Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for MediaWorks Data Brea ...

 Data Breach News

MediaWorks, a prominent media company, has confirmed a cyberattack in a recent update. The MediaWorks cyberattack came to light on the evening of March 14 when the threat claimed the attack on a dark web forum. The company responded by shifting all current competition entries to a new secure database after claims   show more ...

surfaced regarding a breach affecting data from website competition entries. In a statement titled “An update regarding MediaWorks’ cyber security incident,” the company emphasized its commitment to data security and assured stakeholders that its technology team, in collaboration with external experts, was actively investigating the cyberattack on MediaWorks. Source: MediaWorks The company expressed regret for any inconvenience caused and pledged to share more information as it became available. Decoding the MediaWorks Cyberattack OneERA, a threat actor operating on the dark web, asserted responsibility for the MediaWorks cyberattack. The breach reportedly resulted in the unauthorized access of a significant 2,461,180 records purportedly containing personally identifiable information (PII) of individuals in New Zealand. Source: Dark Web The compromised data, as claimed by OneERA, encompassed sensitive particulars, including full names, addresses, mobile numbers, email addresses, dates of birth, and additional details. In a dark web post laying claim to the MediaWorks cyberattack, the perpetrator stated, “Guys, we have stolen 2,461,180 New Zealand citizens’ data from mediaworks.co.nz. We plan to sell this data, so please contact us as soon as possible if you’re interested. The data we successfully stole include: [Citizens’ names, home addresses, mobile numbers, email addresses, dates of birth, home phone numbers, user postal codes, user genders, Userlds]”. Despite this alarming revelation, MediaWorks officials have remained silent on the matter in their public statements, neither confirming nor denying the hacker’s claims. Moreover, on the BreachForums, OneERA publicly advertised the sale of the pilfered PII data, alongside supplementary private materials like survey responses, videos, music content, and electoral information. Dated March 14, 2024, the post delineated the scope of the MediaWorks data breach and urged prospective purchasers to initiate private communication for further details. The Aftermath of the Cyberattack on MediaWorks  The aftermath of the cyberattack saw hackers connected to the breach resorting to blackmail tactics. Victims were threatened with the public release of their private information unless they complied with the hackers’ demands. According to reports from Newshub, individuals affected by the breach received emails from the hackers, indicating that their data had been compromised. The hackers, dissatisfied with MediaWorks’ response to their initial negotiation attempts, demanded a ransom of US$500 (approximately NZ$820) in Bitcoin to prevent the public disclosure of the data. They warned recipients that time was of the essence, emphasizing the urgency of the situation. In response to these developments, MediaWorks acknowledged the direct approaches made by the hackers to individuals affected by the breach. The company urged anyone with concerns to reach out to its privacy office at privacy@mediaworks.co.nz for assistance.  This is an ongoing story and The Cyber Express will be closely monitoring the situation and has reached out to MediaWorks to learn more about this data breach and the numbers asserted by the threat actors. TCE will update this post once more information is received on the MediaWorks cyberattack or any further notices from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Tech Giant Fujitsu C ...

 Data Breach News

Fujitsu, the renowned multinational technology giant, issued a statement confirming a cyberattack on its systems. The company’s officials disclosed that the Fujitsu data breach resulted in the discovery of malware on several of the organization’s work computers, raising concerns about the potential theft   show more ...

of personal and customer information. An official informed The Cyber Express that the incident is contained within Japan, with no reported impact beyond its borders thus far. “We confirmed the presence of malware on several of our company’s work computers, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be illegally taken out,” reads the notice released by Fujitsu officials. Source: Fujitsu Fujitsu data breach: Company’s Action Plan The revelation of the Fujitsu data breach has prompted immediate action from the organization, including the disconnection of affected business computers and the implementation of enhanced monitoring measures on other systems. “After confirming the presence of malware, we immediately disconnected the affected business computers and took measures such as strengthening monitoring of other business computers. Additionally, we are currently continuing to investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked,” the notice reads further. While details regarding the specific type of malware used and the exact nature of the data breach at Fujitsu remain undisclosed, the firm has reassured stakeholders that investigations are ongoing to ascertain the full extent of the intrusion and whether any information has been compromised. The company has also taken proactive steps by reporting the incident to the Personal Information Protection Commission and reaching out to affected individuals and customers individually. Mitigation Measures and Regret Despite the severity of the situation, Fujitsu has not received any reports of misuse of personal information or customer data thus far. “In addition to reporting individually to the targeted individuals and customers, we have also reported to the Personal Information Protection Commission in anticipation of the possibility that personal information may have been leaked. To date, we have not received any reports that personal information or information about our customers has been misused,” informed Fujitsu’s Officials to The Cyber Express. Nevertheless, the company has expressed deep regret for the inconvenience and concern caused by the incident. The implications of this cyberattack on Fujitsu are significant, particularly considering Fujitsu’s stature as a leading provider of information and communications technology equipment and services. Established in 1935 and headquartered in Tokyo, Fujitsu boasts a prominent global presence and is renowned as the world’s sixth-largest IT services provider by annual revenue. However, this Fujitsu cyber incident has highlighted the persistent threat posed by cyberattacks and the critical importance of robust cybersecurity measures in today’s digital landscape. It is worth noting that this Fujitsu data breach comes at a sensitive time for the organization, following renewed scrutiny over its involvement in the wrongful convictions of hundreds of U.K. Post Office workers. The recent furor surrounding the use of Fujitsu-developed Horizon computer software highlights the potentially far-reaching implications of cybersecurity lapses within the organization. As the investigation into the cyberattack on Fujitsu progresses, stakeholders will be closely monitoring Fujitsu’s response and the measures implemented to prevent future incidents. In an era where data security is paramount, this Fujitsu cyber incident serves as a reminder of the ever-evolving threats faced by corporations and the imperative of prioritizing cybersecurity protocols to safeguard sensitive information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CISA Launches Reposi ...

 Cybersecurity News

The Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant step towards fortifying the cybersecurity of federal systems with the announcement of the Repository for Software Attestation and Artifacts. This platform allows software producers partnering with the federal government to upload   show more ...

software attestation forms and relevant artifacts, ensuring the integrity and security of software used in critical functions. Last week, in collaboration with the Office of Management and Budget (OMB), CISA introduced the secure software development attestation form. This form enables software producers serving the federal government to attest to the implementation of specific security practices, thus safeguarding federal systems from malicious cyber actors. Source: Twitter According to Executive Assistant Director for Cybersecurity Eric Goldstein, “Software underpins nearly every service our government delivers on behalf of the American people. This is why CISA and our partners are working to transform federal cybersecurity practices by advancing strong software development security practices for the software upon which Americans depend.” CISA Standardized Process for Transparency The repository aims to establish a standardized process for agencies and software producers, providing transparency on the security of software development. By facilitating the adoption of software from producers that attest to using sound secure development practices, federal agencies can enhance their cybersecurity posture and mitigate potential threats effectively. “The repository for software attestation and artifacts will enable a standardized process for agencies and software producers that provides transparency on the security of software development. We look forward to further refining the process to continue elevating software security across the federal enterprise,” added Goldstein. OMB Memorandum M-22-18 and M-23-16 emphasize the importance of secure software development practices and restrict agencies’ use of software that does not adhere to these standards. The newly introduced attestation form allows software producers to confirm their compliance with these practices, ensuring that federal systems are protected against vulnerabilities. CISA’s Other Initiatives Before this initiative, CISA collaborated with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) to unveil the 911 Cybersecurity Resource Hub. This centralized repository empowers Emergency Communications Centers (ECCs) nationwide by providing essential resources and expertise to enhance cybersecurity resilience. In another stride towards bolstering critical infrastructure resilience, CISA, in collaboration with the American Samoa Department of Homeland Security, initiated the Regional Resiliency Assessment Program (RRAP). This program highlight the significance of collaborative efforts in strengthening critical infrastructure resilience and mitigating cybersecurity risks. Furthermore, CISA, in partnership with the Department of Health and Human Services (HHS) and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, introduced the CISA Healthcare Cybersecurity Toolkit. Tailored to empower IT security leaders in the healthcare sector, this resource enhances organizations’ resilience against cyber threats, thereby safeguarding sensitive healthcare data and ensuring uninterrupted delivery of healthcare services. The concerted efforts of CISA and its partners highlight a proactive approach towards enhancing cybersecurity across federal systems and critical infrastructure sectors, ultimately bolstering national cybersecurity resilience in the face of evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for UnitedHealth Group A ...

 Data Breach News

The UnitedHealth Group has announced the allocation of over $2 billion in recovery efforts following the Change Healthcare cyberattack that occurred last month. In a press release issued on March 18, 2024, the healthcare conglomerate acknowledged the ramifications of the incident and encouraged affected parties to   show more ...

seek assistance through Optum. Change Healthcare is also in the process of recovery, with the introduction of medical claims preparation software being a significant step towards service restoration. This software will be gradually implemented for thousands of customers in the coming days, with third-party validations anticipated before full-service resumption. In February 2024, Change Healthcare, a prominent U.S. healthcare technology provider, confirmed a cyberattack on its systems, resulting in widespread disruptions to healthcare services nationwide. Described as an “enterprise-wide connectivity issue,” the cyberattack prompted immediate measures from the company, including the disconnection of its systems to mitigate further impact. Nevertheless, with the ongoing recovery plan, the medical facility is progressing toward restoration, which will be executed in phases until all customers are operational again. Change Healthcare Cyberattack Updates Andrew Witty, CEO of UnitedHealth Group, expressed optimism about the progress made: “We continue to make significant progress in restoring the services impacted by this cyberattack. We know this has been an enormous challenge for healthcare providers, and we encourage any in need to contact us.” Source: UnitedHealth Group Recent milestones include the restoration of Change Healthcare’s electronic payments platform on March 15, along with ongoing payer implementations. Additionally, as of March 7, 99% of Change Healthcare pharmacy network services have been restored, with efforts ongoing to resolve the remaining issues highlighted during the Change Healthcare cyberattack. “Change Healthcare works across the health system to make clinical, administrative, and financial processes simpler and more efficient for payers, providers, and consumers. Change Healthcare has experienced a cybersecurity issue, and we have multiple workarounds to ensure provider claims are addressed and people have access to the medications and care they need”, reads the official press release.  Moreover, Change Healthcare announced that it made significant progress in restoring the pharmacy network services, reaching 99% functionality. Assurance, its medical claims preparation software, is operational, with testing and implementation for initial providers starting on March 18. Reconnection efforts with thousands of providers are ongoing, aiming for full functionality by week’s end. Relay Exchange, its largest clearinghouse, is anticipated to be online soon. Efforts continue into the week of March 25, with no capacity challenges expected. Change Healthcare is assisting claims submitters lacking Relay Exchange connectivity and providing support for cash-strapped providers. Security measures for its systems, including Amazon cloud services, have been rigorously enhanced to ensure safety. UnitedHealth Group Shares Mitigation Strategies Recognizing the financial strain on care providers, UnitedHealth Group has proactively provided over $2 billion in advance through various initiatives. Acknowledging the fragmented nature of the U.S. healthcare system, the company has streamlined access to funding support and suspended certain administrative hurdles, such as prior authorizations for outpatient services and utilization reviews for Medicare Advantage plans. Care providers seeking financial assistance are encouraged to register at www.optum.com/temporaryfunding for pre-populated funding assistance levels. The organization has also opted for additional support and eligibility inquiries that can be made through the temporary funding assistance inquiry form or by calling 1-877-702-3253. To ensure transparent communication, UnitedHealth Group will host detailed update calls with customers, care providers, and their information security teams. Educational resources, including on-demand webinars, have also been made available to guide providers and customers through the reconnection process and explain the temporary funding assistance programs. The Change Healthcare Cyberattack: What Happened? The cyberattack on Change Healthcare was confirmed to be orchestrated by the ALPHV ransomware group, and caused widespread disruption to operations, according to the official announcement. While the exact method of entry into Change Healthcare’s network remains undisclosed, ALPHV is known for tactics such as exploiting Microsoft’s remote desktop protocol and Active Directory brute-force attacks. The attack, which occurred on February 21, 2024, affected millions of Americans relying on Change Healthcare’s services. Following the attack, Change Healthcare disconnected over 111 services to contain the damage and engaged law enforcement and cybersecurity firms for remediation. The American Hospital Association and the Medical Group Management Association sought government assistance due to the attack’s impact on healthcare services. The attack severely disrupted patient care services, claims processing, hospital finances, and revenue cycle management. The U.S. federal government, through agencies like HHS and CMS, offered assistance to affected organizations. Efforts are underway to restore connectivity for providers affected by the cybersecurity incident. Optum is facilitating the transition of affected providers to its iEDI Clearinghouse over the next few weeks, ensuring continuity of claims and ERA transactions. Change Healthcare has also activated Rx Connect services and is actively restoring full connectivity for claim traffic. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Unverified Claims: R ...

 Firewall Daily

The US Defense Logistics Agency (DLA) reportedly experienced a data breach, allegedly attributed to the Russian Evilics Group, as disclosed by the threat actor on March 17, 2024. The purported ASSIST cyberattack targeted the website of the DLA’s standardization management arm, although claims have not been   show more ...

independently verified. ASSIST functions as a critical platform within the Defense Standardization Program (DSP), responsible for coordinating, disseminating, and managing defense and federal standards, as well as related technical documents. Decoding the Alleged ASSIST Cyberattack Claims The Cyber Express has reached out to the DLA to learn more about this alleged cyberattack on ASSIST. However, at the time of writing this report, no official statement or response has been received, leaving the claims for the ASSIST cyberattack stand unverified right now.  Source: Daily Dark Web Moreover, the website claimed by the hackers as the victim seems to be operational at the moment and doesn’t show any immediate signs of the cyberattack. The Russian Evilics Group could have targeted the backend of the website instead of launching a front-end assault like a Distributed Denial-of-Service (DDoS) attack. Boasting a vast repository of over 115,570 technical documents and 246,183 PDF files, ASSIST is pivotal for maintaining the Department of Defense’s specifications and standards. Managed by the Defense Standardization Program Automation Office (DSPAO), ASSIST offers free access to DSP technical resources and incorporates tools for users to search, generate reports, and receive customized alerts.  Who is the Russian Evilics Group? The Russian Evilics Group, a recently emerged pro-Russian hacktivist faction, made its public debut on the dark web in March 2024. Their manifesto emphasizes a commitment to safeguarding Russian interests in the digital realm, combating threats both foreign and domestic.  Source: X In their own words, the group sees itself as explorers, defenders, and creators in the vast domain of cyberspace. “Dear friends, we have been doing our own thing for a long time, and we are finally going out into the open! We are a team from Russia, united by a passion for our vast country. Our goal is to protect the interests of the Russian Federation in cyberspace, both from external and internal threats. We explore, we protect, we create”, reads the threat actor’s introductory post.  The Russian Evilics Group’s infiltration of the DLA’s website raises concerns about the security vulnerabilities within critical government infrastructure. The threat actor, in the dark web post, says, “Our group compromised a website belonging to the US Defense Logistics Agency. We have access to many documents of levels A, B, C, D, E, F. We will definitely reveal the characteristics and vulnerable points of any military unit in Ukraine!”.  This is an unverified and ongoing story. The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the ASSIST cyberattack or any official confirmation from the US Defense Logistics Agency (DLA). Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for The New CISO: Rethin ...

 Feed

Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step.

 Malware and Vulnerabilities

Wiper attacks have been a go-to for Russian attacks on Ukrainian government and private-sector targets in the past two years, and the latest version of the software used to target Viasat shows how Russian hacking groups are evolving their tools.

 Breaches and Incidents

Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, a US-based AI hiring system.

 Feed

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

 Feed

Ubuntu Security Notice 6701-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in   show more ...

the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

 Feed

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages.   show more ...

GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

 Feed

Red Hat Security Advisory 2024-1367-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1353-03 - An update is now available for Red Hat Process Automation Manager. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1324-03 - An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1319-03 - Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1318-03 - An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1317-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include buffer overflow, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1316-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include cross site scripting, information leakage, and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1255-03 - Red Hat OpenShift Container Platform release 4.15.3 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a traversal vulnerability.

 Feed

Ubuntu Security Notice 6700-1 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly   show more ...

execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

 Feed

Ubuntu Security Notice 6699-1 - Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service. It was discovered that the Quick Fair Queueing   show more ...

scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object

 Feed

A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized

 Feed

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.&

 Feed

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends. "Hosting phishing lures on DDP sites increases the likelihood

 Feed

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/

 Feed

Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates," Recorded Future said in a new report shared with The Hacker News.

 Feed

Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls. What’s more, a typical enterprise site saw an average of 1.5 billion API

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Image: Midjourney The U.S. Securities and Exchange Commission (SEC) announced today that two investment advisers, Delphia (USA) and Global Predictions, have settled charges of making misleading statements regarding the use of artificial intelligence (AI)   show more ...

technology in their products. Both companies have agreed to pay $400,000 in civil penalties for […] La entrada Investment advisers pay $400K to settle ‘AI washing’ charges – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cybertalk.org – Author: slandau Peter Elmer, Check Point Office of the CTO and Mor Ahuvia, Check Point Office of the CTO. By 2026, 70% of enterprises will have adopted SD-WAN. The shift towards cloud-based services and infrastructure is driving organizations to rethink their networking   show more ...

infrastructure. At present, your organization may be experiencing some of […] La entrada Is your outdated WAN putting the brakes on your business? What to watch for – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: David Carillet via Shutterstock North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes   show more ...

against South Korean entities. In a campaign dubbed “DEEP#GOSU,” which is attributed to the […] La entrada North Korea-Linked Group Levels Multistage Cyberattack on South Korea – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Soutrce: Jirsak via Shutterstock Repositories for machine learning models like Hugging Face give threat actors the same opportunities to sneak malicious code into development environments as open source public repositories like npm and PyPI.   show more ...

At an upcoming Black Hat Asia presentation this April entitled “Confused Learning: Supply […] La entrada ML Model Repositories: The Next Big Supply Chain Attack Target – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Iulia Bycheva via Alamy Stock Photo A previously unidentified Chinese espionage group has managed to breach at least 70 organizations across 23 countries, including 48 in the government space, despite using rather standard-fare   show more ...

tactics, techniques, and procedures (TTPs). “Earth Krahang” doesn’t seem to be a high-level […] La entrada Chinese APT ‘Earth Krahang’ Compromises 48 Gov’t Orgs on 5 Continents – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arabia's

Source: www.darkreading.com – Author: PRESS RELEASE RIYADH, 18 March 2024 – Saudi Arabia’s National Cybersecurity Authority (NCA) has announced the Global Cybersecurity Forum (GCF) Annual Meeting 2024, to be held in Riyadh, 2-3 October 2024. Under the theme ‘Advancing Collective Action in   show more ...

Cyberspace,’ the event will unite thought leaders, decision makers and experts across the global […] La entrada Saudi Arabia’s National Cybersecurity Authority Announces the GCF Annual Meeting 2024 – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Authorities

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Huang Zheng via Shutterstock With the help of Interpol’s cybercrime unit, Brazilian authorities recently made headway in combatting the infamous Grandoreiro banking Trojan operation with the arrest of five suspects allegedly   show more ...

associated with the group. The Grandoreri malware first introduces itself through phishing emails […] La entrada Brazilian Authorities Arrest Members of Banking Trojan Cybercrime Group – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading 2 Min Read Source: Eric D ricochet69 via Alamy Stock Photo Global business technology colossus Fujitsu issued an apology for exposing customer data, following an investigation precipitated by the discovery of malware on the   show more ...

company’s computers. The Japanese corporation confirmed the cyber incident in a statement […] La entrada Fujitsu: Malware on Company Computers Exposed Customer Data – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Itzik Alvas Itzik Alvas, Co-Founder & CEO, Entro Security March 18, 2024 5 Min Read Source: Andrey Khokhlov via Alamy Stock Photo COMMENTARYOne of the standard cybersecurity tools today is to relentlessly check the Dark Web — the preferred workplace for bad guys   show more ...

globally — for any hints that your enterprise’s […] La entrada Tracking Everything on the Dark Web Is Mission Critical – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Businesses

Source: www.darkreading.com – Author: Jesper Trolle 4 Min Read Source: Christophe Coat via Alamy Stock Photo COMMENTARY Globally, cybersecurity threats continue to accelerate in pace and scale with rising malware and deepfake attacks. Over a third of organizations worldwide suffered a material cyber incident   show more ...

from malicious actors in the past year, while 73% were affected […] La entrada 3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems. The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered   show more ...

the presence of malware on its […] La entrada Fujitsu hack raises questions, after firm confirms customer data breach – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.bitdefender.com – Author: Graham Cluley Two firms have been fined $26 million by the US Federal Trade Commission (FTC) for scaring consumers into believing their computers were infected by malware. The FTC claimed that Restoro Cyprus Limited and Reimage Cyprus Limited, both based in Cyprus, operated   show more ...

a tech support scam since at least 2018 […] La entrada Scareware scam: Restoro and Reimage fined $26 million by FTC – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.tripwire.com – Author: Graham Cluley An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested   show more ...

in 2022 as part of a multinational law enforcement […] La entrada LockBit affiliate jailed for almost four years after guilty plea – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: grahamcluley.com – Author: Graham Cluley Roku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving? All this and much much more is discussed in the latest edition of the   show more ...

“Smashing […] La entrada Smashing Security podcast #363: Stuck streaming sticks, TikTok conspiracies, and spying cars – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Acer

Source: www.bitdefender.com – Author: Graham Cluley The Philippines division of Taiwanese tech firm Acer has confirmed that information related to its employees has been leaked after a third-party vendor suffered a security breach. An attacker called “ph1ns” posted a link on a hacking forum to a   show more ...

stolen database containing employee attendance data from Acer Philippines. […] La entrada Leak of Acer Philippines employee database appears on hacking forum – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 credential stuffing

Source: www.bitdefender.com – Author: Graham Cluley Streaming company Roku has revealed that over 15,000 customers’ accounts were hacked using stolen login credentials from unrelated data breaches. In data breach notices to the Attorneys General for Maine and California, Roku said hackers accessed the   show more ...

accounts of 15,363 US residents in a campaign that lasted from December […] La entrada Hackers target Roku: 15,000 accounts compromised in data breach – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cryptocurrency

Source: grahamcluley.com – Author: Graham Cluley Well, here’s a shocker. Incognito Market, a darknet platform connecting sellers of narcotics to potential buyers, has turned out to be not entirely trustworthy. Drug vendors and buyers alike are being extorted. They are being threatened that their supposedly   show more ...

secure (and in some cases supposedly deleted) private chats will […] La entrada Incognito Market: The not-so-secure dark web drug marketplace – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Belgium

Source: grahamcluley.com – Author: Graham Cluley Ransomware HALTS beer production at Belgium’s Duvel brewery | Graham Cluley Bad news folks. I’m afraid that the people of Belgium are dealing with a national emergency. Yes, I’m afraid that a ransomware attack hit a part of Belgium’s critical   show more ...

infrastructure on Tuesday night. Sign up to our free […] La entrada Emergency. Ransomware halts beer production at Belgium’s Duvel brewery – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISOs

Source: www.darkreading.com – Author: David Strom Source: Jerome via Alamy Stock Photo Today’s CISOs are under attack from numerous quarters, both within and outside their organizations. Certainly, there are plenty of bad actors using new and more sophisticated exploit methods to penetrate their networks.   show more ...

But internally, they’re also under fire. The requirements for the modern […] La entrada 5 Ways CISOs Can Navigate Their New Business Role – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bridge

Source: www.darkreading.com – Author: John Klossner, Cartoonist 1 Min Read That bridge you said you’d cross when you’d come to it? Well, time’s up! Come up with a clever cybersecurity-related caption to describe the scene above, and our favorite will win a $25 Amazon gift card. Here are four   show more ...

convenient ways to submit your ideas […] La entrada Name That Toon: Bridge the Gap – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Stephen Lawton, Contributing Writer Source: designer491 via Alamy Stock Photo Chief information security officers (CISOs) face a number of daily challenges, including defending against constant attacks from cybercriminals, finding misconfigured servers, and presenting to   show more ...

their corporate boards to drum up additional funding to meet regulatory requirements and prevent zero-day attacks. Now […] La entrada New Regulations Make D&O Insurance a Must for CISOs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: David Chapman via Alamy Stock Photo A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan (RAT) that evades detection, partially by showing up   show more ...

as legitimate software. In a campaign dubbed “PhantomBlu” by researchers at Perception […] La entrada ‘PhantomBlu’ Cyberattackers Backdoor Microsoft Office Users via OLE – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: James Doggett 5 Min Read Source: Kjetil Kolbjørnsrud via Alamy Stock Photo COMMENTARY Companies recognize the importance of cybersecurity and increasingly incorporate it as an asset in their operational strategies. But by mixing security and operations, organizations may   show more ...

be diluting the core mission of the chief information security officer (CISO): to […] La entrada The New CISO: Rethinking the Role – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nathan Eddy, Contributing Writer Source: Blackboard via Alamy Stock Photo A novel cyberattack method dubbed “Conversation Overflow” has surfaced, attempting to get credential-harvesting phishing emails past artificial intelligence (AI)- and machine learning   show more ...

(ML)-enabled security platforms. The emails can escape AI/ML algorithms’ threat detection through use of hidden text designed to mimic […] La entrada ‘Conversation Overflow’ Cyberattacks Bypass AI Security to Target Execs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Dennizn via Alamy Stock Photo A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full   show more ...

takeover of all Windows nodes within a Kubernetes cluster. Akamai security researcher Tomer Peled discovered […] La entrada Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Leo Scott Leo Scott, Chief Innovation Officer, DataTribe March 13, 2024 5 Min Read Source: marcos alvarado via Alamy Stock Photo COMMENTARY Artificial intelligence (AI) is rapidly altering nearly every aspect of our daily lives, from how we work to how we ingest information   show more ...

to how we determine our leaders. As […] La entrada Why You Need to Know Your AI’s Ancestry – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ChatGPT

Source: www.darkreading.com – Author: Nathan Eddy, Contributing Writer Source: Mopic via Alamy Stock Photo Three security vulnerabilities unearthed in the extension functions ChatGPT employs open the door to unauthorized, zero-click access to users’ accounts and services, including sensitive repositories   show more ...

on platforms like GitHub. ChatGPT plug-ins and custom versions of ChatGPT published by developers extend the […] La entrada Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Tithi Luadthong via Alamy Stock Photo A sophisticated Brazilian banking Trojan is using a novel method for hiding its presence on Android devices. “PixPirate” is a multipronged malware specially crafted to exploit Pix, an   show more ...

app for making bank transfers developed by the Central Bank of Brazil. […] La entrada ‘PixPirate’ RAT Invisibly Triggers Wire Transfers From Android Devices – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Tuesday, March 19
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay