Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Russian Authorities ...

 Firewall Daily

Russian authorities have detained a hacker named Aleksandr Ermakov, believed to be behind the notorious SugarLocker ransomware attacks, which have targeted organizations worldwide, including Australia’s Medibank. The SugarLocker member arrest comes as a large blow to the cybercriminal group responsible for the   show more ...

sophisticated ransomware operations. Ermakov’s apprehension follows extensive collaboration between Russian law enforcement and cybersecurity experts FACCT. The organization develops cybersecurity tech, offers solutions for cybercrime, fraud detection, research, and IP protection in Russia. Together, they successfully identified and captured members of the SugarLocker ransomware group, disrupting their activities. Russian Law Enforcement and SugarLocker Member Arrest Investigators in the SugarLocker member arrest found crucial evidence pointing to the gang’s operations, including an error in the configuration of a web server hosting SugarLocker’s control panel. This oversight inadvertently exposed the identities of the SugarLocker ransomware group, leading to their eventual arrest. Source: Dark Web Moreover, in January 2024, three members of the SugarLocker ransomware group were apprehended by Russian law enforcement officers, aided by specialists from the FACCT company. During the operation, authorities seized laptops, mobile phones, and digital evidence linking the suspects to illegal cyber activities. Among those detained was an individual known by aliases such as blade_runner, GistaveDore, and JimJones. The arrested individuals have been formally charged under Article 273 of the Russian Federation’s Criminal Code for the creation, use, and distribution of malicious computer programs. An ongoing investigation seeks to uncover further details about the group’s operations and potential accomplices. According to the press release by FACCT on February 21, 2024, the collaboration between the Russian Ministry of Internal Affairs and FACCT resulted in the dismantling of the SugarLocker ransomware group. The cybercriminals had operated under the guise of a legitimate IT company, offering services for website development and online applications. Who is the SugarLocker Ransomware Group? The SugarLocker ransomware, also known as Encoded01, first emerged in early 2021 but remained relatively dormant until later that year. The group gained notoriety after initiating an affiliate program on the dark web, recruiting partners to propagate their ransomware attacks. The program offered lucrative profit-sharing arrangements, enticing individuals to join their criminal enterprise. The ransomware operated using a Ransomware-as-a-Service (RaaS) model, providing partners with the tools and infrastructure necessary to execute attacks. The group’s modus operandi involved targeting networks and exploiting vulnerabilities, with specific instructions to avoid targeting Commonwealth of Independent States (CIS) countries except for the Baltic States and Poland. Detailed analysis of SugarLocker revealed its sophisticated encryption algorithms and customizable settings, distinguishing it from other ransomware variants. The group continuously updated their malware, indicating intentions to escalate their operations upon recruiting sufficient partners. Despite efforts to conceal their activities, investigations by cybersecurity experts uncovered crucial details about SugarLocker’s operations. The group’s infrastructure, hosted on Russian servers, inadvertently exposed vulnerabilities that led to their eventual downfall. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for NSA Cyber Director R ...

 Firewall Daily

NSA veteran Rob Joyce retires from the post of director, scheduled for the end of March, marking the culmination of a distinguished 34-year career within the agency. Joyce, who served as the director of cybersecurity, will be succeeded by David Luber, the current Deputy Director of the Cybersecurity Directorate.   show more ...

During his tenure, Joyce held various key positions within the NSA, including a notable stint as the director of the Cybersecurity Directorate commencing in 2021. Additionally, he contributed significantly to the National Security Council, showcasing his expertise and dedication to national security throughout his service. NSA Veteran Rob Joyce Retires Reflecting on his departure, Joyce expressed gratitude for the opportunity to lead the nation’s cybersecurity efforts, stating, “It has been a privilege to lead the nation’s most talented and dedicated team of cybersecurity professionals. Making a difference in the security of the nation is truly an honor.” Source: National Security Agency Joyce’s retirement coincides with a period of notable achievements in U.S. cybersecurity, highlighted by recent efforts to combat cyber threats. Shortly before his announcement, a global coalition, including U.S. law enforcement partners, successfully dismantled the infrastructure of LockBit, one of the most prolific ransomware groups in operation. Throughout his career, Joyce remained actively engaged with industry stakeholders, frequently participating as a speaker at prestigious conferences like the RSA Conference. His approachable demeanor extended to social media platforms, where he maintained a presence characterized by light-hearted engagement, particularly on X, formerly known as Twitter. David Luber Appointed as the Director Joyce’s appointment to the role of director followed the Biden administration’s decision to assign Anne Neuberger, the NSA’s inaugural cybersecurity director, to the position of deputy national security advisor for cyber and emerging technologies in January 2021. Source: National Institute of Standards and Technology With Joyce’s retirement, David Luber steps into the role of director, bringing with him over three decades of experience in cybersecurity, cyber operations, and intelligence. Luber’s extensive background, including his previous position as the Executive Director for U.S. Cyber Command, positions him well to continue the agency’s mission of safeguarding national security in the ever-evolving digital landscape. Joyce’s departure marks the latest change in the Biden administration’s roster of high-ranking cyber officials, following the confirmations of Harry Coker Jr. as national cyber director and Gen. Timothy Haugh as the commander of both U.S. Cyber Command and the NSA. As Joyce embarks on the next chapter of his journey, the NSA expresses gratitude for his invaluable contributions and wishes him well in his future endeavors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for VMware Highlights Cr ...

 Firewall Daily

In a recent security advisory, VMware has urgently recommended the removal of the enhanced authentication plug-in (EAP) due to the discovery of critical vulnerabilities named CVE-2024-22245 and CVE-2024-22250. The deprecated EAP, which provided Windows authentication and Windows-based smart card support for VSphere,   show more ...

has been identified as carrying two vulnerabilities, one of which is deemed critical. The decision to deprecate EAP was made by VMware in March 2021, and users are now advised to disable it immediately. The critical vulnerability, identified as CVE-2024-22245 with a CVSS score of 9.6, poses a risk to the users.   Decoding CVE-2024-22245 and CVE-2024-22250 Vulnerability The CVE-2024-22245 has been categorized as an arbitrary authentication relay bug, which could potentially enable a malicious actor to deceive a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). Source: NIST Additionally, the second vulnerability, labeled as CVE-2024-22250 and scoring 7.8 on the CVSS scale, has been identified as a session hijack vulnerability. This vulnerability, however, can only be exploited by a local attacker with unprivileged local access to a Windows operating system. Source: NIST According to VMware’s advisory, a malicious actor with such access can hijack a privileged EAP session initiated by a privileged domain user on the same system. These critical vulnerabilities were discovered and reported by Ceri Coburn from Pen Test Partners, highlighting the importance of the best cybersecurity practices and continuous monitoring for potential threats. VMware Advisory on the Vulnerabilities VMware has clarified that EAP will not be patched due to inherent risks associated with its use. Organizations opting to continue using EAP would have to bypass crucial security features in their modern web browsers, a practice that is strongly discouraged. In light of these vulnerabilities, users are encouraged to explore alternative authentication methods, including connecting to Active Directory over LDAPS, Active Directory Federation Services, Okta, and Microsoft Entra ID. Both CVE-2024-22245 and CVE-2024-22250 threatens the security of individuals and highlights the critical importance of promptly addressing security vulnerabilities to mitigate potential risks. For further information and guidance, users can refer to the National Vulnerability Database (NVD) and VMware’s official security advisories. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Episode 256: Recursi ...

 artificial intelligence

Paul speaks with Gary McGraw of the Berryville Institute of Machine Learning (BIML), about the risks facing large language model machine learning and artificial intelligence, and how organizations looking to leverage artificial intelligence and LLMs can insulate themselves from those risks. The post Episode 256:   show more ...

Recursive Pollution? Data...Read the whole entry... » Click the icon below to listen. Related StoriesBitCoins To Bombs: North Korea Funds Military With Billions In Stolen CryptocurrencyChina Calls Out U.S. For Hacking. The Proof? TBD!Episode 254: Dennis Giese’s Revolutionary Robot Vacuum Liberation Movement

 Malware and Vulnerabilities

Iranian-origin threat group Charming Kitten has launched an espionage campaign targeting Middle East policy experts using malware such as BASICSTAR and KORKULOADER, capable of executing remote commands and displaying decoy PDF files. Some phishing attacks dropped customized backdoors, POWERLESS for Windows and NokNok for macOS, based on the victim's operating system.

 Breaches and Incidents

The company mainly works for the Ministry of Public Security, focusing on domestic security interests. The leaked documents show the use of hacking tools such as Winnti backdoor and PlugX remote access Trojan.

 Trends, Reports, Analysis

Security researchers have identified a rising trend of cryptocurrency counterfeiting targeting Fortune 100 companies, involving the creation of tokens impersonating major brands, government bodies, and national fiat currencies.

 Feed

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.

 Feed

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.

 Feed

Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the   show more ...

Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the   show more ...

Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported   show more ...

versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.

 Feed

Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a   show more ...

user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.

 Feed

This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they   show more ...

then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.

 Feed

Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

 Firewall Daily

Choosing the right SOC as a Service (SOCaaS) is crucial for businesses aiming to strengthen their cyber defenses. This decision impacts not only the immediate safety posture but also the long-term resilience against threats. However, with numerous providers in the market, picking the most suitable one requires careful   show more ...

contemplation. This blog post provides tips on selecting a SOCaaS provider. From assessing the vendor’s ability to identify threats to manage them and whether they deliver 24/7 monitoring, we provide the necessary information you need to pick a good company.  What is SOCaaS? SOCaaS is a cloud-based subscription model offering managed threat detection and response, essentially serving as a customer’s complete security operations centre. The reason for this service is born out of the need for businesses to detect, prevent, or remediate cyber attacks cost-effectively without having to build an in-house team. In addition, it can function as the organization’s strategic console when a company, perhaps in its startup or mid-stage, lacks the resources to adequately secure its network. Through this offering, the firm can monitor security alerts, guard against cyber attacks, and enhance its overall safety stance. Tips for Selecting a SOCaaS Provider Choosing a reliable SOCaaS is essential for bolstering cybersecurity efforts. It demands a thorough analysis to ensure the chosen service aligns with your objectives and operational needs. Consider the Vendor’s Ability to Identify Threats Selecting a team with a proven track record in effective threat detection is essential for the safety of your organization. It is best to choose an agency with the ability to identify and mitigate risks before they escalate into serious incidents. This process involves more than just the application of advanced technology but also a deep understanding of the latest trends. Some common hazards include malicious activities such as ransomware, distributed denial of service (DDoS), theft of credentials, and zero-day exploits, among others. A trusted provider will enhance your security with strategic threat intelligence, ensuring vulnerabilities are detected promptly. Assess How They Manage Vulnerabilities  Another thing to consider is the ability to manage vulnerabilities. A proficient SOCaaS should not only identify the root cause of issues but also effectively contain attackers, remediate susceptibilities, and restore systems to normal operation. Crucially, inquire about the incident response procedures and processes to understand how they will coordinate with your internal team during a security incident. This coordination ensures a seamless response to threats, minimizing potential damage and downtime.  Ask If They Provide 24/7 Monitoring  Continuous monitoring is the cornerstone of any SOCaaS. That is why it’s essential to inquire about a vendor’s 24/7 monitoring capabilities. Determine if they operate SOC globally, which can offer a significant advantage in ensuring round-the-clock vigilance. Additionally, question how they guarantee their analysts maintain continuous “eyes on the glass” for your organization. This level of dedication is critical for identifying and responding to risks in real-time and for providing an essential layer of defense. Check If the Vendor’s Data Centre is Safe It is essential to ensure that the provider’s data center is fortified with stringent physical and safety protocols to safeguard your sensitive data from breaches. Investigate compliance with international security standards, such as ISO/IEC 27001, and inquire about their data encryption practices, firewall implementation, and intrusion detection systems. Additionally, assess their resilience to potential physical threats by examining their access control measures, surveillance systems, and disaster recovery plans. Consider How Easy It is to Collaborate  When choosing a vendor, ensure its dashboard offers timely alerts, immediate access to reports, and clear remediation steps. The dashboard must support direct collaboration between the SOC team and your business, enabling seamless communication and swift action. This feature is vital for efficient threat resolution, streamlining operations, and bolstering your defense mechanisms. Scalability A suitable SOCaaS should offer flexible services that can scale up seamlessly as your organization expands or as your security requirements evolve. Inquire about the agency’s ability to handle anticipated growth or unexpected spikes in demand. This adaptability is crucial for maintaining robust safety measures without the need for frequent provider changes, thereby ensuring continuity and efficiency in your defense strategy. Conclusion  Selecting a SOCaaS is a pivotal decision that demands thorough scrutiny. It’s essential to weigh the provider’s ability to detect and manage threats, scalability, and compliance adherence. A well-chosen SOCaaS can significantly bolster your organization’s defence, offering peace of mind through enhanced monitoring and rapid incident response. By prioritizing these critical considerations, you can forge a partnership that not only safeguards your digital assets but also aligns with your business objectives. Remember, the right provider is an ally in navigating the complex cybersecurity landscape. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

 Feed

Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to Russia-aligned threat actors by Slovak cybersecurity company ESET, which also identified a spear-phishing campaign aimed at a Ukrainian defense company in October 2023 and a European Union agency in November 2023

 Feed

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying

 Feed

On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack, and in that moment, the real-world repercussions came to light—it wasn’t just computer networks that were brought to a halt, but actual patient

 Feed

Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The malware is “notable for its ability to automatically filter out Facebook session cookies and credentials stolen from compromised devices, and assess whether these accounts manage business profiles and if they maintain a positive Meta ad credit

 Feed

End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. “If you use Signal, your phone number will no longer be visible to everyone you chat with by default,” Signal’s Randall Sarafa said. “People who have your number saved in their

 Feed

The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu

 Feed

With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can’t possibly become experts in the nuances of the native

 Feed

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a

 CISO

Source: www.cybertalk.org – Author: slandau By Deryck Mitchelson, Field CISO EMEA, Check Point The disparity in cyber defense budgets is significantly contributing to a deteriorating security landscape. A vast chasm exists between nations and businesses that have the financial power to implement advanced cyber   show more ...

security technologies and those that do not. As a result, when […] La entrada Cyber inequality crisis is weakening our global defences – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Computing

Source: www.theguardian.com – Author: Guardian Staff The long read (Power grab: the hidden costs of Ireland’s datacentre boom, 15 February) highlights the enormous cost in terms of energy consumption and carbon emissions of our collective love affair with the seemingly free ability to send emails, text and   show more ...

WhatsApp messages every minute of the day. There […] La entrada A penny per email could curb our enormous data use | Letters – Source: www.theguardian.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 business

Source: www.theguardian.com – Author: Alex Hern The entire “command and control” apparatus for the ransomware group LockBit is now in possession of law enforcement, the UK’s National Crime Agency has revealed, after it emerged that it had seized the criminal gang’s website in a coordinated international   show more ...

operation. The flood of data hacked back from the […] La entrada Seized ransomware network LockBit rewired to expose hackers to world – Source: www.theguardian.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 All

Source: securityboulevard.com – Author: Lauren Blanc, Marketing Manager, Scytale Picture this: June 2020, the year our lives moved online. Quebec’s provincial government introduces Bill 64, a response to the privacy regulations evolving worldwide to address data protection in the digital age. Fast forward to   show more ...

September 2021, and voila – Bill 64 transforms into Quebec Law […] La entrada Quebec Law 25: All You Need to Know – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISO Suite

Source: securityboulevard.com – Author: Matt Palmer How Boards can clear the path for effective cyber risk management. You don’t have to be an expert to ask the right questions. In just a few years, cyber has transformed from the nerd in the corner into the Kim Kardashian of risk. Everyone, it seems, has an   show more ...

opinion […] La entrada 10 steps to effective board leadership on cyber security – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Case Studies

Source: securityboulevard.com – Author: Kasada Executive Summary True Alliance, a retailer and distributor of premium brands, faced an increasing number of automated threats and bot attacks that jeopardized its resilience and led to slow site speeds and outages. These disruptions caused customers to abandon   show more ...

their carts and impacted business revenue. To improve the security of […] La entrada True Alliance Mitigates Online Retail Bot Threats and Improves Website Uptime by 99% with Kasada and AWS – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: richard-r.stewart@thalesgroup.com How to protect your machinelearning Models richard-r.stew… Tue, 02/20/2024 – 21:50 Dr. Werner Dondl and Michael Zunke In computer technology, few fields have garnered as much attention as artificial intelligence (AI) and machine   show more ...

learning (ML). This discipline – sitting at the intersection of computer science and data analysis – has […] La entrada How to protect your machinelearning Models – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Analytics & Intelligence

Source: securityboulevard.com – Author: Michael Vizard Menlo Security today unfurled a software-as-a-service (SaaS) platform that makes it simpler to centrally apply and manage cybersecurity policies to secure instances of Google Chrome or Microsoft Edge browsers. Andrew Harding, vice president of security   show more ...

strategy for Menlo Security, said the Secure Enterprise Browser platform provides organizations with the […] La entrada Menlo Security Adds SaaS Platform to Manage Secure Browsers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Avast Blog Last week, Charlotte Cowles—a seasoned journalist with a notable tenure at the New York Times and a seven-year streak of writing a personal finance column at The Cut—published a piece about how she’d fallen for a wild scam. It began innocently enough: a   show more ...

phone call from someone claiming to […] La entrada Here are all the red flags Charlotte Cowles missed in that viral NY Mag article – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Jeffrey Burt The European Commission is once again turning its attention to TikTok, announcing a wide-ranging investigation into the China-based social media site over concerns about the addictive nature of its site and content, possible harm to minors, and data privacy.   show more ...

The probe will determine whether TikTok is in violation of […] La entrada EU Opens Official Probe of TikTok Over Content, Minors, Privacy – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog Posts

Source: securityboulevard.com – Author: Hyperproof Team In enterprise risk management (ERM), the “R” in Governance, Risk, and Compliance often commands the spotlight. However, organizations must assign equal importance to all three components. So, how do you maintain a delicate equilibrium? Let’s shed   show more ...

light on how enterprise risk management solutions can be your guiding light in […] La entrada Enterprise Risk Management Solutions: Giving Equal Weight to Governance, Risk, and Compliance – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Team Nuspire Zoom, the widely used video conferencing platform, has recently patched a series of vulnerabilities in its desktop and mobile applications, including a critical flaw in its Windows software. Here’s a detailed look at the situation, the   show more ...

actions taken by Zoom, and recommendations for users and organizations to enhance their security posture.  Tell me more about the Zoom vulnerabilities  Zoom has identified seven vulnerabilities across […] La entrada Zoom Announces Critical Vulnerability for Desktop Application – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Best Practices

Source: securityboulevard.com – Author: bacohido AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.   show more ...

Related: The security case for AR, VR AI chatbots use natural language processing, which enables […] La entrada GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced   show more ...

Authentication Plug-in (EAP) enables seamless login to vSphere’s management interfaces via integrated Windows Authentication and Windows-based smart card […] La entrada VMware urges admins to remove deprecated, vulnerable auth plug-in – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A team of academic researchers show that a new set of attacks called ‘VoltSchemer’ can inject voice commands to manipulate a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can   show more ...

also be used to cause physical damage to the mobile device and to heat items […] La entrada VoltSchemer attacks use wireless chargers to inject voice commands, fry phones – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called ‘Migo’ to mine for cryptocurrency. Redis (Remote Dictionary Server) is an in-memory data structure store used as a database, cache,   show more ...

and message broker known for its high performance, serving thousands […] La entrada New Migo malware disables protection features on Redis servers – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. This is part of a beta rollout that follows a public test phase in a staging environment separate   show more ...

from the stable Signal messaging service announced in November. “We’re […] La entrada Signal rolls out usernames that let you hide your phone number – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. Knight ransomware launched at the end of July 2023 as a re-brand of the Cyclops   show more ...

operation, targeting Windows, macOS, […] La entrada Knight ransomware source code for sale after leak site shuts down – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sponsored by Flare How do ransomware groups pick their targets? It’s a rhetorical question: in the vast majority of cases they don’t. Ransomware-as-a-service (RaaS) platforms and ransomware affiliate ecosystems do not operate alone, but instead, they rely on a   show more ...

sophisticated cybercrime supply chain that enables access to corporate IT environments. Ransomware […] La entrada Ransomware Groups, Targeting Preferences, and the Access Economy – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. The company operates at a global   show more ...

level with a staff of more than 2,000 and specializes in software […] La entrada Critical infrastructure software maker confirms ransomware attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Update February 20, 07:21 EST: Article updated with further details on the operation. Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized   show more ...

over 200 crypto-wallets after hacking the cybercrime gang’s servers in an international […] La entrada Police arrest LockBit ransomware members, release decryptor in global crackdown – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Wednesday, February 21
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril