Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for New Details Emerge: ...

 Firewall Daily

In the aftermath of the Apex Legends hacking incident that marred the ALGS North American Finals, fresh insights have emerged, shedding light on the nature of the cyberattack that rattled the event and the esports community at large.  During the event livestream, two esports players, Genburton representing team   show more ...

DarkZero and ImperialHal from Team SoloMid (TSM) inadvertently faced a game hack mid-tournament. What seemed like an in-game hack has now turned into a server associated with malicious behavior, suggesting a Trojan virus as the likely point of entry for the hacker. In a YouTube video, PirateSoftware and ThePrimeagen shared insights into the hack, stating “This doesn’t mean there is RCE in Apex. It means this guy’s computer is compromised at the very minimum. Nothing else needs to be involved in that ”, indicating that the previous assumptions about an RCE bug in Apex Legends might be false.  Apex Legends Hacking Incident Update ImperialHal, a popular Twitch streamer who fell victim to the hack, engaged in a conversation with “PirateSoftware,” a seasoned cybersecurity expert. During their discussion, ImperialHal disclosed installing Malwarebytes post-incident, which detected suspicious activity linked to an inbound connection to his PC during the hack.  After analysis, PirateSoftware discovered an IP address linked to ImperialHal’s PC during the hack. Further probing revealed its association with a server known for malicious activities. The expert inferred that the hacker, Destroyer2009, likely gained direct access to ImperialHal’s PC via Trojan virus This finding suggests a lower probability of the attack originating from a remote code execution through the game’s client, alleviating new concerns around the esports community. However, these conclusions are yet to be officially confirmed. Moreover, during the conversation between PirateSoftware and ThePrimeagen, it was revealed that the hack happened to multiple players and was not an isolated event.  What Happened During the Apex Legends Hacking Incident? The Apex Legends hacking incident unfolded during the ALGS North American Finals, abruptly halting the competition as aimbots and wallhacks infiltrated the gameplay, compromising the experience for prominent players. Source: Anti-Cheat Police Department on X This disruption prompted Apex Legends Esports to postpone the finals, citing concerns about competitive integrity. The Cyber Express previously reported about the Apex Legends hacking incident wherein video evidence captured a sudden appearance of cheat indicators, including Aimbot, granting Burton unfair advantages such as enemy location and health status. The presence of the hacker, identified as Destroyer 2009, was revealed through the accompanying chat box, indicating previous disruptions in tournaments. Notably, Destroyer 2009 had orchestrated similar incidents in the past, targeting players like ImperialHal with lobby bots during ranked gameplay. The specifics of the hack, including features like compensation, target lock, and auto-fire, highlight the severity of the breach, raising concerns about the game’s security measures. The intrusion, seemingly executed client-side within private lobbies, exposes vulnerabilities that threaten the integrity of competitive gaming. However, it’s crucial to note that these findings are specific to ImperialHal’s case, and the situation surrounding Gen Burton’s targeting remains fluid. The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more details about the Apex Legends cyberattack or any further information from Apex Legends.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Transatlantic Cable ...

 News

Episode 339 of the Transatlantic Cable podcast kicks off with news that several employees in TikTok were caught covertly spying on Forbes journalists. From there, the team talk about a new cooperation between governments to better tackle spyware and news that the FTC is looking at the upcoming Reddit IPO and AI   show more ...

training data. To close out the podcast, the team discuss news that at least 900 websites built using Googles FireBase cloud database may be leaking sensitive user data. If you liked what you heard, please consider subscribing. TikTok Spied On Forbes Journalists Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement FTC investigating Reddit plan to sell user content for AI model training 900+ websites and expose millions of passwords via Firebase

image for Critical Infrastruct ...

 Firewall Daily

CISA, alongside key partners such as the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and various U.S. and international entities, has revealed a comprehensive joint fact sheet addressing the pressing issue of PRC State-Sponsored Cyber Activity, also known as PRC Sponsored Volt Typhoon   show more ...

Cyber Activity. This collaborative effort aims to equip critical infrastructure leaders with essential insights and actionable guidance to mitigate the risks associated with this cyber threat. The fact sheet, titled “PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders,” has been developed in conjunction with prominent organizations including the U.S. Department of Energy (DOE), the U.S. Environmental Protection Agency (EPA), the U.S. Transportation Security Administration (TSA), and the U.S. Department of Treasury, among others. PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders Source: CISA According to assessments by the participating U.S. authoring agencies, the PRC-sponsored advanced persistent threat group known as “Volt Typhoon” is actively seeking to establish a foothold within IT networks using sophisticated techniques, notably living off the land (LOTL) strategies.  This preparation is believed to facilitate disruptive or destructive cyber activities targeting critical infrastructure in the event of heightened geopolitical tensions or military conflicts involving the United States. The fact sheet highlights the critical nature of the risk posed by the Volt Typhoon and provides specific guidance for critical infrastructure leaders to bolster their organizations’ defenses against this threat. Urging a proactive approach, CISA and its partners emphasize the importance of familiarizing oneself with the provided guidance to effectively safeguard against potential cyber intrusions. Steps to Take Against PRC-Sponsored Volt Typhoon Cyber In addition to highlighting the imminent dangers posed by Cyber Activity, the fact sheet outlines actionable steps that leaders can take to enhance their cybersecurity posture. These actions include making informed resourcing decisions, empowering cybersecurity teams with relevant training and skill development, and conducting regular tabletop exercises to ensure preparedness. Furthermore, the fact sheet emphasizes the importance of securing the supply chain, advocating for the adoption of secure by design principles, and fostering a cybersecurity culture within organizations. By aligning performance management outcomes with cybersecurity goals and encouraging collaboration across departments, leaders can effectively mitigate cyber risks and strengthen their overall resilience. In the event of an incident or suspected incident, the provides clear guidelines for organizations to follow, including implementing their cyber incident response plans and promptly reporting incidents to relevant authorities. Contact information for reporting incidents is provided for U.S. organizations, ensuring timely coordination and support from agencies such as CISA and the FBI. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Guardian Breached: I ...

 Data Breach News

Unknown hackers exploited vulnerabilities in Ivanti software to infiltrate the Cybersecurity and Infrastructure Security Agency (CISA), leading to a significant breach of its networks. This CISA cyberattack forced the agency to shut down key systems in response to the breach. As the primary guardian of infrastructure   show more ...

and cybersecurity for the entire US government, CISA’s targeting underscores the sophistication of the attack. Approximately a month ago, CISA detected concerning activity indicating that its vital software, Ivanti products, were being leveraged for exploitation. CISA Cyberattack Recovery According to a spokesperson from CISA interviewed by Cybersecurity Dive, the agency promptly took two compromised systems offline as a precautionary step. Fortunately, operational activities remained unaffected during that period. “About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” denoted a CISA spokesperson. Prior to this incident, CISA had issued a warning in late February regarding cyber threat actors exploiting known vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways. These products, integral to secure network access, had become targets for malicious actors seeking unauthorized access. CISA Hacked with Broader Implications The breach within CISA’s infrastructure became apparent when two critical systems were compromised. One of the affected systems was the Infrastructure Protection (IP) Gateway, housing crucial information concerning the interdependency of U.S. infrastructure. The other compromised system was the Chemical Security Assessment Tool (CSAT), responsible for managing private-sector chemical security plans. The Cyber Express has reached out to CISA to learn more about this cyberattack. However, at the time of writing, no official statement about the hackers has been received. However, it was confirmed that CISA had already taken precautionary measures by disconnecting Ivanti products from its systems following the initial detection of vulnerabilities. The exploitation of vulnerabilities within Ivanti products was not limited to CISA alone. The threat had broader implications, prompting federal and international cyber authorities to issue a global alert in late February. It was advised that organizations using Ivanti products should take immediate steps to secure their systems, emphasizing the importance of having robust incident response plans in place. The Ivanti Vulnerability  Source: NVD The Ivanti vulnerability or CVE-2024-22024 (XXE), affected Ivanti Connect Secure and Ivanti Policy Secure products and was part of the link connected to the CISA cyberattack. According to the National Cyber Security Centre (NCSC), the Ivanti vulnerability “is an authentication bypass vulnerability in the web component of ICS (9.x, 22.x) and IPS which allows a remote attacker to access restricted resources by bypassing control checks.” Discovered during internal code review and disclosed by watchTowr, this vulnerability impacted specific versions of Ivanti Connect Secure (9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and 22.5R2.2), Ivanti Policy Secure (22.5R1.1), and ZTA (22.6R1.3).  Patch updates were made available for affected versions. The provided mitigation was effective, and those who applied the patch released in January or February did not need to reset their appliances. However, the security patches were released after weeks of exploitation activity, spilling the vulnerability assessment and its broader implications.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Crinetics Confirms C ...

 Data Breach News

Crinetics, a prominent US-based organization renowned for its contributions to drug discovery and development, has disclosed that it recently encountered a cyberattack. An official spokesperson conveyed to The Cyber Express that the company swiftly responded to the Crinetics cyberattack after identifying suspicious   show more ...

activity in an employee’s account. According to the official statement, Crinetics promptly activated its cybersecurity incident response protocol, launching a comprehensive investigation into the matter. Additionally, the company engaged third-party cybersecurity experts and promptly notified law enforcement agencies. To contain the situation, Crinetics also implemented enhanced security measures across the organization. Decoding the Crinetics Cyberattack Source: Daily Dark Web on X Upon learning of the cyberattack on Crinetics, The Cyber Express promptly sought insight from the pharmaceutical company. In their response, Crinetics disclosed the proactive measures taken upon discovering the breach.  “Crinetics recently identified suspicious activity in an employee’s account and disabled it on the same day. Crinetics immediately activated its cybersecurity incident response process, initiated an investigation, engaged third-party cybersecurity experts to assist, and notified law enforcement. The company also implemented additional company-wide security measures and contained the incident,” the Crinetics Spokesperson told The Cyber Express. Despite the Crinetics cyberattack, the organization reassured the stakeholders that the incident did not disrupt its operations or compromise its vital databases related to discovery and research. “This incident has not affected the company’s operations or its discovery and study databases. Crinetics takes all security-related matters seriously and we are committed to conducting a full investigation, which is currently ongoing, and will provide any legal notifications required,” Officials added further. The LockBit Ransomware Takedown The LockBit ransomware claimed the cyberattack on Crinetics Pharmaceuticals via a dark web post. However, this incident unfolded against the backdrop of recent law enforcement efforts to dismantle the LockBit ransomware group.  Dubbed “Operation Cronos,” a collaborative initiative spearheaded by the FBI struck a significant blow to LockBit’s infrastructure. By dismantling servers, seizing source code, and disrupting data storage, authorities dealt a severe blow to the ransomware syndicate’s operations. The crackdown on LockBit extended across international borders, with law enforcement agencies in the UK, United States, and Europe seizing over 35 servers linked to the nefarious group. Moreover, authorities unearthed approximately 30,000 Bitcoin wallets associated with ransom payments, shedding light on the scale of the criminal enterprise. Despite these significant strides, the battle against LockBit persists. Authorities have taken measures to restrict access to LockBit-related accounts on prominent cryptocurrency exchanges, yet challenges persist in tracking and prosecuting affiliates. The elusive nature of key LockBit members further complicates efforts to dismantle the syndicate entirely. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Identity Theft, Fraud, Scams

An advisory published by SlashNext today called the tactic a “Conversation Overflow” attack, a method that circumvents advanced security measures to deliver phishing messages directly into victims’ inboxes.

 Breaches and Incidents

An Earth Krahang APT campaign has been found targeting government entities worldwide, primarily in Southeast Asia, by exploiting vulnerabilities, spear-phishing, and abusing compromised government infrastructure. So far, seventy organizations spread across 23 countries have been targeted in the campaign. Leverage related IOCs to protect yourself.

 Malware and Vulnerabilities

It is priced at $200 per month and targets corporate VPN gateways, email servers, content management systems and hosting panels, according to a report by Resecurity researchers.

 Malware and Vulnerabilities

The vulnerabilities, identified by KTrust’s in-house researchers, pose significant risks to system security, including bypassing rate limit and brute force protection mechanisms, triggering DoS attacks and compromising user account safety.

 Trends, Reports, Analysis

Double extortion demands from ransomware groups aren't subtle: Pay us, or we'll publish stolen internal data for all the world to see. Being listed on the group's dark web leak sites is an intermediary step.

 Threat Intel & Info Sharing

FTC staff has received numerous reports from consumers who have fallen victim to scams in which fraudsters exploited the identities of agency personnel to coerce them via phone calls, email, or text messages into transferring or wiring money.

 Malware and Vulnerabilities

Recently, researchers came into possession of a sample believed to represent a new evolution of LockBit: an in-development version of a platform-agnostic malware-in-testing that is different from previous versions.

 Computer, Internet Security

1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.

 Incident Response, Learnings

The lawsuit alleges that disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and ongoing IT outage is threatening to push the clinic and other providers into bankruptcy.

 Expert Blogs and Opinion

Zero tolerance of failure by infosec professionals is unrealistic, and makes it harder for cybersecurity folk to do the essential part of their job: recovering fast from inevitable attacks, according to Gartner analysts Chris Mixter and Dennis Xu.

 Breaches and Incidents

“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a company spokesperson said.

 Trends, Reports, Analysis

While the language businesses use in Item 1.05 filings are ultimately crafted to notify regulators and investors of potential risks, these words also signal how a company detects, mitigates, contains, and recovers from cyberattacks.

 Security Products & Services

Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Its main objective is to evaluate security measures and recommend enhancing system hardening.

 Feed

Debian Linux Security Advisory 5641-1 - It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files.

 Feed

Ubuntu Security Notice 6686-4 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in   show more ...

the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

Ubuntu Security Notice 6702-1 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. It was discovered that the ARM Mali Display Processor driver   show more ...

implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service.

 Feed

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

 Feed

Red Hat Security Advisory 2024-1431-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1412-03 - An update for gmp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1409-03 - An update for cups is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, denial of service, and use-after-free vulnerabilities.

 Firewall Daily

The world of cybersecurity has long been dominated by men, presenting women with numerous hurdles, from biases to systemic obstacles. Yet, in recent times, a significant change is underway. More women are stepping into the field, offering diverse perspectives, inventive solutions, and a novel approach to combating   show more ...

cyber threats. By 2025, it’s estimated that women will make up 30% of the cybersecurity workforce. Women in cybersecurity are making a difference in multifaceted ways and The Cyber Express aims to commemorate this achievement by spotlighting the Top 100 women in cybersecurity who are leading the way. Women, with their analytical prowess, attention to detail, and strategic thinking have proven instrumental in identifying vulnerabilities, devising resilient defense strategies, and mitigating cyber risks effectively. Moreover, their empathetic approach often enables them to understand and address the human aspects of cybersecurity, such as social engineering and user awareness, which are critical in today’s interconnected world. As The Cyber Express celebrates women throughout March, let’s take a moment to acknowledge and cheer on the women in cybersecurity. By welcoming diversity, fostering inclusivity, and giving women a louder voice, we can build a stronger, more inclusive cybersecurity community. Let’s come together to #inspireinclusion and support women in leading the way to a safer cyberspace for all. We have carefully curated a list of Top 100 women in cybersecurity. Please note that this list is compiled and not ranked in any particular order. The Cyber Express Top 100 Women in Cybersecurity Julia Dudenko Group CISO Haniel Corinna Klempt Senior Expert Information Security Awareness DHL Group Shweta Kshirsagar General Manager – Security Assurance Airtel Africa Sakshi Vidur Senior Director, Cyber Security and Data Privacy Practice ThoughtStorm Neha Taneja Chief Information Security Officer Hero MotoCorp Dana Shell VP and CISO HarborOne bank Daniella Traino Group Chief Information Security Officer Wesfarmers Archana Venugopal Chief Information Security Officer ESAF Bank Raja Azrina  Chief Information Security Officer Telekom Malaysia Babitha BP Vice President-System Audit ReBIT Amna AL-Balushi Chief Information Security Officer Bank  Nizwa Dr. Reem Faraj AlShammari Chief Information Security Officer Kuwait Oil Company Seema Sharma Head of Information Security Wio Bank Eman Al Awadhi Vice President – Network and Cyber Security Expo City Dubai Amal Alhajeri Director Cyber Security Compliance & Awareness Etisalat UAE Rania ElRouby Chief Information Security Officer Banque Misr Shafeeqa Shakri Cyber Security Senior Analyst Dubai Airports Dr Magda Chelly Chief Information Security Officer Responsible Cyber Pte. Ltd Dimple Santwan Chief Information Security Officer Saraswat Bank Shivani Arni Deputy Group CISO Mahindra Group Maya R Nair Director – Chief Information Security Officer CRISIL Limited Punam Shejale Head – Information Risk Management & Process Excellence CitiusTech Shailaja Adurthi Head – IT GRC HDFC Limited Saloni Vijay VP – CISO VOIS Vodafone Intelligent Solutions Joan Mburu Chief Information Security Officer Airtel Kenya Beverlyn A Head of Cyber Security Operations (Deputy CISO) Central Bank of Kenya Faith Basiye Head of Forensic Services KCB Bank Group Pauline Kemunto Senior Information Security Officer ICT Authority Celia Mantshiyane Chief Information Security Officer MTN South Africa Chinenye Chizea Technical Lead and Security Architect Nigeria Digital Identification for Development (ID4D) project Anne Neuberger Deputy Assistant to the President, Deputy National Security Advisor for Cyber and Emerging Technology National Security Council, The White House, US Govt Vidya V. Head of Cyber Strategy & GRC Careem Shruti Khanna Senior Manager- Cyber Security, Risk and Compliance Al Tayer Group Salwa Alessa Chief Information Security Officer DETASAD Asma Alyemni Chief Information Security Officer Sunita Nandakumar Director Information Security Gupshup Rangana Guha General Manager and Senior Partner Wipro Anuprita Daga Group Chief Information Security Officer Angel One Abeer Khedr Group head – Cyber Security National Bank of Egypt Eng. Dina AlSalamen VP – Head of Cyber and Information Security Bank ABC Lynn Dohm Executive Director WiCyS – Women in Cybersecurity Kris Lovejoy Global Security and Resilience Practice Leader Kyndryl Dr. Lopa Mudraa Basuu Global Thought Leader Cybersecurity & Technology Risk Management Lesley Carhart Technical Director, Industrial Incident Response Dragos Keren Elazari Security Analyst, Author & TED Speaker Tel Aviv University Jaya Baloo Chief Information Security Officer Rapid7 Aleise (Henry) McGowan, Ph.D Chief Information Security Officer BlackGirlsHack Sydney Klein Chief Information Security Officer & Head of IT Core Services Bristol Myers Squibb Ambareen Siraj Founder and Executive Board Member WiCyS – Women in Cybersecurity Heather Ricciuto Cloud Security Program Manager IBM Sandra Wheatley Smerdon Senior Vice President Palo Alto Networks Rajpreet Kaur Director Analyst Gartner Monica Verma Group CISO Orange Business Tanya Janca Head of Education and Community Semgrep Carolyn Crandall CEO MarticulateMarticulate Dr. Judith Wunschik Chief Cybersecurity Officer & Global Head of Cybersecurity (SVP) Siemens Energy Jen Easterly Director Cybersecurity and Infrastructure Security Agency Lt. Gen. Michelle McGuinness National Cyber Security Coordinator Army Officer at Australian Army Meetali Sharma Director – Risk, Compliance and Information Security SDG Corporation Karishma Mookhey Founder Partner Institute of Information Security (IIS) Nicole Eagan Chief Strategy Officer & AI Officer Darktrace Ritu Maheshwari Associate Director Fareportal Nasrin Rezai SVP, Chief Information Security Officer Verizon Parisa Tabriz VP/GM, Chrome Google Jadee Hanson Chief Information Security Officer Vanta Sarah Armstrong-Smith Chief Security Advisor – EMEA Microsoft Gal Helemski Co-Founder & CTO/CPO PlainID Katie Hanahan Deputy CISO Ingredion Incorporated Marnie (Huss) Wilking Chief Information Security Officer Booking.com Carmen Marsh President and Chief Executive Officer United Cybersecurity Alliance Jennifer Cox Director for Ireland Women in CyberSecurity (WiCyS) UK & Ireland Shamma Bin Hammad Founder Cyber Hero Isabelle Meyer Co-CEO & Co-Founder ZENDATA Cybersecurity Sithembile (Nkosi) Songo Group Head: Information Security National State Owned Entity Irene Corpuz Cyber Policy Expert Dubai Electronic Security Center Dr. Yosra Barbier Regional Information Security Officer Allianz Partners Jacquie Young VP of Sales, APAC Semperis Nicole Beckwith Advanced Security Engineering Manager, Threat Operations Kroger Katie Moussouris Founder & CEO Luta Security Annita Larissa Sciacovelli Professor, Cybersecurity Specialist University of Bari ‘Aldo Moro’ Sofia Scozzari Founder & CEO Hackmanac Alissa Abdullah Deputy Chief Security Officer & Senior Vice President Mastercard Cindi Carter Chief Information Security Officer Check Point Software Technologies Stacy Hughes SVP, Chief Information Security Officer ABM Industries Summer Craze Fowler Chief Information Security Officer Torc Robotics Gina Yacone Founder & CEO Shark Byte SolutionsShark Deb Briggs Chief Information Security Officer NETSCOUT Anna P. Senior Threat Intelligence Researcher eSentire Pam N VP, Security Medecision Laura Wellstead Co-Founder cyberxperts.io Dwan Jones Director of Diversity, Equity and Inclusion ISC2 Jacqui Loustau Founder and Executive Manager AWSN – Australian Women in Security Network Lorna Armitage COO & Co-Founder CAPSLOCK Jane Teh SEA Cybersecurity Director Deloitte Shira Rubinoff President Cybersphere Vandana Verma Security Relations Leader Snyk Kavya Pearlman  Founder XRSI Eliza-May Austin CEO & Co-Founder  th4ts3cur1ty.company Allison Miller Chief Information Security Officer Optum Carolann Shields Sr. Vice President & Global Chief Information Security Officer 3M  

 Data Breach News

Nations Direct Mortgage, LLC, found itself in the midst of a cybersecurity crisis in December 2023, as it grappled with a data breach impacting over 83,000 individuals. The Nations Direct Mortgage data breach, resulting from a cyberattack on the company’s systems, was detected on December 30th, 2023. It led to   show more ...

unauthorized access to critical systems containing clients’ personal and sensitive data. According to the Nations Direct Mortgage data leak notification issued by the company, the incident affected a substantial number of individuals across various locations, including three residents in Maine. The breach, categorized as an external system breach attributed to hacking, compromised sensitive information such as names and Social Security Numbers, raising concerns regarding potential misuse of the acquired data. Nations Direct Mortgage Data Breach The severity of the breach prompted Nations Direct Mortgage to take swift action upon discovering the intrusion. Immediate measures were initiated, including launching an extensive investigation with the aid of third-party cybersecurity experts, notifying relevant law enforcement agencies, and implementing containment protocols to mitigate further damage. Fortunately, the company was able to contain the breach swiftly, preventing additional unauthorized access to its systems. Following a thorough review, it was revealed that personal data, including names, addresses, Social Security Numbers, and unique loan numbers, might have been compromised. However, Nations Direct Mortgage assured affected individuals that there was no evidence of fraudulent activity stemming from the breach at the time of notification. Identity Protection Measures Implemented In response to the breach, Nations Direct Mortgage proactively engaged Kroll, a renowned identity monitoring service, to offer affected individuals comprehensive identity monitoring services for twenty-four months, at no cost. These services encompassed credit monitoring, web monitoring, identity fraud reimbursement up to $1 million, fraud consultation, and identity theft restoration, aiming to alleviate concerns and safeguard affected individuals against potential misuse of their personal information. Affected individuals were encouraged to activate these identity monitoring services promptly by visiting the designated enrollment link provided in the notification. Additionally, Nations Direct Mortgage emphasized the importance of vigilance, urging affected individuals to monitor their accounts, review statements regularly, and obtain free credit reports to detect any suspicious activity or signs of identity theft. To address inquiries and concerns arising from the breach, Nations Direct Mortgage established a dedicated hotline operating Monday through Friday, ensuring timely assistance and support for affected individuals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

As the Middle East braces for escalating cyber threats, the upcoming GISEC Global 2024 event emerges as a pivotal platform for addressing the region’s cybersecurity concerns. The United Arab Emirates (UAE) and Saudi Arabia, at the forefront of technological advancement in the region, are witnessing a   show more ...

significant rise in cyber threats, with the UAE alone fending off more than 50,000 cyberattacks daily in 2023, as revealed by the UAE Cybersecurity Council. According to analysts Frost & Sullivan (F&S), the first three quarters of 2023 saw the successful prevention of over 71 million attempted cyberattacks across the Middle East. The surge in cyberattacks underlines the exponential growth of the region’s cybersecurity landscape, highlighting the urgent need for enhanced protective measures.  ecosystems. The GCC (Gulf Cooperation Council) cybersecurity industry is projected to triple in value by 2030, reaching US$13.4 billion, driven by countries like the UAE and Saudi Arabia, which are diversifying their economies away from oil and embracing digitalization. Amidst this digital transformation, businesses are increasingly vulnerable to cyber threats, exacerbated by regional geopolitical instability. GISEC Global 2024, the Middle East and Africa’s largest cybersecurity event, organized by DWTC and hosted by the UAE Cyber Security Council, stands as a beacon of collaboration, innovation, and talent development in safeguarding digital. The ‘Middle East Cybersecurity: Exploring the Middle East Cybersecurity Market Potential’ report by F&S, released ahead of the GISEC Global 2024 event, sheds light on these challenges and opportunities facing the region’s cybersecurity sector. Strategic Responses to Cyber Risks The UAE and Saudi Arabia have witnessed a surge in technology adoption across sectors such as finance, healthcare, and manufacturing, necessitating enhanced cybersecurity measures and regulatory frameworks. However, challenges persist, including a shortage of skilled professionals and inadequate awareness among businesses regarding proactive cyberattack mitigation. In response, Middle Eastern countries are taking tangible steps to enhance their cybersecurity defenses. Initiatives include setting up cyber-specific departments, launching innovation centers, and promoting cybersecurity conferences to bridge the skills gap and foster entrepreneurship. Both Saudi Arabia and the UAE have ranked among the top five countries globally in terms of regulatory approaches to cybersecurity, according to the ITU Global Cybersecurity Index 2020. Government-Led Initiatives Governments in the region are also establishing dedicated cybersecurity authorities to oversee industry efforts. Saudi Arabia, the UAE, and Bahrain have launched the National Cybersecurity Authority, the National Electronic Security Authority, and the National Cybersecurity Centre, respectively, to strengthen cybersecurity governance. Parminder Kaur, Director and Head of Security Advisory, MEASA, Frost & Sullivan, emphasizes the pivotal role of compliance and regulation in driving cybersecurity growth. “Compliance and regulation remain the strongest multipliers for cybersecurity growth. The proliferation of technology has greatly increased organizational exposure to complex cyber risks, while the surge in e-commerce and digital banking across the Middle East has generated a heightened need for security. As a nerve centre for the oil and gas industry – as well as several large financial institutions and fintech startups – the region is fast-becoming a preferred provider of next-gen cybersecurity products and services worldwide, requiring a stringent approach to cybersecure solutions that protect both financial dealings and personal data,” said Kaur. GISEC Global 2024: Fostering Collaboration and Innovation This year, the 13th edition of GISEC Global 2024 will take place from 23 to 25 April. GISEC Global 2024 stands as the region’s premier cybersecurity event, emphasizing collaboration, innovation, and talent development. With over 20,000 visitors, 750 exhibitors, and 350 speakers from around the world, the event serves as a platform for industry leaders, policymakers, and cybersecurity experts to exchange insights and forge partnerships in safeguarding digital ecosystems. As organizations accelerate their digital transformations, cybersecurity awareness and leadership across the UAE, Saudi Arabia, Bahrain, Qatar, and Oman are on the rise. With government support and growing awareness, organizations in the region are investing heavily in cybersecurity measures to build resilient and sustainable business frameworks in an era of evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

In the aftermath of a monumental data breach orchestrated by the infamous ransomware group ALPHV/BlackCat, legal firm Scott+Scott has taken decisive action by filing suit against Change Healthcare Inc. This move follows a Change Healthcare cyberattack that resulted in the unauthorized access and exfiltration of   show more ...

approximately six terabytes of sensitive personal health information. The repercussions of this Change Healthcare data breach have been swift and far-reaching, disrupting the processing of prescription claims and leaving millions vulnerable to potential fraud and identity theft. Notably, affected individuals have typically been informed by their insurers or healthcare providers rather than directly by Change Healthcare. Demand for Justice The lawsuit not only seeks to secure justice for the victims but also aims to spotlight the critical importance of enhanced cybersecurity measures for entities entrusted with handling sensitive personal health data. Joseph Guglielmo, a partner at Scott+Scott and one of the first to file actions against Change Healthcare Inc., highlights the vulnerability of systems housing our most personal data. “Our objective,” he states, “is to ensure that those affected are fully aware of their rights and receive the compensation they deserve after such a significant breach.” The legal action highlights Change Healthcare Inc.’s alleged negligence in safeguarding clients’ personal information, now compromised in the hands of malicious actors. Victims have not only suffered breaches of privacy but also tangible disruptions such as prescription processing delays and challenges in accessing vital medications. Change Healthcare Cyberattack Lawsuit “Change Healthcare was responsible for the security of critical health information, and the breach has and will continue to have wide-reaching implications to the victims,” Guglielmo adds. “We are acting swiftly to aid those impacted and to hold accountable those responsible for such a significant lapse in data security.” assist those affected and hold accountable those responsible for this significant data security lapse.” Scott+Scott encourages individuals facing prescription processing issues or who have received insurer or healthcare provider notifications about data compromise to step forward. The firm pledges unwavering legal support and guidance through this intricate scenario, stressing that individuals may not have realized the link to the Change Healthcare cyberattack. This case goes beyond seeking compensation; it advocates for transparency, accountability, and strengthening cybersecurity frameworks to prevent future breaches. Scott+Scott is prepared to defend consumers’ rights against corporate negligence in data security, demonstrating its dedication to upholding justice in an increasingly digitalized world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were

 Feed

The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges experienced by some systems in adopting best practices, this Task Force in its deliberations

 Feed

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks

 Feed

Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings significant challenges, especially in security integration. Despite their powerful capabilities,

 Feed

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative

 Feed

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for

 Cyber Security News

Source: securityboulevard.com – Author: Aravind Iyengar Creating an accurate inventory of an organization’s assets and applications while ensuring no duplicates or omissions is essential for any IT and security program. Security teams must understand vulnerabilities associated with their assets, their   show more ...

exposure and the blast radius to prioritize assets for remediation and meet their SLAs effectively. […] La entrada Understanding Your Attack Surface: AI or bust – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Computing

Source: www.databreachtoday.com – Author: 1 Cybercrime , Encryption & Key Management , Fraud Management & Cybercrime Expert Perspectives on Protecting Data and Developing Quantum-Safe Cryptography Michael Novinson (MichaelNovinson) • March 19, 2024     Image: Shutterstock The quantum doomsday   show more ...

clock is ticking, and it’s set to strike midnight within the next decade. See Also: Bank […] La entrada Quantum Computing: A New Dawn for Encryption Vulnerabilities – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Jeff Purrington Advisory Strategist, SailPoint Jeff is an Identity Strategist with SailPoint with experience in Identity Security, as well as many other facets of Information Security and Risk Management/ Compliance. He has background building programs in Identity and   show more ...

Access Governance, Threat and Vulnerability, Enterprise Risk Management, and SOX, PCI and […] La entrada Live Webinar | Identity Security in 2024: The Key to Compliance in Today’s Regulatory Landscape – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Microsoft Security Copilot , Next-Generation Technologies & Secure Development Information Security Media Group • March 18, 2024     Today’s security tools capture a wealth of data. Yet when incidents occur, threat data from siloed platforms can take hours   show more ...

or days to gather, analyze and act upon. Correlating threat data […] La entrada AI Infused with XDR, SIEM, and Threat Intelligence Set to Reshape Cybersecurity – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Ransomware Review of Attacks Finds Inconsistent Data Leaks and Victim Naming, Broken Promises Mathew J. Schwartz (euroinfosec) • March 18, 2024     A pig in a poke. Counting on ransomware groups is likely to leave victims   show more ...

oinking. (Image: Shutterstock) Double extortion demands from ransomware […] La entrada Ransomware Groups: Trust Us. Uh, Don’t. – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 career

Source: www.databreachtoday.com – Author: 1 Cryptocurrency Fraud , Fraud Management & Cybercrime , Fraud Risk Management We Need Cryptocurrency Forensics Now More Than Ever Before Steve King (@sking1145) • March 19, 2024     A new analysis has unearthed that cryptocurrency scammers siphoned off a   show more ...

staggering $1.7 billion in 2022, including $43.6 million just from […] La entrada A Career in Combating Cryptocurrency Scams – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 It’s critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack, but also consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie   show more ...

Zuk of Mitre. For example, hospitals […] La entrada Planning for Healthcare IT Resiliency on a Regional Basis – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , AI-Based Attacks , Artificial Intelligence & Machine Learning Attorney Lee Kim of HIMSS Discusses Evolving Tech Considerations Marianne Kolbasuk McGee (HealthInfoSec) • March 14, 2024     11 Minutes    The U.S. healthcare sector   show more ...

needs to closely watch government regulatory and legislative developments involving artificial […] La entrada Properly Vetting AI Before It’s Deployed in Healthcare – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Healthcare organizations and makers of medical devices need to think about how to safeguard their critical medical gear against future cyberthreats, including the looming dangers posed by quantum computing, said Mike Nelson, global vice president of digital trust at   show more ...

security firm DigiCert. “Quantum computing might not be here this year […] La entrada Protecting Medical Devices Against Future Cyberthreats – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.databreachtoday.com – Author: 1 CISO Trainings , Incident & Breach Response , Next-Generation Technologies & Secure Development Mark Johnson, CISO of Hackensack Meridian Health, Describes a Cyber Journey Marianne Kolbasuk McGee (HealthInfoSec) • March 15, 2024     12 Minutes    In   show more ...

the aftermath of a ransomware attack several years ago, Hackensack Meridian Health […] La entrada Transforming a Cyber Program in the Aftermath of an Attack – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt I hate having to use that word – “alleged” – because it’s so inconclusive and I know it will leave people with many unanswered questions. But sometimes, “alleged” is just where we need to begin and over the course of time,   show more ...

proper attribution is made and the dots are […] La entrada Inside the Massive Alleged AT&T Data Breach – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attack

Source: thehackernews.com – Author: . Mar 20, 2024NewsroomDoS Attack / Network Security A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks,   show more ...

the approach pairs “servers of these protocols in such a way […] La entrada New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 20, 2024The Hacker NewsArtificial intelligence / Webinar Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large   show more ...

Language Models (LLMs) and Generative AI. The potential […] La entrada Generative AI Security – Secure Your Business in a World Powered by LLMs – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of   show more ...

CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and […] La entrada TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BunnyLoader

Source: thehackernews.com – Author: . Mar 20, 2024NewsroomCybercrime / Financial Security Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. “BunnyLoader is   show more ...

dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well […] La entrada New BunnyLoader Malware Variant Surfaces with Modular Attack Features – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arrests

Source: thehackernews.com – Author: . Mar 20, 2024NewsroomCybercrime / Dark Web The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of   show more ...

an organized criminal group living […] La entrada Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 20, 2024NewsroomCritical Infrastructure / Network Security The U.S. Environmental Protection Agency (EPA) said it’s forming a new “Water Sector Cybersecurity Task Force” to devise methods to counter the threats faced by the water sector in the   show more ...

country. “In addition to considering the prevalent vulnerabilities of water systems to cyberattacks […] La entrada U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Communicating

Source: thehackernews.com – Author: . In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity   show more ...

leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their […] La entrada Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 19, 2024NewsroomEmail Security / Social Engineering Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and   show more ...

session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends. […] La entrada Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 19, 2024NewsroomLinux / Cyber Espionage A new variant of a data wiping malware called AcidRain has been detected in the wild that’s specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices,   show more ...

SentinelOne’s Juan Andres Guerrero-Saade said in a series of posts […] La entrada Suspected Russian Data-Wiping ‘AcidPour’ Malware Targeting Linux x86 Devices – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Wednesday, March 20
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay