Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for ‘Unprecedented Sca ...

 Cyber Essentials

Okta reported an "unprecedented scale" of credential stuffing attacks targeting its identity and access management solutions, resulting in the breach of some customer accounts. Threat actors employ credential stuffing techniques like password-spraying and brute-forcing to compromise user accounts by   show more ...

systematically trying lists of usernames and passwords in an automated fashion. These lists are often obtained from other data leaks, phishing and infostealer campaigns, or from underground cybercriminal forums where it is sold from a few tens to thousands of dollars. “Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials (“combo lists”), and scripting tools,” Okta said in a Saturday advisory. The identity and access management provider said the attacks appear to stem from the same infrastructure used in previously reported brute-force and password-spraying attacks targeting VPNs and SSH services identified by Cisco Talos. Use of TOR in Credential Stuffing Attacks Okta noted that in all observed attacks the requests originated from a TOR anonymization network and various residential proxies, such as NSOCKS, Luminati and DataImpulse. Residential proxies are a network of proxy servers that use IP addresses from residential users. They are useful for anonymous browsing, bypassing geo-restrictions and accessing secure websites. Providers rent access to real users' devices to anonymize traffic sources. They don't usually disclose how they build these networks, sometimes enrolling users knowingly or via malware, “what we would typically describe as a botnet,” Okta said. This results in traffic appearing to originate from everyday users' devices, not VPS providers. FBI had earlier warned of a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks. Okta observed that the attacks were notably effective against organizations using the Okta Classic Engine with ThreatInsight configured in Audit-only mode, rather than Log and Enforce mode. Additionally, organizations failing to block access from anonymizing proxies experienced a higher success rate in these attacks. The attacks, however, succeeded for only a small percentage of Okta's customers, the IAM provider said. To counter these threats, Okta recommended: Enabling of ThreatInsight in Log and Enforce Mode to proactively block IP addresses associated with credential stuffing attempts before authentication is attempted. Denying access from anonymizing proxies to preemptively block requests originating from suspicious anonymizing services. Transition to enhanced security features such as CAPTCHA challenges for risky sign-ins and password-less authentication. Implementing Dynamic Zones to manage access based on criteria like geolocation and selectively block or allow certain IPs. Why Credential Stuffing Attacks are Still Effective Credential stuffing attacks traditionally have a very low success rate, which is estimated at around 0.1%, according to Cloudflare. Despite this, it remains profitable due to the vast number of credentials attackers possess. Collections contain millions or billions of credentials, with even a small fraction leading to profitable data. The prevalence of password or credential reuse, observed in up to 85% of digital users, also facilitates the recurrence and the effectiveness of these attacks. Adding to this the advancements in bot technology enables attackers to circumvent security measures like time delays and IP bans. Credential stuffing accounts for 24.3% of all login attempts in 2023, as per Okta. Retail and e-commerce companies account for more than half (51.3%) of all credential-stuffing incidents, the findings stated. It is likely due to the value associated with accounts in that industry, Okta said. Geographically, the Americas region has the highest rate of credential-stuffing attacks at 28%, which aligns with previous findings as some of the largest retail and media companies are based in the United States. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hacktivists Claim Br ...

 Cyber Essentials

Hacktivists claimed breaching the network of Belarusian intelligence agency and allegedly leaked their data in response to the intelligence chief’s recent public remarks accusing the group of plotting attacks on the country’s critical infrastructure, including a nuclear power plant. The hacktivist group known as   show more ...

the Belarusian Cyber-Partisans, purportedly accessed personnel files of over 8,600 employees of the Belarusian Committee for State Security, also known as the Belarus KGB. To substantiate their claim, the Belarusian Cyber-Partisans published a list of the website's administrators, alongside its database and server logs, on their Telegram channel. Yuliana Shemetovets, the group's spokesperson based in New York, asserted that the attack on the KGB network was prompted by the agency chief Ivan Tertel's recent public accusation against the group. Tertel accused the Cyber-Partisans of plotting attacks on a nuclear power plant. “We do not. We never have. Because we are working to save the lives of Belarusians, not to destroy them unlike the Lukashenko regime,” the Cyber-Partisans said. More Details on the Belarusian Intelligence Agency Hack Shemetovets told the Associated Press the group had gained access to the KGB network "several years ago" and was attempting to breach its website and database ever since. The hacktivists in a Sunday Telegram post shared more details from the Belarusian intelligence agency hack, publishing excerpts from the 40,000 contact forms filled by informants and whistle-blowers on the Belarus KGB website over the last nine years. The informants’ data published has come from several countries including Poland, Germany, Azerbaijan, Lithuania and Ukraine the hacktivists said. In one such instance a Ukrainian citizen said he had “information about the concept and some technical details of a fundamentally new rifle complex ... and the possibility of using a similar system as a modernization of tanks of the T-64, T-72, T-80, T-90 family." With the help of the data exfiltrated from the Belarusian intelligence agency hack, the Cyber-Partisans launched a Telegram chat bot called “facement_bot” that allows identification of KGB operatives. “Send a good quality photo with single face to the bot, and if there is a KGB officer in the image, the bot will return information on them,” the Cyber-Partisans said. Shemetovets emphasized that the group's objective is to unveil the truth about political repressions and hold those responsible accountable. While authorities have not issued any official statements regarding the hacktivist claims, the website of the Belarusian KGB said “THE SITE IS UNDER CONSTRUCTION.” The Cyber-Partisans last week claimed infiltration of computers at Belarus' largest fertilizer plant, Grodno Azot, as part of efforts to pressure the government into releasing political prisoners. The state-run plant has not commented on the claim, but its website has been inaccessible since April 17. The Cyber-Partisans claimed to have deliberately disrupted only the boiler unit of the plant, as there were backup sources for power generation. “We had a good understanding of the internal processes of the plant and knew that this would not lead to dangerous consequences for people. But at the same time, we demonstrated our capabilities that we could really manage [with] the operation on Grodno Azot,” the Cyber-Partisans said. Cyber-Partisans have previously also targeted Belarusian state media and, in 2022, launched attacks on Belarusian Railways, disrupting transit routes for Russian military equipment destined for Ukraine. Belarus has been a close ally of the Kremlin and has supported its eastern neighbour in the Russian invasion of Ukraine. Before the start of the offensive, Belarus allowed the Russian Armed Forces to perform weeks-long military drills on its territory. It also allowed Russian missile launchers to be stationed in its territory, which drew a lot of flak from its own people and Ukraine’s allies. "We're sending a clear message to the Belarusian authorities," Shemetovets said. "If they continue political repressions, the consequences will escalate. We will persist with our attacks to undermine the Lukashenko regime." Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Moldova Government H ...

 Firewall Daily

The notorious NoName ransomware group this time has allegedly set its sights on Moldova, targeting key government websites in what appears to be a strategic cyberattack. The recent alleged cyberattack on Moldova digital infrastructure has raised concerns over cybersecurity and geopolitical tensions in the region. The   show more ...

reportedly affected entities in Moldova include vital governmental organs such as the Presidency, Ministry of Foreign Affairs, Ministry of Internal Affairs, and the State Registry, among others. The Moldova cyberattack has left these websites inaccessible, displaying the ominous message, "This Site Can't be Reached. Political Motives Behind the Cyberattack on Moldova Although the extent of the cyberattack and the motive behind it have not been explicitly disclosed by the NoName group, a message left by the hackers hints at a political agenda. We continue to send DDoS greetings to the State website of Moldova in order to discourage the local government from craving for Russophobia," the message reads. This suggests a possible attempt to influence Moldova's foreign policy by targeting its digital infrastructure. [caption id="attachment_65468" align="aligncenter" width="531"] Source: X[/caption] The implications of such cyberattacks on Moldova could be profound, affecting not only the government's operations but also the country's stability and security. The ongoing tension between Moldova and Russia adds another layer of complexity to the situation, raising concerns about the potential involvement of state-sponsored actors behind the cyber assault. [caption id="attachment_65469" align="aligncenter" width="528"] Source: X[/caption] NoName Ransomware Group Track Record This is not the first time NoName has launched such attacks. In March 2024, the group claimed responsibility for targeting multiple websites in Denmark, including key entities like Movia, Din Offentlige Transport, the Ministry of Transport, Copenhagen Airports, and Danish Shipping. Similarly, in January of the same year, NoName targeted high-profile websites in the Netherlands, including OV-chipkaart, the Municipality of Vlaardingen, the Dutch Tax Office (Belastingdienst), and GVB. Moreover, NoName's recent cyber onslaught on Finland has further escalated concerns. The Finnish government organizations, including Traficom, the National Cyber Security Centre Finland (NCSC-FI), The Railways, The Agency for Regulation and Development of Transport and Communications Infrastructure of Finland, and several subdomains of the Finnish Road Agency, faced temporary inaccessibility due to DDoS attacks. The sophistication and scale of NoName's operations, combined with their apparent political motives, highlight the urgent need for enhanced cybersecurity measures and international cooperation. The rising frequency of cyberattacks targeting governmental institutions across Europe demands a coordinated response from both national and international cybersecurity agencies. Furthermore, these incidents serve as a wake-up call for governments worldwide to prioritize cybersecurity and invest in strong defense mechanisms to safeguard their digital assets. The increasing sophistication of cybercriminals, coupled with geopolitical tensions, highlights the need for proactive measures to protect critical infrastructure and ensure the integrity of government operations. As the investigation into the recent cyberattack on Moldova unfolds, the international community will be closely monitoring the situation, with a keen eye on the implications for regional security and the broader cybersecurity landscape. In an era where cyberspace knows no borders, collective action and cooperation are essential to effectively combat the growing threat of cyber warfare and ransomware attacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hunters Ransomware C ...

 Firewall Daily

The notorious Hunters group has allegedly added two new victims to their dark web portal: Rocky Mountain Sales in the United States and SSS Australia. While the extent of the cyberattack, data compromise, and motive behind the attack remain undisclosed by the ransomware group, the implications of such an attack on   show more ...

these prominent organizations could be far-reaching. Rocky Mountain Sales, Inc., with a revenue of US$5 million, is an outsourced sales and service organization committed to providing leading customer service, sales, and support to all strategic partners. Meanwhile, SSS Australia, boasting a revenue of US$17 million, has been synonymous with the highest standards of quality and value in medical supplies for over 45 years. Given the vastness of these organizations, if the cyberattack on Rocky Mountain Sales and cyberattack on SSS Australia claim is proven true, the consequences could be severe. Not only could it disrupt their operations, but it could also result in substantial financial losses, tarnishing their reputations and undermining customer trust. The potential compromise of sensitive data, such as customer information, financial records, and proprietary business data, could have long-lasting repercussions for both organizations. However, as of now, no foul play can be sensed upon accessing the official websites of both organizations, as they were fully functional. To verify the claim further, The Cyber Express team reached out to officials, but as of writing this news report, no official response has been received, leaving the claim unverified. Hunters International Ransomware Group's Previous Claims This recent incident follows a string of cyberattacks by the Hunters International group. In April, SpaceX, the aerospace manufacturer and space transport services company founded by Elon Musk, allegedly suffered a cybersecurity incident involving a data breach by the Hunters group, who reportedly posted samples of the breached data. Prior to that, Central Power Systems & Services, a major distributor of industrial and power generation products in Kansas, Western Missouri, and Northern Oklahoma, fell victim to the notorious ransomware group. Before these incidents, the group targeted various organizations across different sectors and countries. In 2024 alone, the Hunters International group claimed responsibility for cyberattacks on the Dalmahoy Hotel & Country Club in the UK, Double Eagle Energy Holdings IV, LLC in the US, and Gallup-McKinley County Schools in New Mexico, among others. The cyberattacks by the Hunters International group highlight the need for organizations to prioritize cybersecurity measures and invest in strong defense mechanisms to safeguard their digital assets. Moreover, international cooperation and information sharing among cybersecurity agencies are crucial in combating such threats effectively. Unverified Hunters Group Claims While the Hunters International group has claimed responsibility for the cyberattacks on Rocky Mountain Sales and SSS Australia, the lack of verified information about the extent of the attacks emphasizes the challenges in responding to such incidents. Without official confirmation or detailed information from the targeted organizations, the full impact of the cyberattacks remains uncertain. As cybersecurity threats continue to evolve and ransomware attacks become increasingly sophisticated, organizations must remain vigilant and proactive in protecting their networks and data. The recent incidents involving Hunters International serve as a reminder of the potential consequences of inadequate cybersecurity measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Central Bank Argenti ...

 Data Breach News

A threat actor purports to be selling the database of the Central Bank of Argentina on a hackers' forum. The potential Central Bank of Argentina data breach, if proven true, poses serious implications for the financial security and privacy of countless individuals. According to the dark web post, the database   show more ...

allegedly contains sensitive information, including full customer names, CUIL/DNI(ID) numbers, cities, and phone numbers. Such data, if compromised, could expose individuals to identity theft, financial fraud, and other malicious activities, leading to devastating consequences for both customers and the Central Bank of Argentina. However, amidst the claims, crucial details remain shrouded in mystery. The extent of the cyberattack on Central Bank of Argentina and the motive behind it have not been disclosed by the threat actor. Without clarity on these critical aspects, the true nature and severity of the Central Bank of Argentina data breach remains uncertain. [caption id="attachment_65538" align="aligncenter" width="1280"] Source: X[/caption] Adding to the uncertainty is the apparent functionality of the Central Bank of Argentina's official website. Despite the allegations made by the threat actor, the website remains operational, casting doubt on the authenticity of the claim. This discrepancy raises questions about the credibility of the purported database sale and highlights the complexity of navigating the murky waters of cyber threats and disinformation. Potential Ramifications on Central Bank of Argentina Data Breach If the claim of a database data breach at the Central Bank of Argentina is indeed verified, the ramifications could be far-reaching. Beyond the immediate financial and reputational damage to the bank itself, the fallout may extend to the broader economy and society at large. The compromised data, containing the personal and financial information of individuals, could be exploited by cybercriminals for various nefarious purposes. From identity theft and fraudulent transactions to targeted phishing scams and extortion attempts, the potential threats are manifold and alarming. Moreover, the integrity and trustworthiness of financial institutions, particularly central banks, are paramount for maintaining stability and confidence in the banking system. Any breach or perceived vulnerability could undermine public trust, erode investor confidence, and destabilize financial markets, with ripple effects reverberating across the economy. The absence of concrete evidence and corroborating details complicates efforts to assess the veracity of the threat actor's claims and formulate an effective response. Other Cyberattack Claims on Argentina This claim follows a series of cyber threats targeting Argentina's institutions. In April 2024, a dark web actor allegedly proposed the sale of Telecom Argentina access for $100 on a hacking forum. According to the threat actor’s post, interested buyers could acquire access enabling them to query personal information tied to individuals in Argentina. This included details on services registered under their names, such as routers, with access to data like Public IP and Private IP addresses. Moreover, in February 2024, the Córdoba Judiciary in Argentina fell victim to the PLAY Ransomware attack. The ransomware impacted its websites and databases, making it one of the worst computer hacks on public institutions in the Argentine Republic. The hacker left the websites inaccessible, and to date, there have been no improvements on the compromised systems. Police and cybersecurity specialists are assisting with the investigation to identify the incident’s perpetrators. Local sources claim that the ransomware strain “PLAY” infected the government organization’s computers. This ransomware is a well-known threat actor (TA) specifically made to encrypt computer user data and demand ransom payments to unlock it. Understanding Argentina's Vulnerability Argentina's susceptibility to cyber threats stems from various factors. Firstly, the country's heavy reliance on digital infrastructure for its financial and administrative operations makes it a prime target for cybercriminals. Institutions like the Central Bank, with vast databases containing sensitive customer information, are particularly attractive to threat actors seeking to exploit vulnerabilities. Additionally, the emergence of dark web forums and marketplaces has facilitated the sale and exchange of stolen data, providing cybercriminals with an avenue to profit from their illicit activities. The recent claims regarding the sale of the Central Bank's database and Telecom Argentina access underscore the growing sophistication of cyber threats facing the country. In the absence of definitive information, vigilance and caution are imperative. Heightened cybersecurity measures, including enhanced monitoring, threat detection, and incident response protocols, are essential for mitigating risks and safeguarding critical infrastructure and sensitive data. Furthermore, collaboration and information sharing within the cybersecurity community, both domestically and internationally, are vital for staying abreast of emerging threats, sharing intelligence, and coordinating responses to cyber incidents effectively. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for USDoD Resurfaces wit ...

 Cybersecurity News

The threat actor USDoD claimed that they had published the Personally Identifiable Information (PII) of about 2 million members of the Communist Party of China on their new content delivery network (CDN). If the threat actors claims are true, the alleged China data leak might hold significant consequences for the   show more ...

party, given its reputation as being highly secretive and restrictive with regards to the flow of information to the outside world. The Chinese Communist Party (CCP) is the political party responsible for leading modern-day China, officially known as the People’s Republic of China since 1949. The leak is stated to include several bits of sensitive and identifiable data that could be used to facilitate identity theft, social engineering, or targeted attacks on individuals. However, the leak remains unconfirmed and it is difficult to ascertain the veracity of the claims. There have been no official statements or responses regarding the alleged leak. USDoD Creates New CDN to Publish Alleged China Data Leak The alleged publication of the Communist Party of China member data leak on the CDN site was accompanied by related posts on X (Twitter) and BreachForums. In the BreachForums post description, USDoD claimed to have held onto the leaked data for several months and cited the alleged leaked database as the first to be hosted on their new content delivery network (CDN). The threat actor further stated that they do not support any government, claiming the published alleged data leak as a wider message and as a gesture of good faith. The threat actor stated on an X(Twitter) post that their content delivery network (CDN) was 'ready and operational' and had been built through the help of a 'secret friend', while upload rights would be private and solely and for their own usage. The site was stated to have an upload limit of 500GB per file. [caption id="attachment_65515" align="aligncenter" width="1180"] Source: X(Twitter)[/caption] [caption id="attachment_65516" align="aligncenter" width="1188"] Source: X(Twitter)[/caption] However, in a later post on their X account, they claimed the CDN was down after they messed with the files. While the goals of the threat actor remain unclear, the new CDN will likely be used to upload and link leaked files to be shared for posts on BreachForums (as suggested by this incident). [caption id="attachment_65518" align="aligncenter" width="1188"] Source: X(Twitter)[/caption] While the breach remains unconfirmed, a Cyble researcher stated, "Our preliminary analysis indicates that this data has 2 million records from 2020 with the following data fields: ID, Name, Sex, Ethnicity, Hometown, Organization, ID card number, Address, Mobile number, Phone number and Education." USDoD Recently Announced Retirement on BreachForums The alleged Communist Party of China member data leak comes abruptly as just last week, the threat actor announced retirement on BreachForums in a post about an alleged attack on Bureau van Dijk, claiming to have stolen confidential company and consumer data from the firm. However, after being reached out for confirmation by The Cyber Express, a spokesman from the parent company (Moody's) seemingly refuted the threat actor's earlier claims. It is unknown what persuaded the threat actor to remain and continue making posts within BreachForums despite the stated intent towards retirement and suspension of activities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Global Transparency ...

 Business

Evidence-based approach toward IT product security assessment is a powerful tool that allows to evaluate the trustworthiness of solutions. That is why since year 2018 we continue to expand our Global Transparency Initiative all over the world. Just at the end of April we opened our twelfth Transparency Center in   show more ...

Istanbul, Turkey, where our partners and customers, as well as cybersecurity regulators can learn more about our solutions, review the source code of our on-premise products, software updates, and threat detection rules. Additionally, visitors can check the results of independent audits of our products and get access to the list of software components — Software Bill of Materials (SBOM). Also, while opening a new Transparency Center we signed a Memorandum of Understanding (MoU) between Kaspersky and Bogaziçi University, a prominent public university in Istanbul. It was signed by Kaspersky CEO Eugene Kaspersky and Bogaziçi University Rector Prof. Dr. Mehmet Naci Inci, and its main aim is to establish a framework for mutual technological cooperation in future academic programs. As a main part of the MoU, Kaspersky and Bogaziçi University will launch a Transparency Lab, which will focus on educating students on methodologies and techniques for evaluating the quality and trustworthiness of solutions within the supply chain in line with the companys Cyber Capacity Building Program, which is one of the GTI pillars. The Transparency Lab will provide practical educational seminars, offered in both onsite and online format by Kaspersky. 2023 GTI Milestones More than a year has passed since our previous Global Transparency Initiative update on Kaspersky Daily blog. So we decided to highlight GTI milestones of the year 2023 in this post. Two new transparency centers – one in Africa and one in the Middle East In 2023, we opened two new Transparency Centers. First was opened in Riyadh, capital of Saudi Arabia, and second in Kigali, capital of Rwanda. Both Transparency Centers became first in their regions (Middle East and Africa respectively). Proposing ethical principles for artificial intelligence development and use in cybersecurity In order to apply AI in cybersecurity without negative consequences, we proposed that the industry adopt a set of AI ethical principles. In short here they are: Transparency (users have the right to know if a security provider uses AI systems, how these systems make decisions and for what purposes) Safety (AI developers must prioritize resilience and security) Human control (results and performance of machine learning systems should be constantly monitored by experts) Privacy (developers must employ measures to uphold the rights of individuals to privacy) Developed for cybersecurity (AI in information security must be used solely for defensive purposes) Open for dialogue (the obstacles associated with the adoption and use of AI for security can be overcome only through cooperation of the cybersecurity industry). Here you can learn more about our principles of ethical use of AI in cybersecurity. Passing the SOC 2 Type 2 audit In June 2023, we passed the Service Organization Control for Service Organizations (SOC 2) audit that analyzed the companys controls over a six-month period. The audit was carried out by a team of accountants from an independent service auditor. As a result of the audit, it was concluded that Kasperskys internal controls to ensure regular automated antivirus database updates are effective, while the processes for developing and implementing antivirus databases are protected from tampering. Releasing regular transparency reports Every six months we released a regular report on requests from governments and law enforcement agencies that we received. The latest report detailed requests for the second half of year 2023. During this period there were 63 requests from governments and agencies based in five countries. More than one third of the requests was rejected due to an absence of data or because they didnt meet legal verification requirements. We also shared a short report on requests from our users for removal of personal information, provision of stored information as well as requests to find out what information is stored and where.   To learn more about Global Transparency Initiative or request visiting Transparency Center, please check our new interactive website about the project, which showcases how the GTI developed since its inception.

image for FCC Fines Major U.S. ...

 Ne'er-Do-Well News

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a   show more ...

more than four-year investigation into the actions of the major carriers. In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law. The FCC said it found the carriers each sold access to its customers’ location information to ‘aggregators,’ who then resold access to the information to third-party location-based service providers. “In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained,” an FCC statement on the action reads. “This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.” The FCC’s findings against AT&T, for example, show that AT&T sold customer location data directly or indirectly to at least 88 third-party entities. The FCC found Verizon sold access to customer location data (indirectly or directly) to 67 third-party entities. Location data for Sprint customers found its way to 86 third-party entities, and to 75 third-parties in the case of T-Mobile customers. The commission said it took action after Sen. Ron Wyden (D-Ore.) sent a letter to the FCC detailing how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials. That same month, KrebsOnSecurity broke the news that LocationSmart — a data aggregation firm working with the major wireless carriers — had a free, unsecured demo of its service online that anyone could abuse to find the near-exact location of virtually any mobile phone in North America. The carriers promised to “wind down” location data sharing agreements with third-party companies. But in 2019, reporting at Vice.com showed that little had changed, detailing how reporters were able to locate a test phone after paying $300 to a bounty hunter who simply bought the data through a little-known third-party service. Sen. Wyden said no one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card. “I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers’ lives and privacy at risk,” Wyden said in a statement today. The FCC fined Sprint and T-Mobile $12 million and $80 million respectively. AT&T was fined more than $57 million, while Verizon received a $47 million penalty. Still, these fines represent a tiny fraction of each carrier’s annual revenues. For example, $47 million is less than one percent of Verizon’s total wireless service revenue in 2023, which was nearly $77 billion. The fine amounts vary because they were calculated based in part on the number of days that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements). The FCC notes that AT&T and Verizon each took more than 320 days from the publication of the Times story to wind down their data sharing agreements; T-Mobile took 275 days; Sprint kept sharing customer location data for 386 days. Update, 6:25 p.m. ET: Clarified that the FCC launched its investigation at the request of Sen. Wyden.

image for Addressing Risk Caus ...

 Feed

By embracing a proactive approach to cyber-risk management, companies can better detect, prevent, and mitigate cyber threats while integrating the latest state-of-the-art technology.

image for

 Feed

Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.

 Malware and Vulnerabilities

The vulnerability, tracked as CVE-2024-3400, has a CVSS score of 10 out of 10, and can allow an unauthenticated threat actor to execute arbitrary code with root privileges on the firewall device, according to the update.

 Identity Theft, Fraud, Scams

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays.

 Feed

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 (GA), 7.2.54.8 (LTSF), and 7.2.48.10 (LTS).

 Feed

Debian Linux Security Advisory 5675-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Ubuntu Security Notice 6744-3 - USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Ubuntu 24.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated   show more ...

system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 6734-2 - USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial   show more ...

of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 6733-2 - USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive   show more ...

information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

 Feed

Ubuntu Security Notice 6718-3 - USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations.   show more ...

This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

 Feed

Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP   show more ...

request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.

 Feed

Ubuntu Security Notice 6737-2 - USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6756-1 - It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host.

 Feed

Ubuntu Security Notice 6755-1 - Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the option --no-absolute-filenames.

 Feed

Red Hat Security Advisory 2024-2088-03 - An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Issues addressed include denial of service, memory exhaustion, and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2086-03 - An update for shim is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2077-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.

 Feed

Red Hat Security Advisory 2024-1897-03 - Red Hat OpenShift Container Platform release 4.14.22 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2024-1891-03 - Red Hat OpenShift Container Platform release 4.14.22 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include cross site scripting, denial of service, and traversal vulnerabilities.

 Feed

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the

 Feed

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many

 Feed

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security

 Feed

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian

 Feed

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations. "In 2023,

 Cyber Security News

Source: thehackernews.com – Author: . Apr 29, 2024NewsroomMobile Security / Hacking Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past   show more ...

year. The tech giant also said it […] La entrada Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Coffee County in the US State of Georgia has been hit by a cyber-incident, reportedly leading to its connection to the state’s voter registration system being severed. In a statement, the Office of Coffee County Board of Commissioners said the County was   show more ...

informed of unusual cyber-activity on its IT infrastructure […] La entrada Voter Registration System Taken Offline in Coffee County Cyber-Incident – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securelist.com – Author: Andrey Gunkin, Alexander Fedotov, Natalya Shornikova We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain   show more ...

constant access to compromised infrastructure, what information on the hosts they are […] La entrada ToddyCat is making holes in your infrastructure – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-04
Aggregator history
Monday, April 29
MON
TUE
WED
THU
FRI
SAT
SUN
AprilMayJune