Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for What commercial spyw ...

 Business

Commercial spyware has of late been making the headlines with increasing frequency. And were not just talking about media channels dedicated to IT or cybersecurity; reports on commercial spyware have been appearing regularly in mainstream media for some time now. In this post, we discuss the existing commercial   show more ...

spyware packages, how they operate, what theyre capable of, and why theyre dangerous. And as always, we finish with advice on how to defend against them. What is commercial spyware? Lets start with a definition. Commercial spyware is legal malware created by private companies and designed to conduct targeted surveillance and collect sensitive data from users devices. The standard tasks of commercial spyware include stealing messages, eavesdropping on calls, and tracking location. To install commercial spyware on a victims device, attackers often use zero-day vulnerabilities, and in many cases — zero-click exploits, which make infection possible without requiring any action on the part of the victim. Spyware always tries to be as inconspicuous as possible, for the longer the victim remains unaware of the infection, the more information attackers can gather. Moreover, commercial spyware often includes tools for removing traces of infection, so victims may not even suspect afterward that someone was monitoring them. Although commercial spyware is developed by private companies, they typically sell it to various government organizations — primarily law enforcement and other security agencies. As a result, commercial spyware is used, among other things, to monitor civilian activists, journalists, and other non-criminal individuals. In fact, thats exactly why spyware programs regularly make the headlines. 1. Pegasus — NSO Group Targeted OS: iOS, Android Zero-day vulnerability exploitation: Apple iOS, Apple Safari, WhatsApp, Apple iMessage Zero-click exploit use: yes Country of origin: Israel Alternative names: Chrysaor, DEV-0336, Night Tsunami Now lets talk about specific companies, starting with the most prominent player in the commercial spyware market — the notorious Israeli NSO Group, developer of the iOS spyware Pegasus, and its Android version Chrysaor. The early version of Pegasus, discovered in 2016, required the victim to click on a sent link, which opened a malicious page in a browser, which in turn triggered an automatic infection mechanism using the Trident exploit. How Pegasus attacks were conducted in 2016. Source The ability to infect iPhones using zero-click exploits quickly became a hallmark of Pegasus. For example, a few years ago, an attack on Apple smartphones exploited a vulnerability in WhatsApp voice calls activated with a series of malicious packets. The vulnerability, in turn, enabled remote code execution on the targeted device. The FORCEDENTRY exploit, discovered by Citizen Lab in 2021 and thoroughly researched by the Google Project Zero team, is the most notorious. It was designed to attack the Apple iMessage system, enabling spyware to be launched on the victims iPhone after sending them a message containing a GIF file. However, this file wasnt an animated image at all but rather an infected PDF document in which a compression algorithm was used. When the victims smartphone attempted to preview the document, a vulnerability in the program responsible for handling this compression algorithm was triggered, leading to execution of a chain of exploits and, ultimately, infection of the device. After this exploit was discovered, Apple patched the vulnerabilities. However, as it later turned out, NSO Group simply moved on to exploit vulnerabilities in other applications as if nothing had happened. In April 2023, the same Citizen Lab published research on the FINDMYPWN and PWNYOURHOME exploits. The former was linked to a vulnerability in Apples Find My app, while the latter targeted its HomeKit. However, the ultimate target for both of these exploits was the same: the iMessage messaging system. Lockdown Mode messages about blocking PWNYOURHOME exploit attacks. Source Finally, in September 2023, Citizen Lab released information about another exploit used by NSO Group: BLASTPASS. This exploit works similarly — also activating a vulnerability in iMessage — but this time related to the mechanism for sending Apple Wallet objects, such as event tickets, in messages. Regardless of the specific attack vector, infection results in attackers gaining access to the victims messages, intercepting calls, stealing passwords, and tracking location. The geographical reach of this spyware is massive — and the corresponding section of the Pegasus Wikipedia entry occupies an impressive amount of space. 2. DevilsTongue, Sherlock — Candiru Targeted OS: Windows, macOS, iOS, Android Zero-day vulnerability exploitation: Microsoft Windows, Google Chrome Zero-click exploit use: likely Country of origin: Israel Alternative names: SOURGUM, Caramel Tsunami, Saito Tech Ltd. Another Israeli company that develops commercial spyware is Candiru, founded in 2014. In fact, this is only the first of the various names this cyber-espionage organization have used. Since they constantly change their moniker, its likely theyre working under a different one now. Its known that Candiru is backed by several investors associated with NSO Group. However, unlike NSO Group, Candiru is much more secretive: the company has no website, its employees are forbidden to mention their employer on LinkedIn, and in the building where Candiru has its office, you wont find any mention of it. Official names changed by Candiru from 2014 to 2022. Source Candirus activities have not been thoroughly studied yet — all the information we have is limited to leaked documents and a couple of incident investigations involving spyware developed by this company. For example, Microsofts investigation uncovered several zero-day vulnerabilities in the Windows operating system that Candiru exploited. There were also several zero-days in the Google Chrome browser, which Candiru probably exploited as well. The companys spyware is called DevilsTongue, and has multiple attack vectors — from hacking devices with physical access and using the man-in-the-middle method, to spreading malicious links and infected MS Office documents. Capabilities of the DevilsTongue spyware developed by Candiru. Source Candiru also offers a spy tool called Sherlock, which the researchers at Citizen Lab say could be a platform for zero-click attacks on various operating systems — Windows, iOS, and Android. Furthermore, there are reports that Candiru was developing spyware for attacks on macOS. 3. Alien, Predator — Cytrox / Intellexa Targeted OS: Android, iOS Zero-day vulnerability exploitation: Google Chrome, Google Android, Apple iOS Zero-click exploit use: no (but something similar where the Mars complex is used) Country of origin: North Macedonia / Cyprus Alternative names: Helios, Balinese Ltd., Peterbald Ltd. Alien is one of the two components of this spyware. Its responsible for hacking the targeted device and installing the second part — necessary for setting up surveillance. This second part is called Predator — in homage to the movie. The spyware was initially developed by Cytrox, founded in 2017. Its roots are in North Macedonia, with related subsidiary companies registered in both Israel and Hungary. Cytrox was later acquired by Cyprus-registered Intellexa, a company owned by Tal Dilian, who served 24 years in high-ranking positions in Israeli military intelligence. The Alien/Predator spyware focuses on attacks on both the Android and iOS operating systems. According to last years Google Threat Analysis Group study, the developers of the Android version of Alien utilized several exploit chains — including four zero-day vulnerabilities in Google Chrome and one in Android. Alien/Predator attacks started with messages to victims containing malicious links. Once clicked, these links directed victims to the attackers website, which exploited the vulnerabilities in the browser (Chrome) and OS (Android) to infect the device. It then immediately redirected the victim to a legitimate page to avoid suspicion. Intellexa also offers the Mars spyware suite — part of which is installed on the victims mobile-operators side. Once installed, Mars waits for the targeted individual to visit an HTTP page, and when they do they use the man-in-the-middle method to redirect the victim to the infected site — at which point the process described in the previous paragraph triggers. Infection by the Predator spyware using Mars occurs without any action on the part of the victim. This resembles a zero-click attack; however, in this case, additional equipment is used instead of vulnerabilities. 4. Subzero — DSIRF Targeted OS: Windows Zero-day vulnerability exploitation: Microsoft Windows, Adobe Reader Zero-click exploit use: no Country of origin: Austria Alternative names: KNOTWEED, Denim Tsunami, MLS Machine Learning Solutions GmbH The spyware Subzero, developed by the lengthily-named Austrian company DSR Decision Supporting Information Research Forensic GmbH (DSIRF), was first picked up by the German-speaking press back in 2021. However, it wasnt until a year later that this spyware truly gained notoriety. In July 2022, the Microsoft Threat Intelligence team released a detailed study of spyware used by a group codenamed KNOTWEED (Denim Tsunami), which the researchers identified as DSIRF Subzero. Slides from a DSIRF presentation detailing the capabilities of the spyware Subzero. Source To compromise targeted systems, the Subzero malware exploited several zero-day vulnerabilities in both Windows and Adobe Reader. The attack vector typically involved sending the victim an email containing a malicious PDF file, which triggered a chain of exploits upon opening. As a result, bodiless spyware was launched on the victims device. In the next stage, the spyware collected any passwords and other authentication credentials it could find in the infected system — from browsers, email clients, the Local Security Authority Subsystem Service (LSASS), and the Windows password manager. Presumably, these credentials were later used to gather information about the victim and set up further surveillance. According to the researchers, the Subzero malware has been used to attack organizations in Europe and Central America since at least 2020. The researchers also noted that DSIRF not only sold spyware but also arranged for its employees to participate in the attacks. In August 2023, it was announced that DSIRF would be shutting down. But its too early to rejoice just yet: its possible that cyber-espionage activities will be continued by DSIRFs subsidiary — MLS, Machine Learning Solutions — which is believed to be the current owner of the Subzero spyware. By the way, the MLS website is still fully operational — unlike the DSIRF page, which was under maintenance at the time of writing. 5. Heliconia — Variston IT Targeted OS: Windows, Linux Zero-day vulnerability exploitation: Microsoft Defender, Google Chrome, Mozilla Firefox Zero-click exploit use: no Country of origin: Spain Alternative names: none Also in 2022, around the same time Microsoft published details about Subzeros activities, Google presented its research analyzing another type of commercial spyware — Heliconia. The Google Threat Analysis Group (TAG) report described three components of this malware designed for attacks on computers running Windows or Linux. The first part — called Heliconia Noise — exploits a vulnerability in the Google Chrome V8 JavaScript engine. Following its exploitation, Chromes sandbox is bypassed, and the spyware launches in the targeted system. Additionally, in the code of this part, a fragment was found mentioning Variston as the malware developer. The Google researchers believe it references the Spanish company Variston IT. This company specializes in providing information security services. Researchers discovered a link to a company named Variston in the Heliconica code. Source The second part of the spyware suite, which the Google researchers dubbed Heliconia Soft, exploits a vulnerability in the JavaScript engine embedded in the Windows antivirus, Microsoft Defender. This works as follows: first, the victim is sent a link to an infected PDF file containing malicious JavaScript code. This code triggers the Microsoft Defender vulnerability when the automatic scan of the downloaded PDF file starts. As a result of exploiting this vulnerability, Heliconia gains OS-level privileges and the ability to install spyware on the victims computer. The third part is called Helicona Files. It exploits a vulnerability in the XSLT processor of the Mozilla Firefox browser to attack computers running Windows or Linux. Judging by this vulnerability, which affects Firefox versions 64 through 68, the spyware was developed quite some time ago and has been in use since at least 2018. 6. Reign — QuaDream Targeted OS: iOS Zero-day vulnerability exploitation: Apple iOS Zero-click exploit use: yes Country of origin: Israel / Cyprus Alternative names: DEV-0196, Carmine Tsunami, InReach QuaDream is another Israeli company that develops spyware called Reign. It was founded by former employees of NSO Group, and the spyware theyve created bears a striking resemblance to Pegasus. For example, to infect iPhones with Reign spyware, they utilize a zero-click exploit similar to FORCEDENTRY, described above. Citizen Lab researchers have dubbed this exploit ENDOFDAYS. Apparently, this exploit utilizes vulnerabilities in iCloud Calendar as the initial attack vector, enabling attackers to discreetly infect an iPhone by sending invisible malicious invitations to the calendar. As for the spying capabilities of the iOS version of Reign, the list looks impressive: searching files and databases recording calls listening through the microphone taking photos with either front or rear cameras stealing passwords generating iCloud two-factor authentication one-time codes tracking location erasing traces of device infection Capabilities of the sample iOS version of the QuaDream Reign spyware analyzed by Citizen Lab Source According to some reports, QuaDream has also developed malware for attacking Android devices, but theres no publicly available information about it. QuaDreams penchant for secrecy is similar to that of Candiru. QuaDream also lacks a website, its employees are prohibited from discussing their work on social media, and the companys office cant be found on Google Maps. Interestingly, QuaDream used an intermediary, the Cypriot company InReach, to sell its products. The relationship between these two companies is very complicated; at one point, they even went to court. In April 2023, shortly after publication of the Citizen Lab investigation into QuaDream, the company suddenly announced cessation of its operations; however, its not entirely clear yet whether this is a complete surrender or a tactical retreat. How to defend against commercial spyware Ensuring full protection against attacks using commercial spyware is generally challenging. However, you can at least make life harder for potential attackers. Follow these recommendations: Regularly update the software on all your devices. First and foremost: operating systems, browsers, and messaging apps Do not click on suspicious links — one visit to a site may be enough to infect your device Use a VPN to mask your internet traffic — this will protect you from being redirected to a malicious site while browsing HTTP pages Reboot regularly. Often, spyware cant persist in an infected system indefinitely, so rebooting helps get rid of it Install a reliable security solution on all your devices And of course, read security expert Costin Raius post for more tips on how to protect yourself from Pegasus and similar spyware

image for The Not-so-True Peop ...

 A Little Sunshine

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a   show more ...

US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. Responding to a reader inquiry concerning the trustworthiness of a site called TruePeopleSearch[.]net, KrebsOnSecurity began poking around. The site offers to sell a report containing photos, police records, background checks, civil judgments, contact information “and much more!” According to LinkedIn and numerous profiles on websites that accept paid article submissions, the founder of TruePeopleSearch is Marilyn Gaskell from Phoenix, Ariz. The saucy yet studious LinkedIn profile for Marilyn Gaskell. Ms. Gaskell has been quoted in multiple “articles” about random subjects, such as this article at HRDailyAdvisor about the pros and cons of joining a company-led fantasy football team. “Marilyn Gaskell, founder of TruePeopleSearch, agrees that not everyone in the office is likely to be a football fan and might feel intimidated by joining a company league or left out if they don’t join; however, her company looked for ways to make the activity more inclusive,” this paid story notes. Also quoted in this article is Sally Stevens, who is cited as HR Manager at FastPeopleSearch[.]io. Sally Stevens, the phantom HR Manager for FastPeopleSearch. “Fantasy football provides one way for employees to set aside work matters for some time and have fun,” Stevens contributed. “Employees can set a special league for themselves and regularly check and compare their scores against one another.” Imagine that: Two different people-search companies mentioned in the same story about fantasy football. What are the odds? Both TruePeopleSearch and FastPeopleSearch allow users to search for reports by first and last name, but proceeding to order a report prompts the visitor to purchase the file from one of several established people-finder services, including BeenVerified, Intelius, and Spokeo. DomainTools.com shows that both TruePeopleSearch and FastPeopleSearch appeared around 2020 and were registered through Alibaba Cloud, in Beijing, China. No other information is available about these domains in their registration records, although both domains appear to use email servers based in China. Sally Stevens’ LinkedIn profile photo is identical to a stock image titled “beautiful girl” from Adobe.com. Ms. Stevens is also quoted in a paid blog post at ecogreenequipment.com, as is Alina Clark, co-founder and marketing director of CocoDoc, an online service for editing and managing PDF documents. The profile photo for Alina Clark is a stock photo appearing on more than 100 websites. Scouring multiple image search sites reveals Ms. Clark’s profile photo on LinkedIn is another stock image that is currently on more than 100 different websites, including Adobe.com. Cocodoc[.]com was registered in June 2020 via Alibaba Cloud Beijing in China. The same Alina Clark and photo materialized in a paid article at the website Ceoblognation, which in 2021 included her at #11 in a piece called “30 Entrepreneurs Describe The Big Hairy Audacious Goals (BHAGs) for Their Business.” It’s also worth noting that Ms. Clark is currently listed as a “former Forbes Council member” at the media outlet Forbes.com. Entrepreneur #6 is Stephen Curry, who is quoted as CEO of CocoSign[.]com, a website that claims to offer an “easier, quicker, safer eSignature solution for small and medium-sized businesses.” Incidentally, the same photo for Stephen Curry #6 is also used in this “article” for #22 Jake Smith, who is named as the owner of a different company. Stephen Curry, aka Jake Smith, aka no such person. Mr. Curry’s LinkedIn profile shows a young man seated at a table in front of a laptop, but an online image search shows this is another stock photo. Cocosign[.]com was registered in June 2020 via Alibaba Cloud Beijing. No ownership details are available in the domain registration records. Listed at #13 in that 30 Entrepreneurs article is Eden Cheng, who is cited as co-founder of PeopleFinderFree[.]com. KrebsOnSecurity could not find a LinkedIn profile for Ms. Chen, but a search on her profile image from that Entrepreneurs article shows the same photo for sale at Shutterstock and other stock photo sites. DomainTools says PeopleFinderFree was registered through Alibaba Cloud, Beijing. Attempts to purchase reports through PeopleFinderFree produce a notice saying the full report is only available via Spokeo.com. Lynda Fairly is Entrepreneur #24, and she is quoted as co-founder of Numlooker[.]com, a domain registered in April 2021 through Alibaba in China. Searches for people on Numlooker forward visitors to Spokeo. The photo next to Ms. Fairly’s quote in Entrepreneurs matches that of a LinkedIn profile for Lynda Fairly. But a search on that photo shows this same portrait has been used by many other identities and names, including a woman from the United Kingdom who’s a cancer survivor and mother of five; a licensed marriage and family therapist in Canada; a software security engineer at Quora; a journalist on Twitter/X; and a marketing expert in Canada. Cocofinder[.]com is a people-search service that launched in Sept. 2019, through Alibaba in China. Cocofinder lists its market officer as Harriet Chan, but Ms. Chan’s LinkedIn profile is just as sparse on work history as the other people-search owners mentioned already. An image search online shows that outside of LinkedIn, the profile photo for Ms. Chan has only ever appeared in articles at pay-to-play media sites, like this one from outbackteambuilding.com. Perhaps because Cocodoc and Cocosign both sell software services, they are actually tied to a physical presence in the real world — in Singapore (15 Scotts Rd. #03-12 15, Singapore). But it’s difficult to discern much from this address alone. Who’s behind all this people-search chicanery? A January 2024 review of various people-search services at the website techjury.com states that Cocofinder is a wholly-owned subsidiary of a Chinese company called Shenzhen Duiyun Technology Co. “Though it only finds results from the United States, users can choose between four main search methods,” Techjury explains. Those include people search, phone, address and email lookup. This claim is supported by a Reddit post from three years ago, wherein the Reddit user “ProtectionAdvanced” named the same Chinese company. Is Shenzhen Duiyun Technology Co. responsible for all these phony profiles? How many more fake companies and profiles are connected to this scheme? KrebsOnSecurity found other examples that didn’t appear directly tied to other fake executives listed here, but which nevertheless are registered through Alibaba and seek to drive traffic to Spokeo and other data brokers. For example, there’s the winsome Daniela Sawyer, founder of FindPeopleFast[.]net, whose profile is flogged in paid stories at entrepreneur.org. Google currently turns up nothing else for in a search for Shenzhen Duiyun Technology Co. Please feel free to sound off in the comments if you have any more information about this entity, such as how to contact it. Or reach out directly at krebsonsecurity @ gmail.com. A mind map highlighting the key points of research in this story. Click to enlarge. Image: KrebsOnSecurity.com ANALYSIS It appears the purpose of this network is to conceal the location of people in China who are seeking to generate affiliate commissions when someone visits one of their sites and purchases a people-search report at Spokeo, for example. And it is clear that Spokeo and others have created incentives wherein anyone can effectively white-label their reports, and thereby make money brokering access to peoples’ personal information. Spokeo’s Wikipedia page says the company was founded in 2006 by four graduates from Stanford University. Spokeo co-founder and current CEO Harrison Tang has not yet responded to requests for comment. Intelius is owned by San Diego based PeopleConnect Inc., which also owns Classmates.com, USSearch, TruthFinder and Instant Checkmate. PeopleConnect Inc. in turn is owned by H.I.G. Capital, a $60 billion private equity firm. Requests for comment were sent to H.I.G. Capital. This story will be updated if they respond. BeenVerified is owned by a New York City based holding company called The Lifetime Value Co., a marketing and advertising firm whose brands include PeopleLooker, NeighborWho, Ownerly, PeopleSmart, NumberGuru, and Bumper, a car history site. Ross Cohen, chief operating officer at The Lifetime Value Co., said it’s likely the network of suspicious people-finder sites was set up by an affiliate. Cohen said Lifetime Value would investigate to determine if this particular affiliate was driving them any sign-ups. All of the above people-search services operate similarly. When you find the person you’re looking for, you are put through a lengthy (often 10-20 minute) series of splash screens that require you to agree that these reports won’t be used for employment screening or in evaluating new tenant applications. Still more prompts ask if you are okay with seeing “potentially shocking” details about the subject of the report, including arrest histories and photos. Only at the end of this process does the site disclose that viewing the report in question requires signing up for a monthly subscription, which is typically priced around $35. Exactly how and from where these major people-search websites are getting their consumer data — and customers — will be the subject of further reporting here. The main reason these various people-search sites require you to affirm that you won’t use their reports for hiring or vetting potential tenants is that selling reports for those purposes would classify these firms as consumer reporting agencies (CRAs) and expose them to regulations under the Fair Credit Reporting Act (FCRA). These data brokers do not want to be treated as CRAs, and for this reason their people search reports typically don’t include detailed credit histories, financial information, or full Social Security Numbers (Radaris reports include the first six digits of one’s SSN). But in September 2023, the U.S. Federal Trade Commission found that TruthFinder and Instant Checkmate were trying to have it both ways. The FTC levied a $5.8 million penalty against the companies for allegedly acting as CRAs because they assembled and compiled information on consumers into background reports that were marketed and sold for employment and tenant screening purposes. The FTC also found TruthFinder and Instant Checkmate deceived users about background report accuracy. The FTC alleges these companies made millions from their monthly subscriptions using push notifications and marketing emails that claimed that the subject of a background report had a criminal or arrest record, when the record was merely a traffic ticket. The FTC said both companies deceived customers by providing “Remove” and “Flag as Inaccurate” buttons that did not work as advertised. Rather, the “Remove” button removed the disputed information only from the report as displayed to that customer; however, the same item of information remained visible to other customers who searched for the same person. The FTC also said that when a customer flagged an item in the background report as inaccurate, the companies never took any steps to investigate those claims, to modify the reports, or to flag to other customers that the information had been disputed. There are a growing number of online reputation management companies that offer to help customers remove their personal information from people-search sites and data broker databases. There are, no doubt, plenty of honest and well-meaning companies operating in this space, but it has been my experience that a great many people involved in that industry have a background in marketing or advertising — not privacy. Also, some so-called data privacy companies may be wolves in sheep’s clothing. On March 14, KrebsOnSecurity published an abundance of evidence indicating that the CEO and founder of the data privacy company OneRep.com was responsible for launching dozens of people-search services over the years. OneRep still has not responded to that reporting. Finally, some of the more popular people-search websites are notorious for ignoring requests from consumers seeking to remove their information, regardless of which reputation or removal service you use. Some force you to create an account and provide more information before you can remove your data. Even then, the information you worked hard to remove may simply reappear a few months later. This aptly describes countless complaints lodged against the data broker and people search giant Radaris. On March 8, KrebsOnSecurity profiled the co-founders of Radaris, two Russian brothers in Massachusetts who also operate multiple Russian-language dating services and affiliate programs. The truth is that these people-search companies will continue to thrive unless and until Congress begins to realize it’s time for some consumer privacy and data protection laws that are relevant to life in the 21st century. Duke University adjunct professor Justin Sherman says virtually all state privacy laws exempt records that might be considered “public” or “government” documents, including voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, bankruptcy filings, and more. “Consumer privacy laws in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia all contain highly similar or completely identical carve-outs for ‘publicly available information’ or government records,” Sherman said.

image for Vans Cyberattack: No ...

 Data Breach News

Vans has notified its customers of a potential fraud or identity theft following the cyberattack on the parent company VF Group. The report denoted the timeline of the Vans cyberattack starting from December 13 2023 and the organization’s response to the incident. The notice shared information about   show more ...

“unauthorized activities” on its system in December 2023. VF Group, the parent company of fashion and apparel brands, such as Vans, Timberland, The North Face, and Dickies, revealed that the organization has it detected a cyber intrusion on December 13, and temporarily suspended affected IT systems to contain and remediate the threat. By December 15, the unauthorized actors were successfully removed from the IT environment, and efforts were made to restore impacted systems and operations. Vans Cyberattack Update According to the company’s investigation, the Vans cyberattack may have compromised the personal information of customers, including email addresses, full names, phone numbers, billing and shipping addresses, and order details. However, it’s important to note that detailed financial information such as bank account or credit card details were not stored within the affected systems. Source: Vans Despite the prompt response from VF Group, concerns remain regarding potential risks to individuals whose data was part of the affected dataset. While there is currently no evidence of direct impact on individual consumers, the incident underscores the importance of vigilance in safeguarding personal information. In a conversation with TCE, Darren Williams, CEO and Founder, of BlackFog, stated that “securing data must be at the forefront of retailers’ minds”. The cybersecurity incident could lead to fraud or identity theft considering the large scale of the VF Group data breach.  “The safety of customers must be of the utmost priority, otherwise, as we can see, loyal customers can quickly turn to victims. VF Group now risks not only financial but reputational damage which can last for years. To avoid becoming the next example, companies must invest in the latest anti-data exfiltration technology to prevent any unauthorized data from leaving their systems”, added Darren. VF Group Advises Customers to be Vigilant  In light of this breach, VF Group has advised customers to exercise caution when responding to communications, particularly those requesting personal information. Additionally, customers are urged to be wary of suspicious emails, attachments, and hyperlinks, as these could be used in phishing attempts or to direct individuals to malicious websites. VF Group has assured customers of its commitment to prioritizing privacy and security. The company continues to monitor the situation closely, while also reviewing and enhancing its cybersecurity measures to mitigate future risks. Responding to inquiries, a Vans spokesperson reiterated the timeline of events surrounding the security incident and affirmed that operations have since been restored with minimal disruption. “Upon detecting the unauthorized occurrences, we immediately began taking steps to contain, assess and remediate the incident, including beginning an investigation with leading external cybersecurity experts, activating our incident response plan, and shutting down some systems”, said the spokesperson.  This incident comes in the wake of a previous cyber incident reported by VF Corp, resulting in a data breach affecting approximately 35.5 million consumers. While VF Group does not anticipate a financial impact from the current incident, the company remains vigilant in its efforts to safeguard customer data and mitigate potential risks to its operations and reputation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Radiant Logistics Hi ...

 Data Breach News

Following the cyberattack on Radiant Logistics, the international freight technology firm promptly implemented measures to isolate its Canadian operations. As per documents submitted to U.S. regulators, the Radiant Logistics cyberattack incident was identified as impacting its Canadian operations on March 14, 2024.   show more ...

The company, which specializes in warehouse and distribution services among others, activated its incident response protocols upon discovery and enlisted the expertise of cybersecurity professionals to assess and mitigate the breach. Radiant Logistics Cyberattack Update While the cyberattack on Radiant Logistics caused service disruptions for customers in Canada, efforts to restore systems were underway, with completion anticipated within the week. Fortunately, operations in the U.S. and other international territories remained unaffected by the attack. Source: sec.gov “Upon detection, the Company immediately initiated its incident response and business continuity protocols and began taking measures to disrupt the unauthorized activity. As part of its process to address the incident, the Company proactively took measures to isolate its Canadian operations from the rest of its network and engaged the services of cybersecurity and forensics professionals to further assess, contain, and remediate the incident”, reads the SEC filing.  As of the date of this filing, ongoing investigations indicate that the incident has not disrupted the company’s overall operations. Furthermore, the company has yet to ascertain that the incident is likely to have a material impact on its financial conditions or operational results. The Cyber Express has also reached out to the logistic organization to learn more about this Radiant Logistics cyberattack and any involvement of ransomware groups. However, at the time of writing this, no official statement or response has been received.  Previous Instances  Despite the setback, Radiant Logistics reassured stakeholders that the incident would not likely have a financial impact on the company.  Radiant Logistics, with approximately billions in annual revenue, serves as a crucial logistics partner for domestic and international freight companies, manufacturers, distributors, and retailers. However, this isn’t the first time the company has faced cybersecurity challenges. On September 1, 2022, Radiant Logistics reported a data breach to the Montana Attorney General after discovering unauthorized access to certain files on its network. Although the specific data compromised in the breach remains undisclosed, the company initiated outreach efforts, sending data breach notifications to affected parties in compliance with state regulations. While the full extent of the impact of both incidents is yet to be determined, Radiant Logistics remains focused on bolstering its cybersecurity measures to safeguard against future threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Greensboro College D ...

 Data Breach News

Greensboro College faces a class action lawsuit following a data breach affecting over 52,000 individuals. The Greensboro College data breach, which occurred in August 2023 due to a ransomware attack, has prompted Abigail Hedgecock to file a proposed federal class action against the institution. Hedgecock’s   show more ...

allegations are weighty, suggesting that the North Carolina-based college failed in its duty to safeguard the personal information of thousands. According to the complaint lodged in the US District Court, Greensboro College neglected to establish adequate data-security protocols, leaving sensitive data exposed to cyber threats. Moreover, the institution allegedly delayed in providing timely notice of the breach, exacerbating the situation. Greensboro College Data Breach Sparks Class Action Lawsuit  The data exposed in the Greensboro College data leak encompassed a broad spectrum of personal details, including names, Social Security numbers, student identification numbers, dates of birth, passport numbers, and health information. This breach marks a severe breach of trust and privacy for the affected individuals, with potentially far-reaching consequences. Source: Bloomberg Law Notably, this isn’t the first time Greensboro College has grappled with such security lapses. Previous incidents involved breaches compromising Social Security numbers, driver’s license numbers, financial account information, and medical records. These repeated occurrences raise serious concerns about the institution’s commitment to cybersecurity and data protection. The repercussions of the breach extend beyond mere inconvenience. Hedgecock’s complaint outlines the tangible damages suffered by the plaintiffs, including financial losses incurred in monitoring accounts for fraudulent activities and the time spent rectifying the aftermath of the breach. Such breaches not only jeopardize individuals’ financial well-being but also erode their sense of privacy and security. Response to the Greensboro College Class Action Lawsuit  In response to the Greensboro College class action lawsuit, the educational institution has initiated steps to address the breach, including internal investigations and bolstering security measures. However, the gravity of the situation demands more than just reactive measures. It necessitates a fundamental reassessment of the institution’s cybersecurity infrastructure and protocols to prevent future breaches. The lawsuit seeks not only compensation for the damages incurred but also equitable relief to ensure adequate protection of sensitive information in the future. Hedgecock’s plea for a class-action status highlights the widespread impact of the breach, affecting not just individuals but an entire community. In the wake of this incident, individuals affected by the breach are urged to remain vigilant, monitoring their accounts for any suspicious activity. Additionally, proactive measures such as placing fraud alerts or credit freezes may provide security against potential identity theft. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Govt., Critical Infrastructure

The Office of Personnel Management proposed a legislative proposal to give federal agencies new authority and flexibility in how they hire and pay cybersecurity workers to members of Congress, but so far no member has stepped up to sponsor the bill.

 Threat Actors

Earlier this month, cybercriminals from the "Narwhal Spider" (aka TA544, Storm-0302) group masquerading as law firms tricked multiple companies into downloading initial access malware that may precede greater attacks down the line.

 Laws, Policy, Regulations

The updated guidance replaces prior guidance that HHS OCR issued in December 2022 which warned that the use of online trackers that collect and transmit certain individually identifiable health information, constituted potential HIPAA violations.

 Trends, Reports, Analysis

In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms (also known as Remcos) started utilizing AceCryptor, which was not the case beforehand.

 Incident Response, Learnings

Robert Purbeck, adopting the aliases "Lifelock" and "Studmaster" during his time as a cybercriminal, according to the Department of Justice (DoJ), stole personal data belonging to more than 132,000 people.

 Trends, Reports, Analysis

In the UAE and Saudi Arabia, specifically, technology adoption has increased across the finance, healthcare, and manufacturing sectors, further boosting the need for cybersecurity and robust regulatory frameworks.

 Trends, Reports, Analysis

An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence.

 Incident Response, Learnings

As explained yesterday by the Australian Federal Police (AFP), the man "used his role as a contract IT support worker to access the Museum's accounts payable system and illegally change bank account details to his own."

 Identity Theft, Fraud, Scams

Worryingly, the social engineering scammers are likely operating with little more than a cheap email list of self-employed US residents, according to the latest advisory from Malwarebytes Labs.

 Identity Theft, Fraud, Scams

These attachments, as per Microsoft Threat Intelligence’s blog post, contain malware that steals your login credentials, or they might redirect you to a fake website that looks like a legitimate tax platform designed to capture your information.

 Feed

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and   show more ...

lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS version 31.0.7.

 Feed

Debian Linux Security Advisory 5626-2 - One of the upstream changes in the update released as DSA 5626 contained a regression in the zoneToCache function. Updated pdns-recursor packages are available to correct this issue.

 Feed

Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Ubuntu Security Notice 6707-1 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn   show more ...

discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6707-2 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn   show more ...

discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6702-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. It was discovered that the ARM Mali Display Processor driver   show more ...

implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6706-1 - It was discovered that the Microchip USB Ethernet driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6701-2 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in   show more ...

the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6705-1 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad   show more ...

controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6704-1 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux   show more ...

kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

 Feed

Red Hat Security Advisory 2024-1362-03 - An update for cnf-tests-container, dpdk-base-container, NUMA-aware secondary scheduler, numaresources-operator and numaresources-operator-must-gather is now available for Red Hat OpenShift Container Platform 4.14.

 Data Breach News

The South China Athletic Association (SCAA) was rocked by a cyberattack as unauthorized third parties breached the organization’s computer servers, sparking concerns over the security of member data. In response to the SCAA cyberattack, the Association swiftly implemented measures to address the breach and   show more ...

protect its members. In an official press statement, the SCAA expressed deep regret over the cyber incident and outlined immediate response actions, including the shutdown of affected computer equipment to mitigate potential risks to member data security. “The computer servers of the South China Athletic Association were invaded by an unauthorized third party on March 17, 2024. We deeply regret and took immediate response measures to shut down the affected computer equipment to protect our members. Personal data security (including name, date of birth, ID number, address),” reads the SCAA official press statement. SCAA Cyberattack Reported to PCPD The Association also reported the matter to law enforcement authorities, with a formal report also submitted to the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong. Subsequently, the PCPD released a statement, estimating that approximately 70,000 data subjects could be affected by the breach. The PCPD has launched an investigation and urged the SCAA to notify affected individuals while adhering to established protocols promptly. The Office of the Privacy Commissioner for Personal Data (PCPD) received a data breach notification from the South China Athletic Association (SCAA) yesterday (18 March), reporting that about 70,000 data subjects may have been affected by the data breach incident. The PCPD has advised the relevant organization to notify the affected data subjects as soon as possible, and has commenced an investigation into the incident in accordance with established procedures,” PCPD’s official statement reads. PCPD Recommendations to Protect Personal Data Privacy Given the potential exposure of sensitive personal data, the PCPD appeals to affected individuals to remain vigilant and report any suspicions of data leakage promptly. The PCPD has provided contact information for inquiries or complaints, emphasizing the importance of proactive measures to safeguard personal data privacy. Furthermore, the PCPD has issued a set of recommendations to help affected persons protect their personal data privacy in the wake of the SCAA data breach. They advise considering changing passwords of online accounts and activating multi-factor authentication where available. Additionally, exercising caution regarding any unusual logins to personal email accounts is recommended. It’s also suggested to review bank statements vigilantly to identify any unauthorized transactions and to remain alert to suspicious calls, text messages, or emails from unknown sources. Furthermore, individuals are urged to avoid opening attachments or clicking on links in text messages or emails from unverified sources and to refrain from readily disclosing personal data. Lastly, staying vigilant against phishing attempts and other potential scams is emphasized. SCAA Condemned Cybercrime In light of the SCAA cyberattack, the Association has condemned cybercrime in all forms and assured full cooperation with law enforcement agencies. Despite the severity of the SCAA data breach, no evidence has emerged thus far suggesting the compromise of personal data. However, the SCAA acknowledges the gravity of the situation and vows to take comprehensive action to prevent future breaches. “We will continue to provide updates and further information to members through our official website and other channels. The South China Association once again sincerely apologizes to the affected members. We will spare no effort to strengthen our security measures to ensure the safety of member data and restore the trust our members have in us,” reads SCAA official release. To protect the interests of potentially affected members, the SCAA has activated an emergency plan and will notify individuals impacted by the SACC cyberattack. Members are urged to exercise vigilance and caution against potential misuse of leaked information. A dedicated email address has been established (cybsec@scaa.org.hk) for inquiries related to the incident, with regular updates promised through official channels. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Firewall Daily

In early February 2024, the Office of the Colorado State Public Defender (OSPD) fell victim to a crippling ransomware attack, leading to significant disruptions in its operations. While the agency has been working tirelessly to restore its systems, concerns have emerged regarding the potential theft of personal data   show more ...

belonging to individuals involved in legal proceedings. According to OSPD’s official statements, the Colorado State Public Defender cyberattack was initially detected around the second week of February. “On or about February 9, 2024, OSPD identified that certain computer systems were locked by malware,” reads the official press statement of OSPD. OSPD Data Breach Disclosure: Uncovering the Scope In response, OSPD swiftly initiated measures to contain the spread of the malware and commenced efforts to safely recover its systems. However, it has been revealed that during the attack, unauthorized copying of files containing sensitive personal information may have occurred. “Through the ongoing assessment of this matter, it was identified that some files were copied without permission in early February 2024. Those files may include an individual’s name, Social Security number, driver’s license or identification card number, other government identification number, medical information, and/or health insurance identification number,” informed the Official press statement of OSPD. Despite ongoing efforts to restore functionality, OSPD has been cautious in disclosing specific details about the attack and the extent of the data breach. While acknowledging the incident, OSPD officials have refrained from providing detailed information about the perpetrators or the methods used in the attack. In a press statement issued on February 11, OSPD officials announced that as a precautionary measure, they had temporarily disabled their computer network to prevent further damage. This action, while necessary for security purposes, has resulted in significant disruptions to OSPD systems and operations. As a consequence, OSPD’s ability to provide its usual range of services has been limited, although efforts to mitigate these disruptions are ongoing.  Colorado State Public Defender Road to Recovery Updates provided by OSPD indicate that progress has been made in restoring certain functionalities. As of March 1, all OSPD staff have regained access to email, and trial offices across the state have been brought back online, allowing access to court files. Despite these achievements, challenges persist, particularly in relation to digital discovery tools. Disruptions to these tools have necessitated manual workarounds, leading to delays in managing files and processing cases. However, OSPD remains committed to resolving these issues and anticipates further improvements in the near future. In subsequent updates on March 11 and March 15, OSPD reiterated its commitment to restoring full functionality across all systems while ensuring the security of its operations. The agency continues to conduct a thorough investigation into the incident, with a focus on understanding the nature and scope of the Colorado State Public Defender cyberattack. As part of its response efforts, OSPD has provided online resources to help individuals protect their personal information and stay informed about the situation. Individuals who may have been affected by the OSPD data breach are encouraged to visit the official website for more information and to access available resources. Additionally, OSPD pledges to provide further updates as the assessment of the incident progresses and as additional measures are implemented to safeguard against future attacks. The ransomware attack on OSPD serves as a reminder of the growing threat posed by cyberattacks targeting critical infrastructure and public institutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance

 Feed

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:

 Feed

When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the

 Feed

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and

 Feed

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code. "It's an actual threat since

 Feed

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP

 Feed

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That’s why effective vendor risk management (VRM) is a

 Feed

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and

 Feed

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco

 Data loss

There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans   show more ...

Graham Cluley and Carole Theriault. Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Kevpix via Alamy Stock Photo The United Arab Emirates’ focus on becoming a global hub for business and innovation is driving digital transformation in the Middle East, with the governments of both individual emirates and the   show more ...

UAE as a whole pushing the adoption of digital technologies […] La entrada United Arab Emirates Faces Intensified Cyber-Risk – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Bilanol via Shutterstock A new White House advisory about threat groups from Iran and China targeting US water and wastewater systems has once again focused attention on the continuing vulnerability of the sector to disruptive   show more ...

cyberattacks. The warning — signed jointly by EPA administrator Michael Regan […] La entrada Federal Warning Highlights Cyber Vulnerability of US Water Systems – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading 2 Min Read Source: Michael Burrell via Alamy Stock Photo Threat actors are attempting to compromise Social Security numbers with a tax phishing attack targeting small business owners and self-employed filers. Worryingly, the social   show more ...

engineering scammers are likely operating with little more than a cheap email […] La entrada Tax Hackers Blitz Small Business With Phishing Emails – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK, March 18, 2024/PRNewswire/ — Today, Deloitte, a global leader in cybersecurity services, launched CyberSphere™, a vendor-neutral services and solutions platform to help clients simplify their organizations’ cyber program data,   show more ...

workflows, reporting and third-party technologies for improved cyber operational efficiency and effectiveness.  CyberSphere is built by Deloitte to […] La entrada Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE DALLAS, March 18, 2024/PRNewswire/ — Pathlock, the leading provider of identity and application access governance, today announced the availability of Continuous Controls Monitoring (CCM), a product within the Pathlock Cloud Platform that encompasses   show more ...

control management, risk quantification, and change monitoring to streamline control mechanisms from various frameworks into one centralized, […] La entrada Pathlock Introduces Continuous Controls Monitoring to Reduce Time and Costs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Akamai

Source: www.darkreading.com – Author: PRESS RELEASE CAMBRIDGE, Mass., March 19, 2024/PRNewswire/ — Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report. Lurking in the Shadows: Attack Trends Shine Light   show more ...

on API Threats highlights the array of attacks that are targeting […] La entrada Akamai Research Finds 29% of Web Attacks Target APIs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 credential theft

Source: securityboulevard.com – Author: Wajahat Raja As per recent reports, threat actors are increasingly leveraging Facebook messages to distribute the Python Snake Info Stealer malware. Researchers have noticed that threat actors are using three variants of the information stealer. It’s worth mentioning   show more ...

here that two of these installers are regular Python scripts, whereas the third […] La entrada Python Snake Info Stealer Spreading Via Facebook Messages – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Kari Hulkko Exploitation IP address spoofing involves creating IP packets with a fake source IP address. This is typically done with the intention of deceiving the recipient into believing that the packet is coming from a legitimate source. When the recipient sends a   show more ...

response back to the source IP address, it […] La entrada CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 authentication

Source: securityboulevard.com – Author: Shelley Leveson, Director of Content Marketing, HYPR The National Security Agency (NSA), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), recently released its “Top Ten Cloud Security Mitigation Strategies” for organizations to make   show more ...

their cloud environments more secure. The report contains a Cybersecurity Information Sheet (CSI) for each strategy, […] La entrada Aligning With NSA’s Cloud Security Guidance: Four Takeaways – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: securityboulevard.com – Author: Neatsun Ziv Historically, Security Operations Centers (SOCs) and Application Security (AppSec) programs have operated as distinct entities within the broader cybersecurity framework of an organization. SOCs have been the stronghold of real-time threat detection, analysis,   show more ...

and response, monitoring networks for signs of malicious activity and managing incident response to mitigate potential […] La entrada Bridging the Gap: Integrating SOCs into Application Security for Enhanced Cyber Resilience – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team The high cost of free open-source generative software. By Luke Arrigoni, Founder, Loti The rise of deepfake technology poses significant risks to celebrities, high-net-worth individuals, and the general public, with its ability to manipulate reality,   show more ...

infringe on privacy, and facilitate crimes ranging from fraud to character assassination. This article […] La entrada Deepfakes and AI’s New Threat to Security – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Credential

Source: www.proofpoint.com – Author: 1 A threat actor has been targeting U.S. organizations with tens of thousands of emails purporting to be from U.S. government entities and private sector companies in order to steal victims’ corporate credentials. The threat group, which researchers with Proofpoint track   show more ...

under TA4903, was first observed in December 2021 spoofing federal […] La entrada BEC, Credential Theft Attacks Spoof U.S. Government Agencies – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși NIST’s National Vulnerability Database (NVD) stopped enriching with information most of the CVEs they register. Although they also consider other factors when deciding what to patch first, companies worldwide rely on NVD`s collection of vulnerability data   show more ...

for their research. For the past 2020, the National Vulnerability Database added the […] La entrada NIST’s National Vulnerability Database Put CVE Enrichment on Hold – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securelist.com – Author: GReAT Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation, targeting iOS, but   show more ...

that was rather a unique case. Among the mobile platforms, Android […] La entrada Android malware, Android malware and more Android malware – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securelist.com – Author: Kaspersky ICS CERT Industrial threats Industrial threats 19 Mar 2024 minute read Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on   show more ...

which malicious objects were blocked, by half […] La entrada Threat landscape for industrial automation systems. H2 2023 – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by forging a pair of keycards. The series of   show more ...

security flaws, dubbed “Unsaflok,” was discovered by researchers Lennert Wouters, Ian […] La entrada Unsaflok flaw can let hackers unlock millions of hotel doors – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on   show more ...

WordPress sites to inject the malicious Sign1 scripts rather […] La entrada Evasive Sign1 malware campaign infects 39,000 WordPress sites – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. Tracked as CVE-2023-48788, this   show more ...

security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the […] La entrada Exploit released for Fortinet RCE bug used in attacks, patch now – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sponsored by Blink Ops Ransomware continues to hit organizations in all sectors, and attacks regularly make media headlines because of their hard-hitting impact on affected parties. The earliest example of ransomware stretches back to 1989, but its success during the   show more ...

last decade saw it becoming arguably the most lucrative form of […] La entrada What the Latest Ransomware Attacks Teach About Defending Networks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. As BleepingComputer first reported on Wednesday and as many admins have warned   show more ...

over the last week, affected servers are freezing and restarting unexpectedly […] La entrada Microsoft confirms Windows Server issue behind domain controller crashes – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. The competition started with Haboob SA’s Abdul Aziz Hariri using   show more ...

an Adobe Reader exploit that combined an API restriction […] La entrada Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Thursday, March 21
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay