attributed to the exploitation of the aforementioned PHP vulnerability, leading to memory corruption or remote code execution. This coordinated effort by law enforcement agencies highlights their commitment to combating cybercrime and disrupting ransomware operations. The Response to LockBit Takedown Source: AzAl Security on X In response to the LockBit seizure, the ransomware group has shared a letter through a mass broadcast on Tox. A notification letter, titled “Important Security Notice from Lockbit – Action Required,” was disseminated to affiliates outlining the situation. The letter highlights the unauthorized access detected by LockBit’s team, allegedly perpetrated by the NCA group.  The breach potentially compromised personal data such as names, email addresses, and encrypted passwords, though no evidence suggests access to financial information or social security numbers. In response, LockBit has heightened security measures, initiated an investigation with “operators and cybercriminals”, and offered affected individuals 12 months of complimentary credit monitoring.  Affiliates are advised to reset passwords, enable multi-factor authentication, and monitor accounts for any suspicious activities. For further assistance, individuals are directed to contact LockBit’s customer support through email and phone. The Impact of LockBit Ransomware Group LockBit’s impact has been felt worldwide, with statistics revealing its prominence in ransomware incidents across different regions. According to CISA, In Australia, for instance, LockBit accounted for 18% of reported ransomware incidents from April 2022 to March 2023, while in Canada, it was responsible for 22% of such incidents in 2022. New Zealand reported 15 instances of LockBit ransomware in 2022, representing 23% of all ransomware reports received by CERT NZ. Similarly, in the United States, LockBit attacks accounted for 16% of ransomware incidents affecting state, local, tribal, and tribunal governments in 2022. LockBit’s rise to infamy as one of the most deployed ransomware variants highlights the need for international cooperation in combating cyber threats. The recent takedown operation marks a significant victory in this ongoing battle, but it also highlights the continued challenges posed by ransomware groups operating with impunity on the internet. As law enforcement agencies continue their efforts to dismantle such criminal networks, cybersecurity remains a pressing concern for organizations worldwide. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for University of Cambri ...

 Firewall Daily

Anonymous Sudan has been linked to a series of alleged Distributed Denial of Service (DDoS) attacks on prominent UK universities, including the University of Cambridge and the University of Manchester. The group, believed to be utilizing the Skynet botnet, recently upgraded its capabilities. In a post attributed to   show more ...

the threat actor, Anonymous Sudan cited reasons for the attack, including the UK’s perceived support for Israel and involvement in conflicts such as the Gaza and bombing campaigns in Yemen. Anonymous Sudan University Cyberattack Claims Source: CyberKnow on X Despite the severity of the claims regarding the University of Cambridge cyberattack and the University of Manchester cyberattack, both institutions have yet to issue official statements or responses. As of the latest update, their websites remain operational with no apparent signs of cyber intrusions. However, the threat actor asserted these university cyberattacks, stating, “We have executed a MAJOR cyber attack on the digital infrastructure of 2 of the biggest UK universities; University of Cambridge University of Manchester. A Reason for the Attack: UK’s unconditional support for Israel and complicity in the ongoing genocide in Gaza as well as bombing campaigns on Yemen. We therefore claim any harm to the aforementioned universities & any collateral damage.” Beyond these specific incidents, colleges and universities are increasingly becoming prime targets for cyberattacks. The wealth of personal, financial, and confidential data, coupled with valuable research findings, makes higher education institutions lucrative targets for threat actors. Who is Anonymous Sudan Anonymous Sudan, a hacker group, engaged in numerous distributed denial-of-service (DDoS) attacks worldwide since early 2023. Despite claiming Sudanese roots and targeting “anti-Muslim activity,” their actual origins remain ambiguous, possibly linked to Russia.  Employing public warnings and propaganda, they garnered attention but were only one among many utilizing DDoS attacks. Their motives, obscured by collaboration with groups like Killnet, extended beyond ideological pursuits.  Suspected ties to Russia arose from linguistic cues and infrastructure similarities. Anonymous Sudan primarily utilized DDoS tactics, inundating targets with malicious traffic, often preceded by public threats.  Their methods include HTTP floods and rented server clusters, hinting at substantial financial backing. Their modus operandi sought attention and induced uncertainty, although their true intentions and origins remained elusive. Mitigation Strategies for Universities Source: Lamar University Protecting these institutions poses unique challenges due to the need for open access to networks by both employees and students. Mitigating cyber threats involves understanding various attack vectors and implementing appropriate solutions. According to Lamar University, among the identified threats targeting universities and educational institutions are phishing and spear phishing attacks, exploiting outdated operating systems and software, and unauthorized hardware access.  To address these challenges, education on cybersecurity practices, strong password policies, multi-layer security measures, encryption of sensitive data, and multi-factor authentication are crucial. Additionally, regular data backups are essential to mitigate the impact of ransomware attacks, while limiting access to sensitive data helps minimize risks associated with insider threats. As for the University of Cambridge cyberattack and the University of Manchester cyberattack, both are ongoing stories and we’ll update the post once we have more information on the university cyberattacks or any official confirmation from these educational institutions.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for The biggest ransomwa ...

 Business

Time was when any ransomware incident would spark a lively press and public reaction. Fast forward to the present, and the word ransomware in a headline doesnt generate nearly as much interest: such attacks have become commonplace. Nonetheless, they continue to pose a grave threat to corporate security. This review   show more ...

spotlights the biggest and most high-profile incidents that occurred in 2023. January 2023: LockBit attack on the UKs Royal Mail The year kicked off with the LockBit group attacking Royal Mail, the UKs national postal service. The attack paralyzed international mail delivery, leaving millions of letters and parcels stuck in the companys system. On top of that, the parcel tracking website, online payment system, and several other services were also crippled; and at the Royal Mail distribution center in Northern Ireland, printers began spewing out copies of the LockBit groups distinctive orange ransom note. The LockBit ransom note that printers at the Royal Mail distribution center began printing in earnest. Source As is commonly the case with modern ransomware attacks, LockBit threatened to post stolen data online unless the ransom was paid. Royal Mail refused to pay up, so the data ended up being published. February 2023: ESXiArgs attacks VMware ESXi servers worldwide February saw a massive automated ESXiArgs ransomware attack on organizations through the RCE vulnerability CVE-2021-21974 in VMware ESXi servers. Although VMware released a patch for this vulnerability back in early 2021, the attack left more than 3000 VMware ESXi servers encrypted. The attack operators demanded just over 2BTC (around $45,000 at the time of the attack). For each individual victim they generated a new Bitcoin wallet and put its address in the ransom note. Ransom demand from the original version of ESXiArgs ransomware. Source Just days after the attack began, the cybercriminals unleashed a new strain of the cryptomalware, making it far harder to recover encrypted virtual machines. To make their activities more difficult to trace, they also stopped giving out ransom wallet addresses, prompting victims to make contact through the P2P messenger Tox instead. March 2023: Clop group widely exploits a zero-day in GoAnywhere MFT In March 2023, the Clop group began widely exploiting a zero-day vulnerability in Fortras GoAnywhere MFT (managed file transfer) tool. Clop is well-known for its penchant for exploiting vulnerabilities in such services: in 2020–2021, the group attacked organizations through a hole in Accelon FTA, switching in late 2021 to exploiting a vulnerability in SolarWinds Serv-U. In total, more than 100 organizations suffered attacks on vulnerable GoAnywhere MFT servers, including Procter & Gamble, the City of Toronto, and Community Health Systems — one of the largest healthcare providers in the U.S. Map of GoAnywhere MFT servers connected to the internet. Source April 2023: NCR Aloha POS terminals disabled by BlackCat attack In April, the ALPHV group (aka BlackCat —  after the ransomware it uses) attacked NCR, a U.S. manufacturer and servicer of ATMs, barcode readers, payment terminals, and other retail and banking equipment. The ransomware attack shut down the data centers handling the Aloha POS platform — which is used in restaurants, primarily fast food — for several days. NCR Aloha POS platform disabled by the ALPHV/BlackCat group. Source Essentially, the platform is a one-stop shop for managing catering operations: from processing payments, taking online orders, and operating a loyalty program, to managing the preparation of dishes in the kitchen and payroll accounting. As a result of the ransomware attack on NCR, many catering establishments were forced to revert to pen and paper. May 2023: Royal ransomware attack on the City of Dallas Early May saw a ransomware attack on municipal services in Dallas, Texas — the ninth most populous city in the U.S. Most affected were IT systems and communications of the Dallas Police Department, and printers on the City of Dallas network began churning out ransom notes. The Royal ransom note printed out through City of Dallas network printers. Source Later that month, there was another ransomware attack on an urban municipality: the target this time was the City of Augusta in the U.S. state of Georgia, and the perpetrators were the BlackByte group. June 2023: Clop group launches massive attacks through zero-days in MOVEit Transfer In June, the same Clop group responsible for the February attacks on Fortra GoAnywhere MFT began exploiting a zero-day vulnerability in another managed file transfer tool — Progress Softwares MOVEit Transfer. This ransomware attack — one of the largest incidents of the year — affected numerous organizations, including the oil company Shell, the New York City Department of Education, the BBC media corporation, the British pharmacy chain Boots, the Irish airline Aer Lingus, the University of Georgia, and the German printing equipment manufacturer Heidelberger Druckmaschinen. The Clop website instructs affected companies to contact the group for negotiations. Source July 2023: University of Hawaii pays ransom to the NoEscape group In July, the University of Hawaii admitted to paying off ransomwarers. The incident itself occurred a month earlier when all eyes were fixed on the attacks on MOVEit. During that time, a relatively new group going by the name of NoEscape infected one of the university departments, Hawaiian Community College, with ransomware. Having stolen 65GB of data, the attackers threatened the university with publication. The personal information of 28,000 people was apparently at risk of compromise. It was this fact that convinced the university to pay the ransom to the extortionists. NoEscape announces the hack of the University of Hawaii on its website. Source Of note is that university staff had to temporarily shut down IT systems to stop the ransomware from spreading. Although the NoEscape group supplied a decryption key upon payment of the ransom, the restoration of the IT infrastructure was expected to take two months. August 2023: Rhysida targets the healthcare sector August was marked by a series of attacks by the Rhysida ransomware group on the healthcare sector. Prospect Medical Holdings (PMH), which operates 16 hospitals and 165 clinics across several American states, was the organization that suffered the most. The hackers claimed to have stolen 1TB of corporate documents and a 1.3 TB SQL database containing 500,000 social security numbers, passports, drivers licenses, patient medical records, as well as financial and legal documents. The cybercriminals demanded a 50BTC ransom (then around $1.3 million). Ransom note from the Rhysida group. Source September 2023: BlackCat attacks Caesars and MGM casinos In early September, news broke of a ransomware attack on two of the biggest U.S. hotel and casino chains — Caesars and MGM — in one stroke. Behind the attacks was the ALPHV/BlackCat group, mentioned above in connection with the assault on the NCR Aloha POS platform. The incident shut down the companies entire infrastructure — from hotel check-in systems to slot machines. Interestingly, the victims responded in very different ways. Caesars decided to pay the extortionists $15 million, half of the original $30 million demand. MGM chose not to pay up, but rather to restore the infrastructure on its own. The recovery process took nine days, during which time the company lost $100 million (its own estimate), of which $10 million was direct costs related to restoring the downed IT systems. Caesars and MGM own more than half of Las Vegas casinos October 2023: BianLian group extorts Air Canada A month later, the BianLian group targeted Canadas flag carrier, Air Canada. The attackers claim they stole more than 210GB of various information, including employee/supplier data and confidential documents. In particular, the attackers managed to steal information on technical violations and security issues of the airline. The BianLian website demands a ransom from Air Canada Source November 2023: LockBit group exploits Citrix Bleed vulnerability November was remembered for a Citrix Bleed vulnerability exploited by the LockBit group, which we also discussed above. Although patches for this vulnerability were published a month earlier, at the time of the large-scale attack more than 10,000 publicly accessible servers remained vulnerable. This is what the LockBit ransomware took advantage of to breach the systems of several major companies, steal data, and encrypt files. Among the big-name victims was Boeing, whose stolen data the attackers ended up publishing without waiting for the ransom to be paid. The ransomware also hit the Industrial and Commercial Bank of China (ICBC), the largest commercial bank in the world. The LockBit website demands a ransom from Boeing The incident badly hurt the Australian arm of DP World, a major UAE-based logistics company that operates dozens of ports and container terminals worldwide. The attack on DP World Australias IT systems massively disrupted its logistics operations, leaving some 30,000 containers stranded in Australian ports. December 2023: ALPHV/BlackCat infrastructure seized by law enforcement Toward the end of the year, a joint operation by the FBI, the U.S. Department of Justice, Europol, and law enforcement agencies of several European countries deprived the ALPHV/BlackCat ransomware group of control over its infrastructure. Having hacked it, they quietly observed the cybercriminals actions for several months, collecting data decryption keys and aiding BlackCat victims. In this way, the agencies rid more than 500 organizations worldwide of the ransom threat and saved around $68 million in potential payouts. This was followed in December by a final takeover of the servers, putting an end to BlackCats operations. The joint law enforcement operation to seize ALPHV/BlackCat infrastructure. Source Various statistics about the ransomware groups operations were also made public. According to the FBI, during the two years of its activity, ALPHV/BlackCat breached more than a thousand organizations, demanded a total of more than $500 million from victims, and received around $300 million in ransom payments. How to guard against ransomware attacks Ransomware attacks are becoming more varied and sophisticated with each passing year, so there isnt (and cant be) one killer catch-all tip to prevent incidents. Defense measures must be comprehensive. Focus on the following tasks: Train employees in cybersecurity awareness. Implement and refine data storage and employee access Back up important data regularly and isolate it from the network. Install robust protection on all corporate devices. Monitor suspicious activity on the corporate network using an Endpoint Detection and Response (EDR) Outsource threat search and response to a specialist company if your in-house information security lacks the capability.

image for Feds Seize LockBit R ...

 Ne'er-Do-Well News

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim   show more ...

shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools. Dubbed “Operation Cronos,” the law enforcement action involved the seizure of nearly three-dozen servers; the arrest of two alleged LockBit members; the unsealing of two indictments; the release of a free LockBit decryption tool; and the freezing of more than 200 cryptocurrency accounts thought to be tied to the gang’s activities. LockBit members have executed attacks against thousands of victims in the United States and around the world, according to the U.S. Department of Justice (DOJ). First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. dollars in ransom demands, and extorted over $120 million in ransom payments. LockBit operated as a ransomware-as-a-service group, wherein the ransomware gang takes care of everything from the bulletproof hosting and domains to the development and maintenance of the malware. Meanwhile, affiliates are solely responsible for finding new victims, and can reap 60 to 80 percent of any ransom amount ultimately paid to the group. A statement on Operation Cronos from the European police agency Europol said the months-long infiltration resulted in the compromise of LockBit’s primary platform and other critical infrastructure, including the takedown of 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom. Europol said two suspected LockBit actors were arrested in Poland and Ukraine, but no further information has been released about those detained. The DOJ today unsealed indictments against two Russian men alleged to be active members of LockBit. The government says Russian national Artur Sungatov used LockBit ransomware against victims in manufacturing, logistics, insurance and other companies throughout the United States. Ivan Gennadievich Kondratyev, a.k.a. “Bassterlord,” allegedly deployed LockBit against targets in the United States, Singapore, Taiwan, and Lebanon. Kondratyev is also charged (PDF) with three criminal counts arising from his alleged use of the Sodinokibi (aka “REvil“) ransomware variant to encrypt data, exfiltrate victim information, and extort a ransom payment from a corporate victim based in Alameda County, California. With the indictments of Sungatov and Kondratyev, a total of five LockBit affiliates now have been officially charged. In May 2023, U.S. authorities unsealed indictments against two alleged LockBit affiliates, Mikhail “Wazawaka” Matveev and Mikhail Vasiliev. Vasiliev, 35, of Bradford, Ontario, Canada, is in custody in Canada awaiting extradition to the United States (the complaint against Vasiliev is at this PDF). Matveev remains at large, presumably still in Russia. In January 2022, KrebsOnSecurity published Who is the Network Access Broker ‘Wazawaka,’ which followed clues from Wazawaka’s many pseudonyms and contact details on the Russian-language cybercrime forums back to a 31-year-old Mikhail Matveev from Abaza, RU. An FBI wanted poster for Matveev. In June 2023, Russian national Ruslan Magomedovich Astamirov was charged in New Jersey for his participation in the LockBit conspiracy, including the deployment of LockBit against victims in Florida, Japan, France, and Kenya. Astamirov is currently in custody in the United States awaiting trial. LockBit was known to have recruited affiliates that worked with multiple ransomware groups simultaneously, and it’s unclear what impact this takedown may have on competing ransomware affiliate operations. The security firm ProDaft said on Twitter/X that the infiltration of LockBit by investigators provided “in-depth visibility into each affiliate’s structures, including ties with other notorious groups such as FIN7, Wizard Spider, and EvilCorp.” In a lengthy thread about the LockBit takedown on the Russian-language cybercrime forum XSS, one of the gang’s leaders said the FBI and the U.K.’s National Crime Agency (NCA) had infiltrated its servers using a known vulnerability in PHP, a scripting language that is widely used in Web development. Several denizens of XSS wondered aloud why the PHP flaw was not flagged by LockBit’s vaunted “Bug Bounty” program, which promised a financial reward to affiliates who could find and quietly report any security vulnerabilities threatening to undermine LockBit’s online infrastructure. This prompted several XSS members to start posting memes taunting the group about the security failure. “Does it mean that the FBI provided a pentesting service to the affiliate program?,” one denizen quipped. “Or did they decide to take part in the bug bounty program? :):)” Federal investigators also appear to be trolling LockBit members with their seizure notices. LockBit’s data leak site previously featured a countdown timer for each victim organization listed, indicating the time remaining for the victim to pay a ransom demand before their stolen files would be published online. Now, the top entry on the shaming site is a countdown timer until the public doxing of “LockBitSupp,” the unofficial spokesperson or figurehead for the LockBit gang. “Who is LockbitSupp?” the teaser reads. “The $10m question.” In January 2024, LockBitSupp told XSS forum members he was disappointed the FBI hadn’t offered a reward for his doxing and/or arrest, and that in response he was placing a bounty on his own head — offering $10 million to anyone who could discover his real name. “My god, who needs me?,” LockBitSupp wrote on Jan. 22, 2024. “There is not even a reward out for me on the FBI website. By the way, I want to use this chance to increase the reward amount for a person who can tell me my full name from USD 1 million to USD 10 million. The person who will find out my name, tell it to me and explain how they were able to find it out will get USD 10 million. Please take note that when looking for criminals, the FBI uses unclear wording offering a reward of UP TO USD 10 million; this means that the FBI can pay you USD 100, because technically, it’s an amount UP TO 10 million. On the other hand, I am willing to pay USD 10 million, no more and no less.” Mark Stockley, cybersecurity evangelist at the security firm Malwarebytes, said the NCA is obviously trolling the LockBit group and LockBitSupp. “I don’t think this is an accident—this is how ransomware groups talk to each other,” Stockley said. “This is law enforcement taking the time to enjoy its moment, and humiliate LockBit in its own vernacular, presumably so it loses face.” In a press conference today, the FBI said Operation Cronos included investigative assistance from the Gendarmerie-C3N in France; the State Criminal Police Office L-K-A and Federal Criminal Police Office in Germany; Fedpol and Zurich Cantonal Police in Switzerland; the National Police Agency in Japan; the Australian Federal Police; the Swedish Police Authority; the National Bureau of Investigation in Finland; the Royal Canadian Mounted Police; and the National Police in the Netherlands. The Justice Department said victims targeted by LockBit should contact the FBI at https://lockbitvictims.ic3.gov/ to determine whether affected systems can be successfully decrypted. In addition, the Japanese Police, supported by Europol, have released a recovery tool designed to recover files encrypted by the LockBit 3.0 Black Ransomware.

image for Complexity Mounts in ...

 Firewall Daily

In a concerning development, Schneider Electric’s Sustainability Business Division has fallen victim to a data breach, raising alarms about the security of sensitive information within the company’s ecosystem. While officials have confirmed the Schneider Electric data breach, details remain murky as the   show more ...

ransomware group responsible for the cyberattack has not been officially named. Who is Responsible for Schneider Electric data breach? Adding to the complexity of the situation, the Cactus ransomware group has stepped forward, claiming responsibility for the Schneider Electric data breach. According to their assertion, a staggering 1.5 TB of personal documents, confidential agreements, and non-disclosure agreements were among the information pilfered. Source: Twitter The group now threatens to expose this data unless a ransom is paid, casting a shadow of uncertainty over the company’s cybersecurity measures. Schneider Electric’s Sustainability Business Division, which offers renewable energy and regulatory compliance consulting services to a multitude of prominent companies worldwide, is at the epicenter of this breach. Implications for Schneider Electric: Global Ramifications With clients ranging from Allegiant Travel Company to Walmart, the potential ramifications of this Schneider Electric reverberate across industries. The compromised systems not only jeopardize the confidentiality of sensitive information but also pose significant regulatory and compliance challenges for both Schneider Electric and its clients. This isn’t the first time Schneider Electric has found itself in the crosshairs of cybercriminals. In 2023, the company was targeted in the widespread MOVEit attacks orchestrated by the Clop ransomware gang. The recurrence of such incidents highlights the pressing need for robust cybersecurity measures and proactive threat mitigation strategies within the organization. In response to the breach, the company has taken multifaceted measures aimed at containment, recovery, impact assessment, and forensic analysis. The Sustainability Business Division, operating autonomously with its isolated network infrastructure, has successfully restored its business platforms in a secure environment. Access was reopened on January 31, 2024, following rigorous testing to ensure the integrity of the systems. Fortunately, the Schneider Electric data breach appears to be contained within the Sustainability Business Division, sparing other entities within the Schneider Electric group from direct impact. However, the ongoing investigation reveals that data has indeed been compromised, necessitating a comprehensive forensic analysis by leading cybersecurity firms and the Schneider Electric Global Incident Response team. Moving forward, Schneider Electric faces the daunting task of fortifying its defenses against future cyber threats while navigating the fallout from the recent breach. Heightened vigilance, enhanced cybersecurity protocols, and transparent communication with stakeholders will be paramount in rebuilding trust and safeguarding sensitive information in an increasingly digitized world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit Ransomware T ...

 Firewall Daily

The Department of Justice, in collaboration with international law enforcement agencies, has achieved a significant milestone in the ongoing battle against cybercrime with the disruption of the operations of the LockBit ransomware group. LockBit recognized as one of the world’s most active ransomware groups, has   show more ...

inflicted widespread damage by targeting over 2,000 victims and extorting more than US$120 million in ransom payments. This nefarious group has caused immense financial losses and operational disruptions to businesses and organizations worldwide. Department of Justice Coordinated Effort The disruption of LockBit’s operations was made possible through a coordinated effort involving the U.K. National Crime Agency’s Cyber Division, the Federal Bureau of Investigation (FBI), and other law enforcement partners. By seizing control of LockBit’s infrastructure, including public-facing websites and servers used by administrators, law enforcement agencies effectively dismantled the group’s ability to carry out further attacks and extort victims by threatening to publish stolen data. This action of the Department of Justice represents a significant blow to LockBit’s criminal enterprise and sends a strong message to cybercriminals that their activities will not go unpunished. Attorney General Merrick B. Garland emphasized the importance of this operation, stating that it not only disrupts LockBit’s criminal activities but also provides much-needed relief to victims. “For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation,” said Attorney General Merrick B. Garland. “And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data. LockBit is not the first ransomware variant the Justice Department and its international partners have dismantled. It will not be the last,” Garland continued further. In addition to seizing control of LockBit’s infrastructure, law enforcement authorities have obtained decryption keys, enabling victims to regain access to their encrypted data. This proactive approach not only mitigates the immediate impact of LockBit’s attacks but also demonstrates the Department of Justice’s commitment to supporting and protecting victims of cybercrime. Accountability for Cybercriminals Deputy Attorney General Lisa Monaco echoed these sentiments, highlighting the Department’s dedication to disrupting cybercriminal networks and prioritizing the needs of victims. The unsealing of indictments against Russian nationals Artur Sungatov and Ivan Kondratyev, who are accused of deploying LockBit against numerous victims, further illustrates the Department’s resolve to hold cybercriminals accountable for their actions. Sungatov and Kondratyev are alleged to have played key roles in the global LockBit conspiracy, which also included other Russian nationals and associates responsible for developing and deploying the ransomware. FBI Director Christopher A. Wray praised the successful disruption of the LockBit criminal ecosystem, emphasizing the FBI’s commitment to defending cybersecurity and national security against malicious actors. The indictment of Sungatov and Kondratyev, along with previous charges against other LockBit members, represents a significant step forward in the Department’s efforts to dismantle ransomware networks and protect critical infrastructure. Through years of innovative investigative work, the FBI and our partners have significantly degraded the capabilities of those hackers responsible for launching crippling ransomware attacks against critical infrastructure and other public and private organizations around the world. This operation demonstrates both our capability and commitment to defend our nation’s cybersecurity and national security from any malicious actor who seeks to impact our way of life. We will continue to work with our domestic and international allies to identify, disrupt, and deter cyber threats, and to hold the perpetrators accountable,” said Director Christopher A. Wray. Modus Operandi of LockBit Ransomware Group The LockBit ransomware variant operates under the “ransomware-as-a-service” model, where developers design the ransomware and recruit affiliates to deploy it on vulnerable computer systems. These affiliates, often operating under aliases, unlawfully access and encrypt victim data, demanding ransom payments in exchange for decryption keys. The disruption of LockBit’s operations disrupts this criminal enterprise and deprives cybercriminals of their ability to profit from their illicit activities. The joint operation to disrupt LockBit’s operations involved law enforcement agencies from various countries, including the United Kingdom, France, Germany, Switzerland, Japan, Australia, Canada, the Netherlands, Finland, and Sweden. Coordinated by Europol and Eurojust, this multinational effort demonstrates the importance of international cooperation in combating cybercrime and safeguarding cyberspace. Additionally, the Department of the Treasury’s Office of Foreign Assets Control announced the designation of Sungatov and Kondratyev for their roles in launching cyberattacks. This designation further highlights the consequences faced by individuals involved in cybercriminal activities and reinforces the message that the United States will not tolerate malicious behavior that threatens national security and the global economy. Overall, the disruption of LockBit’s operations represents a significant victory in the fight against ransomware and cybercrime. By dismantling criminal networks and holding perpetrators accountable, law enforcement agencies are working to protect businesses, organizations, and individuals from the devastating consequences of cyberattacks. As technology continues to evolve, collaboration between international partners will be essential in staying ahead of emerging threats and ensuring a safe and secure digital environment for all. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for From ObserverStealer ...

 Dark Web News

Researchers at Cyble recently found the Malware-as-a-Service Infostealer ObserverStealer operating under a new identity. The ObserverStealer was rebranded and revamped as AsukaStealer in 2024, leveraging a sophisticated Malware-as-a-Service (MaaS) model. Inspired and based on the ObserverStealer from 2023, the   show more ...

AsukaStealer posed new capabilities, features, and the same addition of extensions, browsers, and files users wished to collect. AsukaStealer, promoted by its creators, offered a range of features showcased through multiple screenshots extracted from the Command and Control (C&C) panel, demonstrating its capabilities as a stealer malware. Priced at $80 for a one-month subscription, it provided flexible settings and a web panel interface for ease of use. Introduction to AsukaStealer: A Malware-as-a-Service Infostealer Source: Cyble According to Cyble Research & Intelligence Labs (CRIL), the threat actor marketed AsukaStealer as a MaaS (Malware-as-a-service) on a Russian-language forum, offering a comprehensive suite of capabilities aimed at clandestinely pilfering sensitive information from unsuspecting victims. Source: Cyble At its core, AsukaStealer is a meticulously crafted piece of malware, predominantly coded in C++ and equipped with a web-based (GUI) panel for flexible configuration and control. The malware’s primary objective revolved around harvesting a plethora of sensitive data from targeted systems. Source: Cyble From browser credentials and Discord tokens to cryptocurrency wallets and desktop screenshots, AsukaStealer left virtually no stone unturned in its quest for valuable information. Source: Cyble The AsukaStealer was first observed on February 2, 2024, operating under a Malware-as-a-Service model. Symantec identified this threat as File-based: Infostealer Trojan.Gen.MBT, Machine Learning-based: Heur.AdvML.B, and Web-based: Observed domains/IPs were covered under security categories in all WebPulse-enabled products. Analyzing the AsukaStealer Code  Source: GitHub Upon analyzing the AsukaStealer_configuration.txt file, The Cyber Express found that the configuration code referred to a configuration or setup script for the tool for grabbing or downloading content, potentially for Discord, browsers, or gaming platforms like Steam. It contained paths for various browsers’ user data directories, Discord installation paths, and even some game-related directories like Steam and Battle.net. Additionally, it included references to specific files and DLLs, suggesting some sort of manipulation or interaction with these files. Source: GitHub The latter part of the code seemed to involve file paths and patterns related to specific applications and their data storage locations, possibly for extraction or manipulation purposes. The code seemed to be a script designed to locate and interact with various files and directories related to web browsers, gaming platforms, and other applications, potentially for the purpose of data extraction. The Resurgence of ObserverStealer: Revealing the Connection Source: Cyble Upon closer examination, it became apparent that AsukaStealer bore a striking resemblance to its predecessor, ObserverStealer, which was closed by the operators on July 19, 2023.  Detailed research revealed overlapping features, operational methodologies, and even shared infrastructure between the two malware variants. This led cybersecurity experts to speculate on the involvement of the same threat actors orchestrating both campaigns, indicative of a concerted effort to continually refine and proliferate their malicious tools. The operational dynamics of AsukaStealer offered valuable insights into the modus operandi of modern cybercriminal enterprises. The malware’s promoters touted its versatility, highlighted by a plethora of customization options and seamless integration with popular browsers and messaging platforms. Moreover, the strategic utilization of anime-themed imagery, particularly referencing the character Asuka Langley Soryu from Neon Genesis Evangelion, brought back to our story of how threat actors engaged and got inspired by Japanese anime and manga. Media Disclaimer: This report was based on internal and external research obtained through various means. The information provided was for reference purposes only, and users bore full responsibility for their reliance on it. The Cyber Express assumed no liability for the accuracy or consequences of using this information.

image for Wyze Cameras Allow A ...

 Feed

About 13,000 users received camera images and feeds that weren't theirs. This cyber incident takes place only five months after the company experienced a similar issue and failed to be transparent with users about the issues it was facing.

 Malware and Vulnerabilities

A new macOS malware dubbed RustDoor, written in Rust, is being distributed disguised as a Visual Studio update. The malware provides backdoor access to compromised systems and is linked to infrastructure associated with the BlackCat ransomware gang. Researchers have shared a list of known IOCs associated with RustDoor, which includes binaries, download domains, and URLs.

 Security Products & Services

Magika outperforms conventional methods and is used to enhance user safety in Gmail, Drive, and Safe Browsing. Google emphasizes the use of AI to strengthen digital security and shift the balance in favor of defenders in cybersecurity.

 Malware and Vulnerabilities

ConnectWise has released software updates to address two critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could allow remote code execution and unauthorized access to restricted directories.

 Feed

Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly   show more ...

handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 6643-1 - Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery attacks.

 Feed

Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet   show more ...

AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

 Feed

A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.

 Feed

Ubuntu Security Notice 6642-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas   show more ...

Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

 Feed

Ubuntu Security Notice 6641-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains.

 Feed

Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2024-0862-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

 Cybersecurity News

The National Cyber Security Centre (NCSC) in the UK has issued a comprehensive blog aimed at educating individuals and organizations about safeguarding Private Branch Exchange (PBX) systems from cyber threats. PBX systems, commonly used by small organizations to manage telephone communications internally, are   show more ...

increasingly vulnerable to cyberattacks if not properly protected. PBX systems serve as private telephone networks interconnected with the internet, facilitating the management and routing of incoming and outgoing calls within an organization. Offering features such as call forwarding, voicemail, and conference calling, PBX systems enhance communication efficiency. However, their integration with the internet exposes them to potential cyber threats. Why Protecting PBX Systems Matters One significant risk highlighted by the NCSC is the potential for cybercriminals to exploit misconfigured PBX systems for fraudulent activities like ‘dial-through fraud.’ This involves rerouting calls to premium-rate overseas numbers or setting up scam lines, resulting in financial losses for the organization. Moreover, compromised PBX systems can be weaponized to conduct Denial of Service (DoS) attacks against other entities, highlighting the importance of securing PBX infrastructure. The need for securing PBX systems is highlighted by the escalating cyber threat landscape. Cyberattacks targeting communication networks, including malware incursions, data breaches, and Distributed Denial of Service (DDoS) attacks, have been on the rise globally. According to reports, these attacks could result in substantial financial losses, with estimates reaching up to US$10.5 trillion annually by 2025. Despite the potential financial implications, many organizations overlook investing in cybersecurity, leaving themselves vulnerable to exploitation by malicious actors. NCSC Guidance for Protecting PBX Systems To mitigate these risks, the NCSC emphasizes the adoption of proactive security measures outlined in their guidance. Regardless of whether the PBX system is managed internally or through a cloud-based service, organizations can enhance security by implementing robust authentication mechanisms, such as two-step verification, and enforcing the use of strong passwords for system access. Moreover, organizations are reminded of their responsibility as PBX owners to thoroughly review contractual agreements with PBX providers to mitigate financial liabilities arising from cyber incidents. Understanding the terms and conditions, especially regarding liability for misconfigurations and security breaches, is essential to avoid unexpected financial consequences. In the event of a suspected compromise, the NCSC advises organizations to promptly notify their PBX provider and financial institutions. Reporting incidents to authorities, such as Action Fraud or local law enforcement agencies, not only facilitates incident response but also aids in combating cybercrime on a broader scale. The release of this guidance highlights the NCSC’s commitment to promoting cybersecurity awareness and resilience among individuals and organizations. By equipping stakeholders with the knowledge and tools necessary to protect PBX systems, the NCSC aims to contribute to a safer online environment for all. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

In a world where cyber threats loom large and state-sponsored actors continually probe for vulnerabilities, the recent revelation of the FBI operation to neutralize a sophisticated Russian cyber espionage campaign shines a spotlight on the evolving tactics employed by adversarial entities. The intricacies of this FBI   show more ...

operation, named “Dying Ember,” offer a rich tapestry of insights into the methods utilized by both cybercriminals and law enforcement agencies in the ongoing battle for digital security. At the heart of this FBI operation lies the exploitation of over 1,000 routers by the GRU Military Unit 26165, better known as Fancy Bear or APT 28. These routers, predominantly small office/home office (SOHO) devices, served as the unsuspecting conduits for spearphishing attacks aimed at high-profile targets, including US government agencies and corporate entities. What sets this FBI operation apart is the revelation that the GRU repurposed existing criminal infrastructure, leveraging the “Moobot” malware deployed by a known cybercriminal group. This strategic move not only highlights the adaptability of state-sponsored actors but also highlights the symbiotic relationship between state and non-state cyber entities in the pursuit of malicious objectives. The Justice Department’s Response The involvement of the Justice Department, spearheaded by Attorney General Merrick B. Garland, highlights the gravity of the threat posed by Russian cyber campaigns and the concerted effort to disrupt such activities. Deputy Attorney General Lisa Monaco’s assertion of leveraging all legal authorities to combat cyber threats reflects a multifaceted approach that transcends geopolitical boundaries. It’s a recognition that in the digital age, the battle for cybersecurity demands a unified front, where international collaboration is not just advantageous but imperative. Technical Precision FBI Director Christopher Wray’s condemnation of the criminal behavior emanating from Russian intelligence services reinforces the agency’s unwavering commitment to protecting national interests and allies. “The FBI utilized its technical capabilities to disrupt Russia’s access to hundreds of routers belonging to individuals in addition to small and home offices. This type of criminal behavior is simply unacceptable, and the FBI, in coordination with our federal and international partners, will not allow for any of Russia’s services to negatively impact the American people and our allies,” said FBI Director Christopher Wray. The FBI’s technical capabilities, coupled with its collaborative ethos, have proven instrumental in dismantling cyber threats of this magnitude. Special Agent in Charge Jodi Cohen’s acknowledgment of the pivotal role played by private-sector partnerships further highlights the interconnected nature of cybersecurity, where public-private collaboration is the linchpin of success. From a technical standpoint, the operation’s execution was meticulous. The FBI, in coordination with international partners, executed a court-authorized operation that involved not only neutralizing the GRU’s access to compromised routers but also deleting stolen data and malicious files. Temporary modifications to firewall rules effectively blocked remote management access, thwarting any attempts by the GRU to interfere with the operation. However, what is particularly noteworthy is the minimal impact on router functionality, a testament to the precision engineering of the operation. The reversible nature of the disruption, facilitated through factory resets or local network access, ensures that legitimate users can regain control without significant hindrance. Yet, amidst the strategic triumph of “Dying Ember,” broader questions loom large. The revelation that the GRU relied on existing criminal infrastructure raises concerns about the blurring lines between state-sponsored and criminal cyber activities. It highlights the need for greater vigilance and collaboration, not only among law enforcement agencies but also within the cybersecurity community at large. As Assistant Attorney General Matthew G. Olsen rightly notes, the dismantling of both criminal and state-sponsored cyber infrastructure represents a significant milestone. However, it also serves as a stark reminder of the persistent and adaptive nature of cyber threats, necessitating a continuous evolution in defensive strategies. “Notably, this represents the third time since Russia’s unjustified invasion of Ukraine that the Department has stripped the Russian intelligence services of a key tool used to further the Kremlin’s acts of aggression and other malicious activities. We will continue to use our legal authorities and cutting-edge techniques, and to draw on the strength of our partnerships, to protect the public and our allies from such threats,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. Key Lessons Learned from the FBI Operation The a need for enhanced cybersecurity awareness and vigilance, particularly regarding default passwords and vulnerable router configurations. The importance of public-private partnerships in combating cyber threats, highlights the value of collaboration between government agencies and private sector entities. The imperative of continuous innovation and adaptation in defensive strategies to counter the evolving tactics of cyber adversaries. The significance of international cooperation in addressing transnational cyber threats, emphasizes the interconnected nature of cybersecurity challenges and the necessity for coordinated responses across borders. The critical role of legal authorities and court-authorized operations in disrupting cybercriminal activities, highlights the importance of adherence to legal frameworks in combating cyber threats. In conclusion, the disruption of the Fancy Bear cyber espionage operation represents a triumph of international collaboration and technological prowess. It is a testament to the resilience of democracies in the face of persistent cyber threats and a clarion call for continued vigilance and innovation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

Imagine a world where web applications seamlessly blend user experience with impenetrable security measures. It’s a vision that Alex Patterson, Developer Relations Engineer at FusionAuth, is working tirelessly to bring to life. With over a decade of experience in software development and a fervent passion for   show more ...

coaching and empowering teams, Patterson is on a mission to revolutionize the way we approach web security. As a Google Developer Expert in Firebase and AWS Community Builder in Amplify, Alex’s expertise extends far beyond conventional boundaries. His dedication to driving change and continuous improvement has earned him recognition as a thought leader in the developer community. But what truly sets Patterson apart is his unwavering commitment to education and knowledge-sharing. To delve deeper into this crucial aspect of web application, The Cyber Express had the opportunity to sit down with Alex Patterson as he brings a wealth of experience and knowledge, not only in software development but also as a proactive advocate for web security. In the enlightening conversation, Patterson shared invaluable insights and strategies for developers to fortify their applications against potential threats. Navigating the Balancing Act of User Experience and Security Patterson kicked off our discussion by shedding light on the perpetual challenge developers face: balancing seamless user experience (UX) with enhanced security measures. “The challenge with web applications is balancing seamless user experience with robust security measures,” Patterson begins, setting the stage for our discussion. “It’s like walking a tightrope; you want users to access your application easily, but you can’t compromise on security.” He emphasized how the historical approach of storing user passwords in clear text posed significant vulnerabilities, leaving systems susceptible to breaches. However, as technology advances, so do security protocols. “I’ve seen instances where developers stored passwords in clear text, leaving systems vulnerable to breaches,” he recalls. “But as technology advances, so do security protocols. It’s a constant evolution.” Patterson highlighted the transition towards more secure authentication methods such as passkeys and biometrics, which not only enhance security but also streamline the user login process. “With the rise of biometrics and passkey-first authentication models, we’re witnessing a paradigm shift in how we approach security,” Patterson notes. “It’s about finding innovative ways to authenticate users without sacrificing convenience.” Embracing Next-Generation Security Strategies When asked about recommended strategies to enhance application security, especially concerning sensitive user data, Patterson emphasized the shift toward passkey-first authentication models. “Passkey-first authentication is the way forward,” he asserts. “It not only simplifies the login process for users but also enhances security by leaps and bounds.” This approach, adopted by tech giants like Amazon and Google, minimizes complexity for users while bolstering security. Additionally, he highlighted the efficacy of techniques like magic links and advanced threat detection systems in thwarting malicious activities. “Magic links are another powerful tool in the developer’s arsenal,” Patterson continues. “They provide a secure way for users to access their accounts without relying on traditional passwords.” Streamlining Development with Authentication Solutions One key takeaway from our conversation was the importance of leveraging specialized authentication solutions like Fusion Auth. Patterson underscored the significance of offloading security concerns to expert platforms, allowing developers to focus on innovation rather than reinventing the security wheel. With Fusion Auth’s robust APIs and seamless integration capabilities, developers can ensure their applications adhere to the highest security standards without compromising on user experience. “These platforms offload security concerns, allowing developers to focus on innovation,” he explains. “With Fusion Auth’s robust APIs and seamless integration capabilities, developers can ensure their applications adhere to the highest security standards.” Harnessing the Power of Open Source Collaboration While discussing the role of open-source software in fortifying application security, Patterson emphasized the value of community collaboration. He highlighted the importance of robust review processes and shared responsibility in maintaining the integrity of open-source projects. “Open-source projects thrive on collective expertise,” he remarks. “By pooling resources and knowledge, developers can create robust solutions that benefit the entire community.” By harnessing collective expertise and vigilance, developers can leverage open-source solutions effectively while mitigating potential security risks. Addressing Emerging Challenges in IoT Security The conversation extended to the realm of IoT security, where Patterson acknowledged the unique challenges posed by interconnected devices. He emphasized the need for stringent encryption protocols and access controls to safeguard IoT ecosystems from potential exploits. “Encryption and access controls are crucial in safeguarding IoT ecosystems,” he advises. “By adopting proactive security measures, developers can mitigate potential exploits and protect sensitive data.” By adopting proactive security measures and staying abreast of emerging threats, developers can navigate the complexities of IoT security with confidence. Empowering Developers through Education and Awareness As a passionate educator and advocate for cybersecurity best practices, Alex Patterson emphasized the importance of knowledge-sharing and ongoing education within the developer community. Through platforms like his podcast and community meetups, Patterson endeavors to equip developers, especially novices, with the tools and insights needed to prioritize security from the outset of their projects. “By equipping developers with the tools and insights needed to prioritize security, we can build a more resilient digital infrastructure,” highlights Patterson . Looking Ahead: The Role of Emerging Technologies In closing, Patterson offered a glimpse into the future of cybersecurity, highlighting promising technologies such as Firebase’s App Check and advanced threat detection systems. By integrating these cutting-edge solutions into their development workflows, developers can stay one step ahead of cyber threats and ensure the resilience of their applications. Alex Patterson’s Final Thoughts Our conversation with Alex Patterson highlighted the critical importance of embedding enhanced security measures into every stage of the development lifecycle. By embracing innovative authentication solutions, fostering open-source collaboration, and staying informed about emerging threats, developers can build resilient, secure, and user-friendly applications that inspire trust and confidence in an increasingly interconnected digital world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran

 Feed

An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's .onion website displays a seizure banner containing the message "

 Feed

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in&

 Feed

The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not

 Feed

Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively,

 Feed

North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS), the agencies said the goal of the attacks is to plunder advanced defense technologies in a "

 Feed

The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a

 Feed

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an

 Feed

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities, which currently lack CVE identifiers, are listed below - Authentication bypass using an alternate path or channel (CVSS score: 10.0) Improper limitation of

 Feed

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated

 0 - CT - SOC - CSIRT Operations - DFIR -

Cyber threat actors are aware of—and deliberately target—single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors. There are many aspects of the large and complex WWS Sector   show more ...

that pose challenges to raising cyber resilience sector wide: […] La entrada Incident Response Guide Water and Wastewater Sector se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

This report analyses the decisions adopted by Supervisory Authorities (SAS) pursuant to Article 60 GDPR under the One Stop Shop mechanism in the field of security of personal data processing and personal data breaches. The dataset was extracted from the register of final one stop shop decisions made publicly   show more ...

available online by the European Data […] La entrada Security of Processing and Data Breach Notification se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Risk & Compli

Monitoring and controlling cybersecurity risks in the supply chain can be described as challenging at the very least. How does one do it? Products and services are brought into the Netherlands from all over the world, after all. Such an international network comes with opportunities as well as risks. The NCSC   show more ...

recently opened a dialogue […] La entrada Dealing with risks in the supply chain se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Information S

The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, is issuing an update to the October 2018 Cybersecurity Resource Guide for Financial Institutions. The programs and tools in the guide are designed for, or otherwise available to, financial institutions. The purpose of this guide   show more ...

is to help financial institutions meet their security […] La entrada Cybersecurity Resource Guide for Financial Institutions se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - Cl

Interview Guide We can see a significant change in how businesses and organizations work, and the introduction of cloud and cloud computing platforms have been a major driving force behind this growth. Most businesses today are using or are planning to use cloud computing for many of their operations, which   show more ...

consequently has led to a […] La entrada Amazon web services se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Vulner

Hello! Pentesters, this article is about a brute forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent tool to perform brute force attack, it provides various other options which can make your attack more intense and easier to gain unauthorised access to   show more ...

system remotely. In this […] La entrada A DETAILED GUIDE ON se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

For ethical hackers and forensic investigators The document provides a comprehensive list of free security tools tailored for ethical hackers and forensic investigators. It includes a wide range of tools such as Autopsy, Wireshark, Cellebrite UFED, Forensics (DFF), Magnet AXIOM, Kali Linux, and the Volatility   show more ...

Framework. These tools cater to various aspects of digital forensics, […] La entrada 100 Free Security Tools se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - IA

In an era where artificial intelligence and natural language processing (NLP) are not just buzzwords but integral components of our digital landscape, this eBook serves as a comprehensive guide to understanding and utilizing ChatGPT, a leading-edge NLP model. The evolving landscape of AI-driven communication has   show more ...

opened new frontiers in tech and data strategies, making it […] La entrada GENERATIVE AI FOR CYBERSECURITY se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Malwar

XLoader, an advanced evolution of the FormBook malware, stands out as a highly sophisticated cyber threat renowned for its dual functionality as an information stealer and a versatile downloader for malicious payloads. Noteworthy for its resilient nature, xLoader constantly adapts to the latest and most intricate   show more ...

evasion techniques, making it a formidable challenge for cybersecurity […] La entrada Layers of Deception: Analyzing the Complex Stages of XLoader Malware Evolution se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 A British law enforcement agency is leading an ongoing operation to disrupt prolific ransomware collective Lockbit. The National Crime Agency (NCA) teamed up with the FBI, Europol and others on “Operation Cronos,” according to a message displayed on   show more ...

Lockbit’s leak site. According to screenshots posted on X (formerly Twitter), the […] La entrada Lockbit Infrastructure Disrupted by Global Law Enforcers – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Social Engine

The document provides essential information and guidance on identifying and handling phishing and sextortion scams, commonly used by cybercriminals to exploit individuals through deceptive emails. It highlights key indicators of fraudulent emails, such as generic greetings, poor grammar, urgent language, and threats   show more ...

designed to instill fear and urgency in victims. Additionally, it emphasizes the importance […] La entrada Sextortion Scams – Know it all se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Information S

The introductory course for those who want to explore the world of cybersecurity. The document delves into the realm of cybersecurity, exploring the critical need for safeguarding personal and organizational data in an increasingly interconnected digital landscape. Chapter 1, “The Need for Cybersecurity,”   show more ...

elucidates the essence of cybersecurity and the escalating demand for skilled professionals […] La entrada Introduction to Cybersecurity se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: John Klossner, Cartoonist 1 Min Read Feeling a bit vulnerable lately? Come up with a clever cybersecurity-related caption to describe the scene above, and our favorite will win a $25 Amazon gift card. Here are four convenient ways to submit your ideas before the March 18,   show more ...

2024, deadline: Via social media: […] La entrada Name That Toon: Keys to the Kingdom – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: mundissima via Shutterstock A researcher at Swedish telecom and cybersecurity firm Enea has unearthed a previously unknown tactic that Israel’s NSO Group has made available for use in campaigns to drop its notorious Pegasus   show more ...

mobile spyware tool on mobile devices belonging to targeted individuals worldwide. The […] La entrada NSO Group Adds ‘MMS Fingerprinting’ Zero-Click Attack to Spyware Arsenal – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Android malware

Source: securityboulevard.com – Author: Wajahat Raja Cybersecurity threat experts have recently discovered a new variant of the malware named XLoader, commonly known as MoqHao, that has the ability to automatically infect devices without any user interaction. Being termed the MoqHao evolution, this is a new   show more ...

version of the infamous android malware that has been long […] La entrada MoqHao Evolution Poses Immense Threat to Android Users – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Nisos Nisos The Digital Services Act is Here. Nisos Can Help! As of February 17, 2024, the European Union’s Digital Services Act (DSA) is in full effect. Don’t panic! Nisos is here to help. Since August 2023, the DSA has only applied to very large online platforms and   show more ...

search engines (VLOPs) […] La entrada The Digital Services Act is Here. Nisos Can Help! – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Customers

Source: securityboulevard.com – Author: LogRhythm Titanium stands as the information security division of Pakistan’s leading ISP Cybernet. Established in 1996, Cybernet is a part of the Lakson Group of Companies, specialising in connectivity solutions for enterprise and SMEs. Over the years, the company has   show more ...

expanded into diverse technology services including nation’s enterprise cloud service provider […] La entrada Titanium and LogRhythm: Elevating Visibility into Cybersecurity Risks in Pakistan – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Jeffrey Burt Buried among the piles of legal documents that form WhatsApp’s five-year-old lawsuit against NSO Group is a line in a contract that exposes a mobile network attack dubbed “MMS Fingerprint,” a tactic for infecting mobile devices that was used by NSO. The   show more ...

technique was unearthed by a researcher at […] La entrada NSO Group and Its ‘MMS Fingerprint’ Attack – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Malwar

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free by clicking on the following link: Register for a free membership in CISO2CISO.COM Thank you so much. CISO2CISO Support Team. Username   show more ...

or E-mail […] La entrada The Scourge of Ransomware se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free by clicking on the following link: Register for a free membership in CISO2CISO.COM Thank you so much. CISO2CISO Support Team. La entrada   show more ...

Overview of CyberSecurity Obligations for Corporate Leaders se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - DFIR -

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free by clicking on the following link: Register for a free membership in CISO2CISO.COM Thank you so much. CISO2CISO Support Team. La entrada Memory analysis for fun and profit se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories.  This trend encompasses a wide array of malicious activities, including hosting command-and-control (C2) infrastructure,   show more ...

storing stolen data and disseminating various forms of malware.  In a recent discovery, ReversingLabs reverse engineer Karlo Zanki uncovered two […] La entrada New Typosquatting and Repojacking Tactics Uncovered on PyPI – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Security researchers have uncovered a sophisticated malware campaign targeting Redis, a popular data store system. This campaign, dubbed “Migo,” employs novel tactics to compromise Redis servers, with the ultimate goal of mining cryptocurrency on Linux hosts.   show more ...

In particular, Cado Security Labs researchers observed that Migo utilizes new Redis system weakening […] La entrada Linux Malware Campaign “Migo” Targets Redis For Cryptomining – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Operation Cronos, the global law enforcement operation that took down LockBit, one of the world’s most harmful ransomware groups, is a major breakthrough in the fight against cybercrime. The operation, announced on February 20, was led by the UK’s National   show more ...

Crime Agency (NCA) and the FBI. Key Takeaways from the […] La entrada LockBit Takedown: What You Need to Know about Operation Cronos – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Top UK universities have had their services impacted by a DDoS attack, which has been claimed by the Anonymous Sudan hacktivist group. The University of Cambridge’s Clinical School Computing Service revealed the incident in a post on its X (formerly Twitter)   show more ...

account on February 19, stating that internet access will […] La entrada Top UK Universities Recovering Following Targeted DDoS Attack – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Initial ransomware demands reached a median of $600,000 in 2023, a 20% rise on the previous year, according to a new report by Arctic Wolf. Several industries – energy & natural resources, retail and legal & government – received median demands of   show more ...

$1m or more per incident. The research highlighted […] La entrada Initial Ransomware Demands Jump 20% to $600,000 in 2023 – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 A former council worker has been cautioned by police after admitting taking tens of thousands of residents’ emails from a database in order to promote a business, it has been revealed. The data breach took place in November last year when 79,000 email   show more ...

addresses were copied from a garden waste […] La entrada Insider Steals 80,000 Email Addresses From District Councils – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini More details about Operation Cronos that disrupted Lockbit operation Pierluigi Paganini February 20, 2024 Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation.   show more ...

Yesterday, a joint law enforcement action, code-named Operation Cronos, conducted by law enforcement agencies from […] La entrada More details about Operation Cronos that disrupted Lockbit operation – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Tuesday, February 20
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril