Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for FBI’s LockBit Take ...

 Ne'er-Do-Well News

The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom.   show more ...

LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials. A new LockBit website listing a countdown timer until the promised release of data stolen from Fulton County, Ga. In early February, Fulton County leaders acknowledged they were responding to an intrusion that caused disruptions for its phone, email and billing systems, as well as a range of county services, including court systems. On Feb. 13, the LockBit ransomware group posted on its victim shaming blog a new entry for Fulton County, featuring a countdown timer saying the group would publish the data on Feb. 16 unless county leaders agreed to negotiate a ransom. “We will demonstrate how local structures negligently handled information protection,” LockBit warned. “We will reveal lists of individuals responsible for confidentiality. Documents marked as confidential will be made publicly available. We will show documents related to access to the state citizens’ personal data. We aim to give maximum publicity to this situation; the documents will be of interest to many. Conscientious residents will bring order.” Yet on Feb. 16, the entry for Fulton County was removed from LockBit’s site without explanation. This usually only happens after the victim in question agrees to pay a ransom demand and/or enters into negotiations with their extortionists. However, Fulton County Commission Chairman Robb Pitts said the board decided it “could not in good conscience use Fulton County taxpayer funds to make a payment.” “We did not pay nor did anyone pay on our behalf,” Pitts said at an incident briefing on Feb. 20. Just hours before that press conference, LockBit’s various websites were seized by the FBI and the U.K.’s National Crime Agency (NCA), which replaced the ransomware group’s homepage with a seizure notice and used the existing design of LockBit’s victim shaming blog to publish press releases about the law enforcement action. The feds used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools. Dubbed “Operation Cronos,” the effort involved the seizure of nearly three-dozen servers; the arrest of two alleged LockBit members; the release of a free LockBit decryption tool; and the freezing of more than 200 cryptocurrency accounts thought to be tied to the gang’s activities. The government says LockBit has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. UNFOLDING DISASTER In a lengthy, rambling letter published on Feb. 24 and addressed to the FBI, the ransomware group’s leader LockBitSupp announced that their victim shaming websites were once again operational on the dark web, with fresh countdown timers for Fulton County and a half-dozen other recent victims. “The FBI decided to hack now for one reason only, because they didn’t want to leak information fultoncountyga.gov,” LockBitSupp wrote. “The stolen documents contain a lot of interesting things and Donald Trump’s court cases that could affect the upcoming US election.” A screen shot released by LockBit showing various Fulton County file shares that were exposed. LockBit has already released roughly two dozen files allegedly stolen from Fulton County government systems, although none of them involve Mr. Trump’s criminal trial. But the documents do appear to include court records that are sealed and shielded from public viewing. George Chidi writes The Atlanta Objective, a Substack publication on crime in Georgia’s capital city. Chidi says the leaked data so far includes a sealed record related to a child abuse case, and a sealed motion in the murder trial of Juwuan Gaston demanding the state turn over confidential informant identities. Chidi cites reports from a Fulton County employee who said the confidential material includes the identities of jurors serving on the trial of the rapper Jeffery “Young Thug” Williams, who is charged along with five other defendants in a racketeering and gang conspiracy. “The screenshots suggest that hackers will be able to give any attorney defending a criminal case in the county a starting place to argue that evidence has been tainted or witnesses intimidated, and that the release of confidential information has compromised cases,” Chidi wrote. “Judge Ural Glanville has, I am told by staff, been working feverishly behind the scenes over the last two weeks to manage the unfolding disaster.” LockBitSupp also denied assertions made by the U.K.’s NCA that LockBit did not delete stolen data as promised when victims agreed to pay a ransom. The accusation is an explosive one because nobody will pay a ransom if they don’t believe the ransomware group will hold up its end of the bargain. The ransomware group leader also confirmed information first reported here last week, that federal investigators managed to hack LockBit by exploiting a known vulnerability in PHP, a scripting language that is widely used in Web development. “Due to my personal negligence and irresponsibility I relaxed and did not update PHP in time,” LockBitSupp wrote. “As a result of which access was gained to the two main servers where this version of PHP was installed.” LockBitSupp’s FBI letter said the group kept copies of its stolen victim data on servers that did not use PHP, and that consequently it was able to retain copies of files stolen from victims. The letter also listed links to multiple new instances of LockBit dark net websites, including the leak page listing Fulton County’s new countdown timer. LockBit’s new data leak site promises to release stolen Fulton County data on March 2, 2024, unless paid a ransom demand. “Even after the FBI hack, the stolen data will be published on the blog, there is no chance of destroying the stolen data without payment,” LockBitSupp wrote. “All FBI actions are aimed at destroying the reputation of my affiliate program, my demoralization, they want me to leave and quit my job, they want to scare me because they can not find and eliminate me, I can not be stopped, you can not even hope, as long as I am alive I will continue to do pentest with postpaid.” DOX DODGING In January 2024, LockBitSupp told XSS forum members he was disappointed the FBI hadn’t offered a reward for his doxing and/or arrest, and that in response he was placing a bounty on his own head — offering $10 million to anyone who could discover his real name. After the NCA and FBI seized LockBit’s site, the group’s homepage was retrofitted with a blog entry titled, “Who is LockBitSupp? The $10M question.” The teaser made use of LockBit’s own countdown timer, and suggested the real identity of LockBitSupp would soon be revealed. However, after the countdown timer expired the page was replaced with a taunting message from the feds, but it included no new information about LockBitSupp’s identity. On Feb. 21, the U.S. Department of State announced rewards totaling up to $15 million for information leading to the arrest and/or conviction of anyone participating in LockBit ransomware attacks. The State Department said $10 million of that is for information on LockBit’s leaders, and up to $5 million is offered for information on affiliates. In an interview with the malware-focused Twitter/X account Vx-Underground, LockBit staff asserted that authorities had arrested a couple of small-time players in their operation, and that investigators still do not know the real-life identities of the core LockBit members, or that of their leader. “They assert the FBI / NCA UK / EUROPOL do not know their information,” Vx-Underground wrote. “They state they are willing to double the bounty of $10,000,000. They state they will place a $20,000,000 bounty of their own head if anyone can dox them.” TROUBLE ON THE HOMEFRONT? In the weeks leading up to the FBI/NCA takedown, LockBitSupp became embroiled in a number of high-profile personal and business disputes on the Russian cybercrime forums. Earlier this year, someone used LockBit ransomware to infect the networks of AN-Security, a venerated 30-year-old security and technology company based in St. Petersburg, Russia. This violated the golden rule for cybercriminals based in Russia and former soviet nations that make up the Commonwealth of Independent States, which is that attacking your own citizens in those countries is the surest way to get arrested and prosecuted by local authorities. LockBitSupp later claimed the attacker had used a publicly leaked, older version of LockBit to compromise systems at AN-Security, and said the attack was an attempt to smear their reputation by a rival ransomware group known as “Clop.” But the incident no doubt prompted closer inspection of LockBitSupp’s activities by Russian authorities. Then in early February, the administrator of the Russian-language cybercrime forum XSS said LockBitSupp had threatened to have him killed after the ransomware group leader was banned by the community. LockBitSupp was excommunicated from XSS after he refused to pay an arbitration amount ordered by the forum administrator. That dispute related to a complaint from another forum member who said LockBitSupp recently stiffed him on his promised share of an unusually large ransomware payout. A posted by the XSS administrator saying LockBitSupp wanted him dead. INTERVIEW WITH LOCKBITSUPP KrebsOnSecurity sought comment from LockBitSupp at the ToX instant messenger ID listed in his letter to the FBI. LockBitSupp declined to elaborate on the unreleased documents from Fulton County, saying the files will be available for everyone to see in a few days. LockBitSupp said his team was still negotiating with Fulton County when the FBI seized their servers, which is why the county has been granted a time extension. He also denied threatening to kill the XSS administrator. “I have not threatened to kill the XSS administrator, he is blatantly lying, this is to cause self-pity and damage my reputation,” LockBitSupp told KrebsOnSecurity. “It is not necessary to kill him to punish him, there are more humane methods and he knows what they are.” Asked why he was so certain the FBI doesn’t know his real-life identity, LockBitSupp was more precise. “I’m not sure the FBI doesn’t know who I am,” he said. “I just believe they will never find me.” It seems unlikely that the FBI’s seizure of LockBit’s infrastructure was somehow an effort to stave off the disclosure of Fulton County’s data, as LockBitSupp maintains. For one thing, Europol said the takedown was the result of a months-long infiltration of the ransomware group. Also, in reporting on the attack’s disruption to the office of Fulton County District Attorney Fanny Willis on Feb. 14, CNN reported that by then the intrusion by LockBit had persisted for nearly two and a half weeks. Finally, if the NCA and FBI really believed that LockBit never deleted victim data, they had to assume LockBit would still have at least one copy of all their stolen data hidden somewhere safe. Fulton County is still trying to recover systems and restore services affected by the ransomware attack. “Fulton County continues to make substantial progress in restoring its systems following the recent ransomware incident resulting in service outages,” reads the latest statement from the county on Feb. 22. “Since the start of this incident, our team has been working tirelessly to bring services back up.”

image for Lt. Gen. Michelle Mc ...

 Firewall Daily

On February 26, 2024, Lt. Gen. Michelle McGuinness, who previously served as the Deputy Director of Commonwealth Integration at the United States Defense Intelligence Agency, assumed the role of Australia’s National Cyber Security Coordinator. Lt. Gen. McGuinness’s transition into the role of Australia’s   show more ...

cyber security chief follows the recall of her predecessor, who returned to defense duties due to a workplace matter. With her wealth of experience in defense and intelligence, including contributions to Australia’s response to the COVID-19 pandemic, Lt. Gen. McGuinness is poised to lead and coordinate national cybersecurity efforts effectively. Lt. Gen. McGuinness Road to Cybersecurity in Australia Federal Minister for Home Affairs and Minister for Cyber Security, Clare O’Neil, revealed Lt. Gen. McGuinness’s appointment through social media platforms, underscoring her illustrious 30-year career within the Australian Defence Force, which encompassed diverse roles and recent overseas deployments. Federal Minister Clare O’Neil conveyed, “In her most recent role, Lt. Gen. McGuinness served as Deputy Director of Commonwealth Integration in the United States Defense Intelligence Agency,” Minister O’Neil stated. “Now, her focus will be on safeguarding Australia against significant cyber security threats and effectively managing cyber incidents.” “Since January 2021, she has served as Deputy Director of Commonwealth Integration in the United States Defense Intelligence Agency. Now her mission will be to protect against and respond to major cyber security threats and incidents facing Australia,” Minister O’Neil elaborated in a statement shared on social media. “I’m looking forward to working with Lieutenant General McGuiness to help keep Australia safe from cyber criminals and help make our country one of the most cyber secure nations in the world by 2030”, added Minister O’Neil. Source: National Cyber Security Coordinator 2023-2030 Australian Cyber Security Strategy Starting her new role on February 26, Lt. Gen. McGuinness takes the reins as Australia’s second National Cyber Security Coordinator, succeeding Air Marshal Darren Goldie. The change in leadership follows the recently announced Australian Cyber Security Strategy on 22 November 2023. Australia’s Cyber Security Strategy charts a 7-year plan to strengthen national cybersecurity, emphasizing defense, innovation, and global leadership. With a three-horizon approach, it fortifies critical infrastructure, embraces emerging tech responsibly, engages businesses, and promotes international norms.  Source: homeaffairs.gov.au The Australian Government aims to lead global cyber security efforts by 2030 with its Strategy, focusing on protecting citizens and businesses through six cyber shields. These shields aim to enhance cyber security, manage risks, and support Australians against cyber threats.  The plan emphasizes collaboration between government and industry, shifting cyber security from a technical issue to a national priority. The accompanying Action Plan outlines key initiatives for the next two years to strengthen cyber resilience.  Additionally, a Consultation Paper seeks industry input for legislative reforms, reflecting the government’s commitment to public-private cooperation. The Strategy, shaped by extensive stakeholder consultation, marks a pivotal step towards a cyber-secure future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for 35 Days to Publish: ...

 Dark Web News

RansomHub, a ransomware group known for its cyber extortion tactics, has allegedly claimed the Farmacia AL SHEFA cyberattack, adding the pharmacy to its list of victims. The group announced a post on their dark web channel, shedding light on their cyberattack on Farmacia AL SHEFA. Farmacia AL SHEFA, boasting over two   show more ...

decades of experience in providing quality pharmaceutical services, found itself caught in the crosshairs of cybercriminals despite its commitment to patient health and professional standards.  Decoding the Farmacia AL SHEFA Cyberattack The threat actor’s post on the dark web channel detailed crucial information regarding the attack, including a countdown timer indicating that data stolen from the cyberattack would be made public after a specified duration of 856 hours, 42 minutes, and 58 seconds, equivalent to approximately 35 days. Source: FalconFeeds on X The Cyber Express, upon learning of this cyberattack on Farmacia AL SHEFA, reached out to the organization. However, as of the time of reporting, no official statement or response has been issued by Farmacia AL SHEFA, leaving the claims surrounding the cyberattack unverified. Despite the lack of immediate visible impact on Farmacia AL SHEFA’s website, which appears to be operational, it is speculated that the cybercriminals targeted the backend systems rather than launching a front-end assault such as DDoS or defacement, a tactic commonly employed by ransomware groups to extort victims. Who is the RansomHub Ransomware Group? According to findings by the iZOOlogic research team, RansomHub has emerged as a popular player in the realm of cybercrime. The group’s modus operandi and objectives were elucidated through their dark web post, revealing their status as a financially motivated hacking collective with members spanning across various countries. Notably, the group explicitly stated their non-targeting policy towards certain countries and organizations, including Cuba, North Korea, China, Romania, and the CIS. In addition to outlining its operational guidelines, RansomHub emphasized its commitment to ensuring compliance with negotiated agreements and promptly providing decryptors upon ransom payment. The group’s strict rules include banning affiliates who fail to adhere to agreements and refraining from targeting non-profit organizations. Moreover, RansomHub pledges to respond to ransom-paying victims within 48 hours to address any breaches of their rules by affiliates. Despite its selective targeting and operational guidelines, RansomHub poses a big threat to organizations worldwide, with its recent cyberattack on Farmacia AL SHEFA highlighting the ever-growing menace of ransomware groups.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anti-Israel Hacktivi ...

 Dark Web News

Amidst the tumult of the Hamas-Israel conflict, cyber warfare has taken many turns as many hacktivist groups aligned with opposing sides. These hackers are ransomware groups, driven by ideological fervor, initiating coordinated cyberattacks on Israel and vice versa. A notable development in this arena was the latest   show more ...

collaboration between several hacker collectives. These groups sought unity under the banner of “Rise Of The Leaders,” orchestrated by the IRoX Team-Elite Hackers. Their rallying collaboration urged Muslim cyber warriors to join forces in launching cyber assaults against Israel. Cyberattacks on Israel: A No Stopping Sign  In their campaign, the threat actors urged hackers to unite and attack Israel. “IRox Team – Elite Hackers proudly announce that all Muslim cyber warriors united through the organization Rise Of The Leaders to launch cyber attacks against Zionist Israel. We call upon all Muslim hacker groups to unite with us and participate in this cyber attack”, reads the threat actor post.  Source: CyberKnow on X IRox Team further called the Palestine people and shared their support against the fight against Israel. “To the Palestinian people, know that you are not alone in this struggle. We stand with you, and together, we will continue to fight against the tyranny and oppression we continue to fight. Stay strong and resilient. The world is watching, and your cry for freedom will be heard”, concluded the post.  Last year witnessed a surge in hacktivist activities amid the escalating tensions between Israel and Hamas. Hacktivist collectives such as IRoX Team and StarsX Team declared their allegiance to Palestine, identifying nations backing Israel as prime targets for cyber offensives. Source: Cyble The targeted nations, including Israel, India, the United States, France, the United Kingdom, and Australia, found themselves in the tough situation presented by these cyber hackers due to their perceived support for Israel during the conflict. Telegram message by IRoX Team (Photo: Daily Dark Web/ X) In a strategic move, the IRoX Team temporarily redirected their operations, pausing attacks on Brazil, Canada, Poland, and Spain. However, their cyber onslaught against other countries aligned with Israel continued unabated, signaling a calculated escalation in digital warfare. The Hamas-Israel War is Still Burning The genesis of this cyber conflict can be traced back to the Hamas-Israel war, where traditional battlegrounds expanded into the digital domain. Hacktivist groups, leveraging social media platforms like X (formerly Twitter) and Telegram, boasted of successful cyber intrusions and pledged allegiance to their cause. StarsX Team, in particular, singled out France and the USA alongside Israel as prime targets for a series of cyberattacks. Their message resonated with calls for peace and justice while condemning nations supporting Israel for alleged human rights violations against Palestinians. This convergence of geopolitical tensions and digital warfare highlighted the intertwined nature of physical and cyber conflicts. Hacktivists, driven by diverse motivations ranging from ideological fervor to strategic objectives, leveraged cyberattacks to instill fear and sow chaos into the minds of their adversaries. As the conflict continued, it became really important to figure out what was true from all the fake claims online. Some hacker groups took advantage of the chaos to push their own goals. But their actions didn’t just affect the internet – they made an already complicated situation even harder to deal with. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Anonymous Sudan Laun ...

 Dark Web News

Anonymous Sudan has undergone a notable shift in its operational tactics, as revealed by Crush, the group’s spokesperson to Cyberknow. The group has transitioned to employing a new DDoS-for-hire service known as Anonymous Sudan Infrashutdown. This DDoS service for hire marks a departure from their previous   show more ...

utilization of the Skynet Botnet. The announcement of this change coincided with the creation of a Telegram page dedicated to the group’s activities. However, Anonymous Sudan claims to have been utilizing the Infrashutdown service for several weeks before this public announcement, during which they achieved success in disrupting various organizations and launching cyberattacks on organizations globally.  Anonymous Sudan Infrashutdown: DDoS Service for Hire In a Telegram post, Anonymous Sudan also initiated a donation campaign, a rare instance of the group seeking financial support. This move suggests a departure from their typical reliance on alleged financial backers to sustain their operations, particularly given the high costs associated with using paid botnets. Source: Cyberknow on X The shift to Infrashutdown represents a strategic pivot for Anonymous Sudan, as evidenced by a post on February 24th introducing the service. Source: Cyberknow on X In the post, the threat actor highlights Anonymous Sudan Infrashutdown and its capabilities, emphasizing its ability to offer customized DDoS campaigns targeting a wide range of entities, from government agencies to private businesses and individuals. Decoding DDoS-for-Hire Service; Features and Capabilities Key features of Infrashutdown include its global reach, allowing for disruptions on a nation-state level, as well as its adaptability to specific sectors such as education, healthcare, and telecommunications. The service also boasts a proven track record of success, having previously targeted ISPs, universities, and data centers across various countries. Source: Cyberknow on X Privacy and security are paramount with Infrashutdown, with the service guaranteeing confidentiality and untraceability for its clients. This assurance is coupled with flexibility in campaign scale and budget, enabling engagements ranging from budget-friendly skirmishes to record-setting terabit assaults. Anonymous Sudan’s adoption of Infrashutdown highlights their ongoing commitment to digital activism and cyber warfare. By leveraging this new service, the group aims to expand its disruptive capabilities while maintaining anonymity and operational security. Who is Anonymous Sudan? Anonymous Sudan is a prolific hacktivist group that previously claimed responsibility for a widespread outage on X (formerly Twitter), mocking Elon Musk’s recent rebranding. The outage affected thousands globally with many facing issues logging into their accounts.  Despite claiming to be from Sudan, cybersecurity experts trace their origins to Russian cybercriminal networks like KillNet. Moreover, researchers debunked their association with the global Anonymous collective, identifying Russian ties through Telegram use and English-Russian communication.  Anonymous Sudan’s use of paid infrastructure suggests significant financing, possibly from Russian government circles. CyberCX corroborated these findings, noting their unconventional targeting methods. The group’s true identity and motives continue to raise concerns among cybersecurity experts. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Trends, Reports, Analysis

Some countries experience disproportionate hacktivist attacks based on their aid to Ukraine, shedding light on the complexities of political motivations in cyber warfare.

 Breaches and Incidents

The Malawi government has suspended passport issuance for two weeks due to a ransomware attack on the immigration service's network. President Lazarus Chakwera stated that the hackers are demanding a ransom, but the government refuses to pay.

 Trends, Reports, Analysis

Cloud security and incident response are top priorities, attracting 47% of additional cybersecurity spending, followed by areas such as MSSP outsourcing, identity management, and security awareness training, according to Infosecurity Europe.

 Malware and Vulnerabilities

The Russian-speaking ransomware group LockBit has announced its return to hacking after a law enforcement operation, Operation Cronos, targeted the group. The group's leader, LockBitSupp, has vowed to continue hacking despite the takedown.

 Incident Response, Learnings

The U.S. Department of Health and Human Services (HHS) reached a settlement with Green Ridge Behavioral Health after a ransomware attack exposed the health information of over 14,000 individuals.

 Govt., Critical Infrastructure

The number of reported health data breaches and HIPAA complaints has been increasing, posing a significant challenge for the Department of Health and Human Services' Office for Civil Rights to keep up with their workload.

 Feed

Ubuntu Security Notice 6653-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the   show more ...

AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Debian Linux Security Advisory 5631-1 - It was discovered that iwd, the iNet Wireless Daemon, does not properly handle messages in the 4-way handshake used when connecting to a protected WiFi network for the first time. An attacker can take advantage of this flaw to gain unauthorized access to a protected WiFi network if iwd is operating in Access Point (AP) mode.

 Feed

Ubuntu Security Notice 6652-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet   show more ...

AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6651-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the   show more ...

AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6650-1 - Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6655-1 - It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not   show more ...

properly performing bounds checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6654-1 - It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting attack.

 Feed

Red Hat Security Advisory 2024-0972-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

 Feed

Red Hat Security Advisory 2024-0971-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

 Feed

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing. The administrator behind LockBit, in a&

 Feed

Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious

 Feed

More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from "counterfeit package delivery alerts

 Feed

A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate

 Feed

Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be attacked and defended. We're going to talk in this

 Feed

Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) under the moniker UAC-0184. "The attack, as part of the IDAT Loader, used

 Threat Lab

Welcome to the wild west of the digital world where cyber scammers lurk around every pixelated corner. Cybercrime isn’t just a futuristic Hollywood plotline, it’s a real threat that targets everyone—from wide-eyed kids to seasoned adults and wise grandparents. And guess what? It’s on the rise   show more ...

faster than your Wi-Fi connection during peak hours (okay, maybe not that fast, but you get the gist). So, hoist the sails as we cruise through the seven seas of cyber safety. Identifying scams Before we dive headfirst into the cyber safety tips, let’s equip ourselves with the ultimate weapon: knowledge. Scams are the digital equivalent of a snake oil salesperson peddling miracle cures. They come in all shapes and sizes, lurking in the shadowy corners of the internet. Let’s embrace the golden rule of scam detection: skepticism.Whether it’s a promise of untold riches, a once-in-a-lifetime opportunity, or a free Caribbean cruise courtesy of a Nigerian prince, approach with caution and a healthy dose of skepticism. Now, let’s take a quick tour through the terrain of common cyber scams: Phishing scamsAh, phishing scams, the bane of our digital existence. These sneaky scams involve fake emails posing as messages from familiar faces or reputable companies. They’ll try to sweet-talk you into clicking on suspicious links or divulging sensitive information like passwords or credit card details. Remember: real companies don’t ask for your personal data via email. Sweepstakes and awards scamsCongratulations! You’ve just won a brand new car, a tropical vacation, and a lifetime supply of unicorn-shaped cookies—all you need to do is pay a small processing fee. Sound too good to be true? That’s because it is! These scams offer you instant wealth but are really just clever ruses to empty your wallet faster than you can say “jackpot.” Investment scamsPicture this: a golden opportunity to double your money with zero risk. Investment scams lure unsuspecting victims with the promise of sky-high profits. Don’t let these offers cloud your judgment. Always do your due diligence before investing your hard-earned cash. Lawsuit or tax scamsLawsuit and tax scams thrive on instilling fear and panic, claiming you owe urgent payments. When in doubt, verify the legitimacy of any claims before reaching for your wallet. Romance scamsRomance scams prey on the trusting hearts of hopeful romantics, weaving elaborate tales of love and devotion before swooping in for the financial kill. Remember: anyone who asks for money online is more likely to break your heart than mend it. Tech support scamsThese imposters offer remote assistance to fix nonexistent problems with your laptop or devices while gaining access to your sensitive data. Remember: legitimate tech support doesn’t come knocking unsolicited. If in doubt, just delete the email and seek help from trusted sources. Equipped with this knowledge, you’re ready to navigate the digital minefield with confidence. You can also be a good internet citizen by forwarding these scams to the U.S. government’s Cybersecurity & Infrastructure Security Agency (CISA) at phishing-report@us-cert.gov. Your 7 tips to stay safe online Use strong passwordsLet’s kick things off with the basics. Your password is the digital key to your castle, so make sure it’s not something as flimsy as ‘123456’ or ‘password.’ Get creative! Mix uppercase, lowercase, numbers, and special characters like a mad scientist concocting a secret potion. And don’t reuse passwords across multiple accounts unless you want to throw a welcome party for cybercriminals. Keep your devices updatedNewsflash: Cybercriminals love exploiting vulnerabilities in outdated software like it’s Black Friday at the cybercrime emporium. Stay one step ahead by keeping your devices and applications updated. Those pesky software updates aren’t just about adding a new emoji, they often contain vital updates to fix security issues. Lockdown your privacy settingsYour online profiles are like open books to cyber snoops unless you lock them down. Take a few minutes to review and adjust your privacy settings on platforms like Facebook, Instagram, and YouTube. Limit who can see your posts, tag you in photos, or slide into your DMs without an invitation. Safeguard your privacy with a trustworthy VPNIn the digital-verse, protecting your online privacy is paramount, like guarding the secret recipe to your grandma’s famous carrot cake. That’s where a virtual private network (VPN) swoops in like a digital superhero to save the day. By encrypting your internet connection and masking your IP address, a good VPN shields your online activities from prying eyes, hackers, and nosy advertisers. Use two-factor authenticationTwo-factor authentication (2FA) adds an extra layer of security for your account logins by having you not only enter your password but also provide a second form of verification, such as a one-time code texted to your phone. It’s like having two bouncers screening out any shady characters trying to hack into your accounts. Backup your dataPicture this nightmare scenario: Your laptop is suddenly hijacked by a malware infection or a ransomware attack encrypting all your files and holding them hostage. But fear not! By regularly backing up your data to the cloud or an external hard drive, you can rest easy knowing that your digital treasures are safe and sound. Safeguard your loved onesInternet scams can be devastatingly effective when targeting vulnerable groups such as the elderly, children, or those less tech savvy. So it’s crucial to designate someone as the cybersecurity leader within your family. One of your top priorities should be to ensure that everyone’s devices are equipped with robust identity protection and antivirus software. Think of it as fortifying your digital fortress, shielding your loved ones from the threats lurking in the internet world. Congratulations, you’ve just leveled up your digital defense game! By implementing these seven cyber safety tips, you can protect yourself and your loved ones from cyber scammers. Stay safe out there! The post <strong>7 Cyber Safety Tips to Outsmart Scammers</strong> appeared first on Webroot Blog.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Cyber insurance can be a tricky part of cybersecurity strategy — here’s what to know in today’s security climate By John Reith, Partner Success Manager at DataStream Cyber Insurance Cyber insurance is an increasingly crucial backstop to   show more ...

cybersecurity practices. While enlisting comprehensive protections and preventing data breaches is always […] La entrada Understand Cyber Insurance: Rising Risks and How to Right-Size Policies – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Kevin Kelly, CEO and Chairman, Arcfield As the role of satellite communication systems in geopolitical conflicts and critical infrastructure sectors continues to expand, concern regarding the security of satellite communications (SATCOM) systems is   show more ...

growing. These concerns are valid, as evidenced by the February 2022 cyberattack against satellite company […] La entrada Securing Space Infrastructure for US And Allied Collaboration – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Ron Kerbs, CEO, Kidas In the ever-evolving landscape of cyberspace, 2023 unveiled a concerning trend: major players in the tech industry, including giants like Meta and Discord, were found either misusing or inadequately handling data — particularly   show more ...

data belonging to children. As we stride into 2024, legislative and […] La entrada Safeguarding Children in the Era of Big Data – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber security

Source: securityboulevard.com – Author: Matt Palmer Passwords should be the easiest area of security. Every organisation has a password policy. Every organisation used passwords. Everyone at every organisation uses passwords. Everyone has been trained how to do it. And everyone has been doing it for a very long   show more ...

time. And they are doing it all […] La entrada Challenging password dogma – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity In this interview, Pavlina Pavlova, public policy adviser at the CyberPeace Institute, describes the organization’s mission and global activities to reduce harm online for vulnerable populations. February 25, 2024 •  Dan Lohrmann Adobe   show more ...

Stock/thejokercze Back in October 2023, while in Montreal, Canada, I had the privilege of meeting Pavlina […] La entrada Introducing the CyberPeace Institute: Protecting Communities Online – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 articles

Source: securityboulevard.com – Author: Rom Carmel Organizations often use multiple applications to perform business. For example, a tech team might find that Jira works well for managing tasks and a support team might find they prefer PagerDuty to handle support tickets. However, handling several applications   show more ...

and the data within them can be challenging. This is where […] La entrada Using Webhooks with your Privileged Access Management Tool – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Ionut Ilascu The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. In a message under a mock-up FBI leak   show more ...

– specifically to draw attention, the […] La entrada LockBit ransomware returns, restores servers after police disruption – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas PayPal has filed a patent application for a novel method that can identify when “super-cookie” is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. The risk that PayPal wants to address is   show more ...

that of hackers stealing cookies containing authentication tokens to log into victim accounts […] La entrada PayPal files patent for new method to detect stolen cookies – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Ax Sharma The Royal Canadian Mounted Police (RCMP), Canada’s national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the   show more ...

scope of the security breach. RCMP: No threat to safety and security of […] La entrada RCMP investigating cyber attack as its website remains down – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: krebsonsecurity.com – Author: BrianKrebs The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton   show more ...

County data on March 2 unless paid […] La entrada FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Vulner

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free by clicking on the following link: Register for a free membership in CISO2CISO.COM Thank you so much. CISO2CISO Support Team. Username   show more ...

or E-mail […] La entrada Annual Report – Vulnerability Intelligence se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-02
Aggregator history
Monday, February 26
THU
FRI
SAT
SUN
MON
TUE
WED
FebruaryMarchApril