Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for BlackCat Ransomware ...

 A Little Sunshine

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks.   show more ...

However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely. Image: Varonis. In the third week of February, a cyber intrusion at Change Healthcare began shutting down important healthcare services as company systems were taken offline. It soon emerged that BlackCat was behind the attack, which has disrupted the delivery of prescription drugs for hospitals and pharmacies nationwide for nearly two weeks. On March 1, a cryptocurrency address that security researchers had already mapped to BlackCat received a single transaction worth approximately $22 million. On March 3, a BlackCat affiliate posted a complaint to the exclusive Russian-language ransomware forum Ramp saying that Change Healthcare had paid a $22 million ransom for a decryption key, and to prevent four terabytes of stolen data from being published online. The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid. “But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin,” the affiliate “Notchy” wrote. “Sadly for Change Healthcare, their data [is] still with us.” Change Healthcare has neither confirmed nor denied paying, and has responded to multiple media outlets with a similar non-denial statement — that the company is focused on its investigation and on restoring services. Assuming Change Healthcare did pay to keep their data from being published, that strategy seems to have gone awry: Notchy said the list of affected Change Healthcare partners they’d stolen sensitive data from included Medicare and a host of other major insurance and pharmacy networks. On the bright side, Notchy’s complaint seems to have been the final nail in the coffin for the BlackCat ransomware group, which was infiltrated by the FBI and foreign law enforcement partners in late December 2023. As part of that action, the government seized the BlackCat website and released a decryption tool to help victims recover their systems. BlackCat responded by re-forming, and increasing affiliate commissions to as much as 90 percent. The ransomware group also declared it was formally removing any restrictions or discouragement against targeting hospitals and healthcare providers. However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code. The seizure notice now displayed on the BlackCat darknet website. “There’s no sense in making excuses,” wrote the RAMP member “Ransom.” “Yes, we knew about the problem, and we were trying to solve it. We told the affiliate to wait. We could send you our private chat logs where we are shocked by everything that’s happening and are trying to solve the issue with the transactions by using a higher fee, but there’s no sense in doing that because we decided to fully close the project. We can officially state that we got screwed by the feds.” BlackCat’s website now features a seizure notice from the FBI, but several researchers noted that this image seems to have been merely cut and pasted from the notice the FBI left in its December raid of BlackCat’s network. The FBI has not responded to requests for comment. Fabian Wosar, head of ransomware research at the security firm Emsisoft, said it appears BlackCat leaders are trying to pull an “exit scam” on affiliates by withholding many ransomware payment commissions at once and shutting down the service. “ALPHV/BlackCat did not get seized,” Wosar wrote on Twitter/X today. “They are exit scamming their affiliates. It is blatantly obvious when you check the source code of their new takedown notice.” Dmitry Smilyanets, a researcher for the security firm Recorded Future, said BlackCat’s exit scam was especially dangerous because the affiliate still has all the stolen data, and could still demand additional payment or leak the information on his own. “The affiliates still have this data, and they’re mad they didn’t receive this money, Smilyanets told Wired.com. “It’s a good lesson for everyone. You cannot trust criminals; their word is worth nothing.” BlackCat’s apparent demise comes closely on the heels of the implosion of another major ransomware group — LockBit, a ransomware gang estimated to have extorted over $120 million in payments from more than 2,000 victims worldwide. On Feb. 20, LockBit’s website was seized by the FBI and the U.K.’s National Crime Agency (NCA) following a months-long infiltration of the group. LockBit also tried to restore its reputation on the cybercrime forums by resurrecting itself at a new darknet website, and by threatening to release data from a number of major companies that were hacked by the group in the weeks and days prior to the FBI takedown. But LockBit appears to have since lost any credibility the group may have once had. After a much-promoted attack on the government of Fulton County, Ga., for example, LockBit threatened to release Fulton County’s data unless paid a ransom by Feb. 29. But when Feb. 29 rolled around, LockBit simply deleted the entry for Fulton County from its site, along with those of several financial organizations that had previously been extorted by the group. Fulton County held a press conference to say that it had not paid a ransom to LockBit, nor had anyone done so on their behalf, and that they were just as mystified as everyone else as to why LockBit never followed through on its threat to publish the county’s data. Experts told KrebsOnSecurity LockBit likely balked because it was bluffing, and that the FBI likely relieved them of that data in their raid. Smilyanets’ comments are driven home in revelations first published last month by Recorded Future, which quoted an NCA official as saying LockBit never deleted the data after being paid a ransom, even though that is the only reason many of its victims paid. “If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future,” LockBit’s extortion notes typically read. Hopefully, more companies are starting to get the memo that paying cybercrooks to delete stolen data is a losing proposition all around.

image for Dr. Sanjay Katkar: I ...

 Firewall Daily

In an age where digital threats loom large and cyberattacks continue to proliferate, the resilience of a nation’s cybersecurity infrastructure becomes paramount. Recent findings reveal a sobering reality: Indian organizations have managed to thwart just 58% of cyberattacks over the past two years, leaving 42%   show more ...

unchecked, according to a study conducted by Forrester Consulting in collaboration with Tenable and an exposure management company. This revelation sheds light on a concerning trend: organizations predominantly rely on reactive measures, rather than proactively preventing cyberattacks from occurring in the first place. With cyber adversaries becoming increasingly sophisticated, it’s evident that a paradigm shift is necessary in India’s cybersecurity approach. Highlighting the urgency for preventive measures, the study underscores that 78% of Indian respondents believe their organizations could strengthen defense against cyber threats with dedicated resources for preventive cybersecurity. Moreover, a staggering 64% of respondents lament the overwhelming focus of their cybersecurity teams on addressing critical incidents, impeding their ability to take proactive strides in safeguarding digital assets. Amidst these challenges, The Cyber Express delves into a conversation with Dr. Sanjay Katkar, Joint Managing Director of Quick Heal Technologies Limited, to unravel the intricacies of India’s cybersecurity landscape. Dr. Sanjay Katkar Interview Excerpt from Dr. Sanjay Katkar, Joint Managing Director of Quick Heal Technologies Limited Q1. How does India’s cybersecurity strategy compare with global standards? Where does it stand in terms of international cooperation in cyber defense? India’s cybersecurity strategy stands as a formidable force on the global stage, especially considering its position as the world’s second-largest internet population and one of the most frequently targeted. Our commitment to fortifying cybersecurity is exemplified by the recently announced Data Protection and Privacy Act (DPDP), 2023. This strategic move is a significant step towards bolstering our nation’s cyber defenses and ensuring the privacy and security of digital information for all citizens. However, the rapid digital transformation in the country also underscores the urgent need for swift adoption of cybersecurity best practices and standards. In my view, first and foremost enhancing cyber security awareness followed by enforcing existing laws, and investing in developing a skilled cybersecurity workforce to cope up with increasing demand are crucial. With a comprehensive approach covering all facets of cyberspace protection, India adheres to the principles of the United Nations and international best practices, aligning with global standards such as the ISO/IEC 27000 series, the NIST Cybersecurity Framework, and the CIS benchmarks. Recognizing cyberspace as a collective responsibility, India actively engages in international cooperation for cyber defense. The country actively participates in UN processes like the Open-Ended Working Group (OEWG) and the Group of Governmental Experts (GGE), advocating for responsible state behavior and norms in cyberspace. With bilateral and multilateral agreements in place with key nations, including the US, the UK, France, Japan, Australia, and Singapore, India ensures robust information sharing and collaborative efforts to enhance cyber resilience. Since 2015, India has continued to demonstrate its commitment to global cybersecurity collaboration by being a valued member of the Global Forum on Cyber Expertise (GFCE), fostering capacity building and sharing best practices in the ever-evolving landscape of cybersecurity. These endeavors collectively position India as a leader in shaping international norms and fostering global cooperation in the realm of cybersecurity. Q2. What measures are being taken to address the challenges posed by multiple government data leaks, and how is the cybersecurity landscape evolving in response? Data leaks are certainly a serious threat to the security and privacy of millions of citizens and internet users in India. However, the government is continually taking steps to enhance the country’s cybersecurity posture and protect the data of its citizens. Right from the introduction of the Information Technology (IT) Act, of 2000, the National Cyber Security Policy, of 2013, to the recent Digital Personal Data Protection Act, of 2023, the government has been proactive in recognizing the challenges cybercrime poses and working towards preventing it. The government has also established several cybersecurity agencies and organizations, such as the National Critical Information Infrastructure Protection Centre (NCIIPC), the Indian Computer Emergency Response Team (CERT-In), and the Cyber Swachhta Kendra, to address cyber threats and protect critical information infrastructure. We sincerely hope that the government is going to carry the fight against cybercrime forward in the years to come, to truly fulfill the vision of Digital India. Q3. What role do emerging technologies like AI and blockchain play in India’s cybersecurity framework? Are these technologies effectively integrated into existing defense strategies?  Emerging technologies like AI and blockchain are crucial for India’s cybersecurity framework. They can help us create secure digital platforms, protect our data, detect and prevent cyber threats, and manage risks effectively. AI can automate and improve the way we identify, analyze, and respond to cyberattacks, while blockchain can offer a decentralized and transparent system for data sharing and verification. At Quick Heal, we are at the forefront of leveraging AI technologies to enhance our cybersecurity solutions. We have developed GoDeep.AI, a self-aware malware-hunting innovation that enhances protection against emerging threats, without compromising system performance. GoDeep.AI is integrated into our latest version 24 of Quick Heal Total Security and is embedded in our enterprise solutions as well. By leveraging these emerging technologies, we aim to provide our customers with the best-in-class cybersecurity solutions that are smart, secure, and sustainable. Q4. Collective Empowerment Towards Cybersecurity As we explore India’s cybersecurity situation, one thing becomes crystal clear: the digital sphere is both promising and perilous. Views of Dr. Sanjay Katkar are a sobering reminder of the problems we face in this digital age, but they also show paths to resilience and innovation. Statistics showing the incidence of cyberattacks highlight the critical necessity for preventative measures and strategic forethought. We must shift away from reactive measures and embrace a culture of prevention, supported by strong legal frameworks and investments in cybersecurity infrastructure. But, despite the shadows cast by cyber threats, there are glimmers of light. India’s advances in international cooperation, as well as the emergence of cutting-edge technology such as artificial intelligence and blockchain, usher in a new era of possibilities. However, with opportunity comes responsibility—the responsibility to defend our digital sovereignty and the integrity of our data. As we look ahead, one issue looms large: Will we rise to the occasion? Will we use this opportunity to strengthen our digital defenses and define a course for a more secure, resilient future? The solution is not only in the hands of governments and corporate leaders but in the collective consciousness of all digital citizens. Finally, the journey to cybersecurity is more than just a technological activity; it is one of collective empowerment and stewardship. Let us go on this road with commitment and drive, knowing that what we do today will form the contours of tomorrow’s digital world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Renowned US Universi ...

 Cybersecurity News

A hacker operating on the dark web has asserted possession of data from prestigious educational institutions in the United States. Among the institutions mentioned are the University of Chicago, Duke University, Princeton University, and Stanford University. The leaked information, covering the period from 2021 to   show more ...

2024, comprises email addresses and names of individuals allegedly affiliated with these renowned universities. The full extent of the data breach is yet to be determined, leaving university administrators and cybersecurity experts on high alert. Despite the alarming claims made by the threat actor, investigations into the matter have yielded conflicting results. Upon accessing the official websites of the allegedly targeted universities, no signs of foul play were detected, casting doubt on the authenticity of the data breach. However, if proven to be true, the implications of such a breach could be profound, potentially compromising the privacy and security of students, faculty, and staff members. Source: Twitter Educational Institutions: Prime Targets for Cybercriminals The incident highlights a troubling trend in the cybersecurity world, with the research and education sector emerging as prime targets for cybercriminals seeking to exploit vulnerabilities and steal sensitive information. According to Check Point Software, educational institutions experienced a staggering increase in cyberattacks, with an average of 2,507 attempts per college or university per week in the first quarter of 2023 alone, marking a 15 percent rise compared to the previous year. The vulnerability of higher education institutes has been further exacerbated by a spate of cyberattacks on Universities reported in the first two months of 2024. Anonymous Sudan, a notorious hacking group, has been linked to a series of alleged Distributed Denial of Service (DDoS) attacks targeting prominent UK universities, including the University of Cambridge and the University of Manchester. The group, believed to be leveraging the Skynet botnet, has escalated its activities, citing geopolitical grievances as motivation for its actions. Global Impact: Cyberattacks on Educational Institutions The threat extends beyond national borders, with cybercriminals targeting educational institutions worldwide. In India, a threat actor on Telegram claimed responsibility for targeting Jaypee University of Engineering and Technology, compromising the institution’s database, and exposing sensitive information such as names, emails, and contact numbers. Similarly, the hacktivist group Ghosts of Palestine launched a cyberattack on Israeli universities, targeting prominent educational institutions including the Weizmann Institute of Science, Tel Aviv University, and Hebrew University of Jerusalem. These incidents highlight the global nature of cyber threats facing educational entities and the need for enhanced cybersecurity measures to safeguard sensitive data and infrastructure. Among notable incidents on the international stage, cyberattacks have targeted institutions such as the University of Hertfordshire, Howard University, and the University of California, San Francisco, employing various tactics ranging from ransomware attacks to data breaches. These incidents highlight the urgent need for collaborative efforts between universities, governments, and cybersecurity experts to mitigate the risks posed by cyber threats and protect the integrity of the education sector. As the frequency and severity of cyberattacks on educational institutions continue to rise, proactive measures must be taken to strengthen cybersecurity defenses, enhance threat detection capabilities, and educate stakeholders about the evolving nature of cyber threats. Only through concerted efforts can the research and education sector safeguard its invaluable assets and uphold its commitment to excellence in learning and innovation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Vodafone Egypt Outag ...

 Firewall Daily

Vodafone Egypt, the largest mobile operator in the country serving over 40 million customers, finds itself grappling with a partial outage impacting mobile and internet services, triggering a surge of discontent among users on social media platforms. The Vodafone Egypt outage, which began recently, has sparked   show more ...

speculation and concern regarding the cyberattack among users and industry experts alike. Moreover, Anonymous Sudan, a notorious cyber group, has now come up claiming the cyberattack on Vodafone. Anonymous Sudan Claiming Cyberattack on Vodafone Egypt The cybercriminal group has claimed responsibility for targeting Egypt’s Vodafone network in what they assert is a significant cyberattack, adding a new layer of concern to the situation. The group, known for its disruptive activities, recently announced a cyberattack on Vodafone on the telecom giant via their DDoS-for-hire service, ‘Infrashutdown’, leaving a trail of disruptions across the sector. In a dark web message, they claimed responsibility, citing the attack as a blow against what they deemed “the most corrupt telecommunications company in Egypt. Source: Twitter Vodafone Egypt Outage: Technical Troubles or Malicious Intent? Vodafone Egypt, however, has attributed the outage to technical issues encountered during upgrades to its 4G service. While primarily affecting the 4G network, some users have managed to regain mobile network access by reverting to 2G or 3G. Adding to the complexity of the situation, Cloudflare Radar reported a significant internet disruption in Egypt, with Vodafone Egypt’s services experiencing a drop in traffic by up to 70%. Vodafone Egypt, in response, has indicated to users that the disruption is due to maintenance work. Source: Twitter Further investigations into the Vodafone Egypt outage reveal a correlation with recent damage to submarine cables in the Red Sea, critical for global internet traffic. This Vodafone Egypt outage has severely impacted communication networks, affecting 25% of data flow between Asia, Europe, and the Middle East. Among the affected infrastructure is the Europe India Gateway (EIG), in which Vodafone has substantial investments. Despite the evident turmoil, Vodafone has remained reticent about specifics regarding the issue. Amidst the Vodafone Egypt outage, social media platforms have become avenues for customer grievances, with users criticizing Vodafone Egypt for the lack of service. The company, via its X social media account, has attempted to reassure customers of its efforts to resolve the situation promptly. However, an official statement from Vodafone Egypt regarding the outage and its connection to the damaged Red Sea cables is still pending, leading to speculation about the extent of the impact and expected resolution timeline, as well as whether the outage is indeed a result of a Vodafone cyberattack. Cyberattacks on Telecommunication Giants: A Global Trend This Vodafone Egypt outage is not isolated, as the telecommunications industry has recently witnessed similar disruptions attributed to cyber threats. In January 2024, threats emerged against Celcom, Malaysia’s oldest mobile telecommunications provider, and UAE-based satellite service provider Thuraya Telecommunications. Additionally, ETISALAT, the state-owned Emirates Telecommunications Group Company PJSC in the UAE, faced a ransomware attack in February attributed to the LockBit ransomware faction. The motives behind these cyberattacks on telecommunication giants remain unclear, whether driven by financial gain, geopolitical tensions, or other factors. However, the recurring nature of such incidents highlights the urgent need for enhanced cybersecurity measures within the telecommunications sector. As the situation unfolds, the telecommunications industry, along with its consumers, awaits further updates from Vodafone Egypt. The resolution of this Vodafone Egypt outage and the implementation of measures to mitigate future disruptions will be crucial in restoring confidence in the sector’s resilience amidst growing cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Patch Now: Apple Zer ...

 Feed

A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.

 Companies to Watch

The funding round was led by CapitalG, with James Luo joining the DTEX board of directors. The company plans to utilize the funding to expand its U.S. engineering team and grow its global go-to-market operations.

 Malware and Vulnerabilities

The vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, are related to kernel and RTKit memory corruptions. The affected devices include iPhone XS and later, iPad Pro, iPad Air, and iPad mini models.

 Feed

Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

 Feed

Ubuntu Security Notice 6679-1 - It was discovered that FRR incorrectly handled certain malformed OSPF LSA packets. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 6676-1 - Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash.

 Feed

Ubuntu Security Notice 6649-2 - USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these   show more ...

to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service. Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie response headers in multipart HTTP responses. An attacker could potentially exploit this issue to inject arbitrary cookie values. Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit ARM devices, which could lead to unexpected numeric conversions or undefined behaviour. An attacker could possibly use this issue to cause a denial of service. Ronald Crane discovered that Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6678-1 - It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and   show more ...

Ubuntu 18.04 LTS. It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

 Feed

Ubuntu Security Notice 6677-1 - It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.   show more ...

04 LTS. It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

 Feed

Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1154-03 - An update for libfastjson is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1153-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

 Feed

The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and

 Feed

A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have been active since at least 2022. The exact specifics of the infection chain remain unknown as yet, but it involves the

 Feed

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296 - A memory

 Feed

Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint

 Feed

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country. “The proliferation of commercial spyware poses distinct and growing

 Feed

VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 for Workstation and Fusion, and 8.4 for ESXi systems. "A

 Feed

An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.  [Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues] You Can’t Protect What You Can’t See Today’s websites are connected

 Feed

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and

 Feed

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There

 Access Management

Source: heimdalsecurity.com – Author: Cristian Neagu IAM and PAM refer to similar topics in the world of access management, and they’re often used interchangeably. However, it’s important to understand how and why they’re different and what that means for your wider cybersecurity strategy. If you want to   show more ...

find out more, you’re in the right place. […] La entrada IAM vs PAM: What’s the Difference And Why It Matters – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Access Management

Source: heimdalsecurity.com – Author: Cristian Neagu If you’re in the market for a remote monitoring and management (RMM) solution, it can be difficult to know where to start. With so many options on the market, it can be a real challenge to understand what features you need – and which solutions are best   show more ...

placed to […] La entrada 7 Best Atera Competitors & Alternatives for 2024 (for MSPs) – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Cristian Neagu The popular Cybersecurity Framework (CSF), a seminal guideline paper from the National Institute of Standards and Technology (NIST) for lowering cybersecurity risk, has been updated. Regardless of the level of cybersecurity competence, the new 2.0 edition is   show more ...

intended for all audiences, industry sectors, and organization types, from the tiniest […] La entrada NIST Releases the 2.0 Version of their Cybersecurity Framework (CSF 2.0) – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Madalina Popovici Change Healthcare, a subsidiary of UnitedHealth Group, has fallen victim to a ransomware attack orchestrated by the notorious cybercrime gang ALPHV/BlackCat. The attack, which began on February 21, has caused widespread disruptions, affecting thousands of   show more ...

pharmacies and hospitals across the United States, and stalling prescriptions and healthcare services for […] La entrada Massive Ransomware Attack Disrupts US Healthcare: Behind it, ALPHV/BlackCat – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Madalina Popovici Pepco Group, a leading European retailer, recently disclosed a significant financial loss due to a phishing attack on its Hungarian operations. The incident, which led to a €15 million setback, sparks a conversation about the sophistication of   show more ...

cyber-attacks and the measures companies must take to protect themselves. What happened […] La entrada Pepco Group Falls Victim to Multi-Million Euro Phishing Scam – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Danny Mitchell What is Patch Tuesday, and why does it matter in our fight against cybersecurity threats? Simply, it’s when Microsoft systematically delivers security updates for its products on the second Tuesday of every month. This practice is pivotal for preventing   show more ...

cyber attacks by addressing known vulnerabilities promptly. Our article dissects […] La entrada What Is Patch Tuesday and Why Does It Matter for Cybersecurity – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Vladimir Unterfingher On the 12th of February, the Romanian Digital National Security Center (DNSC) announced that an unidentified threat actor launched a massive ransomware attack against Romanian e-health solutions provider RSC, temporarily disrupting server connection to   show more ...

the Hipocrate (HIS) infrastructure. The attacker demanded a 3.5 BTC ransom. Following the official investigation, […] La entrada Investigating the Shadows: Is Russia-Linked Phobos Ransomware Group Responsible for Romanian Healthcare Disruption? – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși SubDoMailing phishing campaign hijacked 8000 abandoned domains and 13,000 subdomains to avoid spam detection. Hackers sent 5 million malicious emails daily. The campaign exploited the credibility of big brands in tech, education, charity, e-commerce, and   show more ...

the press industry. MSN, VMware, McAfee, The Economist, Cornell University, CBS, NYC.gov, PWC, Pearson, […] La entrada Cornell, UNICEF, VMware and McAfee Subdomains Hijacked to Bypass Filters – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși A subdomain related to ScreenConnect appears as an Indicator of Compromise (IoC) on CISA`s #StopRansomware: ALPHV Blackcat joint advisory update. Fisa99.screenconnect[.]com, which is a ScreenConnect remote access domain, is listed in Table 4, as a network   show more ...

IoC. In their advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and […] La entrada ConnectWise ScreenConnect Subdomain Listed as IoC in CISA’s BlackCat Ransomware Advisory – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Access Management

Source: heimdalsecurity.com – Author: Cristian Neagu As an MSP, ensuring the security of your client’s businesses is paramount, and ConnectWise offers a dependable RMM solution for managing their IT operations. However, due to its complex user interface, which can hinder effective remote device management and   show more ...

less responsive support — you would need to look out […] La entrada 8 Best ConnectWise Competitors & Alternatives in 2024 (for MSPs) – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage The wide torrent-based accessibility of these leaked victim files ensures the longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang   show more ...

LockBit 3.0 fights for its survival following Operation Cronos, a coordinated takedown of the syndicate’s […] La entrada LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE CHICAGO — (BUSINESS WIRE) — Network Perception, innovators of operational technology (OT) solutions that protect mission-critical assets, today introduced new platform features and capabilities as part of its roll-out of NP-View version 5.0, including   show more ...

next-generation network access modeling and rapid verification of zone-to-zone segmentation. The NP-View 5.0 platform provides […] La entrada Network Perception Introduces Rapid Verification of Zone-to-Zone Segmentation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 All

Source: securityboulevard.com – Author: Mor Avni, Product Manager, Scytale For SaaS companies, it’s hard not to hear the word ‘audit’, without your heart skipping a beat or two. Finding the best audit firm for your company’s culture and tech stack, hundreds of back-and-forth requests, and manually   show more ...

collecting and sharing evidence, takes up so much valuable […] La entrada From Prep to Pass, Scytale Launches Its Built-In Audit, Transforming It Into The Complete Compliance Hub for SaaS – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cloud-Native Application Protection Platform (CNAPP) , Security Information & Event Management (SIEM) , Security Operations Palo Alto Offering Free Products Won’t Neutralize CrowdStrike’s Cost Advantage: CEO Michael Novinson (MichaelNovinson) •   show more ...

March 6, 2024     George Kurtz, CEO, CrowdStrike (Image: CrowdStrike) CEO George Kurtz said Palo Alto Networks’ strategy of […] La entrada George Kurtz: There’s a Difference Between Price, Total Cost – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CIRCIA

Source: news.sophos.com – Author: Doug Aamoth PRODUCTS & SERVICES Insights to support US organizations impacted by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Note: this information is relevant to US based organizations; click the image above to download the report. In   show more ...

March 2022, President Biden signed the Cyber Incident Reporting for […] La entrada Sophos Guidance on CIRCIA – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog The Insecurity of Video Doorbells Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible. First, these doorbells expose your home IP address and WiFi network name to the internet without   show more ...

encryption, potentially opening your home network to online criminals. […] Anyone who […] La entrada The Insecurity of Video Doorbells – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 05, 2024NewsroomMalware / Cyber Threat North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News,   show more ...

TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The […] La entrada Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley Chinese mini PC manufacturer ACEMAGIC (do I really have to write that in capitals? I hate it when companies name themselves like that…) has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its   show more ...

products. Yup, the […] La entrada Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.infosecurity-magazine.com – Author: 1 Cybersecurity professionals are increasingly prepared to moonlight as cybercriminals in a bid to top up their salaries, according to new research from the Chartered Institute of Information Security (CIISec). The institute enlisted the help of a former police   show more ...

officer and covert operative to analyze dark web forum job adverts from […] La entrada Cyber Pros Turn to Cybercrime as Salaries Stagnate – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 A threat actor has been distributing remote access Trojans (RATs) on Android and Windows operating systems using online meeting lures, according to cloud security provider Zscaler. This campaign has been ongoing since at least December 2023, observed Zscaler’s   show more ...

threat intelligence team, ThreatLabz. The distributed RATs include Android-focused SpyNote RAT and […] La entrada Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 The US government has announced further action against commercial spyware makers by sanctioning two people and five “entities” associated with the Intellexa Consortium. Intellexa is the umbrella organization for multiple companies based in Greece, Ireland,   show more ...

Hungary and beyond. Its North Macedonian Cytrox business is responsible for developing prolific spyware known […] La entrada US Sanctions Predator Spyware Maker Intellexa – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Read more on deepfake policy changes ahead of the 2024 elections: OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video Meta to Introduce Labeling for AI-Generated Images   show more ...

Ahead of US Election South Korea’s police forces are developing a […] La entrada South Korean Police Develops Deepfake Detection Tool Ahead of April Elections – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 alphv

Source: www.infosecurity-magazine.com – Author: 1 The ALPHV/BlackCat ransomware group’s operations seem to have halted amid allegations of defrauding an affiliate involved in the Optum attack, which targeted the Change Healthcare platform, resulting in a loss of $22m. Over the weekend, negotiation sites   show more ...

linked to the ransomware activities were confirmed to have been shut down, indicating a […] La entrada ALPHV/BlackCat Ransomware Servers Go Down – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 American

Source: www.infosecurity-magazine.com – Author: 1 American Express (Amex) has alerted customers that their credit card details may have been compromised following a third-party data breach. In a notice letter to customers, filed with the US State of Massachusetts, the credit card provider warned that current or   show more ...

previously issued Amex card account numbers, customer names, and […] La entrada American Express Warns Credit Card Data Exposed in Third-Party Breach – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted   show more ...

prescription drug services nationwide for weeks. However, the cybercriminal who claims […] La entrada BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Luis Millares Norton Secure VPN is a fast-performing VPN solution from popular security provider Norton. In this article, we walk you through how to set up and use Norton Secure VPN. We also answer some frequently asked questions about Norton Secure VPN and its features. 1   show more ...

Semperis Employees per Company Size […] La entrada How to Use Norton Secure VPN (A Step-by-Step Guide) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Luis Millares We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Having a hard time getting started with Proton VPN? Learn how to use Proton   show more ...

VPN with our […] La entrada How to use Proton VPN (A Step-by-Step Guide) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Luis Millares Surfshark VPN is an all-around VPN solution that provides a good balance of security and affordable pricing. In this article, we walk you through how to set up and use Surfshark VPN. We also answer some frequently asked questions about Surfshark and its   show more ...

features. 1 Semperis Employees per Company […] La entrada How to use Surfshark VPN (A Step-by-Step Guide) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Andrew Wan We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Learn about passwordless authentication, and explore the different types,   show more ...

benefits and limitations to help you decide which […] La entrada What Is Passwordless Authentication? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Luis Millares TunnelBear VPN is a user-friendly VPN solution that’s great for beginners who don’t want an overly technical VPN. In this article, we walk you through how to set up and use TunnelBear VPN. We also answer some frequently asked questions about TunnelBear   show more ...

and its features. Semperis Employees per Company […] La entrada How to use TunnelBear VPN (Step-by-Step Tutorial) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: Selecting the right virtual private network provider for your needs requires a fair bit of legwork because the choices are many and the offerings vary greatly. This quick-glance chart from TechRepublic Premium is blank and to be filled in by the user. The idea is to round   show more ...

up the top contenders […] La entrada Comparison Chart: VPN Service Providers (Free Download) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: As the saying goes, a chain is only as strong as its weakest link. This applies more than ever to cybersecurity implementations designed to protect organizations from malicious attacks, intruders and vulnerabilities. While security principles should apply throughout the   show more ...

organization, locking down the perimeter and ensuring only necessary connections get through […] La entrada Perimeter Security Policy – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple's

Source: go.theregister.com – Author: Team Register Apple’s latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. In typical Apple fashion, it’s keeping most of the interesting details under wraps,   show more ...

but both have the potential to access data in the protected kernel. The consumer tech […] La entrada Apple’s trademark tight lips extend to new iPhone, iPad zero-days – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Capita

Source: go.theregister.com – Author: Team Register Outsourcing giant Capita today reported a net loss of £106.6 million ($135.6 million) for calendar 2023, with the costly cyberattack by criminals making a hefty dent in its annual financials. The total costs incurred due to the break-in, believed to be carried   show more ...

out by the Black Basta ransomware group […] La entrada Capita says 2023 cyberattack costs a factor as it reports staggering £100M+ loss – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Wednesday, March 06
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay